Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Potentially dangerous cookies & strange goings on

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Potentially dangerous cookies & strange goings on

Unread postby diggerdi » February 2nd, 2011, 6:51 pm

You've helped me before, please will you help me again?

Yesterday,1 February, I had to log on Windows mail, which I have never had to do before. I then "received" hundreds of old e-mails dating as far back as 2008 (before I had my present internet/e-mail provider, BT)

Today, 2 February, I have not received any e-mails via Windows Mail, but have been able to get them via BT Yahoo, GMail and SkyMail (I can still get Sky e-mails even though they are no longer my provider)

I did a system restore to 27 January (the last one available strangely) and still did not receive any e-mails via Windows mail. (I did send one to myself from GMail to my BT internet address, which did arrive on Windows mail).

After the system restore, AVG updated and did a scan. AVG has never before found any problems, but today there were 67 warnings, 27 removed and healed but 40 not removed or healed. These are potentially dangerous objects (all tracking cookies, as far as I can see).

Is it possible I have a virus?

Hijack This log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:37:34, on 02/02/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Diane\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Diane\Desktop\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... 5t47k2x224
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... 5t47k2x224
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... 5t47k2x224
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [EPSON SX210 Series (Copy 1)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFDE.EXE /FU "C:\Windows\TEMP\E_S93A8.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

--
End of file - 7640 bytes

Uninstall list

ABBYY FineReader 6.0 Sprint
Acer Arcade Deluxe
Acer Arcade Deluxe
Acer ePower Management
Acer eRecovery Management
Acer Product Registration
Acer ScreenSaver
Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.0
AGEIA PhysX v2.6.0
Airport Mania First Flight
Apple Application Support
Apple Software Update
Ashampoo Burning Studio 6 FREE
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
AVG 2011
AVG 2011
AVG 2011
Barrow Hill Version 2.1
Bing Maps 3D
BT Broadband Desktop Help
BT Broadband Support Tools
BTHomeHub
C:\Program Files\Acer GameZone\GameConsole
Cake Mania 2
CCleaner
Compatibility Pack for the 2007 Office system
Cooking Dash
Cradle of Rome
D3DX10
Dairy Dash
DaisyTrail American Holidays 2010 Digikit
DaisyTrail DigiKit Collection 1
DaisyTrail Mothers Day DigiKit
DaisyTrail Sweet Dreams Digikit
DaisyTrail Winter Wonderland Digikit
DaisyTrail, Spring In Your Step Digikit
docrafts DIGITAL Designer
docrafts DIGITAL Designer
Dream Day Honeymoon
EPSON Copy Utility 3
Epson Easy Photo Print 2
Epson Event Manager
EPSON PhotoQuicker3.5
EPSON PRINT Image Framer Tool2.1
EPSON Printer Software
Epson Printer Software Downloader
Epson Printer Software Downloader
EPSON Scan
EPSON Smart Panel
Epson Stylus SX210_SX410_TX210_TX410 Manual
EPSON SX210 Series Printer Uninstall
EPSON Web-To-Page
ESCX6600 Reference Guide
ESCX6600 Software Guide
eSobi v2
Family Tree Maker 2009
Galapago
Google Earth Plug-in
Google Update Helper
GoToAssist Corporate
GoToAssist Corporate
GridVista
Hidden Mysteries Buckingham Palace
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
Java(TM) 6 Update 22
Jewel Quest Solitaire
Junk Mail filter update
Karen Gover, Winter Wishes Digikit
Launch Manager
Luxor 2
Mahjong Escape Ancient China
MCS Artwork
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Office 97, Professional Edition
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Suite Activation Assistant
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Microsoft WSE 3.0
Mozilla Firefox (3.6.13)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My Craft Studio
My Craft Studio Professional 2.0.101.0
Myst III: Exile
Myst Masterpiece Edition
Myst Online: Uru Live (remove only)
MyWinLocker
Napster
Napster Burn Engine
neroxml
NTI Backup Now 5
NTI Media Maker 8
Ocean Express
office Convert Pdf to Jpg Jpeg Tiff Free 6.2
OGA Notifier 2.0.0048.0
Orion
Paint Shop Pro 7 Anniversary Edition
Parking Dash
PDFCreator
PIF DESIGNER2.1
Puzzle Express
QuickTime
Rainbow Web
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
ROUTE 66 Sync
ScanToWeb
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Segoe UI
Serif CraftArtist Baby Photos Collection
Serif CraftArtist Greeting Cards Collection
Serif CraftArtist Professional
Serif CraftArtist Wedding Days Collection
Serif Digital Scrapbook Artist
Serif Digital Scrapbook Artist 2
SureThing CD Labeler - Stomper Edition 32 bit
Synaptics Pointing Device Driver
The Lost Cases of 221B Baker St
Toolbox
Tradewinds 2
Tri-Peaks Solitaire To Go
Turbo Pizza
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Vodafone Mobile Connect Lite
Wedding Dash
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mail
Windows Live Messenger
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinZip 15.0
Zuma Deluxe

Thank you very much in advance for your help, which I know will be invaluable.

Regards


Diane Heffernan
diggerdi
Regular Member
 
Posts: 31
Joined: March 5th, 2008, 4:21 pm
Advertisement
Register to Remove

Re: Potentially dangerous cookies & strange goings on

Unread postby askey127 » February 5th, 2011, 8:03 am

Hi diggerdi,
There have been problems reported regarding Live Mail, so what you have been seeing may not be related to malware.
Let's look at some things before we decide.
-----------------------------------------------------------
Disable Windows Defender
Open Windows Defender by clicking the Start button, clicking All Programs, and then clicking Windows Defender.
If you don't see it in the Programs List, you can access it and start it up using the Control Panel.
Click Tools, and then click Options.
Scroll down to the bottom. Under Administrator options, UNcheck the Use Windows Defender check box, and then click Save.
Administrator permission is required. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
---------------------------------------------
Run a Scan with OTL
Please download OTL.exe by OldTimer and save it to your desktop.
  • Right click the OTL icon and choose "Run as administrator".
  • Make sure all other windows are closed to let it run uninterrupted.
  • Copy the text from the code box below and paste it into the Custom Scans/Fixes box. Do not copy the word "Code:"
    Code: Select all
    netsvcs
    drivers32 
    %SYSTEMDRIVE%\*.*
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe 
    userinit.exe
    sfc.dll   
    /md5stop
    
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Potentially dangerous cookies & strange goings on

Unread postby diggerdi » February 6th, 2011, 5:44 pm

Hi Askey127

I apologise for not replying to your post earlier. However, I seem to have sorted my "problems" out. When Windows Mail asked me to log in (still don't knowWHY I had to log in) I used an incorrect username from when I had BT Internet some years ago. That account is obviously still in existence, hence the receiving of many junk e-mails. Once I realised this error and put in my correct username, my e-mails are being received normally.

Regarding the tracking cookies, after clearing my cookies, they all seem to have disappeared.

Thank you for replying to my post and sorry if I have wasted any of your time. I do know, though, that if I ever have problems in the future, this is the forum to come to for help.

Regards

Diane
diggerdi
Regular Member
 
Posts: 31
Joined: March 5th, 2008, 4:21 pm

Re: Potentially dangerous cookies & strange goings on

Unread postby askey127 » February 7th, 2011, 7:47 am

Since this issue has been resolved by the original poster, this thread will be closed.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 332 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware