WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93112 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

[Closed] LOTTIE PC not all internet pages available

Started by TractorTom , Sep 22 2007 05:20 AM

This topic is locked

14 replies to this topic

#1 TractorTom

New Member

Authentic Member
16 posts

Posted 22 September 2007 - 05:20 AM

Logfile of HijackThis v1.99.1
Scan saved at 12:12:53, on 22/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Nero CDRW\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\TopToolsWMI\WMIProviders\HPAlertWMI.exe
C:\Program Files\Hewlett-Packard\TopToolsWMI\WMIWDog.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://159.134.244.195/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft IE V6.0
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: &Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [HuaWeiEVDO.exe] "D:\Program Files\O2\O2 Broadband USB Modem\O2 Broadband.exe"
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://home.eircom.net/cdrom/homepage/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{1608905C-342E-437D-8AFB-46A403EAD15D}: NameServer = 213.94.190.235 213.94.190.195
O17 - HKLM\System\CCS\Services\Tcpip\..\{3C1EBB7B-1F88-4837-830C-7F29CA025955}: NameServer = 192.168.0.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{1608905C-342E-437D-8AFB-46A403EAD15D}: NameServer = 213.94.190.235 213.94.190.195
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O18 - Protocol: intu-res - {9CE7D474-16F9-4889-9BB9-53E2008EAE8A} - C:\Program Files\Common Files\Intuit\intu-res.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HPAlertWMI - Hewlett-Packard Co. - C:\Program Files\Hewlett-Packard\TopToolsWMI\WMIProviders\HPAlertWMI.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - D:\Program Files\Nero CDRW\InCD\InCDsrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\symantec\liveupdate\LuComServer_3_2.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)

Advertisements

Register to Remove

#2 TractorTom

New Member

Authentic Member
16 posts

Posted 22 September 2007 - 05:49 AM

I renamed HiJackThis.exe to HJT.exe and reran it. New log file attached. I also ran a Symantec removal tool since previous post.

Logfile of HijackThis v1.99.1
Scan saved at 12:42:05, on 22/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Nero CDRW\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\TopToolsWMI\WMIProviders\HPAlertWMI.exe
C:\Program Files\Hewlett-Packard\TopToolsWMI\WMIWDog.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Program Files\HJT\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://159.134.244.195/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft IE V6.0
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: &Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [HuaWeiEVDO.exe] "D:\Program Files\O2\O2 Broadband USB Modem\O2 Broadband.exe"
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://home.eircom.net/cdrom/homepage/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{1608905C-342E-437D-8AFB-46A403EAD15D}: NameServer = 213.94.190.235 213.94.190.195
O17 - HKLM\System\CCS\Services\Tcpip\..\{3C1EBB7B-1F88-4837-830C-7F29CA025955}: NameServer = 192.168.0.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{1608905C-342E-437D-8AFB-46A403EAD15D}: NameServer = 213.94.190.235 213.94.190.195
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O18 - Protocol: intu-res - {9CE7D474-16F9-4889-9BB9-53E2008EAE8A} - C:\Program Files\Common Files\Intuit\intu-res.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HPAlertWMI - Hewlett-Packard Co. - C:\Program Files\Hewlett-Packard\TopToolsWMI\WMIProviders\HPAlertWMI.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - D:\Program Files\Nero CDRW\InCD\InCDsrv.exe

Edited by TractorTom, 22 September 2007 - 05:55 AM.

#3 Scotty

Always Happy

Authentic Member
3,634 posts

Posted 22 September 2007 - 09:49 AM

Hi! Welcome to the WTT forums.
My name is Scotty. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research.
Please be patient and I'd be grateful if you would note the following:

I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for this issue on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.

I dont see anything malicious in your log, but that's not to say there isnt something there. What kind of problems are you having?

You too could train to help others- Join the Classroom

#4 TractorTom

New Member

Authentic Member
16 posts

Posted 23 September 2007 - 01:30 AM

I upgraded the RAM a couple of months ago from 128MB to 1024MB. When I first put it in, my PC was lightening fast but she has progressively slowed down since them. I have adequate free disk space. I try and keep it clean by daily virus updates with AVG and disk defragment and run CCleaner monthly. The other thing that concerns me is that I can't apply the Windows Updates for Microsoft .NET Framework Version 1.1 Service Pack 1 (KB928366). I have been using the Windows firewall which may account for some of my problems. I'm going to change this to ZoneAlarm. I use the PC as the internet gateway for two other PC's. I use ISDN to access the internet and have a home network. One PC can only access some websites (others are blocked - weird?) whilst the other PC has the WinAntiVir. Should I post HiJack this logs for these PC's seperately? Thanks, Tom.

Edited by TractorTom, 23 September 2007 - 02:09 AM.

#5 Scotty

Always Happy

Authentic Member
3,634 posts

Posted 23 September 2007 - 03:26 AM

Hi

Right, the best thing to do is one at a time, and to disconnect each pc from your network. We will start with this one first. Remember, infections can travel through networks so dont reconnect until all are clean or we could end up going round in circles. So is it possible to allow each computer a seperate internet connection when the time comes?

As for the MS update problem, when we are done I will send you over to the Windows XP help room where one of the Tech Helpers will assist you. This is a common problem. I solved it once on a friends computer, but never worked how.

So lets begin with computer 1.

Please do an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then start to download the latest definition files.
Once the scanner is installed and the definitions downloaded, click Next.
Now click on Scan Settings
In the scan settings make sure that the following are selected:
- Scan using the following Anti-Virus database:
  
  + Extended(If available otherwise Standard)
- Scan Options:
  
  + Scan Archives
  + Scan Mail Bases
Click OK
Now under select a target to scan select My Computer
The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button
Save the file to your desktop.
Copy and paste that information in your next post.

It may not work first time. Click out when it stalls, and try again

You too could train to help others- Join the Classroom

#6 TractorTom

New Member

Authentic Member
16 posts

Posted 23 September 2007 - 10:35 AM

Hi Scotty, I did as you requested and have attached the Kapersky log. I turned off the resident Shield in AVG when doing this. I'm dumbfounded that Kapersky found 6 viruses and 82 infected objects. My AVG Free is up to date and did a full sceduled scan at 4AM this morning and reportred nothing! Nada!!" Zip!!! ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Sunday, September 23, 2007 5:19:44 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.93.1 Kaspersky Anti-Virus database last update: 23/09/2007 Kaspersky Anti-Virus database records: 422534 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ G:\ Scan Statistics: Total number of scanned objects: 60814 Number of viruses found: 6 Number of infected objects: 82 Number of suspicious objects: 0 Duration of the scan process: 03:03:35 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\All Users\Documents\LogMeIn.exe/data.rar/LogMeIn.msi/data.cab/LMIinit.dll Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped C:\Documents and Settings\All Users\Documents\LogMeIn.exe/data.rar/LogMeIn.msi/data.cab/LogMeIn.exe Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped C:\Documents and Settings\All Users\Documents\LogMeIn.exe/data.rar/LogMeIn.msi/data.cab/ramaint.exe Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped C:\Documents and Settings\All Users\Documents\LogMeIn.exe/data.rar/LogMeIn.msi/data.cab Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped C:\Documents and Settings\All Users\Documents\LogMeIn.exe/data.rar/LogMeIn.msi Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped C:\Documents and Settings\All Users\Documents\LogMeIn.exe/data.rar Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped C:\Documents and Settings\All Users\Documents\LogMeIn.exe RarSFX: infected - 6 skipped C:\Documents and Settings\All Users\Documents\PC Tools\Memory Stick\LogMeIn\LogMeIn.exe/data.rar/LogMeIn.msi/data.cab/LMIinit.dll Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped C:\Documents and Settings\All Users\Documents\PC Tools\Memory Stick\LogMeIn\LogMeIn.exe/data.rar/LogMeIn.msi/data.cab/LogMeIn.exe Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped C:\Documents and Settings\All Users\Documents\PC Tools\Memory Stick\LogMeIn\LogMeIn.exe/data.rar/LogMeIn.msi/data.cab/ramaint.exe Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped C:\Documents and Settings\All Users\Documents\PC Tools\Memory Stick\LogMeIn\LogMeIn.exe/data.rar/LogMeIn.msi/data.cab Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped C:\Documents and Settings\All Users\Documents\PC Tools\Memory Stick\LogMeIn\LogMeIn.exe/data.rar/LogMeIn.msi Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped C:\Documents and Settings\All Users\Documents\PC Tools\Memory Stick\LogMeIn\LogMeIn.exe/data.rar Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped C:\Documents and Settings\All Users\Documents\PC Tools\Memory Stick\LogMeIn\LogMeIn.exe RarSFX: infected - 6 skipped C:\Documents and Settings\All Users\Documents\PC Tools\Memory Stick\VNC\vnc-4_1_2-x86_win32.exe/file1 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped C:\Documents and Settings\All Users\Documents\PC Tools\Memory Stick\VNC\vnc-4_1_2-x86_win32.exe/file2 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped C:\Documents and Settings\All Users\Documents\PC Tools\Memory Stick\VNC\vnc-4_1_2-x86_win32.exe/file3 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped C:\Documents and Settings\All Users\Documents\PC Tools\Memory Stick\VNC\vnc-4_1_2-x86_win32.exe/file5 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped C:\Documents and Settings\All Users\Documents\PC Tools\Memory Stick\VNC\vnc-4_1_2-x86_win32.exe Inno: infected - 4 skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Tom Reaney\Application Data\Microsoft\Templates\Normal.dot Object is locked skipped C:\Documents and Settings\Tom Reaney\Application Data\Microsoft\Word\AutoRecovery save of RSA Agricultural Vehicles Tender.asd Object is locked skipped C:\Documents and Settings\Tom Reaney\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Tom Reaney\Desktop\RSA tender\RSA Agricultural Vehicles Project Plan.xls Object is locked skipped C:\Documents and Settings\Tom Reaney\Desktop\RSA tender\RSA Agricultural Vehicles Tender.doc Object is locked skipped C:\Documents and Settings\Tom Reaney\Desktop\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\Documents and Settings\Tom Reaney\Desktop\SmitfraudFix.zip ZIP: infected - 1 skipped C:\Documents and Settings\Tom Reaney\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Inbox/.eml/[From 0.2 NO_REAL_NAME From: does not include a real name][Date Sun, 4 Jun 2006 13:34:12 +0200]/your_bill.pif Infected: Email-Worm.Win32.NetSky.d skipped C:\Documents and Settings\Tom Reaney\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Inbox/.eml Infected: Email-Worm.Win32.NetSky.d skipped C:\Documents and Settings\Tom Reaney\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Inbox/10 Jun 2003 15:51 from Liam Coffey: Quotation-Mitsubishi/DYNAMIC/AER RIANTA - CORK.xls.scr Infected: Email-Worm.Win32.Tanatos.b.dam skipped C:\Documents and Settings\Tom Reaney\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/BUSINESS/OPENSOFT/22 Jul 2004 07:58 to Dowden, John; Marc Bedford:Delivery failure/file.zip/file.htm .exe Infected: Email-Worm.Win32.Mydoom.l skipped C:\Documents and Settings\Tom Reaney\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/BUSINESS/OPENSOFT/22 Jul 2004 07:58 to Dowden, John; Marc Bedford:Delivery failure/file.zip Infected: Email-Worm.Win32.Mydoom.l skipped C:\Documents and Settings\Tom Reaney\Local Settings\Application Data\Microsoft\Outlook\outlook.pst Mail MS Mail: infected - 5 skipped C:\Documents and Settings\Tom Reaney\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Tom Reaney\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Tom Reaney\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Tom Reaney\Local Settings\Temp\~DF30B9.tmp Object is locked skipped C:\Documents and Settings\Tom Reaney\Local Settings\Temp\~DF74F4.tmp Object is locked skipped C:\Documents and Settings\Tom Reaney\Local Settings\Temp\~DF87EC.tmp Object is locked skipped C:\Documents and Settings\Tom Reaney\Local Settings\Temp\~DFCC13.tmp Object is locked skipped C:\Documents and Settings\Tom Reaney\Local Settings\Temp\~DFD6A2.tmp Object is locked skipped C:\Documents and Settings\Tom Reaney\Local Settings\Temp\~DFD735.tmp Object is locked skipped C:\Documents and Settings\Tom Reaney\Local Settings\Temp\~WRF0000.tmp Object is locked skipped C:\Documents and Settings\Tom Reaney\Local Settings\Temp\~WRS1548.tmp Object is locked skipped C:\Documents and Settings\Tom Reaney\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\Tom Reaney\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Tom Reaney\Local Settings\Temporary Internet Files\Content.IE5\L61NCEBG\get_video[1] Object is locked skipped C:\Documents and Settings\Tom Reaney\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Tom Reaney\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Tom Reaney OLD desktop May 6 2006\LogMeIn.exe/data.rar/LogMeIn.msi/data.cab/LogMeIn.exe Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped C:\Documents and Settings\Tom Reaney OLD desktop May 6 2006\LogMeIn.exe/data.rar/LogMeIn.msi/data.cab/ramaint.exe Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped C:\Documents and Settings\Tom Reaney OLD desktop May 6 2006\LogMeIn.exe/data.rar/LogMeIn.msi/data.cab Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped C:\Documents and Settings\Tom Reaney OLD desktop May 6 2006\LogMeIn.exe/data.rar/LogMeIn.msi Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped C:\Documents and Settings\Tom Reaney OLD desktop May 6 2006\LogMeIn.exe/data.rar Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped C:\Documents and Settings\Tom Reaney OLD desktop May 6 2006\LogMeIn.exe RarSFX: infected - 5 skipped C:\Program Files\LogMeIn\LMIinit.dll Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped C:\Program Files\LogMeIn\ramaint.exe Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped C:\Program Files\LogMeIn\update\2-30-547.bak\LMIinit.dll Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped C:\Program Files\LogMeIn\update\2-30-547.bak\LogMeIn.exe Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped C:\Program Files\LogMeIn\update\2-30-547.bak\ramaint.exe Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped C:\Program Files\LogMeIn\update\2-30-555.bak\LMIinit.dll Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped C:\Program Files\LogMeIn\update\2-30-555.bak\ramaint.exe Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped C:\Program Files\RealVNC\VNC4\vncconfig.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped C:\Program Files\RealVNC\VNC4\wm_hooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\Internet Logs\COMPAQ.ldb Object is locked skipped C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\LMIinit.dll Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\Temp\ZLT03072.TMP Object is locked skipped C:\WINDOWS\Temp\ZLT03078.TMP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped D:\Google Desktop Data\5c2063e0618f\dbc2e.ht1 Object is locked skipped D:\Google Desktop Data\5c2063e0618f\dbdam Object is locked skipped D:\Google Desktop Data\5c2063e0618f\dbdao Object is locked skipped D:\Google Desktop Data\5c2063e0618f\dbeam Object is locked skipped D:\Google Desktop Data\5c2063e0618f\dbeao Object is locked skipped D:\Google Desktop Data\5c2063e0618f\dbm Object is locked skipped D:\Google Desktop Data\5c2063e0618f\dbu2d.ht1 Object is locked skipped D:\Google Desktop Data\5c2063e0618f\dbvm.cf1 Object is locked skipped D:\Google Desktop Data\5c2063e0618f\dbvmh.ht1 Object is locked skipped D:\Google Desktop Data\5c2063e0618f\fii.cf1 Object is locked skipped D:\Google Desktop Data\5c2063e0618f\fiih.ht1 Object is locked skipped D:\Google Desktop Data\5c2063e0618f\hp Object is locked skipped D:\Google Desktop Data\5c2063e0618f\hpt2i.ht1 Object is locked skipped D:\Google Desktop Data\5c2063e0618f\rpm.cf1 Object is locked skipped D:\Google Desktop Data\5c2063e0618f\rpm1m.cf1 Object is locked skipped D:\Google Desktop Data\5c2063e0618f\rpm1mh.ht1 Object is locked skipped D:\Google Desktop Data\5c2063e0618f\rpmh.ht1 Object is locked skipped D:\Google Desktop Data\5c2063e0618f\safeweb\goog-black-enchashm.cf1 Object is locked skipped D:\Google Desktop Data\5c2063e0618f\safeweb\goog-black-enchashmh.ht1 Object is locked skipped D:\Google Desktop Data\5c2063e0618f\safeweb\goog-black-urlm.cf1 Object is locked skipped D:\Google Desktop Data\5c2063e0618f\safeweb\goog-black-urlmh.ht1 Object is locked skipped D:\Google Desktop Data\5c2063e0618f\safeweb\goog-malware-domainm.cf1 Object is locked skipped D:\Google Desktop Data\5c2063e0618f\safeweb\goog-malware-domainmh.ht1 Object is locked skipped D:\Google Desktop Data\5c2063e0618f\safeweb\goog-white-domainm.cf1 Object is locked skipped D:\Google Desktop Data\5c2063e0618f\safeweb\goog-white-domainmh.ht1 Object is locked skipped D:\Outlook\outlook.pst.pst/Personal Folders/Inbox/.eml/[From 0.2 NO_REAL_NAME From: does not include a real name][Date Sun, 4 Jun 2006 13:34:12 +0200]/your_bill.pif Infected: Email-Worm.Win32.NetSky.d skipped D:\Outlook\outlook.pst.pst/Personal Folders/Inbox/.eml Infected: Email-Worm.Win32.NetSky.d skipped D:\Outlook\outlook.pst.pst/Personal Folders/Inbox/10 Jun 2003 15:51 from Liam Coffey: Quotation-Mitsubishi/DYNAMIC/AER RIANTA - CORK.xls.scr Infected: Email-Worm.Win32.Tanatos.b.dam skipped D:\Outlook\outlook.pst.pst/Personal Folders/BUSINESS/OPENSOFT/22 Jul 2004 07:58 to Dowden, John; Marc Bedford:Delivery failure/file.zip/file.htm .exe Infected: Email-Worm.Win32.Mydoom.l skipped D:\Outlook\outlook.pst.pst/Personal Folders/BUSINESS/OPENSOFT/22 Jul 2004 07:58 to Dowden, John; Marc Bedford:Delivery failure/file.zip Infected: Email-Worm.Win32.Mydoom.l skipped D:\Outlook\outlook.pst.pst Mail MS Mail: infected - 5 skipped D:\Program Files\iolo\System Mechanic 5\Undo\Manual\{5E06C375-2E32-47D1-A1B6-7D2866774B9D}.und/{F4AB38F8-DB89-440A-B70C-64C0DF21B9EC}.exe/data.rar/LogMeIn.msi/data.cab/LogMeIn.exe Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped D:\Program Files\iolo\System Mechanic 5\Undo\Manual\{5E06C375-2E32-47D1-A1B6-7D2866774B9D}.und/{F4AB38F8-DB89-440A-B70C-64C0DF21B9EC}.exe/data.rar/LogMeIn.msi/data.cab/ramaint.exe Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped D:\Program Files\iolo\System Mechanic 5\Undo\Manual\{5E06C375-2E32-47D1-A1B6-7D2866774B9D}.und/{F4AB38F8-DB89-440A-B70C-64C0DF21B9EC}.exe/data.rar/LogMeIn.msi/data.cab Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped D:\Program Files\iolo\System Mechanic 5\Undo\Manual\{5E06C375-2E32-47D1-A1B6-7D2866774B9D}.und/{F4AB38F8-DB89-440A-B70C-64C0DF21B9EC}.exe/data.rar/LogMeIn.msi Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped D:\Program Files\iolo\System Mechanic 5\Undo\Manual\{5E06C375-2E32-47D1-A1B6-7D2866774B9D}.und/{F4AB38F8-DB89-440A-B70C-64C0DF21B9EC}.exe/data.rar Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped D:\Program Files\iolo\System Mechanic 5\Undo\Manual\{5E06C375-2E32-47D1-A1B6-7D2866774B9D}.und/{F4AB38F8-DB89-440A-B70C-64C0DF21B9EC}.exe Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped D:\Program Files\iolo\System Mechanic 5\Undo\Manual\{5E06C375-2E32-47D1-A1B6-7D2866774B9D}.und ZIP: infected - 6 skipped D:\Program Files\iolo\System Mechanic 5\Undo\Manual\{734C7B69-38E8-41A1-A239-4246D04F8801}.und/{6FB177BC-2506-4575-97B3-6EC629F2DAAB}.msi/data.cab/LMIinit.dll Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped D:\Program Files\iolo\System Mechanic 5\Undo\Manual\{734C7B69-38E8-41A1-A239-4246D04F8801}.und/{6FB177BC-2506-4575-97B3-6EC629F2DAAB}.msi/data.cab/LogMeIn.exe Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped D:\Program Files\iolo\System Mechanic 5\Undo\Manual\{734C7B69-38E8-41A1-A239-4246D04F8801}.und/{6FB177BC-2506-4575-97B3-6EC629F2DAAB}.msi/data.cab/ramaint.exe Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped D:\Program Files\iolo\System Mechanic 5\Undo\Manual\{734C7B69-38E8-41A1-A239-4246D04F8801}.und/{6FB177BC-2506-4575-97B3-6EC629F2DAAB}.msi/data.cab Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped D:\Program Files\iolo\System Mechanic 5\Undo\Manual\{734C7B69-38E8-41A1-A239-4246D04F8801}.und/{6FB177BC-2506-4575-97B3-6EC629F2DAAB}.msi Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped D:\Program Files\iolo\System Mechanic 5\Undo\Manual\{734C7B69-38E8-41A1-A239-4246D04F8801}.und/{273A4FBF-E40B-411D-B9D2-9279D1E2EAC1}.msi/data.cab/LMIinit.dll Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped D:\Program Files\iolo\System Mechanic 5\Undo\Manual\{734C7B69-38E8-41A1-A239-4246D04F8801}.und/{273A4FBF-E40B-411D-B9D2-9279D1E2EAC1}.msi/data.cab/LogMeIn.exe Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped D:\Program Files\iolo\System Mechanic 5\Undo\Manual\{734C7B69-38E8-41A1-A239-4246D04F8801}.und/{273A4FBF-E40B-411D-B9D2-9279D1E2EAC1}.msi/data.cab/ramaint.exe Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped D:\Program Files\iolo\System Mechanic 5\Undo\Manual\{734C7B69-38E8-41A1-A239-4246D04F8801}.und/{273A4FBF-E40B-411D-B9D2-9279D1E2EAC1}.msi/data.cab Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped D:\Program Files\iolo\System Mechanic 5\Undo\Manual\{734C7B69-38E8-41A1-A239-4246D04F8801}.und/{273A4FBF-E40B-411D-B9D2-9279D1E2EAC1}.msi Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped D:\Program Files\iolo\System Mechanic 5\Undo\Manual\{734C7B69-38E8-41A1-A239-4246D04F8801}.und ZIP: infected - 10 skipped D:\Program Files\iolo\System Mechanic 5\Undo\Manual\{836410EB-4E64-4369-92D3-2F074BBB6FE4}.und/{4F35C497-3C9C-45CC-9103-C3B153636280}.bak Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped D:\Program Files\iolo\System Mechanic 5\Undo\Manual\{836410EB-4E64-4369-92D3-2F074BBB6FE4}.und ZIP: infected - 1 skipped D:\Program Files\iolo\System Mechanic 5\Undo\Manual\{D9BBA2D8-8F62-4653-B57F-E858AAF51B43}.und/{9B38E6A7-655F-4C46-95BB-825BDDDEFB36}.bak Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped D:\Program Files\iolo\System Mechanic 5\Undo\Manual\{D9BBA2D8-8F62-4653-B57F-E858AAF51B43}.und ZIP: infected - 1 skipped D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped G:\LogMeIn\LogMeIn.exe/data.rar/LogMeIn.msi/data.cab/LMIinit.dll Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped G:\LogMeIn\LogMeIn.exe/data.rar/LogMeIn.msi/data.cab/LogMeIn.exe Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped G:\LogMeIn\LogMeIn.exe/data.rar/LogMeIn.msi/data.cab/ramaint.exe Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped G:\LogMeIn\LogMeIn.exe/data.rar/LogMeIn.msi/data.cab Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped G:\LogMeIn\LogMeIn.exe/data.rar/LogMeIn.msi Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped G:\LogMeIn\LogMeIn.exe/data.rar Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped G:\LogMeIn\LogMeIn.exe RarSFX: infected - 6 skipped G:\VNC\vnc-4.0-x86_win32.exe/data0002 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped G:\VNC\vnc-4.0-x86_win32.exe/data0003 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped G:\VNC\vnc-4.0-x86_win32.exe/data0006 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped G:\VNC\vnc-4.0-x86_win32.exe Inno: infected - 3 skipped Scan process completed.

#7 Scotty

Always Happy

Authentic Member
3,634 posts

Posted 23 September 2007 - 01:32 PM

HI

You have a few infected emails we need to delete. If you navigate to the folders containing them starting with this one.

C:\Documents and Settings\Tom Reaney\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Inbox/.eml/

Delete this

[From 0.2 NO_REAL_NAME From: does not include a real name][Date Sun, 4 Jun 2006 13:34:12 +0200]/your_bill.pif

Then go into this folder

C:\Documents and Settings\Tom Reaney\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Inbox/

and delete

10 Jun 2003 15:51 from Liam Coffey: Quotation-Mitsubishi/DYNAMIC/AER RIANTA - CORK.xls.scr

Then this folder
C:\Documents and Settings\Tom Reaney\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/BUSINESS/OPENSOFT

and delete

22 Jul 2004 07:58 to Dowden, John; Marc Bedford:Delivery failure/file.zip/

Repeat for the backups you have in D:\Outlook\outlook.pst.pst/Personal Folders

then

Download Superantispyware (SAS) free home version.

SAS Free

Install it and double-click the icon on your desktop to run it.
� It will ask if you want to update the program definitions, click Yes.
� Under Configuration and Preferences, click the Preferences button.
� Click the Scanning Control tab.
� Under Scanner Options make sure the following are checked:

Close browsers before scanning
Scan for tracking cookies
Terminate memory threats before quarantining.
Please leave the others unchecked.
Click the Close button to leave the control center screen.

� On the main screen, under Scan for Harmful Software click Scan your computer.
� On the left check C:\Fixed Drive.
� On the right, under Complete Scan, choose Perform Complete Scan.
� Click Next to start the scan. Please be patient while it scans your computer.
� After the scan is complete a summary box will appear. Click OK.
� Make sure everything in the white box has a check next to it, then click Next.
� It will quarantine what it found and if it asks if you want to reboot, click Yes.
� To retrieve the removal information for me please do the following:

After reboot, double-click the SUPERAntispyware icon on your desktop.
Click Preferences. Click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
It will open in your default text editor (such as Notepad/Wordpad).
Please highlight everything in the notepad, then right-click and choose copy.

� Click close and close again to exit the program.
� Please paste that information here for me with a new HijackThis log.

You too could train to help others- Join the Classroom

#8 TractorTom

New Member

Authentic Member
16 posts

Posted 24 September 2007 - 01:29 AM

Hi Scotty,

I had a problem locating the first e-mail although the other were OK. I had to delete the entire .pst file in the end

C:\Documents and Settings\Tom Reaney\Local Settings\Application Data\Microsoft\Outlook\outlook.pst
I could get to here OK but /Personal Folders/Inbox/.eml/ /.eml/ did not exist

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/24/2007 at 07:40 AM

Application Version : 3.9.1008

Core Rules Database Version : 3311
Trace Rules Database Version: 1315

Scan type : Complete Scan
Total Scan Time : 01:58:41

Memory items scanned : 385
Memory threats detected : 0
Registry items scanned : 7830
Registry threats detected : 2
File items scanned : 59655
File threats detected : 8

Adware.Tracking Cookie
C:\Documents and Settings\Tom Reaney\Cookies\tom_reaney@tribalfusion[1].txt
C:\Documents and Settings\Tom Reaney\Cookies\tom_reaney@adtech[1].txt
C:\Documents and Settings\Tom Reaney\Cookies\tom_reaney@xiti[1].txt
C:\Documents and Settings\Tom Reaney\Cookies\tom_reaney@adtech[2].txt

Registry Cleaner Trial
HKU\S-1-5-21-4194836640-2188283067-2291903390-1005\Software\Registry Cleaner
HKU\S-1-5-21-4194836640-2188283067-2291903390-1005\Software\SoftwareOnline.com
C:\Documents and Settings\Tom Reaney\Application Data\Registry Cleaner\Backups\2006-06-28,07-24 20 263.zip
C:\Documents and Settings\Tom Reaney\Application Data\Registry Cleaner\Backups
C:\Documents and Settings\Tom Reaney\Application Data\Registry Cleaner\Regclean.ini
C:\Documents and Settings\Tom Reaney\Application Data\Registry Cleaner

#9 Scotty

Always Happy

Authentic Member
3,634 posts

Posted 24 September 2007 - 02:42 AM

Hi Emails can be a pain to find. Just look in the Inbox for the email with that header. If there delete it, then post a HijackThis log from Computer 2. Leave the one you know is infected until last. :thumbup:

You too could train to help others- Join the Classroom

#10 TractorTom

New Member

Authentic Member
16 posts

Posted 25 September 2007 - 04:57 AM

PC appears to have some sort of an IE redirector. On startup it opens www.google.com which works fine but the www.hotmail.com won't work.

Anti virus is AVG. I can download updates.
AdAware 2007 - cannot download updates
Spybot 1.5 - cannot download updates

Logfile of HijackThis v1.99.1
Scan saved at 11:46:20, on 25/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HJT\HJT.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by eircom net
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\COMMON~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O2 - BHO: PBUKV2 - {4E7BD74F-2B8D-469E-A0E8-F479B685FA7D} - C:\WINDOWS\system32\pbukv2.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: PBUKV2 - {4E7BD74F-2B8D-469E-A0E8-F479B685FA7D} - C:\WINDOWS\system32\pbukv2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.eircom.net
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....015/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....sa/LSSupCtl.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - http://a248.e.akamai...ol/SymDlBrg.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://cdn.messenger...pDownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - http://www.alladultc...Control_3_4.CAB
O16 - DPF: {E56347B0-6C2B-4C2E-939F-EE513EAC80BC} (Creative Product Registration ActiveX Control Module) - http://www.creative....ClientNoMFC.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15016/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{ADD5710E-FBFC-4E9D-AE60-8F0751BBF188}: NameServer = 192.168.0.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Edited by TractorTom, 25 September 2007 - 05:01 AM.

#11 Scotty

Always Happy

Authentic Member
3,634 posts

Posted 25 September 2007 - 05:39 AM

Hi TT Is this pc no2?

You too could train to help others- Join the Classroom

#12 TractorTom

New Member

Authentic Member
16 posts

Posted 25 September 2007 - 05:42 AM

Yes it is. I assumed that we had finsihed with PC 1 - correct?

#13 Scotty

Always Happy

Authentic Member
3,634 posts

Posted 25 September 2007 - 05:49 AM

Yes, but I meant to continue in the same thread.

Ill just see if I can merge them then look over the log.

You too could train to help others- Join the Classroom

#14 Scotty

Always Happy

Authentic Member
3,634 posts

Posted 25 September 2007 - 08:43 AM

Hi

Remove programs from Add/Remove Programs List
Please go to:

Start
Control Panel
Add/Remove Programs

Find and remove these programs (if they are present)

2020Search

Run HijackThis, select Do a system scan only and place checks against the following entries (if they are still present):
O2 - BHO: PBUKV2 - {4E7BD74F-2B8D-469E-A0E8-F479B685FA7D} - C:\WINDOWS\system32\pbukv2.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: PBUKV2 - {4E7BD74F-2B8D-469E-A0E8-F479B685FA7D} - C:\WINDOWS\system32\pbukv2.dll
O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - http://www.alladultc...Control_3_4.CAB

WITH ALL OTHER WINDOWS CLOSED Click on Fix Checked and exit HijackThis.

To enable the viewing of Hidden files follow these steps:

Close all programs so that you are at your desktop.
Double-click on the My Computer icon (or click Start, then select My Computer)
Select the Tools menu and click Folder Options.
After the new window appears select the View tab.
Put a checkmark in the checkbox labeled Display the contents of system folders.
Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
Remove the checkmark from the checkbox labeled Hide protected operating system files.
Press the Apply button and then the OK button and shutdown My Computer.
Now your computer is configured to show all hidden files.

Navigate to and delete the following file (if it is present):

File:
C:\WINDOWS\system32\pbukv2.dll

Download Superantispyware (SAS) free home version.

SAS Free

Install it and double-click the icon on your desktop to run it.
� It will ask if you want to update the program definitions, click Yes.
� Under Configuration and Preferences, click the Preferences button.
� Click the Scanning Control tab.
� Under Scanner Options make sure the following are checked:

Close browsers before scanning
Scan for tracking cookies
Terminate memory threats before quarantining.
Please leave the others unchecked.
Click the Close button to leave the control center screen.

After reboot, double-click the SUPERAntispyware icon on your desktop.
Click Preferences. Click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
It will open in your default text editor (such as Notepad/Wordpad).
Please highlight everything in the notepad, then right-click and choose copy.

� Click close and close again to exit the program.
� Please paste that information here for me with a new HijackThis log.

Edited by Scotty, 25 September 2007 - 08:44 AM.

You too could train to help others- Join the Classroom

#15 Scotty

Always Happy

Authentic Member
3,634 posts

Posted 06 October 2007 - 03:19 AM

Due to inactivity this topic will be closed. If you need help please start a new thread and post a new HJT log

You too could train to help others- Join the Classroom

Body Background

skin color theme