Guest SharonF Posted August 22, 2007 Posted August 22, 2007 I started having problems with this a couple of days ago. It bogs down the system and allows tons of pop-ups. Did a virus scan and adware scan and that did not fix it. I ran a hijackthis log and have posted it below.... A friend has tagged it with has tagged the log file with his comments. Any feedback would be greatly appreciated on how to get rid of this.... I really need to get this fixed.... Thanks in advance. Logfile of HijackThis v1.99.1 Scan saved at 9:59:36 PM, on 8/21/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5700.0006) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\McAfee\MBK\MBackMonitor.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\SiteAdvisor\6066\SAService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\SiteAdvisor\6066\SiteAdv.exe C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\DellSupport\DSAgnt.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBOA.EXE C:\Program Files\MySpace\IM\MySpaceIM.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe C:\Program Files\TrueSwitchComcast\TrueWizard.exe C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Support.com\bin\tgcmd.exe C:\DOCUME~1\SHARON~1\LOCALS~1\Temp\3505011.tmp I'm not sure what this is - should not be running C:\Program Files\Internet Explorer\iexplore.exe C:\DOCUME~1\SHARON~1\LOCALS~1\Temp\Temporary Directory 2 for hijackthis[1].zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0 R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [sW20] C:\WINDOWS\system32\sw20.exe Unknown to me O4 - HKLM\..\Run: [sW24] C:\WINDOWS\system32\sw24.exe Unknown to me O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [systemOptimizer] rundll32.exe "C:\WINDOWS\system32\hcqjqhdl.dll",forkonce Unknown to me - this one is most likely your problem O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 O4 - HKCU\..\Run: [EPSON Stylus Photo R380 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBOA.EXE /FU "C:\WINDOWS\TEMP\E_S5C9.tmp" /EF "HKCU" O4 - HKCU\..\Run: [Microsoft Works Update Detection] ???\WkDetect.exe O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueSwitchComcast\TrueWizard.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: APC UPS Status.lnk = ? O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZS O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: DIGUploader - http://disneyphotomovie.go.com/media/en_US/photomanager/uploader/DIGUploader.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1187539171484 O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWirelessUploadControl.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll O20 - AppInit_DLLs: c:\windows\system32\mlljkjj.dll O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
Guest Patti MacLeod Posted August 22, 2007 Posted August 22, 2007 RE: WinVir Hi SharonF, I would highly recommend registering and posting at a forum that is dedicated to malware information and removal. Here are a few that you could choose from: http://forum.aumha.org/viewforum.php?f=28&sid=17df95c6156443f429167fc48bd311bc http://www.cybertechhelp.com/forums/forumdisplay.php?f=25 http://www.suggestafix.com/index.php?showforum=15 Regards, -- Patti MacLeod Microsoft MVP - Windows Shell/User "SharonF" wrote: > I started having problems with this a couple of days ago. It bogs down the > system and allows tons of pop-ups. Did a virus scan and adware scan and that > did not fix it. I ran a hijackthis log and have posted it below.... A > friend has tagged it with has tagged the log file with his comments. Any > feedback would be greatly appreciated on how to get rid of this.... I really > need to get this fixed.... Thanks in advance. > > > Logfile of HijackThis v1.99.1 > Scan saved at 9:59:36 PM, on 8/21/2007 > Platform: Windows XP SP2 (WinNT 5.01.2600) > MSIE: Internet Explorer v7.00 (7.00.5700.0006) > > Running processes: > C:\WINDOWS\System32\smss.exe > C:\WINDOWS\system32\winlogon.exe > C:\WINDOWS\system32\services.exe > C:\WINDOWS\system32\lsass.exe > C:\WINDOWS\system32\svchost.exe > C:\WINDOWS\System32\svchost.exe > C:\WINDOWS\system32\spoolsv.exe > C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe > C:\Program Files\Common Files\Apple\Mobile Device > Support\bin\AppleMobileDeviceService.exe > C:\WINDOWS\system32\cisvc.exe > C:\Program Files\McAfee\MBK\MBackMonitor.exe > C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe > c:\program files\common files\mcafee\mna\mcnasvc.exe > c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe > C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe > C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE > C:\Program Files\McAfee\MPF\MPFSrv.exe > C:\Program Files\McAfee\MSK\MskSrver.exe > C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe > C:\WINDOWS\system32\nvsvc32.exe > C:\Program Files\SiteAdvisor\6066\SAService.exe > C:\WINDOWS\System32\svchost.exe > C:\WINDOWS\system32\svchost.exe > C:\WINDOWS\Explorer.EXE > c:\PROGRA~1\mcafee.com\agent\mcagent.exe > C:\WINDOWS\system32\dla\tfswctrl.exe > C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE > C:\Program Files\QuickTime\QTTask.exe > C:\Program Files\Common Files\Real\Update_OB\realsched.exe > C:\Program Files\Dell\Media Experience\PCMService.exe > C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe > C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe > C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe > C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe > C:\WINDOWS\system32\RUNDLL32.EXE > C:\Program Files\SiteAdvisor\6066\SiteAdv.exe > C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe > C:\Program Files\iTunes\iTunesHelper.exe > C:\WINDOWS\system32\ctfmon.exe > C:\Program Files\Messenger\msmsgs.exe > C:\Program Files\DellSupport\DSAgnt.exe > C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBOA.EXE > C:\Program Files\MySpace\IM\MySpaceIM.exe > C:\Program Files\Logitech\MouseWare\system\em_exec.exe > C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe > C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe > C:\Program Files\TrueSwitchComcast\TrueWizard.exe > C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe > C:\Program Files\iPod\bin\iPodService.exe > C:\Program Files\Internet Explorer\iexplore.exe > C:\WINDOWS\system32\cidaemon.exe > C:\Program Files\Support.com\bin\tgcmd.exe > C:\DOCUME~1\SHARON~1\LOCALS~1\Temp\3505011.tmp I'm not sure what this is - > should not be running > C:\Program Files\Internet Explorer\iexplore.exe > C:\DOCUME~1\SHARON~1\LOCALS~1\Temp\Temporary Directory 2 for > hijackthis[1].zip\HijackThis.exe > > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = > http://www.comcast.net/toolbar2.0/search/ > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = > http://go.microsoft.com/fwlink/?LinkId=54896 > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = > http://go.microsoft.com/fwlink/?LinkId=54729 > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = > http://go.microsoft.com/fwlink/?LinkId=54896 > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = > http://go.microsoft.com/fwlink/?LinkId=54896 > R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = > http://www.comcast.net/ > R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = > http://www.comcast.net/toolbar2.0/search/ > R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows > Internet Explorer provided by Comcast > R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet > Settings,ProxyServer = :0 > R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - > C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL > O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program > files\google\googletoolbar1.dll > O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - > C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll > O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - > C:\Program Files\SiteAdvisor\6066\SiteAdv.dll > O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - > C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL > O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE > O4 - HKLM\..\Run: [diagent] "C:\Program > Files\Creative\SBLive\Diagnostics\diagent.exe" startup > O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe > O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] > C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus > Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300" > O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" > -atboottime > O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common > Files\Real\Update_OB\realsched.exe" -osboot > O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media > Experience\PCMService.exe" > O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH > Jukebox\mm_tray.exe" > O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common > Files\Sonic\Update Manager\sgtray.exe" /r > O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH > Jukebox\mmtask.exe" > O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe > O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe > O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe > O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe > O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE > C:\WINDOWS\system32\NvCpl.dll,NvStartup > O4 - HKLM\..\Run: [nwiz] nwiz.exe /install > O4 - HKLM\..\Run: [sW20] C:\WINDOWS\system32\sw20.exe Unknown to me > O4 - HKLM\..\Run: [sW24] C:\WINDOWS\system32\sw24.exe Unknown to me > O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE > C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit > O4 - HKLM\..\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe > O4 - HKLM\..\Run: [McAfee Backup] C:\Program > Files\McAfee\MBK\McAfeeDataBackup.exe > O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe > O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server > /startmonitor /deaf > O4 - HKLM\..\Run: [mcagent_exe] C:\Program > Files\McAfee.com\Agent\mcagent.exe /runkey > O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" > O4 - HKLM\..\Run: [systemOptimizer] rundll32.exe > "C:\WINDOWS\system32\hcqjqhdl.dll",forkonce Unknown to me - this one is most > likely your problem > O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program > Files\Java\jre1.6.0_02\bin\jusched.exe" > O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe > O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background > O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe > O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" > /startup > O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat > 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 > O4 - HKCU\..\Run: [EPSON Stylus Photo R380 Series] > C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBOA.EXE /FU > "C:\WINDOWS\TEMP\E_S5C9.tmp" /EF "HKCU" > O4 - HKCU\..\Run: [Microsoft Works Update Detection] ???\WkDetect.exe > O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe > O4 - Startup: TrueAssistant.lnk = C:\Program > Files\TrueSwitchComcast\TrueWizard.exe > O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program > Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe > O4 - Global Startup: APC UPS Status.lnk = ? > O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? > O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program > Files\Microtek\ScanWizard 5\ScannerFinder.exe > O8 - Extra context menu item: &Search - > http://bar.mywebsearch.com/menusearch.html?p=ZS > O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - > C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll > O9 - Extra 'Tools' menuitem: Sun Java Console - > {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program > Files\Java\jre1.6.0_02\bin\ssv.dll > O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - > C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL > O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - > %windir%\Network Diagnostic\xpnetdiag.exe (file missing) > O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - > {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network > Diagnostic\xpnetdiag.exe (file missing) > O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - > C:\Program Files\Messenger\msmsgs.exe > O9 - Extra 'Tools' menuitem: Windows Messenger - > {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe > O11 - Options group: [iNTERNATIONAL] International* > O16 - DPF: DIGUploader - > http://disneyphotomovie.go.com/media/en_US/photomanager/uploader/DIGUploader.cab > O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage > Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 > O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating > System Class) - > http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab > O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - > http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1187539171484 > O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media > Upload) - http://www.vzwpix.com/activex/VerizonWirelessUploadControl.cab > O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - > http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab > O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - > http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab > O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - > C:\Program Files\SiteAdvisor\6066\SiteAdv.dll > O20 - AppInit_DLLs: c:\windows\system32\mlljkjj.dll > O23 - Service: APC UPS Service - American Power Conversion Corporation - > C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe > O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common > Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe > O23 - Service: DSBrokerService - Unknown owner - C:\Program > Files\DellSupport\brkrsvc.exe > O23 - Service: iPod Service - Apple Inc. - C:\Program > Files\iPod\bin\iPodService.exe > O23 - Service: MBackMonitor - McAfee - C:\Program > Files\McAfee\MBK\MBackMonitor.exe > O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - > C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe > O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program > files\common files\mcafee\mna\mcnasvc.exe > O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - > C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe > O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - > c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe > O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - > C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe > O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - > C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe > O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. > - C:\Program Files\McAfee\MPF\MPFSrv.exe > O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - > C:\Program Files\McAfee\MSK\MskSrver.exe > O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - > C:\WINDOWS\system32\nvsvc32.exe > O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program > Files\SiteAdvisor\6066\SAService.exe >
Guest Gary S. Terhune Posted August 22, 2007 Posted August 22, 2007 Re: WinVir Second that. Hi, Patti. -- Gary S. Terhune MS-MVP Shell/User http://www.grystmill.com "Patti MacLeod" <pam120@nospamshaw.ca> wrote in message news:6604A36E-4C80-45AC-9DBB-CEA847AA54CB@microsoft.com... > Hi SharonF, > > I would highly recommend registering and posting at a forum that is > dedicated to malware information and removal. Here are a few that you could > choose from: > > http://forum.aumha.org/viewforum.php?f=28&sid=17df95c6156443f429167fc48bd311bc > > http://www.cybertechhelp.com/forums/forumdisplay.php?f=25 > > http://www.suggestafix.com/index.php?showforum=15 > > > > Regards, > > -- > Patti MacLeod > Microsoft MVP - Windows Shell/User > > > "SharonF" wrote: > >> I started having problems with this a couple of days ago. It bogs down the >> system and allows tons of pop-ups. Did a virus scan and adware scan and that >> did not fix it. I ran a hijackthis log and have posted it below.... A >> friend has tagged it with has tagged the log file with his comments. Any >> feedback would be greatly appreciated on how to get rid of this.... I really >> need to get this fixed.... Thanks in advance. >> >> >> Logfile of HijackThis v1.99.1 >> Scan saved at 9:59:36 PM, on 8/21/2007 >> Platform: Windows XP SP2 (WinNT 5.01.2600) >> MSIE: Internet Explorer v7.00 (7.00.5700.0006) >> >> Running processes: >> C:\WINDOWS\System32\smss.exe >> C:\WINDOWS\system32\winlogon.exe >> C:\WINDOWS\system32\services.exe >> C:\WINDOWS\system32\lsass.exe >> C:\WINDOWS\system32\svchost.exe >> C:\WINDOWS\System32\svchost.exe >> C:\WINDOWS\system32\spoolsv.exe >> C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe >> C:\Program Files\Common Files\Apple\Mobile Device >> Support\bin\AppleMobileDeviceService.exe >> C:\WINDOWS\system32\cisvc.exe >> C:\Program Files\McAfee\MBK\MBackMonitor.exe >> C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe >> c:\program files\common files\mcafee\mna\mcnasvc.exe >> c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe >> C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe >> C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE >> C:\Program Files\McAfee\MPF\MPFSrv.exe >> C:\Program Files\McAfee\MSK\MskSrver.exe >> C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe >> C:\WINDOWS\system32\nvsvc32.exe >> C:\Program Files\SiteAdvisor\6066\SAService.exe >> C:\WINDOWS\System32\svchost.exe >> C:\WINDOWS\system32\svchost.exe >> C:\WINDOWS\Explorer.EXE >> c:\PROGRA~1\mcafee.com\agent\mcagent.exe >> C:\WINDOWS\system32\dla\tfswctrl.exe >> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE >> C:\Program Files\QuickTime\QTTask.exe >> C:\Program Files\Common Files\Real\Update_OB\realsched.exe >> C:\Program Files\Dell\Media Experience\PCMService.exe >> C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe >> C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe >> C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe >> C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe >> C:\WINDOWS\system32\RUNDLL32.EXE >> C:\Program Files\SiteAdvisor\6066\SiteAdv.exe >> C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe >> C:\Program Files\iTunes\iTunesHelper.exe >> C:\WINDOWS\system32\ctfmon.exe >> C:\Program Files\Messenger\msmsgs.exe >> C:\Program Files\DellSupport\DSAgnt.exe >> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBOA.EXE >> C:\Program Files\MySpace\IM\MySpaceIM.exe >> C:\Program Files\Logitech\MouseWare\system\em_exec.exe >> C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe >> C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe >> C:\Program Files\TrueSwitchComcast\TrueWizard.exe >> C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe >> C:\Program Files\iPod\bin\iPodService.exe >> C:\Program Files\Internet Explorer\iexplore.exe >> C:\WINDOWS\system32\cidaemon.exe >> C:\Program Files\Support.com\bin\tgcmd.exe >> C:\DOCUME~1\SHARON~1\LOCALS~1\Temp\3505011.tmp I'm not sure what this is - >> should not be running >> C:\Program Files\Internet Explorer\iexplore.exe >> C:\DOCUME~1\SHARON~1\LOCALS~1\Temp\Temporary Directory 2 for >> hijackthis[1].zip\HijackThis.exe >> >> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = >> http://www.comcast.net/toolbar2.0/search/ >> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = >> http://go.microsoft.com/fwlink/?LinkId=54896 >> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = >> http://go.microsoft.com/fwlink/?LinkId=54729 >> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = >> http://go.microsoft.com/fwlink/?LinkId=54896 >> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = >> http://go.microsoft.com/fwlink/?LinkId=54896 >> R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = >> http://www.comcast.net/ >> R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = >> http://www.comcast.net/toolbar2.0/search/ >> R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = >> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows >> Internet Explorer provided by Comcast >> R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet >> Settings,ProxyServer = :0 >> R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - >> C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL >> O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program >> files\google\googletoolbar1.dll >> O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - >> C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll >> O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - >> C:\Program Files\SiteAdvisor\6066\SiteAdv.dll >> O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - >> C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL >> O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE >> O4 - HKLM\..\Run: [diagent] "C:\Program >> Files\Creative\SBLive\Diagnostics\diagent.exe" startup >> O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe >> O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] >> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus >> Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300" >> O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" >> -atboottime >> O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common >> Files\Real\Update_OB\realsched.exe" -osboot >> O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media >> Experience\PCMService.exe" >> O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH >> Jukebox\mm_tray.exe" >> O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common >> Files\Sonic\Update Manager\sgtray.exe" /r >> O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH >> Jukebox\mmtask.exe" >> O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe >> O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe >> O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe >> O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe >> O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE >> C:\WINDOWS\system32\NvCpl.dll,NvStartup >> O4 - HKLM\..\Run: [nwiz] nwiz.exe /install >> O4 - HKLM\..\Run: [sW20] C:\WINDOWS\system32\sw20.exe Unknown to me >> O4 - HKLM\..\Run: [sW24] C:\WINDOWS\system32\sw24.exe Unknown to me >> O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE >> C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit >> O4 - HKLM\..\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe >> O4 - HKLM\..\Run: [McAfee Backup] C:\Program >> Files\McAfee\MBK\McAfeeDataBackup.exe >> O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe >> O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server >> /startmonitor /deaf >> O4 - HKLM\..\Run: [mcagent_exe] C:\Program >> Files\McAfee.com\Agent\mcagent.exe /runkey >> O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" >> O4 - HKLM\..\Run: [systemOptimizer] rundll32.exe >> "C:\WINDOWS\system32\hcqjqhdl.dll",forkonce Unknown to me - this one is most >> likely your problem >> O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program >> Files\Java\jre1.6.0_02\bin\jusched.exe" >> O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe >> O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background >> O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe >> O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" >> /startup >> O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat >> 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 >> O4 - HKCU\..\Run: [EPSON Stylus Photo R380 Series] >> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBOA.EXE /FU >> "C:\WINDOWS\TEMP\E_S5C9.tmp" /EF "HKCU" >> O4 - HKCU\..\Run: [Microsoft Works Update Detection] ???\WkDetect.exe >> O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe >> O4 - Startup: TrueAssistant.lnk = C:\Program >> Files\TrueSwitchComcast\TrueWizard.exe >> O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program >> Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe >> O4 - Global Startup: APC UPS Status.lnk = ? >> O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? >> O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program >> Files\Microtek\ScanWizard 5\ScannerFinder.exe >> O8 - Extra context menu item: &Search - >> http://bar.mywebsearch.com/menusearch.html?p=ZS >> O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - >> C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll >> O9 - Extra 'Tools' menuitem: Sun Java Console - >> {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program >> Files\Java\jre1.6.0_02\bin\ssv.dll >> O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - >> C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL >> O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - >> %windir%\Network Diagnostic\xpnetdiag.exe (file missing) >> O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - >> {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network >> Diagnostic\xpnetdiag.exe (file missing) >> O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - >> C:\Program Files\Messenger\msmsgs.exe >> O9 - Extra 'Tools' menuitem: Windows Messenger - >> {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe >> O11 - Options group: [iNTERNATIONAL] International* >> O16 - DPF: DIGUploader - >> http://disneyphotomovie.go.com/media/en_US/photomanager/uploader/DIGUploader.cab >> O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage >> Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 >> O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating >> System Class) - >> http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab >> O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - >> http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1187539171484 >> O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media >> Upload) - http://www.vzwpix.com/activex/VerizonWirelessUploadControl.cab >> O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - >> http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab >> O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - >> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab >> O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - >> C:\Program Files\SiteAdvisor\6066\SiteAdv.dll >> O20 - AppInit_DLLs: c:\windows\system32\mlljkjj.dll >> O23 - Service: APC UPS Service - American Power Conversion Corporation - >> C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe >> O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common >> Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe >> O23 - Service: DSBrokerService - Unknown owner - C:\Program >> Files\DellSupport\brkrsvc.exe >> O23 - Service: iPod Service - Apple Inc. - C:\Program >> Files\iPod\bin\iPodService.exe >> O23 - Service: MBackMonitor - McAfee - C:\Program >> Files\McAfee\MBK\MBackMonitor.exe >> O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - >> C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe >> O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program >> files\common files\mcafee\mna\mcnasvc.exe >> O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - >> C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe >> O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - >> c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe >> O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - >> C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe >> O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - >> C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe >> O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. >> - C:\Program Files\McAfee\MPF\MPFSrv.exe >> O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - >> C:\Program Files\McAfee\MSK\MskSrver.exe >> O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - >> C:\WINDOWS\system32\nvsvc32.exe >> O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program >> Files\SiteAdvisor\6066\SAService.exe >>
Guest Patti MacLeod Posted August 22, 2007 Posted August 22, 2007 Re: WinVir Hi, Gary :-) When did you migrate to the XP groups? Regards, -- Patti MacLeod Microsoft MVP - Windows Shell/User "Gary S. Terhune" wrote: > Second that. Hi, Patti. > > -- > Gary S. Terhune > MS-MVP Shell/User > http://www.grystmill.com
Guest Gary S. Terhune Posted August 22, 2007 Posted August 22, 2007 Re: WinVir When 98 groups became too moribund. Got bored, so I started lurking here. Past the lurking stage, now. Besides, I was waiting for all (or most) of the crazies to migrate to the Vista groups, <g>. -- Gary S. Terhune MS-MVP Shell/User http://www.grystmill.com "Patti MacLeod" <pam120@nospamshaw.ca> wrote in message news:655A0408-0B79-4E1F-951A-10F53F7DB0C8@microsoft.com... > Hi, Gary :-) When did you migrate to the XP groups? > > > > Regards, > > -- > Patti MacLeod > Microsoft MVP - Windows Shell/User > > > "Gary S. Terhune" wrote: > >> Second that. Hi, Patti. >> >> -- >> Gary S. Terhune >> MS-MVP Shell/User >> http://www.grystmill.com
Guest alanjhitchner@msn.com Posted September 16, 2007 Posted September 16, 2007 Re: WinVir On Aug 22, 10:22 am, SharonF <Shar...@discussions.microsoft.com> wrote: > I started having problems with this a couple of days ago. It bogs down the > system and allows tons of pop-ups. Did a virus scan and adware scan and that > did not fix it. I ran a hijackthis log and have posted it below.... A > friend has tagged it with has tagged the log file with his comments. Any > feedback would be greatly appreciated on how to get rid of this.... I really > need to get this fixed.... Thanks in advance. > > Logfile of HijackThis v1.99.1 > Scan saved at 9:59:36 PM, on 8/21/2007 > Platform: Windows XP SP2 (WinNT 5.01.2600) > MSIE: Internet Explorer v7.00 (7.00.5700.0006) > > Running processes: > C:\WINDOWS\System32\smss.exe > C:\WINDOWS\system32\winlogon.exe > C:\WINDOWS\system32\services.exe > C:\WINDOWS\system32\lsass.exe > C:\WINDOWS\system32\svchost.exe > C:\WINDOWS\System32\svchost.exe > C:\WINDOWS\system32\spoolsv.exe > C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe > C:\Program Files\Common Files\Apple\Mobile Device > Support\bin\AppleMobileDeviceService.exe > C:\WINDOWS\system32\cisvc.exe > C:\Program Files\McAfee\MBK\MBackMonitor.exe > C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe > c:\program files\common files\mcafee\mna\mcnasvc.exe > c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe > C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe > C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE > C:\Program Files\McAfee\MPF\MPFSrv.exe > C:\Program Files\McAfee\MSK\MskSrver.exe > C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe > C:\WINDOWS\system32\nvsvc32.exe > C:\Program Files\SiteAdvisor\6066\SAService.exe > C:\WINDOWS\System32\svchost.exe > C:\WINDOWS\system32\svchost.exe > C:\WINDOWS\Explorer.EXE > c:\PROGRA~1\mcafee.com\agent\mcagent.exe > C:\WINDOWS\system32\dla\tfswctrl.exe > C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE > C:\Program Files\QuickTime\QTTask.exe > C:\Program Files\Common Files\Real\Update_OB\realsched.exe > C:\Program Files\Dell\Media Experience\PCMService.exe > C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe > C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe > C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe > C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe > C:\WINDOWS\system32\RUNDLL32.EXE > C:\Program Files\SiteAdvisor\6066\SiteAdv.exe > C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe > C:\Program Files\iTunes\iTunesHelper.exe > C:\WINDOWS\system32\ctfmon.exe > C:\Program Files\Messenger\msmsgs.exe > C:\Program Files\DellSupport\DSAgnt.exe > C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBOA.EXE > C:\Program Files\MySpace\IM\MySpaceIM.exe > C:\Program Files\Logitech\MouseWare\system\em_exec.exe > C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe > C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe > C:\Program Files\TrueSwitchComcast\TrueWizard.exe > C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe > C:\Program Files\iPod\bin\iPodService.exe > C:\Program Files\Internet Explorer\iexplore.exe > C:\WINDOWS\system32\cidaemon.exe > C:\Program Files\Support.com\bin\tgcmd.exe > C:\DOCUME~1\SHARON~1\LOCALS~1\Temp\3505011.tmp I'm not sure what this is - > should not be running > C:\Program Files\Internet Explorer\iexplore.exe > C:\DOCUME~1\SHARON~1\LOCALS~1\Temp\Temporary Directory 2 for > hijackthis[1].zip\HijackThis.exe > > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =http://www.comcast.net/toolbar2.0/search/ > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896 > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=54729 > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896 > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896 > R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://www.comcast.net/ > R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =http://www.comcast.net/toolbar2.0/search/ > R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows > Internet Explorer provided by Comcast > R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet > Settings,ProxyServer = :0 > R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - > C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL > O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program > files\google\googletoolbar1.dll > O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - > C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll > O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - > C:\Program Files\SiteAdvisor\6066\SiteAdv.dll > O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - > C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL > O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE > O4 - HKLM\..\Run: [diagent] "C:\Program > Files\Creative\SBLive\Diagnostics\diagent.exe" startup > O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe > O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] > C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus > Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300" > O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" > -atboottime > O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common > Files\Real\Update_OB\realsched.exe" -osboot > O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media > Experience\PCMService.exe" > O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH > Jukebox\mm_tray.exe" > O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common > Files\Sonic\Update Manager\sgtray.exe" /r > O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH > Jukebox\mmtask.exe" > O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe > O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe > O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe > O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe > O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE > C:\WINDOWS\system32\NvCpl.dll,NvStartup > O4 - HKLM\..\Run: [nwiz] nwiz.exe /install > O4 - HKLM\..\Run: [sW20] C:\WINDOWS\system32\sw20.exe Unknown to me > O4 - HKLM\..\Run: [sW24] C:\WINDOWS\system32\sw24.exe Unknown to me > O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE > C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit > O4 - HKLM\..\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv..exe > O4 - HKLM\..\Run: [McAfee Backup] C:\Program > Files\McAfee\MBK\McAfeeDataBackup.exe > O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe > O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server > /startmonitor /deaf > O4 - HKLM\..\Run: [mcagent_exe] C:\Program > Files\McAfee.com\Agent\mcagent.exe /runkey > O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" > O4 - HKLM\..\Run: [systemOptimizer] rundll32.exe > "C:\WINDOWS\system32\hcqjqhdl.dll",forkonce Unknown to me - this one is most > likely your problem > O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program > Files\Java\jre1.6.0_02\bin\jusched.exe" > O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe > O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background > O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe > O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" > /startup > O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat > 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 > O4 - HKCU\..\Run: [EPSON Stylus Photo R380 Series] > C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBOA.EXE /FU > "C:\WINDOWS\TEMP\E_S5C9.tmp" /EF "HKCU" > O4 - HKCU\..\Run: [Microsoft Works Update Detection] ???\WkDetect.exe > O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe > O4 - Startup: TrueAssistant.lnk = C:\Program > Files\TrueSwitchComcast\TrueWizard.exe > O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program > Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe > O4 - Global Startup: APC UPS Status.lnk = ? > O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? > O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program > Files\Microtek\ScanWizard 5\ScannerFinder.exe > O8 - Extra context menu item: &Search -http://bar.mywebsearch.com/menusearch.html?p=ZS > O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - > C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll > O9 - Extra 'Tools' menuitem: Sun Java Console - > {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program > Files\Java\jre1.6.0_02\bin\ssv.dll > O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - > C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL > O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - > %windir%\Network Diagnostic\xpnetdiag.exe (file missing) > O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - > {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network > Diagnostic\xpnetdiag.exe (file missing) > O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - > C:\Program Files\Messenger\msmsgs.exe > O9 - Extra 'Tools' menuitem: Windows Messenger - > {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe > O11 - Options group: [iNTERNATIONAL] International* > O16 - DPF: DIGUploader -http://disneyphotomovie.go.com/media/en_US/photomanager/uploader/DIGU... > O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage > Validation Tool) -http://go.microsoft.com/fwlink/?LinkID=39204 > O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating > System Class) -http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab > O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/... > O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media > Upload) - ... > > read more » FYI: Sept 16, 2007 MCafee reported that googletoolbar1.dll contains a malware.dm . I can not say whether this directly relates to the problem you are having. This occured when I attempted to install the google foxfire toolbar extension for ie on xp sp2.
Recommended Posts