Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Internet issues

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Internet issues

Unread postby nanrector » April 11th, 2009, 1:22 pm

Logs Below
Regarding the top items:

Items high lighted have been deleted. I do not use Outook express except for testing purposes. I use OUTLOOK 2007. I cannot delete the pst files below as they are either archives full of many files or else current in use pst files. All are VERY important. If I could delete specific emails in them I would but I guess there is no way to know which emails are the issue.

Compressing does not work the way you stated in Outlook 2007 though I beleive I found out how to do it. As long as it does not effect my email I will compress them... I have to load all the Archive files to do so. I keep them unloaded in Outlook 08.


These are the entries in Kaspersky Scan:
C:\Documents and Settings\NancyGail\Local Settings\Application Data\Microsoft\Outlook\Archives\archive-household.pst
C:\Documents and Settings\NancyGail\Local Settings\Application Data\Microsoft\Outlook\Archives\archive-sent-Dec08.pst
C:\Documents and Settings\NancyGail\Local Settings\Application Data\Microsoft\Outlook\Archives\archive-sentMarch09.pst
C:\Documents and Settings\NancyGail\Local Settings\Application Data\Microsoft\Outlook\Archives\Outlook-Main.pst
C:\Documents and Settings\NancyGail\Local Settings\Application Data\Microsoft\Outlook\household.pst
E:\LAST C DRIVE\Documents and Settings\Nancy\Local Settings\Application Data\Identities\{C98238B7-B17B-4CF9-93F3-42A8FEBEFB34}\Microsoft\Outlook Express\Inbox.dbx
E:\LAST C DRIVE\Documents and Settings\Nancy\Local Settings\Application Data\Microsoft\Outlook\Archives\archive-household.pst
E:\LAST C DRIVE\Documents and Settings\Nancy\Local Settings\Application Data\Microsoft\Outlook\Archives\archive-sent-Dec08.pst
E:\LAST C DRIVE\Documents and Settings\Nancy\Local Settings\Application Data\Microsoft\Outlook\Archives\Outlook-Main.pst
E:\LAST C DRIVE\Documents and Settings\Nancy\Local Settings\Application Data\Microsoft\Outlook\household.pst
E:\LAST C DRIVE\Documents and Settings\Nancy\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst
[/color]


Do you know what these files are? are they important?:

NOTES AFTER EACH ITEM

F:\1-Family\Roy\RoysZipDisks\Mail Backup\Deleted Items.dbx [b]this could possibly be deleted . its old old backup
F:\1-Family\Roy\RoysZipDisks\Mail Backup\Inbox.dbx This is another old email backup. need to check it out.
W:\Family\www.rectors.net\gallery\albums\index.php This is a web page from a site I manage.
W:\Family\www.rectors.net\gallery\docs\index.htm This is a web page from a site I manage.
W:\Family\www.rectors.net\gallery\include\index.html[/b] This is a web page from a site I manage.







========== FILES ==========
I:\AUDIO\!MP3 SPLITTERS JOINERS\Cool MP3 Splitter (and joiner) 2.02 (Inc Crack) moved successfully.
E:\LAST C DRIVE\Documents and Settings\Nancy\Local Settings\temp\~tmp\hmunmlcn38a moved successfully.
E:\LAST C DRIVE\Documents and Settings\Nancy\Local Settings\temp\~tmp\msycn04 moved successfully.
E:\LAST C DRIVE\Documents and Settings\Nancy\Local Settings\temp\~tmp\sps32_1 moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\NANCYG~1\LOCALS~1\Temp\~DFB7D2.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\NancyGail\Local Settings\Temporary Internet Files\Content.Word\~WRF{70FC247B-D9BF-43EC-AA60-8F88098C0DF4}.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\NancyGail\Local Settings\Temporary Internet Files\Content.Word\~WRS{39DDD9DA-CDA7-4BD7-B4EE-EC2F0100FC49}.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\NancyGail\Local Settings\Temporary Internet Files\Content.Word\~WRS{3E13300D-35E8-41F4-98F8-F2F30110342D}.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\NancyGail\Local Settings\Temporary Internet Files\Content.Word\~WRS{8AE246ED-6486-403E-B6F8-B154A6DEA94F}.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\NancyGail\Local Settings\Temporary Internet Files\Content.Word\~WRS{A1A44211-294E-4682-A5A0-39AF8D04E3AD}.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\NancyGail\Local Settings\Temporary Internet Files\Content.Word\~WRS{BEB47D56-43C5-4FC2-8F15-4F3269BEA418}.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\NancyGail\Local Settings\Temporary Internet Files\Content.Word\~WRS{C46B1695-BD01-4B0D-B6A4-FFA2223F3230}.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\NancyGail\Local Settings\Temporary Internet Files\Content.Word\~WRS{DC5728CF-AE58-4115-B6B1-BEF2D43815B2}.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\NancyGail\Local Settings\Temporary Internet Files\Content.IE5\QE08UG4Z\rss[1].xml scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\NancyGail\Local Settings\Temporary Internet Files\Content.IE5\KFSYWXRA\rss[1].xml scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\NancyGail\Local Settings\Temporary Internet Files\Content.IE5\EPG01AJ0\viewtopic[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\NancyGail\Local Settings\Temporary Internet Files\Content.IE5\1WZ8XEHY\OTMoveIt3[1].exe scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\NancyGail\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_460.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.10.0 log created on 04112009_121702

Files moved on Reboot...
C:\DOCUME~1\NANCYG~1\LOCALS~1\Temp\~DFB7D2.tmp moved successfully.
File C:\Documents and Settings\NancyGail\Local Settings\Temporary Internet Files\Content.Word\~WRF{70FC247B-D9BF-43EC-AA60-8F88098C0DF4}.tmp not found!
File C:\Documents and Settings\NancyGail\Local Settings\Temporary Internet Files\Content.Word\~WRS{39DDD9DA-CDA7-4BD7-B4EE-EC2F0100FC49}.tmp not found!
File C:\Documents and Settings\NancyGail\Local Settings\Temporary Internet Files\Content.Word\~WRS{3E13300D-35E8-41F4-98F8-F2F30110342D}.tmp not found!
File C:\Documents and Settings\NancyGail\Local Settings\Temporary Internet Files\Content.Word\~WRS{8AE246ED-6486-403E-B6F8-B154A6DEA94F}.tmp not found!
File C:\Documents and Settings\NancyGail\Local Settings\Temporary Internet Files\Content.Word\~WRS{A1A44211-294E-4682-A5A0-39AF8D04E3AD}.tmp not found!
File C:\Documents and Settings\NancyGail\Local Settings\Temporary Internet Files\Content.Word\~WRS{BEB47D56-43C5-4FC2-8F15-4F3269BEA418}.tmp not found!
File C:\Documents and Settings\NancyGail\Local Settings\Temporary Internet Files\Content.Word\~WRS{C46B1695-BD01-4B0D-B6A4-FFA2223F3230}.tmp not found!
File C:\Documents and Settings\NancyGail\Local Settings\Temporary Internet Files\Content.Word\~WRS{DC5728CF-AE58-4115-B6B1-BEF2D43815B2}.tmp not found!
C:\Documents and Settings\NancyGail\Local Settings\Temporary Internet Files\Content.IE5\QE08UG4Z\rss[1].xml moved successfully.
C:\Documents and Settings\NancyGail\Local Settings\Temporary Internet Files\Content.IE5\KFSYWXRA\rss[1].xml moved successfully.
C:\Documents and Settings\NancyGail\Local Settings\Temporary Internet Files\Content.IE5\EPG01AJ0\viewtopic[1].htm moved successfully.
C:\Documents and Settings\NancyGail\Local Settings\Temporary Internet Files\Content.IE5\1WZ8XEHY\OTMoveIt3[1].exe moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_460.dat not found!



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:21:18 PM, on 4/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\notepad.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2009 DVD\EDICT.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hotkey CD Eject\cdeject.exe
C:\Program Files\AllToTray\AllToTray.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\SecCopy\SecCopy.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Olympus\DSSPlayer\DirectrecConfig.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Maxthon2\Maxthon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Recordpad] "C:\Program Files\NCH Swift Sound\Recordpad\recordpad.exe" -logon
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [L09AXLRD_139214234] "C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2009 DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Hotkey CD Eject] C:\Program Files\Hotkey CD Eject\cdeject.exe
O4 - HKCU\..\Run: [AllToTray] C:\Program Files\AllToTray\AllToTray.exe
O4 - HKCU\..\Run: [Second Copy] "C:\Program Files\SecCopy\SecCopy.exe"
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Directrec Configuration Tool.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Copy plain text for WhizFolders - C:\Program Files\WhizFolders Organizer Deluxe\copytool.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 5859193093
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/L ... nstall.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/ ... 586-jc.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DM1Service - OLYMPUS Corporation - C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: hpdj00 - Unknown owner - C:\DOCUME~1\NANCYG~1\LOCALS~1\Temp\hpdj00.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

--
End of file - 11043 bytes
nanrector
Regular Member
 
Posts: 47
Joined: June 12th, 2005, 7:16 pm
Advertisement
Register to Remove

Re: Internet issues

Unread postby Bio-Hazard » April 12th, 2009, 10:08 am

I cannot delete the pst files below as they are either archives full of many files or else current in use pst files. All are VERY important. If I could delete specific emails in them I would but I guess there is no way to know which emails are the issue.


I know you cant delete the pst files. I put the Kaspersky results there to show why i am asking you to do that. I am sorry that my instructions werent detailed enough. So dont delete those pst the files. Sometimes Bitdefender online scan has shown individual emails that are infected, so i have put its instructions below.

Regarding the issues with compressing the emails, if you are not happy to do that then you can leave that step out.


BitDefender Online Scan

Please perform an online scan using Internet Explorer at this website - http://www.bitdefender.com/scan8/ie.html

Under SCANNING OPTIONS, use the following Settings:
  • Image
  • Action options - Report only
  • Second option - Report only
Once finished, click on "Click here to export the scan results"

Save the report to your desktop, then post those results in your next reply.



Logs/Information to Post in Next Reply

Please post the following logs/Information in your reply:
  • Bitdefender log
  • A fresh HijackThis Log ( after all the above has been done)
  • A description of how your computer is behaving
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: Internet issues

Unread postby nanrector » April 13th, 2009, 8:40 am

Hello again Bio-Hazard,
Below is the Bit Defender Report and and new Hijack this log.
I have turned off my AVG because it kept poping up with viruses. I was not sure if I should remove them or not during this process. Let me know if I should keep AVG running and if I should delete anything it finds.
Thanks again for all your help. It is greatly appreciated!
My computer seems to be running okl

I also realize my I: drive has quite a few really old programs on it that most were given a long time ago.... I will be deleting almost all of those as many had "cracks" etc which appear to be full of viruses. (None of those are installed on my machine.) I've just had them forever and never taken the time to go through them and clean them out. I assume as long as they are not "run" they cannot effect my computer.

Nancy



BitDefender Online Scanner


Scan report generated at: Sun, Apr 12, 2009 - 17:47:50


Scan path: C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;K:\;L:\;M:\;N:\;P:\;R:\;S:\;T:\;V:\;W:\;Y:\;



Statistics

Time
07:45:43

Files
3678835

Folders
58702

Boot Sectors
0

Archives
40234

Packed Files
330970


Results

Identified Viruses
32

Infected Files
53

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
53


Engines Info

Virus Definitions
2846208

Engine build
AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)

Scan plugins
17

Archive plugins
45

Unpack plugins
7

E-mail plugins
6

System plugins
4




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Documents and Settings\NancyGail\Local Settings\Application Data\Microsoft\Outlook\Archives\archive-deleted.pst=>[Subject: ??Where was gone? (][From: zainon@thesundaily.com]=>DC 0016.zip=>DC 0016.Jpg________________________.exe
Infected with: GenPack:Generic.Malware.Yddld.C542162D

C:\Documents and Settings\NancyGail\Local Settings\Application Data\Microsoft\Outlook\Archives\archive-deleted.pst=>[Subject: ??Where was gone? (][From: zainon@thesundaily.com]=>DC 0016.zip=>DC 0016.Jpg________________________.exe
Disinfection failed

C:\Documents and Settings\NancyGail\Local Settings\Application Data\Microsoft\Outlook\Archives\archive-deleted.pst=>[Subject: ??Where was gone? (][From: zainon@thesundaily.com]=>DC 0016.zip=>DC 0016.Jpg________________________.exe
Deleted

C:\Documents and Settings\NancyGail\Local Settings\Application Data\Microsoft\Outlook\Archives\archive-deleted.pst=>[Subject: ??Where was gone? (][From: zainon@thesundaily.com]=>DC 0016.zip
Updated

C:\Documents and Settings\NancyGail\Local Settings\Application Data\Microsoft\Outlook\Archives\archive-deleted.pst
Updated

C:\Program Files\BroadJump\Client Foundation\CFD.exe
Detected with: Adware.CFD

C:\Program Files\BroadJump\Client Foundation\CFD.exe
Deleted

C:\Program Files\WinRAR\winrar-Generic_Crack.exe
Infected with: Virtool.21504

C:\Program Files\WinRAR\winrar-Generic_Crack.exe
Deleted

C:\System Volume Information\_restore{2F2B9585-4F98-43F6-8703-5219DC775BEC}\RP115\A0022183.exe
Detected with: Adware.CFD

C:\System Volume Information\_restore{2F2B9585-4F98-43F6-8703-5219DC775BEC}\RP115\A0022183.exe
Deleted

C:\System Volume Information\_restore{2F2B9585-4F98-43F6-8703-5219DC775BEC}\RP115\A0022184.exe
Infected with: Virtool.21504

C:\System Volume Information\_restore{2F2B9585-4F98-43F6-8703-5219DC775BEC}\RP115\A0022184.exe
Deleted

C:\WINDOWS\system32\dsound3dd.dll
Infected with: Gen:Trojan.Heur.0049B69D9D

C:\WINDOWS\system32\dsound3dd.dll
Disinfection failed

C:\WINDOWS\system32\dsound3dd.dll
Deleted

C:\_OTMoveIt\MovedFiles\04112009_121702\AUDIO\!MP3 SPLITTERS JOINERS\Cool MP3 Splitter (and joiner) 2.02 (Inc Crack)\mp3splitter.exe
Infected with: Trojan.Generic.1253808

C:\_OTMoveIt\MovedFiles\04112009_121702\AUDIO\!MP3 SPLITTERS JOINERS\Cool MP3 Splitter (and joiner) 2.02 (Inc Crack)\mp3splitter.exe
Deleted

C:\_OTMoveIt\MovedFiles\04112009_121702\LAST C DRIVE\Documents and Settings\Nancy\Local Settings\temp\~tmp\hmunmlcn38a\svchost.exe
Infected with: Trojan.Generic.1380506

C:\_OTMoveIt\MovedFiles\04112009_121702\LAST C DRIVE\Documents and Settings\Nancy\Local Settings\temp\~tmp\hmunmlcn38a\svchost.exe
Deleted

C:\_OTMoveIt\MovedFiles\04112009_121702\LAST C DRIVE\Documents and Settings\Nancy\Local Settings\temp\~tmp\msycn04\mdm.exe
Infected with: Worm.Generic.46048

C:\_OTMoveIt\MovedFiles\04112009_121702\LAST C DRIVE\Documents and Settings\Nancy\Local Settings\temp\~tmp\msycn04\mdm.exe
Deleted

C:\_OTMoveIt\MovedFiles\04112009_121702\LAST C DRIVE\Documents and Settings\Nancy\Local Settings\temp\~tmp\sps32_1\mdm32.exe
Infected with: Trojan.Generic.1396156

C:\_OTMoveIt\MovedFiles\04112009_121702\LAST C DRIVE\Documents and Settings\Nancy\Local Settings\temp\~tmp\sps32_1\mdm32.exe
Deleted

E:\LAST C DRIVE\Documents and Settings\Nancy\Local Settings\Application Data\Identities\{C98238B7-B17B-4CF9-93F3-42A8FEBEFB34}\Microsoft\Outlook Express\Inbox.dbx=>(message 126): Anjelina Jolie Free Video.=>[Subject: Anjelina Jolie Free Video.]=>(MIME part)=>Angelina_Jolie.rar
Infected with: Trojan.Agent.AFNZ

E:\LAST C DRIVE\Documents and Settings\Nancy\Local Settings\Application Data\Identities\{C98238B7-B17B-4CF9-93F3-42A8FEBEFB34}\Microsoft\Outlook Express\Inbox.dbx=>(message 126): Anjelina Jolie Free Video.=>[Subject: Anjelina Jolie Free Video.]=>(MIME part)=>Angelina_Jolie.rar
Deleted

E:\LAST C DRIVE\Documents and Settings\Nancy\Local Settings\Application Data\Identities\{C98238B7-B17B-4CF9-93F3-42A8FEBEFB34}\Microsoft\Outlook Express\Inbox.dbx=>(message 126): Anjelina Jolie Free Video.=>[Subject: Anjelina Jolie Free Video.]=>(MIME part)
Updated

E:\LAST C DRIVE\Documents and Settings\Nancy\Local Settings\Application Data\Identities\{C98238B7-B17B-4CF9-93F3-42A8FEBEFB34}\Microsoft\Outlook Express\Inbox.dbx=>(message 126): Anjelina Jolie Free Video.
Updated

E:\LAST C DRIVE\Documents and Settings\Nancy\Local Settings\Application Data\Identities\{C98238B7-B17B-4CF9-93F3-42A8FEBEFB34}\Microsoft\Outlook Express\Inbox.dbx
Updated

E:\LAST C DRIVE\Program Files\Any to Icon\AnyToIcon_v212_DIGERATI_patch.exe
Infected with: Trojan.Generic.100316

E:\LAST C DRIVE\Program Files\Any to Icon\AnyToIcon_v212_DIGERATI_patch.exe
Deleted

E:\System Volume Information\_restore{2F2B9585-4F98-43F6-8703-5219DC775BEC}\RP114\A0021899.exe
Infected with: Trojan.Generic.1380506

E:\System Volume Information\_restore{2F2B9585-4F98-43F6-8703-5219DC775BEC}\RP114\A0021899.exe
Deleted

E:\System Volume Information\_restore{2F2B9585-4F98-43F6-8703-5219DC775BEC}\RP114\A0021900.exe
Infected with: Worm.Generic.46048

E:\System Volume Information\_restore{2F2B9585-4F98-43F6-8703-5219DC775BEC}\RP114\A0021900.exe
Deleted

E:\System Volume Information\_restore{2F2B9585-4F98-43F6-8703-5219DC775BEC}\RP114\A0021901.exe
Infected with: Trojan.Generic.1396156

E:\System Volume Information\_restore{2F2B9585-4F98-43F6-8703-5219DC775BEC}\RP114\A0021901.exe
Deleted

E:\System Volume Information\_restore{2F2B9585-4F98-43F6-8703-5219DC775BEC}\RP115\A0022206.exe
Infected with: Trojan.Generic.100316

E:\System Volume Information\_restore{2F2B9585-4F98-43F6-8703-5219DC775BEC}\RP115\A0022206.exe
Deleted

F:\1-Family\Roy\RoysZipDisks\Mail Backup\Deleted Items.dbx=>(message 7): Roy's Music
Infected with: JS.Kak.Z1

F:\1-Family\Roy\RoysZipDisks\Mail Backup\Deleted Items.dbx=>(message 7): Roy's Music
Deleted

F:\1-Family\Roy\RoysZipDisks\Mail Backup\Deleted Items.dbx
Updated

F:\1-Family\Roy\RoysZipDisks\Mail Backup\Inbox.dbx=>(message 6): P5 / Project and tasks....
Infected with: JS.Kak.A

F:\1-Family\Roy\RoysZipDisks\Mail Backup\Inbox.dbx=>(message 6): P5 / Project and tasks....
Disinfection failed

F:\1-Family\Roy\RoysZipDisks\Mail Backup\Inbox.dbx=>(message 6): P5 / Project and tasks....
Deleted

F:\1-Family\Roy\RoysZipDisks\Mail Backup\Inbox.dbx
Updated

F:\1-Family\Roy\RoysZipDisks\Mail Backup\Inbox.dbx=>(message 94): P5 / Active Participant Census - Blank totals in folder report corrected....
Infected with: JS.Kak.Z1

F:\1-Family\Roy\RoysZipDisks\Mail Backup\Inbox.dbx=>(message 94): P5 / Active Participant Census - Blank totals in folder report corrected....
Deleted

F:\1-Family\Roy\RoysZipDisks\Mail Backup\Inbox.dbx
Updated

F:\1-Family\Roy\RoysZipDisks\Mail Backup\Inbox.dbx=>(message 101): P5 / Project and tasks....
Infected with: JS.Kak.A

F:\1-Family\Roy\RoysZipDisks\Mail Backup\Inbox.dbx=>(message 101): P5 / Project and tasks....
Disinfection failed

F:\1-Family\Roy\RoysZipDisks\Mail Backup\Inbox.dbx=>(message 101): P5 / Project and tasks....
Deleted

F:\1-Family\Roy\RoysZipDisks\Mail Backup\Inbox.dbx
Updated

F:\1-Family\Roy\RoysZipDisks\Mail Backup\Inbox.dbx=>(message 112): P5 / Visual LANSA - DEM27 Signon example?
Infected with: JS.Kak.Z1

F:\1-Family\Roy\RoysZipDisks\Mail Backup\Inbox.dbx=>(message 112): P5 / Visual LANSA - DEM27 Signon example?
Deleted

F:\1-Family\Roy\RoysZipDisks\Mail Backup\Inbox.dbx
Updated

F:\1-Family\Roy\RoysZipDisks\Mail Backup\Inbox.dbx=>(message 113): P5 / LANSA - Case Note Functions
Infected with: JS.Kak.Z1

F:\1-Family\Roy\RoysZipDisks\Mail Backup\Inbox.dbx=>(message 113): P5 / LANSA - Case Note Functions
Deleted

F:\1-Family\Roy\RoysZipDisks\Mail Backup\Inbox.dbx
Updated

F:\1-Family\Roy\RoysZipDisks\Mail Backup\Inbox.dbx=>(message 114): P5 / LANSA - Case Note parameters
Infected with: JS.Kak.Z1

F:\1-Family\Roy\RoysZipDisks\Mail Backup\Inbox.dbx=>(message 114): P5 / LANSA - Case Note parameters
Deleted

F:\1-Family\Roy\RoysZipDisks\Mail Backup\Inbox.dbx
Updated

F:\1-Family\Roy\RoysZipDisks\Mail Backup\Inbox.dbx=>(message 115): P5 / LANSA - Case Note Functions
Infected with: JS.Kak.Z1

F:\1-Family\Roy\RoysZipDisks\Mail Backup\Inbox.dbx=>(message 115): P5 / LANSA - Case Note Functions
Deleted

F:\1-Family\Roy\RoysZipDisks\Mail Backup\Inbox.dbx
Updated

F:\1-Family\Roy\RoysZipDisks\Mail Backup\Inbox.dbx=>(message 117): P5 / Visual LANSA / Duplicate file names in seperate libraries?
Infected with: JS.Kak.Z1

F:\1-Family\Roy\RoysZipDisks\Mail Backup\Inbox.dbx=>(message 117): P5 / Visual LANSA / Duplicate file names in seperate libraries?
Deleted

F:\1-Family\Roy\RoysZipDisks\Mail Backup\Inbox.dbx
Updated

F:\1-Family\Roy\RoysZipDisks\Mail Backup\Inbox.dbx=>(message 118): P5 / Visual LANSA / Multiple libraries and Library lists?
Infected with: JS.Kak.Z1

F:\1-Family\Roy\RoysZipDisks\Mail Backup\Inbox.dbx=>(message 118): P5 / Visual LANSA / Multiple libraries and Library lists?
Deleted

F:\1-Family\Roy\RoysZipDisks\Mail Backup\Inbox.dbx
Updated

F:\1-Family\Roy\RoysZipDisks\Mail Backup\Inbox.dbx=>(message 120): VL Parent / Child Form sample code...
Infected with: JS.Kak.Z1

F:\1-Family\Roy\RoysZipDisks\Mail Backup\Inbox.dbx=>(message 120): VL Parent / Child Form sample code...
Deleted

F:\1-Family\Roy\RoysZipDisks\Mail Backup\Inbox.dbx
Updated

F:\1-Family\Roy\RoysZipDisks\Mail Backup\Inbox.dbx=>(message 123): P5 / Visual LANSA - Sample connection code...
Infected with: JS.Kak.Z1

F:\1-Family\Roy\RoysZipDisks\Mail Backup\Inbox.dbx=>(message 123): P5 / Visual LANSA - Sample connection code...
Deleted

F:\1-Family\Roy\RoysZipDisks\Mail Backup\Inbox.dbx
Updated

F:\1-Family\Roy\RoysZipDisks\Mail Backup\Inbox.dbx=>(message 125): LANSA systems upgraded to v8.0!
Infected with: JS.Kak.Z1

F:\1-Family\Roy\RoysZipDisks\Mail Backup\Inbox.dbx=>(message 125): LANSA systems upgraded to v8.0!
Deleted

F:\1-Family\Roy\RoysZipDisks\Mail Backup\Inbox.dbx
Updated

F:\Computer Info\Virus-Adware\Virus - june 08\Combo Fix 1\ComboFix.exe
Infected with: Trojan.Generic.1328148

F:\Computer Info\Virus-Adware\Virus - june 08\Combo Fix 1\ComboFix.exe
Deleted

F:\System Volume Information\_restore{2F2B9585-4F98-43F6-8703-5219DC775BEC}\RP115\A0022207.exe
Infected with: Trojan.Generic.1328148

F:\System Volume Information\_restore{2F2B9585-4F98-43F6-8703-5219DC775BEC}\RP115\A0022207.exe
Deleted

H:\Games\[KIDS].Fisher.Price.Toddler.and.Farm.Reader.Rabbit.Baby.and.Toddler.iso=>Reader Rabbit Baby/INSTALL/BRODCAST/DSSAGENT.EXE
Detected with: Adware.Background.A

H:\Games\[KIDS].Fisher.Price.Toddler.and.Farm.Reader.Rabbit.Baby.and.Toddler.iso=>Reader Rabbit Baby/INSTALL/BRODCAST/DSSAGENT.EXE
Deleted

H:\Games\[KIDS].Fisher.Price.Toddler.and.Farm.Reader.Rabbit.Baby.and.Toddler.iso
Update failed

H:\Games\[KIDS].Fisher.Price.Toddler.and.Farm.Reader.Rabbit.Baby.and.Toddler.iso=>Reader Rabbit Toddler/INSTALL/BRODCAST/DSSAGENT.EXE
Detected with: Adware.Background.A

H:\Games\[KIDS].Fisher.Price.Toddler.and.Farm.Reader.Rabbit.Baby.and.Toddler.iso=>Reader Rabbit Toddler/INSTALL/BRODCAST/DSSAGENT.EXE
Deleted

H:\Games\[KIDS].Fisher.Price.Toddler.and.Farm.Reader.Rabbit.Baby.and.Toddler.iso
Update failed

I:\AUDIO\!PLAYERS\MusicMatch Jukebox v9.0 Plus + Crack + DFX v6.4\MusicMatch Jukebox v9.0 Plus + Crack + DFX v6.4\Keymaker.exe
Infected with: Virtool.16331

I:\AUDIO\!PLAYERS\MusicMatch Jukebox v9.0 Plus + Crack + DFX v6.4\MusicMatch Jukebox v9.0 Plus + Crack + DFX v6.4\Keymaker.exe
Deleted

I:\GRAPHIC DESIGN\!ADOBE SOTWARE\Adobe Illustrator CS2, After Effects 7,Encore 2, Photoshop CS2,Premiere Pro 2, Audition 2.rar=>Adobe Illustrator CS2, After Effects 7,Encore 2, Photoshop CS2,Premiere Pro 2, Audition 2\Adobe Illustrator CS2 espa?ol.rar=>Adobe Illustrator CS2 espa?ol\OS-Adobe_CS2_KeyGen_Tryout_to_Full.exe
Infected with: Backdoor.Generic.39577

I:\GRAPHIC DESIGN\!ADOBE SOTWARE\Adobe Illustrator CS2, After Effects 7,Encore 2, Photoshop CS2,Premiere Pro 2, Audition 2.rar=>Adobe Illustrator CS2, After Effects 7,Encore 2, Photoshop CS2,Premiere Pro 2, Audition 2\Adobe Illustrator CS2 espa?ol.rar=>Adobe Illustrator CS2 espa?ol\OS-Adobe_CS2_KeyGen_Tryout_to_Full.exe
Deleted

I:\GRAPHIC DESIGN\!ADOBE SOTWARE\Adobe Illustrator CS2, After Effects 7,Encore 2, Photoshop CS2,Premiere Pro 2, Audition 2.rar=>Adobe Illustrator CS2, After Effects 7,Encore 2, Photoshop CS2,Premiere Pro 2, Audition 2\Adobe Illustrator CS2 espa?ol.rar
Update failed

I:\GRAPHIC DESIGN\!PSP\Two.Pilots.MakeUp.Pilot.v2.00.incl.keygen-Tsrh.by.ChingLiu[eMulek.com.pl]\Keygen.exe
Infected with: Gen:Trojan.Heur.GM.0060630522

I:\GRAPHIC DESIGN\!PSP\Two.Pilots.MakeUp.Pilot.v2.00.incl.keygen-Tsrh.by.ChingLiu[eMulek.com.pl]\Keygen.exe
Disinfection failed

I:\GRAPHIC DESIGN\!PSP\Two.Pilots.MakeUp.Pilot.v2.00.incl.keygen-Tsrh.by.ChingLiu[eMulek.com.pl]\Keygen.exe
Deleted

I:\GRAPHIC DESIGN\Any to Icon 3.30\AnyToIcon_v212_DIGERATI_patch.exe
Infected with: Trojan.Generic.100316

I:\GRAPHIC DESIGN\Any to Icon 3.30\AnyToIcon_v212_DIGERATI_patch.exe
Deleted

I:\System Volume Information\_restore{2F2B9585-4F98-43F6-8703-5219DC775BEC}\RP114\A0021897.exe
Infected with: Trojan.Generic.1253808

I:\System Volume Information\_restore{2F2B9585-4F98-43F6-8703-5219DC775BEC}\RP114\A0021897.exe
Deleted

I:\System Volume Information\_restore{2F2B9585-4F98-43F6-8703-5219DC775BEC}\RP115\A0022208.exe
Infected with: Virtool.16331

I:\System Volume Information\_restore{2F2B9585-4F98-43F6-8703-5219DC775BEC}\RP115\A0022208.exe
Deleted

I:\System Volume Information\_restore{2F2B9585-4F98-43F6-8703-5219DC775BEC}\RP115\A0022210.exe
Infected with: Gen:Trojan.Heur.GM.0060630522

I:\System Volume Information\_restore{2F2B9585-4F98-43F6-8703-5219DC775BEC}\RP115\A0022210.exe
Disinfection failed

I:\System Volume Information\_restore{2F2B9585-4F98-43F6-8703-5219DC775BEC}\RP115\A0022210.exe
Deleted

I:\System Volume Information\_restore{2F2B9585-4F98-43F6-8703-5219DC775BEC}\RP115\A0022211.exe
Infected with: Trojan.Generic.100316

I:\System Volume Information\_restore{2F2B9585-4F98-43F6-8703-5219DC775BEC}\RP115\A0022211.exe
Deleted

I:\UTILITIES\!BACKUP PROGRAMS\Genie Backupmanager Pro 7.0\geniebackupmanprokeygen.exe
Infected with: Trojan.Packed.32862

I:\UTILITIES\!BACKUP PROGRAMS\Genie Backupmanager Pro 7.0\geniebackupmanprokeygen.exe
Deleted

I:\UTILITIES\!ZIP PROGRAMS\winrar-Generic_Crack.exe
Infected with: Virtool.21504

I:\UTILITIES\!ZIP PROGRAMS\winrar-Generic_Crack.exe
Deleted

I:\VIDEO\Replay Media Catcher UNUSED- grabs online video\Replay.Media.Catcher.v3.0.1.Cracked-AHCU.rar=>Replay.Media.Catcher.v3.0.1.Cracked-AHCU\Replay.Media.Catcher.v3.0.1.Cracked-AHCU\MediaCatcher.exe
Infected with: Packer.PESpin.A

I:\VIDEO\Replay Media Catcher UNUSED- grabs online video\Replay.Media.Catcher.v3.0.1.Cracked-AHCU.rar=>Replay.Media.Catcher.v3.0.1.Cracked-AHCU\Replay.Media.Catcher.v3.0.1.Cracked-AHCU\MediaCatcher.exe
Disinfection failed

I:\VIDEO\Replay Media Catcher UNUSED- grabs online video\Replay.Media.Catcher.v3.0.1.Cracked-AHCU.rar=>Replay.Media.Catcher.v3.0.1.Cracked-AHCU\Replay.Media.Catcher.v3.0.1.Cracked-AHCU\MediaCatcher.exe
Deleted

I:\VIDEO\Replay Media Catcher UNUSED- grabs online video\Replay.Media.Catcher.v3.0.1.Cracked-AHCU.rar
Update failed

I:\VIDEO\Replay Media Catcher UNUSED- grabs online video\Replay_Media_Catcher_3_incl_keygen.rar=>keygen.exe
Infected with: Virtool.21032

I:\VIDEO\Replay Media Catcher UNUSED- grabs online video\Replay_Media_Catcher_3_incl_keygen.rar=>keygen.exe
Deleted

I:\VIDEO\Replay Media Catcher UNUSED- grabs online video\Replay_Media_Catcher_3_incl_keygen.rar
Update failed

I:\VIDEO\VIDEO CREATION\Pinnacle Studio 11 Ultimate - Multilanguage - Vista CompatibileNOTUSED.iso=>Keys/Studio 11 Keygen NTSC.exe
Detected with: Dialer.Generic.20781

I:\VIDEO\VIDEO CREATION\Pinnacle Studio 11 Ultimate - Multilanguage - Vista CompatibileNOTUSED.iso=>Keys/Studio 11 Keygen NTSC.exe
Disinfection failed

I:\VIDEO\VIDEO CREATION\Pinnacle Studio 11 Ultimate - Multilanguage - Vista CompatibileNOTUSED.iso=>Keys/Studio 11 Keygen NTSC.exe
Deleted

I:\VIDEO\VIDEO CREATION\Pinnacle Studio 11 Ultimate - Multilanguage - Vista CompatibileNOTUSED.iso
Update failed

I:\VIDEO\VIDEO CREATION\Pinnacle.Studio.Plus.v10.5.1.Titanium.Edition.Multilanguage-SHooTERS\CD1\Pinnacle.Studio.Plus.v10.5.1.Titanium.Edition.Multilanguage CD1.bin=>Crack/keygen.exe
Infected with: Trojan.Packed.8266

I:\VIDEO\VIDEO CREATION\Pinnacle.Studio.Plus.v10.5.1.Titanium.Edition.Multilanguage-SHooTERS\CD1\Pinnacle.Studio.Plus.v10.5.1.Titanium.Edition.Multilanguage CD1.bin=>Crack/keygen.exe
Deleted

I:\VIDEO\VIDEO CREATION\Pinnacle.Studio.Plus.v10.5.1.Titanium.Edition.Multilanguage-SHooTERS\CD1\Pinnacle.Studio.Plus.v10.5.1.Titanium.Edition.Multilanguage CD1.bin
Update failed

I:\VIDEO\Video Software-Various - Check out - Some used Some not\Fox.DVD.Ripper.7.2.4.16.by.DH.rar=>Patch\fox.dvd.ripper.v7.2.4.16-patch.exe
Infected with: Virtool.24750

I:\VIDEO\Video Software-Various - Check out - Some used Some not\Fox.DVD.Ripper.7.2.4.16.by.DH.rar=>Patch\fox.dvd.ripper.v7.2.4.16-patch.exe
Deleted

I:\VIDEO\Video Software-Various - Check out - Some used Some not\Fox.DVD.Ripper.7.2.4.16.by.DH.rar
Update failed

I:\WEB DESIGN\Macromedia Programs\CS 3 Stuff\AdobeStudio CS3-FlashFireworks_Dreamweaver-NOT USED\Flash_CS3_en\Keygen.exe
Infected with: Trojan.Generic.62956

I:\WEB DESIGN\Macromedia Programs\CS 3 Stuff\AdobeStudio CS3-FlashFireworks_Dreamweaver-NOT USED\Flash_CS3_en\Keygen.exe
Deleted

R:\ARCHIVE\Roys Laptop Stuff\EBook\Ebook Edit Pro 3.31.exe=>(Instyler o)=>(Instyler Module 5)
Infected with: Trojan.Generic.887911

R:\ARCHIVE\Roys Laptop Stuff\EBook\Ebook Edit Pro 3.31.exe=>(Instyler o)=>(Instyler Module 5)
Deleted

R:\ARCHIVE\Roys Laptop Stuff\EBook\Ebook Edit Pro 3.31.exe=>(Instyler o)
Update failed

W:\Family\www.rectors.net\gallery\albums\index.php
Infected with: Trojan.Exploit.Iframe.AN

W:\Family\www.rectors.net\gallery\albums\index.php
Deleted

W:\Family\www.rectors.net\gallery\docs\index.htm
Infected with: Trojan.Exploit.Iframe.AN

W:\Family\www.rectors.net\gallery\docs\index.htm
Deleted

W:\Family\www.rectors.net\gallery\include\index.html
Infected with: Trojan.Exploit.Iframe.AN

W:\Family\www.rectors.net\gallery\include\index.html
Deleted




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:36:17 AM, on 4/13/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2009 DVD\EDICT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hotkey CD Eject\cdeject.exe
C:\Program Files\AllToTray\AllToTray.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\twhirl\twhirl.exe
C:\Program Files\Maxthon2\Maxthon.exe
I:\MISC SOFTWARE\!TEXT\AlotNotes\notes.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Recordpad] "C:\Program Files\NCH Swift Sound\Recordpad\recordpad.exe" -logon
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [L09AXLRD_139214234] "C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2009 DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Hotkey CD Eject] C:\Program Files\Hotkey CD Eject\cdeject.exe
O4 - HKCU\..\Run: [AllToTray] C:\Program Files\AllToTray\AllToTray.exe
O4 - HKCU\..\Run: [Second Copy] "C:\Program Files\SecCopy\SecCopy.exe"
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Directrec Configuration Tool.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Copy plain text for WhizFolders - C:\Program Files\WhizFolders Organizer Deluxe\copytool.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://a248.e.akamai.net
O15 - Trusted Zone: http://*.bitdefender.com
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O15 - Trusted Zone: http://ssl-hints.netflame.cc
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 5859193093
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/L ... nstall.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/ ... 586-jc.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DM1Service - OLYMPUS Corporation - C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: hpdj00 - Unknown owner - C:\DOCUME~1\NANCYG~1\LOCALS~1\Temp\hpdj00.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

--
End of file - 11149 bytes
nanrector
Regular Member
 
Posts: 47
Joined: June 12th, 2005, 7:16 pm

Re: Internet issues

Unread postby Bio-Hazard » April 14th, 2009, 5:21 am

I have turned off my AVG because it kept poping up with viruses. I was not sure if I should remove them or not during this process. Let me know if I should keep AVG running and if I should delete anything it finds.
Thanks again for all your help. It is greatly appreciated!


When did this happen? Was it when you were running the online scan? If AVG flags something suspicious you should remove them, bare in mind that there is a small chance of false positive which means that AVG flags a legitimate file.


I am glad to help. You are doing the hard work.

Do you have any other problems?


Remove HijackThis entries

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    O15 - Trusted Zone: http://a248.e.akamai.net

  • Close all open windows and browsers/email etc...
  • Click on the Fix Checked button
  • When completed close the application.

Please post a new HijackThis log for me to see.
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: Internet issues

Unread postby nanrector » April 14th, 2009, 9:11 am

All right. I was just unsure if I should be using the AVG while you were helping me. Ü I'll remove anything it shows from now on if I know its not a legitimate file.
My machine seems to be acting fine now. I will run an AVG scan after this though to see if it shows anything and let you know how that went.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:10:07 AM, on 4/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2009 DVD\EDICT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hotkey CD Eject\cdeject.exe
C:\Program Files\AllToTray\AllToTray.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\twhirl\twhirl.exe
C:\Program Files\Maxthon2\Maxthon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Recordpad] "C:\Program Files\NCH Swift Sound\Recordpad\recordpad.exe" -logon
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [L09AXLRD_139214234] "C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2009 DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Hotkey CD Eject] C:\Program Files\Hotkey CD Eject\cdeject.exe
O4 - HKCU\..\Run: [AllToTray] C:\Program Files\AllToTray\AllToTray.exe
O4 - HKCU\..\Run: [Second Copy] "C:\Program Files\SecCopy\SecCopy.exe"
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Directrec Configuration Tool.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Copy plain text for WhizFolders - C:\Program Files\WhizFolders Organizer Deluxe\copytool.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 5859193093
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/L ... nstall.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/ ... 586-jc.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DM1Service - OLYMPUS Corporation - C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: hpdj00 - Unknown owner - C:\DOCUME~1\NANCYG~1\LOCALS~1\Temp\hpdj00.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

--
End of file - 10830 bytes
nanrector
Regular Member
 
Posts: 47
Joined: June 12th, 2005, 7:16 pm

Re: Internet issues

Unread postby Bio-Hazard » April 14th, 2009, 3:01 pm

nanrector wrote:My machine seems to be acting fine now. I will run an AVG scan after this though to see if it shows anything and let you know how that went.


That is good news. Let me know the results of the AVG scan so i can give you all clear. :)
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: Internet issues

Unread postby nanrector » April 15th, 2009, 8:28 am

My AVG Scan found only these and removed them to the Virus Vault:


"J:\System Volume Information\_restore{EB4D7A65-23D1-41AF-BE13-1088110DE567}\RP464\A0467723.exe";"Virus found Win32/Virut";"Moved to Virus Vault"

"S:\System Volume Information\_restore{EB4D7A65-23D1-41AF-BE13-1088110DE567}\RP464\A0467689.exe";"Virus found Win32/Virut";"Moved to Virus Vault"


I also use XoftSpySE which was finding some pretty high risk things before your help. I ran it and all it found was the normal low risk cookies along with one registry key for software\kazaa which I had it remove.

Looks like I'm clean!
nanrector
Regular Member
 
Posts: 47
Joined: June 12th, 2005, 7:16 pm

Re: Internet issues

Unread postby Bio-Hazard » April 15th, 2009, 10:57 am

Your log now appears to be clean. Congratulations!

You can get rid of the tools we used:
  • ATF cleaner(You can just delete the exe file from your desktop)
  • ERUNT(You can uninstall it from Add/Remove Programs)
  • AVG remover(You can just delete the exe file from your desktop)

Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints Malware Complaints. You need to be registered to post as, unfortunately, we were hit with too many spam posts to allow guest posting to continue. Just find your country room and register your complaint.

    Delete ComboFix and Clean Up
    Click Start > Run > type combofix /u > OK (Note the space between combofix and /u)
    Image
    Please advise if this step is missed for any reason as it performs some important actions.

    Clean up with OTMoveIt3

    • Double-click OTMoveIt3.exe to start the program.
    • Close all other programs apart from OTMoveIt3 as this step will require a reboot
    • On the OTMoveIt main screen, press the CleanUp! button
    • Say Yes to the prompt and then allow the program to reboot your computer.


    General Security and Computer Health
    Below are some steps to follow in order to dramatically lower the chances of reinfection. You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented.

    • Make sure that you keep your antivirus updated
      New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
      NOTE: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
    • Security Updates for Windows, Internet Explorer & Microsoft Office
      Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.
      NOTE: The update process uses ActiveX, so you will need to use internet explorer for it and allow the ActiveX control to install.
    • Update Non-Microsoft Programs
      Microsoft isn't the only company whose products can contain security vulnerabilities. To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector or F-secure Health Check. I suggest that you run one of them at least once a month.
    • Make Internet Explorer More Secure
      You are using Internet Explorer v. 7. Therefore please read and follow the recommendations at this SITE


    Recommended Programs

    I would recommend the download and installation of some or all of the following programs (if not already present), and the updating of them on a regular basis.

    • WinPatrol
      As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit HERE.
    • SpywareBlaster
      SpywareBlaster sets killbits in the registry to prevent known malicious ActiveX controls from installing on your computer. If you don't know what ActiveX controls are, see HERE. You can download SpywareBlaster from HERE.
    • Malwarebytes' Anti-Malware
      Malwarebytes' Anti-Malware is an anti-malware application that can thoroughly remove even the most advanced malware. It includes a number of features, including a built in protection monitor that blocks malicious processes before they even start.You can download Malwarebytes' Anti-Malware from HERE. Here are two tutorials: Malwarebytes' Anti-Malware Setup Guide and Malwarebytes' Anti-Malware Scanning Guide.
    • Hosts File
      For added protection you may also like to add a host file. A simple explanation of what a Hosts file does is HERE and for more information regarding host files read HERE.
    • Use an alternative Internet Browser
      Many of the exploits are directed to users of Internet Explorer. Try using a different browser instead: Firefox or Opera


Here is a great article by miekiemoes How to prevent Malware.


Finally I am trying to make one point very clear. It is ABSOLUTELY ESSENTIAL to keep all of your security programs up to date.

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Happy surfing and stay clean!

Bio-Hazard
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: Internet issues

Unread postby nanrector » April 15th, 2009, 2:37 pm

I read over everything and completed the last steps.

Thank you again Bio-Hazard for your donation of time in helping me fix these problems. I greatly appreciate it.

Have a wonderful day my friend,

Nancy
nanrector
Regular Member
 
Posts: 47
Joined: June 12th, 2005, 7:16 pm

Re: Internet issues

Unread postby Gary R » April 15th, 2009, 3:03 pm

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21871
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 29 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware