1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

IE8 (XP) shuts down when anything is entered in search box

Discussion in 'Virus & Other Malware Removal' started by djmj, Jan 17, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. djmj

    djmj Thread Starter

    Joined:
    May 1, 2009
    Messages:
    56
    Thanks Dvk01,

    I am following your instructions exactly.

    I have downloaded ComboFix to my Desktop named Username123.exe.

    Trying to disable my AVG11 was a problem. I went to the BleepingComputer link and followed their instructions (Tools, Adavnced Settings, Temporarily Disable AVG Protection, click box on right, Apply) but after this I run ComboFix and it says it cannot run with AVG 11 installed. It asks me to uninstall it (Is there another way to disable AVG11 for ComboFix to run?). I did that through Control Panel, Add/Remove Programs. It took several tries as it kept saying I did't have access to uninstall some component (sorry I didn't note which one) although this is only my computer and I am the Administrator, but finally it uninstalled.

    I ran ComboFix and Recovery Console etc. installed properly, scan was done.

    Here is the ComboFixLog file:

    ComboFix 11-01-24.02 - Dad 01/25/2011 11:36:21.1.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1534.1080 [GMT -5:00]
    Running from: c:\documents and settings\Dad\Desktop\Username123.exe
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    c:\documents and settings\Dad\Application Data\PriceGong
    c:\documents and settings\Dad\Application Data\PriceGong\Data\1.xml
    c:\documents and settings\Dad\Application Data\PriceGong\Data\a.xml
    c:\documents and settings\Dad\Application Data\PriceGong\Data\b.xml
    c:\documents and settings\Dad\Application Data\PriceGong\Data\c.xml
    c:\documents and settings\Dad\Application Data\PriceGong\Data\d.xml
    c:\documents and settings\Dad\Application Data\PriceGong\Data\e.xml
    c:\documents and settings\Dad\Application Data\PriceGong\Data\f.xml
    c:\documents and settings\Dad\Application Data\PriceGong\Data\g.xml
    c:\documents and settings\Dad\Application Data\PriceGong\Data\h.xml
    c:\documents and settings\Dad\Application Data\PriceGong\Data\i.xml
    c:\documents and settings\Dad\Application Data\PriceGong\Data\J.xml
    c:\documents and settings\Dad\Application Data\PriceGong\Data\k.xml
    c:\documents and settings\Dad\Application Data\PriceGong\Data\l.xml
    c:\documents and settings\Dad\Application Data\PriceGong\Data\m.xml
    c:\documents and settings\Dad\Application Data\PriceGong\Data\mru.xml
    c:\documents and settings\Dad\Application Data\PriceGong\Data\n.xml
    c:\documents and settings\Dad\Application Data\PriceGong\Data\o.xml
    c:\documents and settings\Dad\Application Data\PriceGong\Data\p.xml
    c:\documents and settings\Dad\Application Data\PriceGong\Data\q.xml
    c:\documents and settings\Dad\Application Data\PriceGong\Data\r.xml
    c:\documents and settings\Dad\Application Data\PriceGong\Data\s.xml
    c:\documents and settings\Dad\Application Data\PriceGong\Data\t.xml
    c:\documents and settings\Dad\Application Data\PriceGong\Data\u.xml
    c:\documents and settings\Dad\Application Data\PriceGong\Data\v.xml
    c:\documents and settings\Dad\Application Data\PriceGong\Data\w.xml
    c:\documents and settings\Dad\Application Data\PriceGong\Data\x.xml
    c:\documents and settings\Dad\Application Data\PriceGong\Data\y.xml
    c:\documents and settings\Dad\Application Data\PriceGong\Data\z.xml
    c:\progra~1\COMMON~1\{04A94~1
    c:\progra~1\COMMON~1\{34A94~1
    c:\windows\Downloaded Program Files\ODCTOOLS
    c:\windows\system32\916138223
    c:\windows\system32\ycbeg.bak1
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    -------\Legacy_USNJSVC
    -------\Service_usnjsvc

    ((((((((((((((((((((((((( Files Created from 2010-12-25 to 2011-01-25 )))))))))))))))))))))))))))))))
    .
    2011-01-25 16:27 . 2011-01-25 16:28 -------- dc----r- C:\32788R22FWJFW
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-12-20 23:09 . 2009-06-09 14:17 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-20 23:08 . 2009-06-09 14:17 20952 -c--a-w- c:\windows\system32\drivers\mbam.sys
    2010-11-29 22:38 . 2010-11-29 22:38 94208 -c--a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-11-29 22:38 . 2010-11-29 22:38 69632 -c--a-w- c:\windows\system32\QuickTime.qts
    2010-11-20 19:20 . 2010-11-20 19:20 108336 -c--a-w- c:\windows\system32\mswinsck.ocx
    2010-11-18 18:12 . 2006-12-04 01:38 81920 -c--a-w- c:\windows\system32\isign32.dll
    2010-11-12 23:53 . 2010-04-28 02:48 472808 -c--a-w- c:\windows\system32\deployJava1.dll
    2010-11-12 21:34 . 2009-12-17 14:03 73728 -c--a-w- c:\windows\system32\javacpl.cpl
    2010-11-09 14:52 . 2003-07-16 20:40 249856 -c--a-w- c:\windows\system32\odbc32.dll
    2010-11-06 00:26 . 2006-06-23 16:33 916480 -c--a-w- c:\windows\system32\wininet.dll
    2010-11-06 00:26 . 2003-07-16 20:32 43520 -c--a-w- c:\windows\system32\licmgr10.dll
    2010-11-06 00:26 . 2003-07-16 20:30 1469440 -c----w- c:\windows\system32\inetcpl.cpl
    2010-11-03 12:25 . 2004-08-04 05:59 385024 -c--a-w- c:\windows\system32\html.iec
    2010-11-02 15:17 . 2003-07-16 20:37 40960 -c--a-w- c:\windows\system32\drivers\ndproxy.sys
    2010-10-28 13:13 . 2003-07-16 20:24 290048 -c--a-w- c:\windows\system32\atmfd.dll
    2010-03-28 15:00 203776 -csh--w- c:\windows\system32\unrar.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
    "NBKeyScan"="c:\program files\Nero\Nero BackItUp 4\NBKeyScan.exe" [2008-09-24 2254120]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "AvgUninstallURL"="start http:" [X]
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 19:21 548352 -c--a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2003-04-07 05:07 114688 -c--a-w- c:\windows\system32\hkcmd.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2003-04-07 05:19 155648 -c--a-w- c:\windows\system32\igfxtray.exe
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\MSN Messenger\\msrr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\NetMeeting\\conf.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\{FA0F0A01-4631-4161-A6C2-948BF694382E}\\setup\\hpznui01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
    "c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
    "c:\\totalcmd\\TOTALCMD.EXE"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [1/5/2010 7:56 AM 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 67656]
    S1 stasrkex;stasrkex;\??\c:\windows\system32\drivers\stasrkex.sys --> c:\windows\system32\drivers\stasrkex.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/31/2009 10:26 AM 135664]
    S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [3/3/2008 8:32 PM 16512]
    S3 PAC207;PC [email protected];c:\windows\system32\drivers\PFC027.SYS [11/20/2006 8:48 AM 506112]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 12872]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    HPService REG_MULTI_SZ HPSLPSVC
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    2011-01-24 c:\windows\Tasks\20100509_140300_Dad5.job
    - c:\program files\Nero\Nero BackItUp 4\BackItUp.exe [2008-09-24 17:57]
    2011-01-18 c:\windows\Tasks\20101115_070100_Dell Backup.job
    - c:\program files\Nero\Nero BackItUp 4\BackItUp.exe [2008-09-24 17:57]
    2011-01-21 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
    2011-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 15:25]
    2011-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 15:25]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://canadiens.nhl.com/index.html
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB
    DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.walmartphotocentre.ca/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
    .
    - - - - ORPHANS REMOVED - - - -
    URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    Toolbar-{0974BA1E-64EC-11DE-B2A5-E43756D89593} - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
    HKU-Default-Explorer_Run-{04A94F88-0958-1033-0919-030512200001} - c:\program files\Common Files\{04A94F88-0958-1033-0919-030512200001}\Update.exe
    AddRemove-Network Play System (Patching) - c:\program files\Electronic Arts\Network Play System\NPSPatch.isu

    **************************************************************************
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-01-25 12:03
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    [HKEY_USERS\S-1-5-21-448539723-2146969713-839522115-1005\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    [HKEY_LOCAL_MACHINE\System\ControlSet003\Control\Print\Monitors\EpsonNet Print Port\Ports\EP651160:WORKFORCE 600]
    @DACL=(02 0000)
    "ProtocolID"=dword:00000001
    "PrinterAddress"="EP651160"
    "QueueName"="ENPQueue"
    "PrinterAddressType"=dword:00000004
    "IpAddress"="192.168.1.102"
    "SubnetMask"=""
    "MacAddress"="000048651160"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    - - - - - - - > 'winlogon.exe'(708)
    c:\program files\SUPERAntiSpyware\SASWINLO.dll
    c:\windows\system32\WININET.dll
    - - - - - - - > 'explorer.exe'(3044)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\mshtml.dll
    c:\windows\system32\msls31.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    c:\program files\Microsoft LifeCam\MSCamS32.exe
    c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    c:\program files\Nero\Nero BackItUp 4\IoctlSvc.exe
    c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
    c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
    .
    **************************************************************************
    .
    Completion time: 2011-01-25 12:13:22 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-01-25 17:13
    Pre-Run: 14,847,733,760 bytes free
    Post-Run: 14,824,288,256 bytes free
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
    - - End Of File - - 13B3D46C58A1B791F35A3CD0793FDE37

    Shall I now reinstall AVG11?

    Thank you very much and I await your further instructions.
    David
     
  2. djmj

    djmj Thread Starter

    Joined:
    May 1, 2009
    Messages:
    56
    I will turn off that computer until I get your reply to avoid virus/spyware risks as AVG is uninstalled. I wll monitor your reply on another computer to be sure.
    Thanks,
    David
     
  3. djmj

    djmj Thread Starter

    Joined:
    May 1, 2009
    Messages:
    56
    I need to use the computer for some information it has. I will re-install AVG11 Free but will not add anything else or do any updates except to AVG. Hoping that is OK.
    David
     
  4. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    55,952
    First Name:
    Derek
    *Follow these steps to uninstall Combofix and the other tools it downloaded to remove the malware*
    * Click START then RUN
    * Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
    [​IMG]

    This will also purge the restore folder and clear any malware that has been put in there. Now Empty Recycle bin on desktop Then reboot.

    go here http://www.thespykiller.co.uk/index.php?page=3 for info on how to tighten your security settings and how to help prevent future attacks.

    and scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer and update whatever it suggests

    Then pay an urgent visit to windows update & make sure you are fully updated, that will help to plug the security holes that let these pests on in the first place

    then there was an error showing in an earlier log warning about disc problems so you need to run chkdsk
     
  5. djmj

    djmj Thread Starter

    Joined:
    May 1, 2009
    Messages:
    56
    OK thanks dvk01.
    I have done all that to uninstall Combofix, run www.secunia and chkdsk and checked for windows updates. AVG11 has been reinstalled, updated and a scan has run. I looked at www.spykiller and I seem to be OK and have updated my Java but I'm not too sure what, if anything, I should do about 'Tusted Zones'. I don't use MSN but I do use Facebook and LinkedIn occassionally. I try to be careful with my downloads and don't open randon programs (especially not pop-ups etc.!).
    The machine is still very slow and something seems to be holding it back. It doesn't quite seem clean yet.
    Are there other things to do? Logs to post? HiJackThis as of now is attached below if that helps.
    Thanks alot and I await your suggestions.
    David

    HiJackThis 260111 Log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:10:27 PM, on 1/26/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG10\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\AVG\AVG10\avgnsx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\AVG\AVG10\avgtray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\PROGRA~1\AVG\AVG10\avgrsx.exe
    C:\Program Files\AVG\AVG10\avgcsrvx.exe
    C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://canadiens.nhl.com/index.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero BackItUp 4\NBKeyScan.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
    O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-unins...DEwKzItRjEwTTEwRCsy"&"prod=90"&"ver=10.0.1187
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB
    O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/Dcode/ActiveX/MSDcode.cab
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by120w.bay120.mail.live.com/mail/resources/MsnPUpld.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1187778122921
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1187778064703
    O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
    O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://www.walmartphotocentre.ca/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
    O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
    O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
    O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Dad/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg
    O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/Dad/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
    --
    End of file - 10118 bytes

    Thanks again
    David
     
  6. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    55,952
    First Name:
    Derek
  7. djmj

    djmj Thread Starter

    Joined:
    May 1, 2009
    Messages:
    56
    Hi dvk01,
    I am running the BitDefender scan and it is taking a LONG time - already 10 hours and it says 12 hours more, so I will reply tomorrow morning when the scan is finished. So far it has found nothing. Shall I post the log back to you?
    Should I run another scan also? I assume I should not run 2 at the same time. Other things?
    Thanks.
    David
     
  8. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    55,952
    First Name:
    Derek
    never run 2 scans at same time
    wait till first one finishes
     
  9. djmj

    djmj Thread Starter

    Joined:
    May 1, 2009
    Messages:
    56
    Hi dvk01,

    Yes that is what I thought.

    BitDefender found several issues, all on my H: drive (my external hard drive which I use for backup and data storage. There appears to be no infections or issue on the C: drive.

    The BitDefender Log is below:

    BitDefender Online Scanner


    Scan report generated at: Fri, Jan 28, 2011 - 06:43:36



    Scan path: A:\;C:\;D:\;E:\;F:\;G:\;H:\;





    Statistics
    Time
    22:44:38
    Files
    1585330
    Folders
    36234
    Boot Sectors
    0
    Archives
    37774
    Packed Files
    223072


    Results
    Identified Viruses
    10
    Infected Files
    16
    Suspect Files
    4
    Warnings
    0
    Disinfected
    0
    Deleted Files
    8


    Engines Info
    Virus Definitions
    6687757
    Engine build
    AVCORE v2.1 Windows/i386 11.0.0.42 (Oct 18 2010)
    Scan plugins
    18
    Archive plugins
    44
    Unpack plugins
    10
    E-mail plugins
    6
    System plugins
    4


    Scan Settings
    First Action
    Disinfect
    Second Action
    Delete
    Heuristics
    Yes
    Enable Warnings
    Yes
    Scanned Extensions
    *;
    Exclude Extensions

    Scan Emails
    Yes
    Scan Archives
    Yes
    Scan Packed
    Yes
    Scan Files
    Yes
    Scan Boot
    Yes


    Scanned File
    Status
    H:\Companies\CH2M HILL\Masdar Files\Laptop Personal Folders2 030609.pst=>[Subject: Attention! Several VISA Credit Card bases have been LOST!][From: VISA Card Support]=>(body)=>(Compressed Rtf)=>(Rtf2Html)
    Infected with: Trojan.Script.42798
    H:\Companies\CH2M HILL\Masdar Files\Laptop Personal Folders2 030609.pst=>[Subject: Attention! Several VISA Credit Card bases have been LOST!][From: VISA Card Support]=>(body)=>(Compressed Rtf)=>(Rtf2Html)
    Disinfection failed
    H:\Companies\CH2M HILL\Masdar Files\Laptop Personal Folders2 030609.pst=>[Subject: Attention! Several VISA Credit Card bases have been LOST!][From: VISA Card Support]=>(body)=>(Compressed Rtf)=>(Rtf2Html)
    Delete failed
    H:\Companies\CH2M HILL\Masdar Files\Laptop Personal Folders2 030609.pst=>[Subject: Fancy][From: [email protected]]=>(body)=>(Compressed Rtf)
    Suspected of: Exploit.Iframe.Vulnerability
    H:\Companies\CH2M HILL\Masdar Files\Laptop Personal Folders2 030609.pst=>[Subject: Fancy][From: [email protected]]=>(body)=>(Compressed Rtf)
    Disinfection failed
    H:\Companies\CH2M HILL\Masdar Files\Laptop Personal Folders2 030609.pst=>[Subject: Fancy][From: [email protected]]=>(body)=>(Compressed Rtf)
    Deleted
    H:\Companies\CH2M HILL\Masdar Files\Laptop Personal Folders2 030609.pst=>[Subject: Fancy][From: [email protected]]=>(body)
    Deleted
    H:\Companies\CH2M HILL\Masdar Files\Laptop Personal Folders2 030609.pst
    Updated
    H:\Laptop Backup\Laptop Personal Folders2 030609.pst=>[Subject: Attention! Several VISA Credit Card bases have been LOST!][From: VISA Card Support]=>(body)=>(Compressed Rtf)=>(Rtf2Html)
    Infected with: Trojan.Script.42798
    H:\Laptop Backup\Laptop Personal Folders2 030609.pst=>[Subject: Attention! Several VISA Credit Card bases have been LOST!][From: VISA Card Support]=>(body)=>(Compressed Rtf)=>(Rtf2Html)
    Disinfection failed
    H:\Laptop Backup\Laptop Personal Folders2 030609.pst=>[Subject: Attention! Several VISA Credit Card bases have been LOST!][From: VISA Card Support]=>(body)=>(Compressed Rtf)=>(Rtf2Html)
    Delete failed
    H:\Laptop Backup\Laptop Personal Folders2 030609.pst=>[Subject: Fancy][From: [email protected]]=>(body)=>(Compressed Rtf)
    Suspected of: Exploit.Iframe.Vulnerability
    H:\Laptop Backup\Laptop Personal Folders2 030609.pst=>[Subject: Fancy][From: [email protected]]=>(body)=>(Compressed Rtf)
    Disinfection failed
    H:\Laptop Backup\Laptop Personal Folders2 030609.pst=>[Subject: Fancy][From: [email protected]]=>(body)=>(Compressed Rtf)
    Deleted
    H:\Laptop Backup\Laptop Personal Folders2 030609.pst=>[Subject: Fancy][From: [email protected]]=>(body)
    Deleted
    H:\Laptop Backup\Laptop Personal Folders2 030609.pst
    Updated
    H:\Laptop Backup\Laptop Personal Folders2 141209.pst=>[Subject: Attention! Several VISA Credit Card bases have been LOST!][From: VISA Card Support]=>(body)=>(Compressed Rtf)=>(Rtf2Html)
    Infected with: Trojan.Script.42798
    H:\Laptop Backup\Laptop Personal Folders2 141209.pst=>[Subject: Attention! Several VISA Credit Card bases have been LOST!][From: VISA Card Support]=>(body)=>(Compressed Rtf)=>(Rtf2Html)
    Disinfection failed
    H:\Laptop Backup\Laptop Personal Folders2 141209.pst=>[Subject: Attention! Several VISA Credit Card bases have been LOST!][From: VISA Card Support]=>(body)=>(Compressed Rtf)=>(Rtf2Html)
    Delete failed
    H:\Laptop Backup\Laptop Personal Folders2 141209.pst=>[Subject: Fancy][From: [email protected]]=>(body)=>(Compressed Rtf)
    Suspected of: Exploit.Iframe.Vulnerability
    H:\Laptop Backup\Laptop Personal Folders2 141209.pst=>[Subject: Fancy][From: [email protected]]=>(body)=>(Compressed Rtf)
    Disinfection failed
    H:\Laptop Backup\Laptop Personal Folders2 141209.pst=>[Subject: Fancy][From: [email protected]]=>(body)=>(Compressed Rtf)
    Deleted
    H:\Laptop Backup\Laptop Personal Folders2 141209.pst=>[Subject: Fancy][From: [email protected]]=>(body)
    Deleted
    H:\Laptop Backup\Laptop Personal Folders2 141209.pst
    Updated
    H:\Laptop Backup\Laptop Personal Folders2 221110.pst=>[Subject: Attention! Several VISA Credit Card bases have been LOST!][From: VISA Card Support]=>(body)=>(Compressed Rtf)=>(Rtf2Html)
    Infected with: Trojan.Script.42798
    H:\Laptop Backup\Laptop Personal Folders2 221110.pst=>[Subject: Attention! Several VISA Credit Card bases have been LOST!][From: VISA Card Support]=>(body)=>(Compressed Rtf)=>(Rtf2Html)
    Disinfection failed
    H:\Laptop Backup\Laptop Personal Folders2 221110.pst=>[Subject: Attention! Several VISA Credit Card bases have been LOST!][From: VISA Card Support]=>(body)=>(Compressed Rtf)=>(Rtf2Html)
    Delete failed
    H:\Laptop Backup\Laptop Personal Folders2 221110.pst=>[Subject: Fancy][From: [email protected]]=>(body)=>(Compressed Rtf)
    Suspected of: Exploit.Iframe.Vulnerability
    H:\Laptop Backup\Laptop Personal Folders2 221110.pst=>[Subject: Fancy][From: [email protected]]=>(body)=>(Compressed Rtf)
    Disinfection failed
    H:\Laptop Backup\Laptop Personal Folders2 221110.pst=>[Subject: Fancy][From: [email protected]]=>(body)=>(Compressed Rtf)
    Deleted
    H:\Laptop Backup\Laptop Personal Folders2 221110.pst=>[Subject: Fancy][From: [email protected]]=>(body)
    Deleted
    H:\Laptop Backup\Laptop Personal Folders2 221110.pst
    Updated
    H:\DJ\AGSetup0606.exe=>(VISE Installer o)=>fsg-ag.exe
    Detected with: Gen:[email protected]
    H:\DJ\AGSetup0606.exe=>(VISE Installer o)=>fsg-ag.exe
    Disinfection failed
    H:\DJ\AGSetup0606.exe=>(VISE Installer o)=>fsg-ag.exe
    Delete failed
    H:\DJ\AGSetup0608.exe=>(VISE Installer o)=>VX2.dll
    Infected with: Trojan.Generic.190041
    H:\DJ\AGSetup0608.exe=>(VISE Installer o)=>VX2.dll
    Disinfection failed
    H:\DJ\AGSetup0608.exe=>(VISE Installer o)=>VX2.dll
    Delete failed
    H:\DJ\AGSetup0608.exe=>(VISE Installer o)=>fsg-ag.exe
    Detected with: Gen:[email protected]
    H:\DJ\AGSetup0608.exe=>(VISE Installer o)=>fsg-ag.exe
    Disinfection failed
    H:\DJ\AGSetup0608.exe=>(VISE Installer o)=>fsg-ag.exe
    Delete failed
    H:\DJ\CNET-audiogalaxy0605.exe=>(VISE Installer o)=>wh_CC_GALAXY.exe=>(ZIP Sfx s)=>whInstaller.exe
    Detected with: Adware.Webhancer.16
    H:\DJ\CNET-audiogalaxy0605.exe=>(VISE Installer o)=>wh_CC_GALAXY.exe=>(ZIP Sfx s)=>whInstaller.exe
    Disinfection failed
    H:\DJ\CNET-audiogalaxy0605.exe=>(VISE Installer o)=>wh_CC_GALAXY.exe=>(ZIP Sfx s)=>whInstaller.exe
    Delete failed
    H:\DJ\CNET-audiogalaxy0605.exe=>(VISE Installer o)=>wh_CC_GALAXY.exe=>(ZIP Sfx s)=>regwebh.dll
    Detected with: Application.Webhancer.AA
    H:\DJ\CNET-audiogalaxy0605.exe=>(VISE Installer o)=>wh_CC_GALAXY.exe=>(ZIP Sfx s)=>regwebh.dll
    Disinfection failed
    H:\DJ\CNET-audiogalaxy0605.exe=>(VISE Installer o)=>wh_CC_GALAXY.exe=>(ZIP Sfx s)=>regwebh.dll
    Delete failed
    H:\DJ\CNET-audiogalaxy0605.exe=>(VISE Installer o)=>wh_CC_GALAXY.exe=>(ZIP Sfx s)=>wbhshare.dll
    Detected with: Application.Webhancer.G
    H:\DJ\CNET-audiogalaxy0605.exe=>(VISE Installer o)=>wh_CC_GALAXY.exe=>(ZIP Sfx s)=>wbhshare.dll
    Disinfection failed
    H:\DJ\CNET-audiogalaxy0605.exe=>(VISE Installer o)=>wh_CC_GALAXY.exe=>(ZIP Sfx s)=>wbhshare.dll
    Delete failed
    H:\DJ\CNET-audiogalaxy0605.exe=>(VISE Installer o)=>wh_CC_GALAXY.exe=>(ZIP Sfx s)=>webhdll.dll
    Detected with: Adware.Webhancer.16
    H:\DJ\CNET-audiogalaxy0605.exe=>(VISE Installer o)=>wh_CC_GALAXY.exe=>(ZIP Sfx s)=>webhdll.dll
    Disinfection failed
    H:\DJ\CNET-audiogalaxy0605.exe=>(VISE Installer o)=>wh_CC_GALAXY.exe=>(ZIP Sfx s)=>webhdll.dll
    Delete failed
    H:\DJ\CNET-audiogalaxy0605.exe=>(VISE Installer o)=>wh_CC_GALAXY.exe=>(ZIP Sfx s)=>whAgent.exe
    Detected with: Application.Webhancer.D
    H:\DJ\CNET-audiogalaxy0605.exe=>(VISE Installer o)=>wh_CC_GALAXY.exe=>(ZIP Sfx s)=>whAgent.exe
    Disinfection failed
    H:\DJ\CNET-audiogalaxy0605.exe=>(VISE Installer o)=>wh_CC_GALAXY.exe=>(ZIP Sfx s)=>whAgent.exe
    Delete failed
    H:\DJ\CNET-audiogalaxy0605.exe=>(VISE Installer o)=>wh_CC_GALAXY.exe=>(ZIP Sfx s)=>whiedc.dll
    Detected with: Application.Webhancer.AG
    H:\DJ\CNET-audiogalaxy0605.exe=>(VISE Installer o)=>wh_CC_GALAXY.exe=>(ZIP Sfx s)=>whiedc.dll
    Disinfection failed
    H:\DJ\CNET-audiogalaxy0605.exe=>(VISE Installer o)=>wh_CC_GALAXY.exe=>(ZIP Sfx s)=>whiedc.dll
    Delete failed
    H:\DJ\CNET-audiogalaxy0605.exe=>(VISE Installer o)=>wh_CC_GALAXY.exe=>(ZIP Sfx s)=>whiehlpr.dll
    Detected with: Application.Webhancer.A
    H:\DJ\CNET-audiogalaxy0605.exe=>(VISE Installer o)=>wh_CC_GALAXY.exe=>(ZIP Sfx s)=>whiehlpr.dll
    Disinfection failed
    H:\DJ\CNET-audiogalaxy0605.exe=>(VISE Installer o)=>wh_CC_GALAXY.exe=>(ZIP Sfx s)=>whiehlpr.dll
    Delete failed
    H:\DJ\CNET-audiogalaxy0605.exe=>(VISE Installer o)=>wh_CC_GALAXY.exe=>(ZIP Sfx s)=>whieshm.dll
    Detected with: Application.Webhancer.C
    H:\DJ\CNET-audiogalaxy0605.exe=>(VISE Installer o)=>wh_CC_GALAXY.exe=>(ZIP Sfx s)=>whieshm.dll
    Disinfection failed
    H:\DJ\CNET-audiogalaxy0605.exe=>(VISE Installer o)=>wh_CC_GALAXY.exe=>(ZIP Sfx s)=>whieshm.dll
    Delete failed
    H:\DJ\CNET-audiogalaxy0605.exe=>(VISE Installer o)=>fsg-ag.exe
    Detected with: Gen:[email protected]
    H:\DJ\CNET-audiogalaxy0605.exe=>(VISE Installer o)=>fsg-ag.exe
    Disinfection failed
    H:\DJ\CNET-audiogalaxy0605.exe=>(VISE Installer o)=>fsg-ag.exe
    Delete failed




    I can certainly delete all files identified but am not sure if that is the right thing to do. Could you please advise?

    Should I do another scan or other things before or after? I await your recommendations.

    Thank you
    David
     
  10. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    55,952
    First Name:
    Derek
    I wouldn't worry unduly about those

    I can't see anything wrong with it
     
  11. djmj

    djmj Thread Starter

    Joined:
    May 1, 2009
    Messages:
    56
    OK thank you dvk01. My original problem is solved. What remains is that the machine operates much slower than it used to and i am not sure what to do about this. Any suggestions would be welcomed.
    You have been a big help and I thank you for your time.
    Good luck and best regards,
    David
     
  12. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    55,952
    First Name:
    Derek
    all I can suggest is run chkdsk & defrag to see if that helps things
     
  13. djmj

    djmj Thread Starter

    Joined:
    May 1, 2009
    Messages:
    56
    OK thanks dvk01. I'll do that.
    Thanks again and best regards.
    My donation will follow.
    David
     
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - (XP) shuts down
  1. csonne
    Replies:
    0
    Views:
    372
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/975234

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice