Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Please oh Please help me!!!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Please oh Please help me!!!

Unread postby ExquisiteRena » July 15th, 2010, 2:10 pm

I don't know if you help anyone who needs help but I'm desperate so I certainly hope so. I'm not any sort of computer genius but I thought I could tackle whatever has been going on and I'm not doing so well. The virus that I have just keeps recreating itself. I've tried all sorts of scans and stuff - some of which I don't have a clue about and it just isn't working. Please help!

Here is the hijack this file:


Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 11:04:09 AM, on 7/15/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\RtHDVCpl.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Email Marketer Business Edition\Monitor.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\WINDOWS\WindowsMobile\wmdc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
C:\Program Files\dvd43\DVD43_Tray.exe
C:\WINDOWS\vsnp2uvc.exe
C:\WINDOWS\tsnp2uvc.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Program Files\Provide Support\Live Support Chat for Web Site\ProvideSupportConsole.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
C:\Windows\System32\mobsync.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: wit for ie - {75ED56AF-4DC9-4243-A30C-4EF4DD0CA28F} - C:\Program Files\ChameleonTom\wit4ie.dll (file missing)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [snpstd3] C:\Windows\vsnpstd3.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Email Marketer Monitor] C:\Program Files\Email Marketer Business Edition\Monitor.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\Windows\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC7311\Monitor.exe
O4 - HKLM\..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe
O4 - HKLM\..\Run: [tsnp2uvc] C:\Windows\tsnp2uvc.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Mobile Connectivity Suite] "C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKCU\..\Run: [ProvideSupportOperatorConsole] C:\PROGRA~1\PROVID~1\LIVESU~1\PROVID~1.EXE
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Digsby.lnk = C:\Program Files\Digsby\digsby.exe
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res:///105
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ColdFusion 8 .NET Service - Unknown owner - C:\ColdFusion8\jnbridge\CF8DotNetsvc.exe
O23 - Service: ColdFusion 8 Application Server - Macromedia Inc. - C:\ColdFusion8\runtime\bin\jrunsvc.exe
O23 - Service: ColdFusion 8 ODBC Agent - Unknown owner - C:\ColdFusion8\db\slserver54\bin\swagent.exe
O23 - Service: ColdFusion 8 ODBC Server - Unknown owner - C:\ColdFusion8\db\slserver54\bin\swstrtr.exe
O23 - Service: ColdFusion 8 Search Server - Verity, Inc. - C:\ColdFusion8\verity\k2\_nti40\bin\k2admin.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Email Marketer Scheduler (MLESchedulerService) - Nesox Solutions - C:\Program Files\Email Marketer Business Edition\Marketer.exe
O23 - Service: Email Marketer Subscriber (MLESubscriberService) - Nesox Solutions - C:\Program Files\Email Marketer Business Edition\Marketer.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: OSCM Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 11456 bytes


Thank you so much for anything you can do :)
ExquisiteRena
Active Member
 
Posts: 2
Joined: July 15th, 2010, 2:02 pm
Advertisement
Register to Remove

Re: Please oh Please help me!!!

Unread postby ExquisiteRena » July 16th, 2010, 10:01 am

If it helps - I think I've tackled the biggest problem which was that searchsettings v.1.2.3 by spigot, inc. virus. I've done quite a few things and it seems from my latest scan that my only remaining issues are located in email files (outlook .pst files) and I don't know what to do with those):

KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, July 16, 2010
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, July 15, 2010 07:29:47
Records in database: 4220554
Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes
Scan area My Computer
C:\
D:\
E:\
F:\
G:\
H:\
I:\
K:\
Scan statistics
Objects scanned 1081474
Threats found 5
Infected objects found 16
Suspicious objects found 5
Scan duration 18:23:22

File name Threat Threats count
C:\Program Files\UltraVNC\winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.ac 1
C:\Users\Exquisite Air\AppData\Local\Microsoft\Outlook\info@angelwingflights.org(2).pst Infected: Trojan-Dropper.Win32.Agent.bveu 1
C:\Users\Exquisite Air\Desktop\desktop\New Folder\re\nk2view.zip Infected: not-a-virus:PSWTool.Win32.MailPassView.af 1
C:\Users\Exquisite Air\Desktop\external hard drive\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Downloaded Installations\{DA0CEEE4-E986-4AA0-BDB4-1AD53E77A054}\rserv31.msi Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.n 1
K:\Seagate Backup\EXQUISITEAIR-PC\C\Program Files\UltraVNC\winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.ac 1
K:\Seagate Backup\EXQUISITEAIR-PC\C\Users\Exquisite Air\AppData\Local\Microsoft\Outlook\info@angelwingflights.org(2).pst Infected: Trojan-Dropper.Win32.Agent.bveu 1
K:\Seagate Backup\EXQUISITEAIR-PC\C\Users\Exquisite Air\Desktop\desktop\New Folder\re\nk2view.zip Infected: not-a-virus:PSWTool.Win32.MailPassView.af 1
K:\Seagate Backup\EXQUISITEAIR-PC\C\Users\Exquisite Air\Desktop\external hard drive\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Downloaded Installations\{DA0CEEE4-E986-4AA0-BDB4-1AD53E77A054}\rserv31.msi Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.n 1
K:\Seagate Backup\EXQUISITEAIR-PC\History\Level2\C\Users\Exquisite Air\AppData\Local\Microsoft\Outlook\info@angelwingflights.org(2).pst Infected: Trojan-Dropper.Win32.Agent.bveu 1
K:\Seagate Backup\EXQUISITEAIR-PC\History\Level3\C\Users\Exquisite Air\AppData\Local\Microsoft\Outlook\info@angelwingflights.org(2).pst Infected: Trojan-Dropper.Win32.Agent.bveu 1
K:\Seagate Backup\EXQUISITEAIR-PC\History\Level4\C\Users\Exquisite Air\AppData\Local\Microsoft\Outlook\info@angelwingflights.org(2).pst Infected: Trojan-Dropper.Win32.Agent.bveu 1
K:\Seagate Backup\EXQUISITEAIR-PC\History\Level4\C\Users\Exquisite Air\AppData\Local\Microsoft\Outlook\Rena Davenport.pst Suspicious: Trojan-Spy.HTML.Fraud.gen 1
K:\Seagate Backup\EXQUISITEAIR-PC\History\Level5\C\Users\Exquisite Air\AppData\Local\Microsoft\Outlook\info@angelwingflights.org(2).pst Infected: Trojan-Dropper.Win32.Agent.bveu 1
K:\Seagate Backup\EXQUISITEAIR-PC\History\Level5\C\Users\Exquisite Air\AppData\Local\Microsoft\Outlook\Rena Davenport.pst Suspicious: Trojan-Spy.HTML.Fraud.gen 1
K:\Seagate Backup\EXQUISITEAIR-PC\History\Level6\C\Users\Exquisite Air\AppData\Local\Microsoft\Outlook\info@angelwingflights.org(2).pst Infected: Trojan-Dropper.Win32.Agent.bveu 1
K:\Seagate Backup\EXQUISITEAIR-PC\History\Level6\C\Users\Exquisite Air\AppData\Local\Microsoft\Outlook\Rena Davenport.pst Suspicious: Trojan-Spy.HTML.Fraud.gen 1
K:\Seagate Backup\EXQUISITEAIR-PC\History\Level7\C\Users\Exquisite Air\AppData\Local\Microsoft\Outlook\info@angelwingflights.org(2).pst Infected: Trojan-Dropper.Win32.Agent.bveu 1
K:\Seagate Backup\EXQUISITEAIR-PC\History\Level7\C\Users\Exquisite Air\AppData\Local\Microsoft\Outlook\Rena Davenport.pst Suspicious: Trojan-Spy.HTML.Fraud.gen 1
K:\Seagate Backup\EXQUISITEAIR-PC\History\Level8\C\Users\Exquisite Air\AppData\Local\Microsoft\Outlook\info@angelwingflights.org(2).pst Infected: Trojan-Dropper.Win32.Agent.bveu 1
K:\Seagate Backup\EXQUISITEAIR-PC\History\Level8\C\Users\Exquisite Air\AppData\Local\Microsoft\Outlook\Rena Davenport.pst Suspicious: Trojan-Spy.HTML.Fraud.gen 1
K:\Seagate Backup\EXQUISITEAIR-PC\History\Level9\C\Users\Exquisite Air\AppData\Local\Microsoft\Outlook\info@angelwingflights.org(2).pst Infected: Trojan-Dropper.Win32.Agent.bveu 1
Selected area has been scanned.
ExquisiteRena
Active Member
 
Posts: 2
Joined: July 15th, 2010, 2:02 pm

Re: Please oh Please help me!!!

Unread postby Dakeyras » July 16th, 2010, 1:41 pm

You have replied to your own topic, and as a result we must close this topic.

May I draw your attention to THIS topic, which you should have read before posting for help.

THIS is the section that tells you why you should not reply to your own topic.

This topic will now be closed.

If you still require help, please open a new thread in the Malware Removal forum, post the logs asked for in the first topic I linked to and wait for assistance
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 45 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware