[Yakodi]

Yikes this is a pain in the a**. I got Mozilla windows trying to close (only when I have more than 1 tab open it just keeps popping up a message saying are you sure youw ant to quit? One little program somewhere on my PC is scanning all the words that appear. One that I know for sure is 'm.c.af.ee' it hates that little word and tries to close the page straight away (the periods are so it doesn't see the word lol. And v.i.rus it doesn't seem to like too. It seems to be REALY slowing my PC down to a crawl too. Especialy when I'm in CPU demanding programs (such as games which run down to 2 or 3 fps). Sometimes it doesn't seem to do much but sometiems it likes to close almost everything. This program is even closing my windows task manager fairly often.
I tried a virus scan yesterday and at the time it seemed to scan ok onlky that found nothing. I can't update the definitions though.
System Restore won't work. "System Restore has been turned off by group policy. To turn on System Restore, contact your domain Administrator."
Anyway, it seems to let ad-aware and spybot s&d through at the moment so I scanned only they don't detect anything that stops it (both have up to date definitions). So I gave HijackThis a bash. I removed some obvious stuff but it's still having the same problem. Here is my current log:



Anyway, it seems to let ad-aware and Logfile of HijackThis v1.98.2
Scan saved at 1:29:03 PM, on 3/19/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\gsicon.exe
C:\WINDOWS\System32\dslagent.exe
C:\WINDOWS\System32\aaupdt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiSmart.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\System32\wuauclt.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Marcus\Desktop\Shortcuts\HijackThis.exe

O1 - Hosts: 213.199.154.54 www.symantec.com
O1 - Hosts: 213.199.154.54 www.sophos.com
O1 - Hosts: 213.199.154.54 www.mcafee.com
O1 - Hosts: 213.199.154.54 www.viruslist.com
O1 - Hosts: 213.199.154.54 www.f-secure.com
O1 - Hosts: 213.199.154.54 www.avp.com
O1 - Hosts: 213.199.154.54 www.kaspersky.com
O1 - Hosts: 213.199.154.54 www.networkassociates.com
O1 - Hosts: 213.199.154.54 www.ca.com
O1 - Hosts: 213.199.154.54 www.my-etrust.com
O1 - Hosts: 213.199.154.54 www.nai.com
O1 - Hosts: 213.199.154.54 www.trendmicro.com
O1 - Hosts: 213.199.154.54 www.grisoft.com
O1 - Hosts: 213.199.154.54 securityresponse.symantec.com
O1 - Hosts: 213.199.154.54 symantec.com
O1 - Hosts: 213.199.154.54 sophos.com
O1 - Hosts: 213.199.154.54 mcafee.com
O1 - Hosts: 213.199.154.54 liveupdate.symantecliveupdate.com
O1 - Hosts: 213.199.154.54 viruslist.com
O1 - Hosts: 213.199.154.54 f-secure.com
O1 - Hosts: 213.199.154.54 kaspersky.com
O1 - Hosts: 213.199.154.54 kaspersky-labs.com
O1 - Hosts: 213.199.154.54 avp.com
O1 - Hosts: 213.199.154.54 networkassociates.com
O1 - Hosts: 213.199.154.54 ca.com
O1 - Hosts: 213.199.154.54 mast.mcafee.com
O1 - Hosts: 213.199.154.54 my-etrust.com
O1 - Hosts: 213.199.154.54 download.mcafee.com
O1 - Hosts: 213.199.154.54 dispatch.mcafee.com
O1 - Hosts: 213.199.154.54 secure.nai.com
O1 - Hosts: 213.199.154.54 nai.com
O1 - Hosts: 213.199.154.54 update.symantec.com
O1 - Hosts: 213.199.154.54 updates.symantec.com
O1 - Hosts: 213.199.154.54 us.mcafee.com
O1 - Hosts: 213.199.154.54 liveupdate.symantec.com
O1 - Hosts: 213.199.154.54 customer.symantec.com
O1 - Hosts: 213.199.154.54 rads.mcafee.com
O1 - Hosts: 213.199.154.54 trendmicro.com
O1 - Hosts: 213.199.154.54 grisoft.com
O1 - Hosts: 213.199.154.54 sandbox.norman.no
O1 - Hosts: 213.199.154.54 www.pandasoftware.com
O1 - Hosts: 213.199.154.54 uk.trendmicro-europe.com
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [Microsoft Update] aaupdt.exe
O4 - HKLM\..\Run: [8Zdx9dL] C:\windows\temp\8Zdx9dL.exe
O4 - HKLM\..\Run: [gEdOYWdF] C:\WINDOWS\rsebk.exe
O4 - HKLM\..\Run: [8Zdx9dL.exe] C:\windows\temp\8Zdx9dL.exe
O4 - HKLM\..\Run: [AceGain LiveUpdate] D:\BFV\LiveUpdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [rollbk] C:\WINDOWS\System32\sysup.exe
O4 - HKLM\..\Run: [DsmSer] C:\WINDOWS\System32\svosm.exe
O4 - HKLM\..\RunServices: [Microsoft Update] aaupdt.exe
O4 - HKLM\..\RunServices: [rollbk] C:\WINDOWS\System32\sysup.exe
O4 - HKLM\..\RunServices: [DsmSer] C:\WINDOWS\System32\svosm.exe
O4 - HKLM\..\RunServices: [AvSer] C:\WINDOWS\System32\svosm.exe
O4 - HKCU\..\Run: [NTSF MICROSOFT SYSTEM] sqlserver.exe
O4 - HKCU\..\Run: [Windows Media Player] msa.exe
O4 - HKCU\..\Run: [Microsoft Update] aaupdt.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FE713D7F-CC0C-4EF4-9352-761208C758FC}: NameServer = 194.74.65.69 194.72.9.38



There must be some other stuff that can go there...

[Advertisements]

please this is realy killing me

[Yakodi]

please this is realy killing me

[Yakodi]

still havent found out how to fix this =(

[Erbie23]

Be patient. I am sure this is not an easy thing to fix and you need to give them time to check into this.

I have posted today as well and have not received an answer yet, but I don't expect to until tomorrow.

Someone will help in due time.

[Yakodi]

just bumping this topid, i was away on holiday but im back now .

[Yakodi]

and i havent been able to fix the problem yet *

[kidnova]

I'm not an expert, but I can tell you that you are running an old version of HJT. You need to download the newest version before the admins will check your log.

[don77]

Hi Yakodi and welcome
Sorry for the late reply the board has been really busy lately,
If your still looking to resolve this issue,

Please run through all the steps outlined in this Topic
Post back a fresh log when done please
You do need to update HJT please
If you have resolved this issue please let us know.

Thanks and again sorry for the late reply

Don