Joined
·
1 Posts
Hi all new here but not new to fixing my computer however this last one has me baffled. Usually my Eset Nod32 4.0.467 catches everything. I also have on my computer Spybot, Malware antibytes, Super Antispyware, Ad - Aware, Tune Up Utilities, Registry First Aid 7 Platinum. I have System Mechanic 10 but never bothered to install it. Oh yeah I am running XP service pack 2 - I do not want service pack 3.
So my problem of late has been my last 2 scans of Nod Antivirus = my second last scan took over 6 hours and found nothing. My last scan took 24 hours and never completed as it got stuck at 99 % in XP services. Also what prompted me to do the scan was the fact that Diskeeper gave me a warning that my windows drive was critical and needed to be defragged so I used VOPT 9.2 to defrag (it does a better job). So everything is good but then 15 minutes later Diskeeper is giving me another warning for my Windows drive even though I had not done anything in those 15 minutes.
Nod Antivirus detected threats log =
18/03/2011 6:01:40 PM Real-time file system protection file E:\DOCUME~1\Rick\LOCALS~1\Temp\clamtray.exe NSIS/TrojanDownloader.FakeAlert.DK.Gen trojan deleted - quarantined RIC-4HIHPGXWHR\Rick Event occurred on a new file created by the application: C:\unzipped\Corel Paint Shop Pro Photo X3 13\Corel Paint Shop Pro Photo X3 13.00.exe.
16/03/2011 11:30:20 AM Real-time file system protection file E:\DOCUME~1\Rick\LOCALS~1\Temp\NERO1003378\unit_ap p_75\Toolbar.exe Win32/Toolbar.AskSBar potentially unwanted application unable to clean RIC-4HIHPGXWHR\Rick Event occurred on a new file created by the application: E:\Documents and Settings\Rick\Desktop\Nero-9.2.6.0_trial.exe.
16/03/2011 9:53:54 AM Real-time file system protection file E:\DOCUME~1\Rick\LOCALS~1\Temp\IXP001.TMP\LICENS~1 .EXE a variant of Win32/Olmarik.SV trojan cleaned by deleting - quarantined RIC-4HIHPGXWHR\Rick Event occurred on a new file created by the application: C:\pictures\sharezza downloads\Nero 9 Reloaded v 9.4.26.0 Multilangual - Windows 7 Compatible + keygen\Nero 9.4.26.0_trial.EXE.
16/03/2011 9:32:49 AM Real-time file system protection file E:\DOCUME~1\Rick\LOCALS~1\Temp\IXP001.TMP\UPDATE~1 .EXE a variant of Win32/Olmarik.SV trojan cleaned by deleting - quarantined RIC-4HIHPGXWHR\Rick Event occurred on a new file created by the application: C:\pictures\sharezza downloads\Nero 9 Full v.9.2.6.0 with keymaker-Windows 7 Compatible!\Nero9.2.6.0_trial.EXE.
16/03/2011 9:14:22 AM Real-time file system protection file C:\pictures\sharezza downloads\Nero 9 Full v.9.2.6.0 with keymaker-Windows 7 Compatible!\nero 9.2.6.0 keygen and instruction\Keygen.exe a variant of Win32/Keygen.BF potentially unwanted application unable to clean RIC-4HIHPGXWHR\Rick Event occurred on a file modified by the application: E:\WINDOWS\explorer.exe.
16/03/2011 9:07:56 AM Real-time file system protection file C:\pictures\sharezza downloads\nero 9.2.6.0 keygen and instruction\Keygen.exe a variant of Win32/Keygen.BF potentially unwanted application unable to clean RIC-4HIHPGXWHR\Rick Event occurred on a file modified by the application: E:\Program Files\uTorrent\uTorrent.exe.
16/03/2011 9:07:45 AM Real-time file system protection file C:\sharezza temp\nero 9.2.6.0 keygen and instruction\Keygen.exe a variant of Win32/Keygen.BF potentially unwanted application unable to clean RIC-4HIHPGXWHR\Rick Event occurred on a file modified by the application: E:\Program Files\uTorrent\uTorrent.exe.
16/03/2011 9:07:27 AM Real-time file system protection file C:\sharezza temp\nero 9.2.6.0 keygen and instruction\Keygen.exe a variant of Win32/Keygen.BF potentially unwanted application unable to clean RIC-4HIHPGXWHR\Rick Event occurred on a file modified by the application: E:\Program Files\uTorrent\uTorrent.exe.
16/03/2011 9:07:04 AM Real-time file system protection file C:\sharezza temp\nero 9.2.6.0 keygen and instruction\Keygen.exe a variant of Win32/Keygen.BF potentially unwanted application unable to clean RIC-4HIHPGXWHR\Rick Event occurred on a file modified by the application: E:\Program Files\uTorrent\uTorrent.exe.
16/03/2011 8:59:53 AM Real-time file system protection file E:\DOCUME~1\Rick\LOCALS~1\Temp\IXP001.TMP\UPDATE~1 .EXE a variant of Win32/Olmarik.SV trojan cleaned by deleting - quarantined RIC-4HIHPGXWHR\Rick Event occurred on a new file created by the application: C:\pictures\sharezza downloads\Nero 9 Full v.9.2.6.0 with keymaker-Windows 7 Compatible!\Nero9.2.6.0_trial.EXE.
16/03/2011 8:54:00 AM Real-time file system protection file C:\pictures\sharezza downloads\Nero 9 Full v.9.2.6.0 with keymaker-Windows 7 Compatible!\Nero_keymaker.exe probably a variant of Win32/Agent.KHBSUSP trojan cleaned by deleting - quarantined RIC-4HIHPGXWHR\Rick Event occurred during an attempt to access the file by the application: E:\WINDOWS\explorer.exe.
16/03/2011 8:51:33 AM Real-time file system protection file E:\DOCUME~1\Rick\LOCALS~1\Temp\NERO1003378\unit_ap p_75\Toolbar.exe Win32/Toolbar.AskSBar potentially unwanted application unable to clean RIC-4HIHPGXWHR\Rick Event occurred on a new file created by the application: E:\Documents and Settings\Rick\Local Settings\Temp\IXP001.TMP\NERO92~1.EXE.
16/03/2011 8:48:11 AM Real-time file system protection file E:\DOCUME~1\Rick\LOCALS~1\Temp\4F6.tmp a variant of Win32/Olmarik.SV trojan cleaned by deleting (after the next restart) - quarantined RIC-4HIHPGXWHR\Rick Event occurred on a file modified by the application: E:\DOCUME~1\Rick\LOCALS~1\Temp\IXP001.TMP\LICENS~1 .EXE.
16/03/2011 8:48:00 AM Real-time file system protection file E:\DOCUME~1\Rick\LOCALS~1\Temp\IXP001.TMP\LICENS~1 .EXE a variant of Win32/Olmarik.SV trojan cleaned by deleting (after the next restart) - quarantined RIC-4HIHPGXWHR\Rick Event occurred on a new file created by the application: C:\pictures\sharezza downloads\Nero 9 Reloaded v 9.4.26.0 Multilangual - Windows 7 Compatible + keygen\Nero 9.4.26.0_trial.EXE.
16/03/2011 8:48:00 AM Real-time file system protection file E:\WINDOWS\System32\spool\PRTPROCS\W32X86\4F5.tmp a variant of Win32/Olmarik.SV trojan cleaned by deleting - quarantined RIC-4HIHPGXWHR\Rick Event occurred on a file modified by the application: E:\Documents and Settings\Rick\Local Settings\Temp\IXP001.TMP\LICENS~1.EXE.
16/03/2011 8:44:24 AM Real-time file system protection file C:\pictures\sharezza downloads\Nero 9 Reloaded v 9.4.26.0 Multilangual - Windows 7 Compatible + keygen\Nero_keymaker.exe probably a variant of Win32/Agent.KHBSUSP trojan cleaned by deleting - quarantined RIC-4HIHPGXWHR\Rick Event occurred during an attempt to access the file by the application: E:\WINDOWS\explorer.exe.
12/03/2011 3:37:12 PM Real-time file system protection file C:\System Volume Information\_restore{79FE4B14-4432-4FE7-88B4-8473A04A2233}\RP206\A0043288.exe multiple threats unable to clean NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: E:\WINDOWS\system32\svchost.exe.
12/03/2011 12:09:26 AM Real-time file system protection file E:\DOCUME~1\Rick\LOCALS~1\Temp\IXP000.TMP\keygen.e xe probably a variant of Win32/Agent.GOGHCID trojan cleaned by deleting - quarantined RIC-4HIHPGXWHR\Rick Event occurred on a new file created by the application: C:\pictures\sharezza downloads\Adobe.Photoshop.Elements.Serial.Keygen.O nly-CORE\keygen.exe.
12/03/2011 12:07:37 AM Real-time file system protection file C:\sharezza temp\Adobe.Photoshop.Elements.Serial.Keygen.Only-CORE\keygen.exe multiple threats RIC-4HIHPGXWHR\Rick Event occurred on a file modified by the application: E:\Program Files\uTorrent\uTorrent.exe.
12/03/2011 12:07:17 AM Real-time file system protection file C:\sharezza temp\Adobe.Photoshop.Elements.Serial.Keygen.Only-CORE\keygen.exe multiple threats RIC-4HIHPGXWHR\Rick Event occurred on a new file created by the application: E:\Program Files\uTorrent\uTorrent.exe.
12/03/2011 12:03:48 AM Real-time file system protection file C:\sharezza temp\Adobe.Photoshop.Elements.Serial.Keygen.Only-CORE\keygen.exe multiple threats deleted - quarantined RIC-4HIHPGXWHR\Rick Event occurred on a file modified by the application: E:\Program Files\uTorrent\uTorrent.exe.
That is all this months.Currently NOD says I am clean. I am however doing an online NOD scan as I write this and it turned up clean. Here is my HIJACK THIS log I just did
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:58:28 PM, on 22/03/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\nvsvc32.exe
e:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
E:\Program Files\Sygate\SPF\smc.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
E:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
E:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
E:\WINDOWS\system32\Rundll32.exe
E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
E:\Program Files\UPHClean\uphclean.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\CursorXP\CursorXP.exe
E:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
E:\Program Files\Stardock\Object Desktop\WindowFX\wfxload.exe
E:\Program Files\WallMaster\wallmast.exe
E:\Program Files\Rainmeter\Rainmeter.exe
E:\WINDOWS\system32\Rundll32.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
E:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe
E:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = E:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.ht m
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = E:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.ht m
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Microsoft Windows Update
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Explorer Rick
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=;ftp=;https=;
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - E:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - E:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: WinAVI FLVSense - {E8DF67A1-B618-4F3F-9E7C-CBE175ADEF5B} - E:\Program Files\WinAVI FLV Converter\FLVTune.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - E:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SmcService] E:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [StartupDelayer] "E:\Program Files\r2 Studios\Startup Delayer\Startup Launcher.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [egui] "E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [CTSysVol] E:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CursorXP] E:\Program Files\CursorXP\CursorXP.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Download FLV by WinAVI... - E:\Program Files\WinAVI FLV Converter\flv_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - E:\Program Files\WinAVI FLV Converter\FLVTune.dll
O9 - Extra 'Tools' menuitem: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - E:\Program Files\WinAVI FLV Converter\FLVTune.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @E:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @E:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - file:///F:/components/hidinputmonitorx.ocx
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) - file:///F:/components/A9.ocx
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} (WMVHDRatingCtrl Class) - file:///F:/components/wmvhdrating.ocx
O20 - Winlogon Notify: !SASWinLogon - E:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: hgGwUnNG - hgGwUnNG.dll (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - E:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Diskeeper - Diskeeper Corporation - E:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - E:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Hyperdesk Theme Enabler (HdThemeEnabler) - The Skins Factory, Inc. - E:\Program Files\The Skins Factory\Hyperdesk\Common\HdThemeEnabler.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MagicTuneEngine - Unknown owner - E:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: MBAMService - Malwarebytes Corporation - E:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - E:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - e:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - E:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - E:\Program Files\Sygate\SPF\smc.exe
O23 - Service: StyleXPService - Unknown owner - E:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TomTomHOMEService - TomTom - E:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - E:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - E:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - E:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
--
End of file - 10040 bytes
My windows drive is not that old so my questions are why is Nod crapping out on the virus scans and also taking forever to do them where as they used to take less time and actually complete the scan and also why is my windows drive fragmenting so fast?? Literally 15 minutes after I have done a complete defrag it is telling me the drive has approached the warning level again???? Any help will be appreciated. thanks
So my problem of late has been my last 2 scans of Nod Antivirus = my second last scan took over 6 hours and found nothing. My last scan took 24 hours and never completed as it got stuck at 99 % in XP services. Also what prompted me to do the scan was the fact that Diskeeper gave me a warning that my windows drive was critical and needed to be defragged so I used VOPT 9.2 to defrag (it does a better job). So everything is good but then 15 minutes later Diskeeper is giving me another warning for my Windows drive even though I had not done anything in those 15 minutes.
Nod Antivirus detected threats log =
18/03/2011 6:01:40 PM Real-time file system protection file E:\DOCUME~1\Rick\LOCALS~1\Temp\clamtray.exe NSIS/TrojanDownloader.FakeAlert.DK.Gen trojan deleted - quarantined RIC-4HIHPGXWHR\Rick Event occurred on a new file created by the application: C:\unzipped\Corel Paint Shop Pro Photo X3 13\Corel Paint Shop Pro Photo X3 13.00.exe.
16/03/2011 11:30:20 AM Real-time file system protection file E:\DOCUME~1\Rick\LOCALS~1\Temp\NERO1003378\unit_ap p_75\Toolbar.exe Win32/Toolbar.AskSBar potentially unwanted application unable to clean RIC-4HIHPGXWHR\Rick Event occurred on a new file created by the application: E:\Documents and Settings\Rick\Desktop\Nero-9.2.6.0_trial.exe.
16/03/2011 9:53:54 AM Real-time file system protection file E:\DOCUME~1\Rick\LOCALS~1\Temp\IXP001.TMP\LICENS~1 .EXE a variant of Win32/Olmarik.SV trojan cleaned by deleting - quarantined RIC-4HIHPGXWHR\Rick Event occurred on a new file created by the application: C:\pictures\sharezza downloads\Nero 9 Reloaded v 9.4.26.0 Multilangual - Windows 7 Compatible + keygen\Nero 9.4.26.0_trial.EXE.
16/03/2011 9:32:49 AM Real-time file system protection file E:\DOCUME~1\Rick\LOCALS~1\Temp\IXP001.TMP\UPDATE~1 .EXE a variant of Win32/Olmarik.SV trojan cleaned by deleting - quarantined RIC-4HIHPGXWHR\Rick Event occurred on a new file created by the application: C:\pictures\sharezza downloads\Nero 9 Full v.9.2.6.0 with keymaker-Windows 7 Compatible!\Nero9.2.6.0_trial.EXE.
16/03/2011 9:14:22 AM Real-time file system protection file C:\pictures\sharezza downloads\Nero 9 Full v.9.2.6.0 with keymaker-Windows 7 Compatible!\nero 9.2.6.0 keygen and instruction\Keygen.exe a variant of Win32/Keygen.BF potentially unwanted application unable to clean RIC-4HIHPGXWHR\Rick Event occurred on a file modified by the application: E:\WINDOWS\explorer.exe.
16/03/2011 9:07:56 AM Real-time file system protection file C:\pictures\sharezza downloads\nero 9.2.6.0 keygen and instruction\Keygen.exe a variant of Win32/Keygen.BF potentially unwanted application unable to clean RIC-4HIHPGXWHR\Rick Event occurred on a file modified by the application: E:\Program Files\uTorrent\uTorrent.exe.
16/03/2011 9:07:45 AM Real-time file system protection file C:\sharezza temp\nero 9.2.6.0 keygen and instruction\Keygen.exe a variant of Win32/Keygen.BF potentially unwanted application unable to clean RIC-4HIHPGXWHR\Rick Event occurred on a file modified by the application: E:\Program Files\uTorrent\uTorrent.exe.
16/03/2011 9:07:27 AM Real-time file system protection file C:\sharezza temp\nero 9.2.6.0 keygen and instruction\Keygen.exe a variant of Win32/Keygen.BF potentially unwanted application unable to clean RIC-4HIHPGXWHR\Rick Event occurred on a file modified by the application: E:\Program Files\uTorrent\uTorrent.exe.
16/03/2011 9:07:04 AM Real-time file system protection file C:\sharezza temp\nero 9.2.6.0 keygen and instruction\Keygen.exe a variant of Win32/Keygen.BF potentially unwanted application unable to clean RIC-4HIHPGXWHR\Rick Event occurred on a file modified by the application: E:\Program Files\uTorrent\uTorrent.exe.
16/03/2011 8:59:53 AM Real-time file system protection file E:\DOCUME~1\Rick\LOCALS~1\Temp\IXP001.TMP\UPDATE~1 .EXE a variant of Win32/Olmarik.SV trojan cleaned by deleting - quarantined RIC-4HIHPGXWHR\Rick Event occurred on a new file created by the application: C:\pictures\sharezza downloads\Nero 9 Full v.9.2.6.0 with keymaker-Windows 7 Compatible!\Nero9.2.6.0_trial.EXE.
16/03/2011 8:54:00 AM Real-time file system protection file C:\pictures\sharezza downloads\Nero 9 Full v.9.2.6.0 with keymaker-Windows 7 Compatible!\Nero_keymaker.exe probably a variant of Win32/Agent.KHBSUSP trojan cleaned by deleting - quarantined RIC-4HIHPGXWHR\Rick Event occurred during an attempt to access the file by the application: E:\WINDOWS\explorer.exe.
16/03/2011 8:51:33 AM Real-time file system protection file E:\DOCUME~1\Rick\LOCALS~1\Temp\NERO1003378\unit_ap p_75\Toolbar.exe Win32/Toolbar.AskSBar potentially unwanted application unable to clean RIC-4HIHPGXWHR\Rick Event occurred on a new file created by the application: E:\Documents and Settings\Rick\Local Settings\Temp\IXP001.TMP\NERO92~1.EXE.
16/03/2011 8:48:11 AM Real-time file system protection file E:\DOCUME~1\Rick\LOCALS~1\Temp\4F6.tmp a variant of Win32/Olmarik.SV trojan cleaned by deleting (after the next restart) - quarantined RIC-4HIHPGXWHR\Rick Event occurred on a file modified by the application: E:\DOCUME~1\Rick\LOCALS~1\Temp\IXP001.TMP\LICENS~1 .EXE.
16/03/2011 8:48:00 AM Real-time file system protection file E:\DOCUME~1\Rick\LOCALS~1\Temp\IXP001.TMP\LICENS~1 .EXE a variant of Win32/Olmarik.SV trojan cleaned by deleting (after the next restart) - quarantined RIC-4HIHPGXWHR\Rick Event occurred on a new file created by the application: C:\pictures\sharezza downloads\Nero 9 Reloaded v 9.4.26.0 Multilangual - Windows 7 Compatible + keygen\Nero 9.4.26.0_trial.EXE.
16/03/2011 8:48:00 AM Real-time file system protection file E:\WINDOWS\System32\spool\PRTPROCS\W32X86\4F5.tmp a variant of Win32/Olmarik.SV trojan cleaned by deleting - quarantined RIC-4HIHPGXWHR\Rick Event occurred on a file modified by the application: E:\Documents and Settings\Rick\Local Settings\Temp\IXP001.TMP\LICENS~1.EXE.
16/03/2011 8:44:24 AM Real-time file system protection file C:\pictures\sharezza downloads\Nero 9 Reloaded v 9.4.26.0 Multilangual - Windows 7 Compatible + keygen\Nero_keymaker.exe probably a variant of Win32/Agent.KHBSUSP trojan cleaned by deleting - quarantined RIC-4HIHPGXWHR\Rick Event occurred during an attempt to access the file by the application: E:\WINDOWS\explorer.exe.
12/03/2011 3:37:12 PM Real-time file system protection file C:\System Volume Information\_restore{79FE4B14-4432-4FE7-88B4-8473A04A2233}\RP206\A0043288.exe multiple threats unable to clean NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: E:\WINDOWS\system32\svchost.exe.
12/03/2011 12:09:26 AM Real-time file system protection file E:\DOCUME~1\Rick\LOCALS~1\Temp\IXP000.TMP\keygen.e xe probably a variant of Win32/Agent.GOGHCID trojan cleaned by deleting - quarantined RIC-4HIHPGXWHR\Rick Event occurred on a new file created by the application: C:\pictures\sharezza downloads\Adobe.Photoshop.Elements.Serial.Keygen.O nly-CORE\keygen.exe.
12/03/2011 12:07:37 AM Real-time file system protection file C:\sharezza temp\Adobe.Photoshop.Elements.Serial.Keygen.Only-CORE\keygen.exe multiple threats RIC-4HIHPGXWHR\Rick Event occurred on a file modified by the application: E:\Program Files\uTorrent\uTorrent.exe.
12/03/2011 12:07:17 AM Real-time file system protection file C:\sharezza temp\Adobe.Photoshop.Elements.Serial.Keygen.Only-CORE\keygen.exe multiple threats RIC-4HIHPGXWHR\Rick Event occurred on a new file created by the application: E:\Program Files\uTorrent\uTorrent.exe.
12/03/2011 12:03:48 AM Real-time file system protection file C:\sharezza temp\Adobe.Photoshop.Elements.Serial.Keygen.Only-CORE\keygen.exe multiple threats deleted - quarantined RIC-4HIHPGXWHR\Rick Event occurred on a file modified by the application: E:\Program Files\uTorrent\uTorrent.exe.
That is all this months.Currently NOD says I am clean. I am however doing an online NOD scan as I write this and it turned up clean. Here is my HIJACK THIS log I just did
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:58:28 PM, on 22/03/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\nvsvc32.exe
e:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
E:\Program Files\Sygate\SPF\smc.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
E:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
E:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
E:\WINDOWS\system32\Rundll32.exe
E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
E:\Program Files\UPHClean\uphclean.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\CursorXP\CursorXP.exe
E:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
E:\Program Files\Stardock\Object Desktop\WindowFX\wfxload.exe
E:\Program Files\WallMaster\wallmast.exe
E:\Program Files\Rainmeter\Rainmeter.exe
E:\WINDOWS\system32\Rundll32.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
E:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe
E:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = E:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.ht m
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = E:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.ht m
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Microsoft Windows Update
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Explorer Rick
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=;ftp=;https=;
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - E:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - E:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: WinAVI FLVSense - {E8DF67A1-B618-4F3F-9E7C-CBE175ADEF5B} - E:\Program Files\WinAVI FLV Converter\FLVTune.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - E:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SmcService] E:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [StartupDelayer] "E:\Program Files\r2 Studios\Startup Delayer\Startup Launcher.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [egui] "E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [CTSysVol] E:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CursorXP] E:\Program Files\CursorXP\CursorXP.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Download FLV by WinAVI... - E:\Program Files\WinAVI FLV Converter\flv_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - E:\Program Files\WinAVI FLV Converter\FLVTune.dll
O9 - Extra 'Tools' menuitem: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - E:\Program Files\WinAVI FLV Converter\FLVTune.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @E:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @E:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - file:///F:/components/hidinputmonitorx.ocx
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) - file:///F:/components/A9.ocx
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} (WMVHDRatingCtrl Class) - file:///F:/components/wmvhdrating.ocx
O20 - Winlogon Notify: !SASWinLogon - E:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: hgGwUnNG - hgGwUnNG.dll (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - E:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Diskeeper - Diskeeper Corporation - E:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - E:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Hyperdesk Theme Enabler (HdThemeEnabler) - The Skins Factory, Inc. - E:\Program Files\The Skins Factory\Hyperdesk\Common\HdThemeEnabler.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MagicTuneEngine - Unknown owner - E:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: MBAMService - Malwarebytes Corporation - E:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - E:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - e:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - E:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - E:\Program Files\Sygate\SPF\smc.exe
O23 - Service: StyleXPService - Unknown owner - E:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TomTomHOMEService - TomTom - E:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - E:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - E:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - E:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
--
End of file - 10040 bytes
My windows drive is not that old so my questions are why is Nod crapping out on the virus scans and also taking forever to do them where as they used to take less time and actually complete the scan and also why is my windows drive fragmenting so fast?? Literally 15 minutes after I have done a complete defrag it is telling me the drive has approached the warning level again???? Any help will be appreciated. thanks
