WinVir

  • Thread starter Thread starter SharonF
  • Start date Start date
S

SharonF

Guest
I started having problems with this a couple of days ago. It bogs down the
system and allows tons of pop-ups. Did a virus scan and adware scan and that
did not fix it. I ran a hijackthis log and have posted it below.... A
friend has tagged it with has tagged the log file with his comments. Any
feedback would be greatly appreciated on how to get rid of this.... I really
need to get this fixed.... Thanks in advance.


Logfile of HijackThis v1.99.1
Scan saved at 9:59:36 PM, on 8/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBOA.EXE
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\TrueSwitchComcast\TrueWizard.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\DOCUME~1\SHARON~1\LOCALS~1\Temp\3505011.tmp I'm not sure what this is -
should not be running
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\SHARON~1\LOCALS~1\Temp\Temporary Directory 2 for
hijackthis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.comcast.net/toolbar2.0/search/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows
Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer = :0
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} -
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar1.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} -
C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} -
C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} -
C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [diagent] "C:\Program
Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus
Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe"
-atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media
Experience\PCMService.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH
Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common
Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH
Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe Unknown to me
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe Unknown to me
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [McAfee Backup] C:\Program
Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server
/startmonitor /deaf
O4 - HKLM\..\Run: [mcagent_exe] C:\Program
Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe
"C:\WINDOWS\system32\hcqjqhdl.dll",forkonce Unknown to me - this one is most
likely your problem
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe"
/startup
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat
7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [EPSON Stylus Photo R380 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBOA.EXE /FU
"C:\WINDOWS\TEMP\E_S5C9.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] ???\WkDetect.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - Startup: TrueAssistant.lnk = C:\Program
Files\TrueSwitchComcast\TrueWizard.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program
Files\Microtek\ScanWizard 5\ScannerFinder.exe
O8 - Extra context menu item: &Search -
http://bar.mywebsearch.com/menusearch.html?p=ZS
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
%windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network
Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: DIGUploader -
http://disneyphotomovie.go.com/media/en_US/photomanager/uploader/DIGUploader.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating
System Class) -
http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1187539171484
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media
Upload) - http://www.vzwpix.com/activex/VerizonWirelessUploadControl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) -
http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} -
C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O20 - AppInit_DLLs: c:\windows\system32\mlljkjj.dll
O23 - Service: APC UPS Service - American Power Conversion Corporation -
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common
Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program
Files\DellSupport\brkrsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program
Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. -
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program
files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. -
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. -
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. -
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. -
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc.
- C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. -
C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program
Files\SiteAdvisor\6066\SAService.exe
 
RE: WinVir

Hi SharonF,

I would highly recommend registering and posting at a forum that is
dedicated to malware information and removal. Here are a few that you could
choose from:

http://forum.aumha.org/viewforum.php?f=28&sid=17df95c6156443f429167fc48bd311bc

http://www.cybertechhelp.com/forums/forumdisplay.php?f=25

http://www.suggestafix.com/index.php?showforum=15



Regards,

--
Patti MacLeod
Microsoft MVP - Windows Shell/User


"SharonF" wrote:

> I started having problems with this a couple of days ago. It bogs down the
> system and allows tons of pop-ups. Did a virus scan and adware scan and that
> did not fix it. I ran a hijackthis log and have posted it below.... A
> friend has tagged it with has tagged the log file with his comments. Any
> feedback would be greatly appreciated on how to get rid of this.... I really
> need to get this fixed.... Thanks in advance.
>
>
> Logfile of HijackThis v1.99.1
> Scan saved at 9:59:36 PM, on 8/21/2007
> Platform: Windows XP SP2 (WinNT 5.01.2600)
> MSIE: Internet Explorer v7.00 (7.00.5700.0006)
>
> Running processes:
> C:\WINDOWS\System32\smss.exe
> C:\WINDOWS\system32\winlogon.exe
> C:\WINDOWS\system32\services.exe
> C:\WINDOWS\system32\lsass.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\system32\spoolsv.exe
> C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
> C:\Program Files\Common Files\Apple\Mobile Device
> Support\bin\AppleMobileDeviceService.exe
> C:\WINDOWS\system32\cisvc.exe
> C:\Program Files\McAfee\MBK\MBackMonitor.exe
> C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
> c:\program files\common files\mcafee\mna\mcnasvc.exe
> c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
> C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
> C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
> C:\Program Files\McAfee\MPF\MPFSrv.exe
> C:\Program Files\McAfee\MSK\MskSrver.exe
> C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
> C:\WINDOWS\system32\nvsvc32.exe
> C:\Program Files\SiteAdvisor\6066\SAService.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\Explorer.EXE
> c:\PROGRA~1\mcafee.com\agent\mcagent.exe
> C:\WINDOWS\system32\dla\tfswctrl.exe
> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
> C:\Program Files\QuickTime\QTTask.exe
> C:\Program Files\Common Files\Real\Update_OB\realsched.exe
> C:\Program Files\Dell\Media Experience\PCMService.exe
> C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
> C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
> C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
> C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
> C:\WINDOWS\system32\RUNDLL32.EXE
> C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
> C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
> C:\Program Files\iTunes\iTunesHelper.exe
> C:\WINDOWS\system32\ctfmon.exe
> C:\Program Files\Messenger\msmsgs.exe
> C:\Program Files\DellSupport\DSAgnt.exe
> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBOA.EXE
> C:\Program Files\MySpace\IM\MySpaceIM.exe
> C:\Program Files\Logitech\MouseWare\system\em_exec.exe
> C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
> C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
> C:\Program Files\TrueSwitchComcast\TrueWizard.exe
> C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
> C:\Program Files\iPod\bin\iPodService.exe
> C:\Program Files\Internet Explorer\iexplore.exe
> C:\WINDOWS\system32\cidaemon.exe
> C:\Program Files\Support.com\bin\tgcmd.exe
> C:\DOCUME~1\SHARON~1\LOCALS~1\Temp\3505011.tmp I'm not sure what this is -
> should not be running
> C:\Program Files\Internet Explorer\iexplore.exe
> C:\DOCUME~1\SHARON~1\LOCALS~1\Temp\Temporary Directory 2 for
> hijackthis[1].zip\HijackThis.exe
>
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
> http://www.comcast.net/toolbar2.0/search/
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
> http://go.microsoft.com/fwlink/?LinkId=54896
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
> http://go.microsoft.com/fwlink/?LinkId=54729
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
> http://go.microsoft.com/fwlink/?LinkId=54896
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
> http://go.microsoft.com/fwlink/?LinkId=54896
> R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
> http://www.comcast.net/
> R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
> http://www.comcast.net/toolbar2.0/search/
> R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows
> Internet Explorer provided by Comcast
> R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
> Settings,ProxyServer = :0
> R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} -
> C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
> O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
> files\google\googletoolbar1.dll
> O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} -
> C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
> O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} -
> C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
> O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} -
> C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
> O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
> O4 - HKLM\..\Run: [diagent] "C:\Program
> Files\Creative\SBLive\Diagnostics\diagent.exe" startup
> O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
> O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series]
> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus
> Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
> O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe"
> -atboottime
> O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
> Files\Real\Update_OB\realsched.exe" -osboot
> O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media
> Experience\PCMService.exe"
> O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH
> Jukebox\mm_tray.exe"
> O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common
> Files\Sonic\Update Manager\sgtray.exe" /r
> O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH
> Jukebox\mmtask.exe"
> O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
> O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
> O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
> O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
> O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
> C:\WINDOWS\system32\NvCpl.dll,NvStartup
> O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
> O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe Unknown to me
> O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe Unknown to me
> O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
> C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
> O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
> O4 - HKLM\..\Run: [McAfee Backup] C:\Program
> Files\McAfee\MBK\McAfeeDataBackup.exe
> O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
> O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server
> /startmonitor /deaf
> O4 - HKLM\..\Run: [mcagent_exe] C:\Program
> Files\McAfee.com\Agent\mcagent.exe /runkey
> O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
> O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe
> "C:\WINDOWS\system32\hcqjqhdl.dll",forkonce Unknown to me - this one is most
> likely your problem
> O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
> Files\Java\jre1.6.0_02\bin\jusched.exe"
> O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
> O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
> O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
> O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe"
> /startup
> O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat
> 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
> O4 - HKCU\..\Run: [EPSON Stylus Photo R380 Series]
> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBOA.EXE /FU
> "C:\WINDOWS\TEMP\E_S5C9.tmp" /EF "HKCU"
> O4 - HKCU\..\Run: [Microsoft Works Update Detection] ???\WkDetect.exe
> O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
> O4 - Startup: TrueAssistant.lnk = C:\Program
> Files\TrueSwitchComcast\TrueWizard.exe
> O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
> Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
> O4 - Global Startup: APC UPS Status.lnk = ?
> O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
> O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program
> Files\Microtek\ScanWizard 5\ScannerFinder.exe
> O8 - Extra context menu item: &Search -
> http://bar.mywebsearch.com/menusearch.html?p=ZS
> O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
> C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
> O9 - Extra 'Tools' menuitem: Sun Java Console -
> {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
> Files\Java\jre1.6.0_02\bin\ssv.dll
> O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
> C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
> O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
> %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
> O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
> {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network
> Diagnostic\xpnetdiag.exe (file missing)
> O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
> C:\Program Files\Messenger\msmsgs.exe
> O9 - Extra 'Tools' menuitem: Windows Messenger -
> {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
> O11 - Options group: [INTERNATIONAL] International*
> O16 - DPF: DIGUploader -
> http://disneyphotomovie.go.com/media/en_US/photomanager/uploader/DIGUploader.cab
> O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
> Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
> O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating
> System Class) -
> http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
> O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
> http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1187539171484
> O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media
> Upload) - http://www.vzwpix.com/activex/VerizonWirelessUploadControl.cab
> O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) -
> http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
> O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
> O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} -
> C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
> O20 - AppInit_DLLs: c:\windows\system32\mlljkjj.dll
> O23 - Service: APC UPS Service - American Power Conversion Corporation -
> C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
> O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common
> Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
> O23 - Service: DSBrokerService - Unknown owner - C:\Program
> Files\DellSupport\brkrsvc.exe
> O23 - Service: iPod Service - Apple Inc. - C:\Program
> Files\iPod\bin\iPodService.exe
> O23 - Service: MBackMonitor - McAfee - C:\Program
> Files\McAfee\MBK\MBackMonitor.exe
> O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. -
> C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
> O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program
> files\common files\mcafee\mna\mcnasvc.exe
> O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. -
> C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
> O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. -
> c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
> O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. -
> C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
> O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. -
> C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
> O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc.
> - C:\Program Files\McAfee\MPF\MPFSrv.exe
> O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. -
> C:\Program Files\McAfee\MSK\MskSrver.exe
> O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
> C:\WINDOWS\system32\nvsvc32.exe
> O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program
> Files\SiteAdvisor\6066\SAService.exe
>
 
Re: WinVir

Second that. Hi, Patti.

--
Gary S. Terhune
MS-MVP Shell/User
www.grystmill.com

"Patti MacLeod" <pam120@nospamshaw.ca> wrote in message news:6604A36E-4C80-45AC-9DBB-CEA847AA54CB@microsoft.com...
> Hi SharonF,
>
> I would highly recommend registering and posting at a forum that is
> dedicated to malware information and removal. Here are a few that you could
> choose from:
>
> http://forum.aumha.org/viewforum.php?f=28&sid=17df95c6156443f429167fc48bd311bc
>
> http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
>
> http://www.suggestafix.com/index.php?showforum=15
>
>
>
> Regards,
>
> --
> Patti MacLeod
> Microsoft MVP - Windows Shell/User
>
>
> "SharonF" wrote:
>
>> I started having problems with this a couple of days ago. It bogs down the
>> system and allows tons of pop-ups. Did a virus scan and adware scan and that
>> did not fix it. I ran a hijackthis log and have posted it below.... A
>> friend has tagged it with has tagged the log file with his comments. Any
>> feedback would be greatly appreciated on how to get rid of this.... I really
>> need to get this fixed.... Thanks in advance.
>>
>>
>> Logfile of HijackThis v1.99.1
>> Scan saved at 9:59:36 PM, on 8/21/2007
>> Platform: Windows XP SP2 (WinNT 5.01.2600)
>> MSIE: Internet Explorer v7.00 (7.00.5700.0006)
>>
>> Running processes:
>> C:\WINDOWS\System32\smss.exe
>> C:\WINDOWS\system32\winlogon.exe
>> C:\WINDOWS\system32\services.exe
>> C:\WINDOWS\system32\lsass.exe
>> C:\WINDOWS\system32\svchost.exe
>> C:\WINDOWS\System32\svchost.exe
>> C:\WINDOWS\system32\spoolsv.exe
>> C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
>> C:\Program Files\Common Files\Apple\Mobile Device
>> Support\bin\AppleMobileDeviceService.exe
>> C:\WINDOWS\system32\cisvc.exe
>> C:\Program Files\McAfee\MBK\MBackMonitor.exe
>> C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
>> c:\program files\common files\mcafee\mna\mcnasvc.exe
>> c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
>> C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
>> C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
>> C:\Program Files\McAfee\MPF\MPFSrv.exe
>> C:\Program Files\McAfee\MSK\MskSrver.exe
>> C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
>> C:\WINDOWS\system32\nvsvc32.exe
>> C:\Program Files\SiteAdvisor\6066\SAService.exe
>> C:\WINDOWS\System32\svchost.exe
>> C:\WINDOWS\system32\svchost.exe
>> C:\WINDOWS\Explorer.EXE
>> c:\PROGRA~1\mcafee.com\agent\mcagent.exe
>> C:\WINDOWS\system32\dla\tfswctrl.exe
>> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
>> C:\Program Files\QuickTime\QTTask.exe
>> C:\Program Files\Common Files\Real\Update_OB\realsched.exe
>> C:\Program Files\Dell\Media Experience\PCMService.exe
>> C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
>> C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
>> C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
>> C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
>> C:\WINDOWS\system32\RUNDLL32.EXE
>> C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
>> C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
>> C:\Program Files\iTunes\iTunesHelper.exe
>> C:\WINDOWS\system32\ctfmon.exe
>> C:\Program Files\Messenger\msmsgs.exe
>> C:\Program Files\DellSupport\DSAgnt.exe
>> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBOA.EXE
>> C:\Program Files\MySpace\IM\MySpaceIM.exe
>> C:\Program Files\Logitech\MouseWare\system\em_exec.exe
>> C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
>> C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
>> C:\Program Files\TrueSwitchComcast\TrueWizard.exe
>> C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
>> C:\Program Files\iPod\bin\iPodService.exe
>> C:\Program Files\Internet Explorer\iexplore.exe
>> C:\WINDOWS\system32\cidaemon.exe
>> C:\Program Files\Support.com\bin\tgcmd.exe
>> C:\DOCUME~1\SHARON~1\LOCALS~1\Temp\3505011.tmp I'm not sure what this is -
>> should not be running
>> C:\Program Files\Internet Explorer\iexplore.exe
>> C:\DOCUME~1\SHARON~1\LOCALS~1\Temp\Temporary Directory 2 for
>> hijackthis[1].zip\HijackThis.exe
>>
>> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
>> http://www.comcast.net/toolbar2.0/search/
>> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
>> http://go.microsoft.com/fwlink/?LinkId=54896
>> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
>> http://go.microsoft.com/fwlink/?LinkId=54729
>> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
>> http://go.microsoft.com/fwlink/?LinkId=54896
>> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
>> http://go.microsoft.com/fwlink/?LinkId=54896
>> R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
>> http://www.comcast.net/
>> R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
>> http://www.comcast.net/toolbar2.0/search/
>> R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
>> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows
>> Internet Explorer provided by Comcast
>> R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
>> Settings,ProxyServer = :0
>> R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} -
>> C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
>> O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
>> files\google\googletoolbar1.dll
>> O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} -
>> C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
>> O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} -
>> C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
>> O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} -
>> C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
>> O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
>> O4 - HKLM\..\Run: [diagent] "C:\Program
>> Files\Creative\SBLive\Diagnostics\diagent.exe" startup
>> O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
>> O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series]
>> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus
>> Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
>> O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe"
>> -atboottime
>> O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
>> Files\Real\Update_OB\realsched.exe" -osboot
>> O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media
>> Experience\PCMService.exe"
>> O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH
>> Jukebox\mm_tray.exe"
>> O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common
>> Files\Sonic\Update Manager\sgtray.exe" /r
>> O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH
>> Jukebox\mmtask.exe"
>> O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
>> O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
>> O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
>> O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
>> O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
>> C:\WINDOWS\system32\NvCpl.dll,NvStartup
>> O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
>> O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe Unknown to me
>> O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe Unknown to me
>> O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
>> C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
>> O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
>> O4 - HKLM\..\Run: [McAfee Backup] C:\Program
>> Files\McAfee\MBK\McAfeeDataBackup.exe
>> O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
>> O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server
>> /startmonitor /deaf
>> O4 - HKLM\..\Run: [mcagent_exe] C:\Program
>> Files\McAfee.com\Agent\mcagent.exe /runkey
>> O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
>> O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe
>> "C:\WINDOWS\system32\hcqjqhdl.dll",forkonce Unknown to me - this one is most
>> likely your problem
>> O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
>> Files\Java\jre1.6.0_02\bin\jusched.exe"
>> O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
>> O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
>> O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
>> O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe"
>> /startup
>> O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat
>> 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
>> O4 - HKCU\..\Run: [EPSON Stylus Photo R380 Series]
>> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBOA.EXE /FU
>> "C:\WINDOWS\TEMP\E_S5C9.tmp" /EF "HKCU"
>> O4 - HKCU\..\Run: [Microsoft Works Update Detection] ???\WkDetect.exe
>> O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
>> O4 - Startup: TrueAssistant.lnk = C:\Program
>> Files\TrueSwitchComcast\TrueWizard.exe
>> O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
>> Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
>> O4 - Global Startup: APC UPS Status.lnk = ?
>> O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
>> O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program
>> Files\Microtek\ScanWizard 5\ScannerFinder.exe
>> O8 - Extra context menu item: &Search -
>> http://bar.mywebsearch.com/menusearch.html?p=ZS
>> O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
>> C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
>> O9 - Extra 'Tools' menuitem: Sun Java Console -
>> {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
>> Files\Java\jre1.6.0_02\bin\ssv.dll
>> O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
>> C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
>> O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
>> %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
>> O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
>> {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network
>> Diagnostic\xpnetdiag.exe (file missing)
>> O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
>> C:\Program Files\Messenger\msmsgs.exe
>> O9 - Extra 'Tools' menuitem: Windows Messenger -
>> {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
>> O11 - Options group: [INTERNATIONAL] International*
>> O16 - DPF: DIGUploader -
>> http://disneyphotomovie.go.com/media/en_US/photomanager/uploader/DIGUploader.cab
>> O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
>> Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
>> O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating
>> System Class) -
>> http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
>> O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
>> http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1187539171484
>> O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media
>> Upload) - http://www.vzwpix.com/activex/VerizonWirelessUploadControl.cab
>> O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) -
>> http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
>> O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
>> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
>> O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} -
>> C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
>> O20 - AppInit_DLLs: c:\windows\system32\mlljkjj.dll
>> O23 - Service: APC UPS Service - American Power Conversion Corporation -
>> C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
>> O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common
>> Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
>> O23 - Service: DSBrokerService - Unknown owner - C:\Program
>> Files\DellSupport\brkrsvc.exe
>> O23 - Service: iPod Service - Apple Inc. - C:\Program
>> Files\iPod\bin\iPodService.exe
>> O23 - Service: MBackMonitor - McAfee - C:\Program
>> Files\McAfee\MBK\MBackMonitor.exe
>> O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. -
>> C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
>> O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program
>> files\common files\mcafee\mna\mcnasvc.exe
>> O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. -
>> C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
>> O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. -
>> c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
>> O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. -
>> C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
>> O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. -
>> C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
>> O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc.
>> - C:\Program Files\McAfee\MPF\MPFSrv.exe
>> O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. -
>> C:\Program Files\McAfee\MSK\MskSrver.exe
>> O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
>> C:\WINDOWS\system32\nvsvc32.exe
>> O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program
>> Files\SiteAdvisor\6066\SAService.exe
>>
 
Re: WinVir

Hi, Gary :-) When did you migrate to the XP groups?



Regards,

--
Patti MacLeod
Microsoft MVP - Windows Shell/User


"Gary S. Terhune" wrote:

> Second that. Hi, Patti.
>
> --
> Gary S. Terhune
> MS-MVP Shell/User
> www.grystmill.com
 
Re: WinVir

When 98 groups became too moribund. Got bored, so I started lurking here. Past the lurking stage, now. Besides, I was waiting for all (or most) of the crazies to migrate to the Vista groups, <g>.

--
Gary S. Terhune
MS-MVP Shell/User
www.grystmill.com

"Patti MacLeod" <pam120@nospamshaw.ca> wrote in message news:655A0408-0B79-4E1F-951A-10F53F7DB0C8@microsoft.com...
> Hi, Gary :-) When did you migrate to the XP groups?
>
>
>
> Regards,
>
> --
> Patti MacLeod
> Microsoft MVP - Windows Shell/User
>
>
> "Gary S. Terhune" wrote:
>
>> Second that. Hi, Patti.
>>
>> --
>> Gary S. Terhune
>> MS-MVP Shell/User
>> www.grystmill.com
 
Re: WinVir

On Aug 22, 10:22 am, SharonF <Shar...@discussions.microsoft.com>
wrote:
> I started having problems with this a couple of days ago. It bogs down the
> system and allows tons of pop-ups. Did a virus scan and adware scan and that
> did not fix it. I ran a hijackthis log and have posted it below.... A
> friend has tagged it with has tagged the log file with his comments. Any
> feedback would be greatly appreciated on how to get rid of this.... I really
> need to get this fixed.... Thanks in advance.
>
> Logfile of HijackThis v1.99.1
> Scan saved at 9:59:36 PM, on 8/21/2007
> Platform: Windows XP SP2 (WinNT 5.01.2600)
> MSIE: Internet Explorer v7.00 (7.00.5700.0006)
>
> Running processes:
> C:\WINDOWS\System32\smss.exe
> C:\WINDOWS\system32\winlogon.exe
> C:\WINDOWS\system32\services.exe
> C:\WINDOWS\system32\lsass.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\system32\spoolsv.exe
> C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
> C:\Program Files\Common Files\Apple\Mobile Device
> Support\bin\AppleMobileDeviceService.exe
> C:\WINDOWS\system32\cisvc.exe
> C:\Program Files\McAfee\MBK\MBackMonitor.exe
> C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
> c:\program files\common files\mcafee\mna\mcnasvc.exe
> c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
> C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
> C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
> C:\Program Files\McAfee\MPF\MPFSrv.exe
> C:\Program Files\McAfee\MSK\MskSrver.exe
> C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
> C:\WINDOWS\system32\nvsvc32.exe
> C:\Program Files\SiteAdvisor\6066\SAService.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\Explorer.EXE
> c:\PROGRA~1\mcafee.com\agent\mcagent.exe
> C:\WINDOWS\system32\dla\tfswctrl.exe
> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
> C:\Program Files\QuickTime\QTTask.exe
> C:\Program Files\Common Files\Real\Update_OB\realsched.exe
> C:\Program Files\Dell\Media Experience\PCMService.exe
> C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
> C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
> C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
> C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
> C:\WINDOWS\system32\RUNDLL32.EXE
> C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
> C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
> C:\Program Files\iTunes\iTunesHelper.exe
> C:\WINDOWS\system32\ctfmon.exe
> C:\Program Files\Messenger\msmsgs.exe
> C:\Program Files\DellSupport\DSAgnt.exe
> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBOA.EXE
> C:\Program Files\MySpace\IM\MySpaceIM.exe
> C:\Program Files\Logitech\MouseWare\system\em_exec.exe
> C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
> C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
> C:\Program Files\TrueSwitchComcast\TrueWizard.exe
> C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
> C:\Program Files\iPod\bin\iPodService.exe
> C:\Program Files\Internet Explorer\iexplore.exe
> C:\WINDOWS\system32\cidaemon.exe
> C:\Program Files\Support.com\bin\tgcmd.exe
> C:\DOCUME~1\SHARON~1\LOCALS~1\Temp\3505011.tmp I'm not sure what this is -
> should not be running
> C:\Program Files\Internet Explorer\iexplore.exe
> C:\DOCUME~1\SHARON~1\LOCALS~1\Temp\Temporary Directory 2 for
> hijackthis[1].zip\HijackThis.exe
>
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =http://www.comcast.net/toolbar2.0/search/
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=54729
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
> R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://www.comcast.net/
> R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =http://www.comcast.net/toolbar2.0/search/
> R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows
> Internet Explorer provided by Comcast
> R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
> Settings,ProxyServer = :0
> R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} -
> C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
> O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
> files\google\googletoolbar1.dll
> O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} -
> C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
> O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} -
> C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
> O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} -
> C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
> O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
> O4 - HKLM\..\Run: [diagent] "C:\Program
> Files\Creative\SBLive\Diagnostics\diagent.exe" startup
> O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
> O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series]
> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus
> Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
> O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe"
> -atboottime
> O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
> Files\Real\Update_OB\realsched.exe" -osboot
> O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media
> Experience\PCMService.exe"
> O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH
> Jukebox\mm_tray.exe"
> O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common
> Files\Sonic\Update Manager\sgtray.exe" /r
> O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH
> Jukebox\mmtask.exe"
> O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
> O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
> O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
> O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
> O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
> C:\WINDOWS\system32\NvCpl.dll,NvStartup
> O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
> O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe Unknown to me
> O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe Unknown to me
> O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
> C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
> O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv..exe
> O4 - HKLM\..\Run: [McAfee Backup] C:\Program
> Files\McAfee\MBK\McAfeeDataBackup.exe
> O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
> O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server
> /startmonitor /deaf
> O4 - HKLM\..\Run: [mcagent_exe] C:\Program
> Files\McAfee.com\Agent\mcagent.exe /runkey
> O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
> O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe
> "C:\WINDOWS\system32\hcqjqhdl.dll",forkonce Unknown to me - this one is most
> likely your problem
> O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
> Files\Java\jre1.6.0_02\bin\jusched.exe"
> O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
> O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
> O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
> O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe"
> /startup
> O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat
> 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
> O4 - HKCU\..\Run: [EPSON Stylus Photo R380 Series]
> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBOA.EXE /FU
> "C:\WINDOWS\TEMP\E_S5C9.tmp" /EF "HKCU"
> O4 - HKCU\..\Run: [Microsoft Works Update Detection] ???\WkDetect.exe
> O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
> O4 - Startup: TrueAssistant.lnk = C:\Program
> Files\TrueSwitchComcast\TrueWizard.exe
> O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
> Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
> O4 - Global Startup: APC UPS Status.lnk = ?
> O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
> O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program
> Files\Microtek\ScanWizard 5\ScannerFinder.exe
> O8 - Extra context menu item: &Search -http://bar.mywebsearch.com/menusearch.html?p=ZS
> O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
> C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
> O9 - Extra 'Tools' menuitem: Sun Java Console -
> {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
> Files\Java\jre1.6.0_02\bin\ssv.dll
> O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
> C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
> O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
> %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
> O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
> {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network
> Diagnostic\xpnetdiag.exe (file missing)
> O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
> C:\Program Files\Messenger\msmsgs.exe
> O9 - Extra 'Tools' menuitem: Windows Messenger -
> {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
> O11 - Options group: [INTERNATIONAL] International*
> O16 - DPF: DIGUploader -http://disneyphotomovie.go.com/media/en_US/photomanager/uploader/DIGU...
> O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
> Validation Tool) -http://go.microsoft.com/fwlink/?LinkID=39204
> O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating
> System Class) -http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
> O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/...
> O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media
> Upload) - ...
>
> read more »

FYI: Sept 16, 2007 MCafee reported that googletoolbar1.dll contains a
malware.dm .
I can not say whether this directly relates to the problem you are
having.
This occured when I attempted to install the google foxfire toolbar
extension for ie on xp sp2.
 

Similar threads

Y
Installer did not install cl.exe, but thinks it did
Replies
0
Views
340
Yun Z
Y
D
BSOD Winserver 2008 R2
Replies
0
Views
280
DeLaRefe
D
N
RunDLL Errors after reinstalling Windows
Replies
0
Views
141
NathanRothermel
N
W
IDK if its malware connected but
Replies
0
Views
84
Wayne Rommel Tacsiat
W
T
Malware in New Laptop - Lenovo X1 Carbon
Replies
0
Views
100
Tarun Agarwal (tarun)
T
Back
Top