Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Downlaoder Yk and YN

Started by Raezer , Apr 29 2005 02:31 AM

  • Please log in to reply

#1
Raezer
Posted 29 April 2005 - 02:31 AM

Raezer

    Member

  • Member
  • PipPip
  • 11 posts
Made an earlier post, but I hadn't followed proper instructions *coughs*

I keep finding the virus in my Windows\ststem32 folders "msso.exe" and "iplg.exe" being the last ones. Seems to generate a new exe each time?

After having done all checks/scans etc here is my new log;

Logfile of HijackThis v1.99.1
Scan saved at 09:16:36, on 29/04/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
L:\WINDOWS\System32\smss.exe
L:\WINDOWS\system32\winlogon.exe
L:\WINDOWS\system32\services.exe
L:\WINDOWS\system32\lsass.exe
L:\WINDOWS\System32\Ati2evxx.exe
L:\WINDOWS\system32\svchost.exe
L:\WINDOWS\System32\svchost.exe
L:\WINDOWS\system32\spoolsv.exe
l:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
L:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
L:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
l:\PROGRA~1\mcafee.com\vso\mcshield.exe
L:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
L:\WINDOWS\system32\Ati2evxx.exe
L:\WINDOWS\Explorer.EXE
L:\PROGRA~1\mcafee.com\agent\mcagent.exe
L:\Program Files\Philips\PSA2\skin\QveCplSk.EXE
L:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
L:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
l:\progra~1\mcafee.com\vso\mcvsescn.exe
L:\PROGRA~1\BTYAHO~1\SMARTB~1\BTHelpNotifier.exe
L:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
L:\WINDOWS\System32\qttask.exe
L:\WINDOWS\System32\ctfmon.exe
L:\Program Files\Messenger\msmsgs.exe
L:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
L:\WINDOWS\System32\wuauclt.exe
L:\Program Files\Windows Media Player\wmplayer.exe
L:\Program Files\MSN Messenger\MsnMsgr.Exe
l:\progra~1\mcafee.com\vso\mcvsftsn.exe
L:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
L:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
L:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
L:\Program Files\BT Yahoo! Help\bin\mpbtn.exe
l:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe
L:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe
L:\Documents and Settings\Dave.HOME-00UYRL42JL\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://L:\WINDOWS\system32\skfhe.dll/sp.html#93256
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://L:\WINDOWS\system32\skfhe.dll/sp.html#93256
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://L:\WINDOWS\system32\skfhe.dll/sp.html#93256
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://L:\WINDOWS\system32\skfhe.dll/sp.html#93256
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://L:\WINDOWS\system32\skfhe.dll/sp.html#93256
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://L:\WINDOWS\system32\skfhe.dll/sp.html#93256
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - L:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {0D4822D9-38AF-1742-C18E-C086C715E5B7} - L:\WINDOWS\apijs32.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - l:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - L:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroFilterCheck] L:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QveCtl2Tray] L:\Program Files\Philips\PSA2\skin\QveCplSk.EXE L:\Program Files\Philips\PSA2\skin
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [MCAgentExe] l:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] L:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "l:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "l:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "L:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Motive SmartBridge] L:\PROGRA~1\BTYAHO~1\SMARTB~1\BTHelpNotifier.exe
O4 - HKLM\..\Run: [MPFExe] L:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [NVIDIA nTune] "M:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
O4 - HKLM\..\Run: [QuickTime Task] L:\WINDOWS\System32\qttask.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [IEXPLORE.EXE] L:\Program Files\Internet Explorer\IEXPLORE.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] L:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "L:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "m:\progra~1\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "L:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [MsnMsgr] "L:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: BT Yahoo! Help.lnk = L:\Program Files\BT Yahoo! Help\bin\matcli.exe
O4 - Global Startup: Phone Connection Monitor.lnk = ?
O4 - Global Startup: SATARaid.lnk = ?
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://L:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - L:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: L:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.virgin.net/
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptoda...pdatePortal.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1113552149197
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://downloads.bro...tivePreQual.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...474/mcfscan.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - L:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - L:\WINDOWS\system32\ati2sgag.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - l:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - L:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - l:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - L:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: RadClock - Unknown owner - L:\WINDOWS\system32\RadClock.exe

Isn't a fatal virus as Macafee picks up and deletes, but a few secs later I get a new warning message... meh.

Please assist, many thanks.
  • 0

Advertisements

#2
Kat
Posted 29 April 2005 - 02:38 AM

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time.
Click here: http://www.microsoft...p1/default.mspx
Apply the update and reboot.

Before we tackle the infections on your machine, I need you to do something very important. It is not a good idea to run HijackThis from a "temp" location. Please save Hijack This in a permanent folder (i.e. C:\HJT). This ensures backups are saved and accessible.

once these are done, please post a new HJT log in THIS thread in a reply. Please don't start another topic! :tazz:
  • 0

#3
Raezer
Posted 29 April 2005 - 03:31 AM

Raezer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hi Kat,

Thanks for the quick reply ;)

I think I installed SP1 already but didn't reboot... I rebooted now but when I try to add 1a I only get offer SP2. I had some issues with that cocking up my Nero and some other apps last time. Do you recommend I install it anyway?

Here is my new log... hopefully it shows I have SP1a :tazz:

Logfile of HijackThis v1.99.1
Scan saved at 10:30:18, on 29/04/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
L:\WINDOWS\System32\smss.exe
L:\WINDOWS\system32\winlogon.exe
L:\WINDOWS\system32\services.exe
L:\WINDOWS\system32\lsass.exe
L:\WINDOWS\System32\Ati2evxx.exe
L:\WINDOWS\system32\svchost.exe
L:\WINDOWS\System32\svchost.exe
L:\WINDOWS\system32\spoolsv.exe
l:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
L:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
L:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
l:\PROGRA~1\mcafee.com\vso\mcshield.exe
L:\WINDOWS\system32\Ati2evxx.exe
L:\WINDOWS\Explorer.EXE
L:\Program Files\Philips\PSA2\skin\QveCplSk.EXE
L:\PROGRA~1\mcafee.com\agent\mcagent.exe
L:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
L:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
l:\progra~1\mcafee.com\vso\mcvsescn.exe
L:\PROGRA~1\BTYAHO~1\SMARTB~1\BTHelpNotifier.exe
L:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
L:\WINDOWS\System32\qttask.exe
L:\WINDOWS\System32\ctfmon.exe
L:\Program Files\Messenger\msmsgs.exe
M:\progra~1\valve\steam\steam.exe
L:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
L:\WINDOWS\System32\wuauclt.exe
L:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
l:\progra~1\mcafee.com\vso\mcvsftsn.exe
L:\Program Files\MSN Messenger\MsnMsgr.Exe
L:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
L:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
L:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
L:\Program Files\BT Yahoo! Help\bin\mpbtn.exe
l:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe
L:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://L:\WINDOWS\system32\skfhe.dll/sp.html#93256
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://L:\WINDOWS\system32\skfhe.dll/sp.html#93256
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://L:\WINDOWS\system32\skfhe.dll/sp.html#93256
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://L:\WINDOWS\system32\skfhe.dll/sp.html#93256
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://L:\WINDOWS\system32\skfhe.dll/sp.html#93256
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://L:\WINDOWS\system32\skfhe.dll/sp.html#93256
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - L:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {0D4822D9-38AF-1742-C18E-C086C715E5B7} - L:\WINDOWS\apijs32.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - l:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - L:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroFilterCheck] L:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QveCtl2Tray] L:\Program Files\Philips\PSA2\skin\QveCplSk.EXE L:\Program Files\Philips\PSA2\skin
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [MCAgentExe] l:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] L:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "l:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "l:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "L:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Motive SmartBridge] L:\PROGRA~1\BTYAHO~1\SMARTB~1\BTHelpNotifier.exe
O4 - HKLM\..\Run: [MPFExe] L:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [NVIDIA nTune] "M:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
O4 - HKLM\..\Run: [QuickTime Task] L:\WINDOWS\System32\qttask.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [IEXPLORE.EXE] L:\Program Files\Internet Explorer\IEXPLORE.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] L:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "L:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "m:\progra~1\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "L:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [MsnMsgr] "L:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: BT Yahoo! Help.lnk = L:\Program Files\BT Yahoo! Help\bin\matcli.exe
O4 - Global Startup: Phone Connection Monitor.lnk = ?
O4 - Global Startup: SATARaid.lnk = ?
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://L:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - L:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: L:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.virgin.net/
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptoda...pdatePortal.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1113552149197
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://downloads.bro...tivePreQual.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...474/mcfscan.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - L:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - L:\WINDOWS\system32\ati2sgag.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - l:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - L:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - l:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - L:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: RadClock - Unknown owner - L:\WINDOWS\system32\RadClock.exe

Oh, I also have the about: blank problem, eeek!

Dave
  • 0

#4
Kat
Posted 29 April 2005 - 06:44 PM

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
yeah, go ahead and do SP2, then post me a fresh log after the update and we'll get you cleaned up!!
  • 0

#5
Raezer
Posted 30 April 2005 - 02:19 AM

Raezer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Okies... here it is;

Logfile of HijackThis v1.99.1
Scan saved at 09:21:06, on 30/04/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
L:\WINDOWS\System32\smss.exe
L:\WINDOWS\system32\winlogon.exe
L:\WINDOWS\system32\services.exe
L:\WINDOWS\system32\lsass.exe
L:\WINDOWS\System32\Ati2evxx.exe
L:\WINDOWS\system32\svchost.exe
L:\WINDOWS\System32\svchost.exe
L:\WINDOWS\system32\spoolsv.exe
l:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
L:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
L:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
l:\PROGRA~1\mcafee.com\vso\mcshield.exe
L:\WINDOWS\System32\wuauclt.exe
L:\WINDOWS\system32\Ati2evxx.exe
L:\WINDOWS\Explorer.EXE
L:\Program Files\Philips\PSA2\skin\QveCplSk.EXE
L:\PROGRA~1\mcafee.com\agent\mcagent.exe
L:\PROGRA~1\mcafee.com\agent\mcupdate.exe
L:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
L:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
L:\PROGRA~1\BTYAHO~1\SMARTB~1\BTHelpNotifier.exe
L:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
L:\WINDOWS\System32\qttask.exe
L:\Program Files\Internet Explorer\IEXPLORE.EXE
L:\WINDOWS\System32\ctfmon.exe
L:\Program Files\Messenger\msmsgs.exe
L:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
l:\progra~1\mcafee.com\vso\mcvsescn.exe
L:\Program Files\MSN Messenger\MsnMsgr.Exe
L:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
L:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
L:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
L:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
l:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe
L:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe
l:\progra~1\mcafee.com\vso\mcvsftsn.exe
L:\Program Files\BT Yahoo! Help\bin\mpbtn.exe
L:\WINDOWS\System32\wuauclt.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://L:\WINDOWS\system32\skfhe.dll/sp.html#93256
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://L:\WINDOWS\system32\skfhe.dll/sp.html#93256
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://L:\WINDOWS\system32\skfhe.dll/sp.html#93256
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://L:\WINDOWS\system32\skfhe.dll/sp.html#93256
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://L:\WINDOWS\system32\skfhe.dll/sp.html#93256
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://L:\WINDOWS\system32\skfhe.dll/sp.html#93256
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - L:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {0D4822D9-38AF-1742-C18E-C086C715E5B7} - L:\WINDOWS\apijs32.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - l:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - L:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroFilterCheck] L:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QveCtl2Tray] L:\Program Files\Philips\PSA2\skin\QveCplSk.EXE L:\Program Files\Philips\PSA2\skin
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [MCAgentExe] l:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] L:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "l:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "l:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "L:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Motive SmartBridge] L:\PROGRA~1\BTYAHO~1\SMARTB~1\BTHelpNotifier.exe
O4 - HKLM\..\Run: [MPFExe] L:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [NVIDIA nTune] "M:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
O4 - HKLM\..\Run: [QuickTime Task] L:\WINDOWS\System32\qttask.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [IEXPLORE.EXE] L:\Program Files\Internet Explorer\IEXPLORE.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] L:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "L:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "m:\progra~1\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "L:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [MsnMsgr] "L:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: BT Yahoo! Help.lnk = L:\Program Files\BT Yahoo! Help\bin\matcli.exe
O4 - Global Startup: Phone Connection Monitor.lnk = ?
O4 - Global Startup: SATARaid.lnk = ?
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://L:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - L:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: L:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.virgin.net/
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptoda...pdatePortal.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1113552149197
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://downloads.bro...tivePreQual.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...474/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0CB1775A-F776-454A-BB68-BD055EBF5A59}: NameServer = 194.72.9.55 194.74.65.86
O17 - HKLM\System\CS2\Services\Tcpip\..\{0CB1775A-F776-454A-BB68-BD055EBF5A59}: NameServer = 194.72.9.55 194.74.65.86
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - L:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - L:\WINDOWS\system32\ati2sgag.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - l:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - L:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - l:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - L:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: RadClock - Unknown owner - L:\WINDOWS\system32\RadClock.exe

Thanks again :tazz:
  • 0

#6
Kat
Posted 30 April 2005 - 02:36 AM

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
Before we begin the fix, can you please go to http://www.howtotell.com and click on "Windows Validation Assistant" - then tell me what it says?! Thanks!!
  • 0

#7
Raezer
Posted 30 April 2005 - 03:00 AM

Raezer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Meh, I can't install the Active X control... working on it now :tazz:
  • 0

#8
Raezer
Posted 30 April 2005 - 03:07 AM

Raezer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
"The Windows Valiadtion Assistan failed to run properly. Please verify that you are running a supported OS, and your internet Explorer security settings allow signed ActiveX controls to run"

Went into Tools, Internet Options, Security, Custom and changed it but getting no joy...

Nooooooooooooooooooooooo!
  • 0

#9
Raezer
Posted 30 April 2005 - 03:12 AM

Raezer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Also, I don't get the Info Bar pop-up "This site might require the following active X control: 'Product Gatherer' from 'Microsoft Corporation'.

Thus I can't right click and follow instructions.
  • 0

#10
Raezer
Posted 30 April 2005 - 04:59 PM

Raezer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Yup, have tried a few things over the course of the day but none appear to work... am now stuck.

I also took time to delete some unwanted programs so I am adding a new HJT log;

