MAILPV.EXE removal & Hijack info
-
MAILPV.EXE removal & Hijack info
ORIG POST:
http://www.d-a-l.com/help/windows-xp...tml#post175696
PROBLEM DESCRIPTION:
Does anyone know how I can remove spyware/risk ware?
MAILPV.EXE from my PC. FSecure security suite won't, and even a call to FSecure was to no avail?
WIN VER & PC
Win XP Home w/sp2 + all updates except sp3
Compaq Presario SR1030NX
1 Gb ram
160 Gb HD
2 Optical Dr
3 1/4 floppy
STEPS TAKEN TO ELIMINATE MAILPV.EXE:
NOTE: INFECTED FILE CAME FROM: [url]WWW.NIRSOFT.NET/UTILS/PAILPV.HTML[url]
1) Tried to delete mailpv.exe
2) Ran FSecure full sys malware scan.
3) Ran FSecure full sys scan
4) Ran CCleaner
5) Called ISP: Charter, Trans to FSecure div, they said to call FSecure
6) Checked FSecure web but phone number was incorrect.
8) finally got correct phone no, called, they said it wasn't their sw.
9) Recalled Charter.
10) Called my expert friends, (I'm only a businessman)
11) Went to DAL web forum & posted problem, Digerati.
ALL TO NO AVAIL
12) Ran HijackThis as per Digerati
13) Got this error when first runnung of Hijack: see attached file I attached: hijack error pic.jpg
Here we are 2 days later.
Thanks for all the help,
HW
HIJACK:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:15:21 PM, on 10/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\PROGRA~1\neoCLiP\Win2K\BSCLIP.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Free Desktop Clock\DesktopClock.exe
C:\Program Files\Monitor Calibrize\CalibrizeResume.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\FSGK32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSMB32.EXE
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FCH32.EXE
C:\Program Files\Charter High-Speed Security Suite\Common\FAMEH32.EXE
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsqh.exe
C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsaua.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fssm32.exe
C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
C:\Program Files\Charter High-Speed Security Suite\FSGUI\fsguidll.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsav32.exe
C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsus.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Advertising Your Business with Yahoo! Search Marketing
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///E:/HERB/WEBS/find/index.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL.com - Welcome to AOL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Advertising Your Business with Yahoo! Search Marketing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Advertising Your Business with Yahoo! Search Marketing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = AOL.com - Welcome to AOL
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 147.202.41.191:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\neoCLiP\Win2K\BSCLIP.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Charter High-Speed Security Suite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [MCW Startup] "C:\Program Files\Monitor Calibration Wizard\MCW.exe" /s
O4 - HKCU\..\Run: [QuickGammaLoader] C:\Program Files\QuickGamma\QuickGammaLoader.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Free Desktop Clock\DesktopClock.exe
O4 - HKCU\..\Run: [CGFLoader] C:\Program Files\Monitor Calibrize\CalibrizeLoader.exe
O4 - HKCU\..\Run: [CalibrizeResume] C:\Program Files\Monitor Calibrize\CalibrizeResume.exe
O4 - S-1-5-18 Startup: AutorunsDisabled (User 'SYSTEM')
O4 - .DEFAULT Startup: AutorunsDisabled (User 'Default user')
O4 - Startup: AutorunsDisabled
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &Suspend Webpage Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &Deny this website - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &Allow this website - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://app.onlinephotofiler.com/ImageUploader4.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2BAABDA3-AEFB-42C2-B561-A93E11277088}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{2E14A588-F9F3-4CC5-A75A-BDB2CE8D7976}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\..\{CABC9914-14A6-4F29-B5EC-56355918EFD8}: NameServer = 209.225.8.42,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{2BAABDA3-AEFB-42C2-B561-A93E11277088}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{2BAABDA3-AEFB-42C2-B561-A93E11277088}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Ad-Aware\aawservice.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Unknown owner - (no file)
O24 - Desktop Component AutorunsDisabled: (no name) - (no file)
--
End of file - 8832 bytes
------------------------------
UNINSTALL:
Ad-Aware
Adobe Flash Player Plugin
Adobe Stock Photos 1.0
AM-DeadLink 2.8.1
AMP Font Viewer
AusLogics Disk Defrag
Belarc Advisor 7.2
Calibrize 2.0
CCleaner (remove only)
Charter High-Speed Security Suite
Device drivers for HP Simple Backup
DivX Content Uploader
DivX Web Player
DriverMax 3
Duplicate File Finder 1.1.0.0
Easy Duplicate Finder v. 1.4.2.0
EasyCleaner
EndItAll 2.0
ERUNT 1.1j
Eusing Free Registry Cleaner
Excavation from Compaq (remove only)
Expression Web Extras iButtons 2
Expression Web Extras iButtons I
Foxit Reader
Free Desktop Clock 2.2
Free eXPert PDF Reader
Free Internet Window Washer
Fx Frame Capture
GiPo@MoveOnBoot 1.9.5
Glary Utilities 2.6
Google Earth
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
HP Deskjet Preloaded Printer Drivers
HP Photo & Imaging 3.5 - HP Devices
HP PSC & OfficeJet 3.0
HP Software Update
Iconoplasm!
IntelliMover Data Transfer Demo
InterVideo WinDVD Creator 2
InterVideo WinDVD Player
Ipswitch WS_FTP LE
Java 2 Runtime Environment, SE v1.4.2_06
Java(TM) 6 Update 7
JavaScript Collector 1.1.0.4
KBD
KinyonSoft WinTools XP
Macromedia Fireworks 2
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Bootvis
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Expression Web
Microsoft Expression Web
Microsoft Expression Web MUI (English)
Microsoft Expression Web Service Pack 1 (SP1)
Microsoft Expression Web Service Pack 1 (SP1)
Microsoft Expression Web Service Pack 1 (SP1)
Microsoft Expression Web Service Pack 1 (SP1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Small Business
Microsoft Office 97, Professional Edition
Microsoft Office FrontPage 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Plus! Digital Media Edition
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Windows Journal Viewer
Microsoft Windows Media Video 9 VCM
Mozilla Firefox (3.0.3)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB925673)
Multimedia Card Reader
neoCLiP
NoteTab Std (Remove only)
NVIDIA GART Driver
OE Tweaker
Outlook Express Mail Alert 1.0
PC Magazine's Top 100s as Internet Explorer Favorites
PC-Doctor for Windows
PDF reDirect (remove only)
PhotoScape
Photosmart 140,240,7200,7600,7700,7900 Series
PowerDesk 5.0
PS2
Python 2.2 combined Win32 extensions
Python 2.2.1
QuickGamma 2.0.0.1
RadarSync
Real Alternative 1.50
RecordNow!
S3 S3Display
S3 S3Gamma2
S3 S3Info2
S3 S3Overlay
ScanSoft PaperPort Viewer 7.0
Security Update for Windows XP (KB923789)
Spybot - Search & Destroy
Tweak UI
UltimateDefrag V1 FREE Public Domain Version
VIA Rhine-Family Fast Ethernet Adapter
VIA/S3G Display Driver
Vstascan
What's Running 2.2
Windows Genuine Advantage v1.3.0254.0
Windows Imaging Component
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 2
Last edited by Neal; 13-10-2008 at 06:28 PM.
Reason: remove "
-
Thanks for trying to help, but I was able to solve the problem by accident.
HW
-
Good luck and if you have other problems come on back and we will try to help you out. Good luck.