Logfile of HijackThis v1.99.1
Scan saved at 00:04:57, on 01/05/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
L:\WINDOWS\System32\smss.exe
L:\WINDOWS\system32\winlogon.exe
L:\WINDOWS\system32\services.exe
L:\WINDOWS\system32\lsass.exe
L:\WINDOWS\System32\Ati2evxx.exe
L:\WINDOWS\system32\svchost.exe
L:\WINDOWS\System32\svchost.exe
L:\WINDOWS\system32\spoolsv.exe
l:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
L:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
L:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
l:\PROGRA~1\mcafee.com\vso\mcshield.exe
L:\WINDOWS\system32\Ati2evxx.exe
L:\WINDOWS\Explorer.EXE
L:\Program Files\Philips\PSA2\skin\QveCplSk.EXE
L:\PROGRA~1\mcafee.com\agent\mcagent.exe
L:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
L:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
L:\PROGRA~1\BTYAHO~1\SMARTB~1\BTHelpNotifier.exe
L:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
L:\WINDOWS\System32\qttask.exe
l:\progra~1\mcafee.com\vso\mcvsescn.exe
L:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
L:\WINDOWS\System32\ctfmon.exe
L:\Program Files\Messenger\msmsgs.exe
M:\progra~1\valve\steam\steam.exe
L:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
L:\Program Files\MSN Messenger\MsnMsgr.Exe
L:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
L:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
L:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
l:\progra~1\mcafee.com\vso\mcvsftsn.exe
l:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe
L:\Program Files\BT Yahoo! Help\bin\mpbtn.exe
L:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe
L:\WINDOWS\System32\wuauclt.exe
L:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HJT\HijackThis.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://L:\WINDOWS\system32\skfhe.dll/sp.html#93256
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://L:\WINDOWS\system32\skfhe.dll/sp.html#93256
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://L:\WINDOWS\system32\skfhe.dll/sp.html#93256
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://L:\WINDOWS\system32\skfhe.dll/sp.html#93256
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://L:\WINDOWS\system32\skfhe.dll/sp.html#93256
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://L:\WINDOWS\system32\skfhe.dll/sp.html#93256
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - L:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {0D4822D9-38AF-1742-C18E-C086C715E5B7} - L:\WINDOWS\apijs32.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - l:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - L:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroFilterCheck] L:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QveCtl2Tray] L:\Program Files\Philips\PSA2\skin\QveCplSk.EXE L:\Program Files\Philips\PSA2\skin
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [MCAgentExe] l:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] L:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "l:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "l:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "L:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Motive SmartBridge] L:\PROGRA~1\BTYAHO~1\SMARTB~1\BTHelpNotifier.exe
O4 - HKLM\..\Run: [MPFExe] L:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [NVIDIA nTune] "M:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
O4 - HKLM\..\Run: [QuickTime Task] L:\WINDOWS\System32\qttask.exe
O4 - HKLM\..\Run: [IEXPLORE.EXE] L:\Program Files\Internet Explorer\IEXPLORE.EXE
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKCU\..\Run: [CTFMON.EXE] L:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "L:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "m:\progra~1\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "L:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [MsnMsgr] "L:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: BT Yahoo! Help.lnk = L:\Program Files\BT Yahoo! Help\bin\matcli.exe
O4 - Global Startup: Phone Connection Monitor.lnk = ?
O4 - Global Startup: SATARaid.lnk = ?
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://L:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - L:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: L:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.virgin.net/
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptoda...pdatePortal.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1113552149197
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://downloads.bro...tivePreQual.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...474/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0CB1775A-F776-454A-BB68-BD055EBF5A59}: NameServer = 194.72.9.55 194.74.65.86
O17 - HKLM\System\CS2\Services\Tcpip\..\{0CB1775A-F776-454A-BB68-BD055EBF5A59}: NameServer = 194.72.9.55 194.74.65.86
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - L:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - L:\WINDOWS\system32\ati2sgag.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - l:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - L:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - l:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - L:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: RadClock - Unknown owner - L:\WINDOWS\system32\RadClock.exe
  • 0

#11
Kat
Posted 30 April 2005 - 05:22 PM

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
I am sorry, but we cannot help you on this site unless you have a valid copy of Windows. Until I see an upgrade to at least SP1, I cannot help you with your fix. Thanks for your understanding.
  • 0

#12
Raezer
Posted 01 May 2005 - 11:07 AM

Raezer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Um, well I DLd service packs 1 and 2.... does my log not show it?

I did have a problem when I re-installed and seem to have some old XP files on C: Drive which is why I have a new volume, "L".
  • 0

#13
Raezer
Posted 01 May 2005 - 11:16 AM

Raezer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Please view the attached screencapture of the updated SPs... can you help?

Attached Thumbnails

  • Desktop.jpg

  • 0

#14
Raezer
Posted 03 May 2005 - 12:55 PM

Raezer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hi,

I still can't get the active x to allow the program. I am also getting queried on Active X when I join my regular Counter-Strike: Source server too. Is this somehow related?

I don't know what else to do, and I can't face a total re-install... please help!
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP