Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Nail.exe, Aurora, DrPMon.dll, Adwaheek, ABI... [CLOSED]


  • This topic is locked This topic is locked

#16
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
  • Please download the Killbox.
  • Unzip it to the desktop but do NOT run it yet.
  • Then please reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.
  • Once in Safe Mode, please run Killbox.
  • Click "Replace on Reboot" and check the "Use Dummy" box.
  • Paste the following into the top "Full Path of File to Delete" box.
    • C:\WINDOWS\System32\BMOOQOC.EXE
  • Click the red-and-white "Delete File".
  • Click "Yes" at the Replace on Reboot prompt.
  • Click "No" at the Pending Operations prompt.
  • Paste the following file into the top "Full Path of File to Delete" box.
    • C:\WINDOWS\System32\PKVVY.DAT
  • Click the red-and-white "Delete File" button.
  • Click "Yes" at the Replace on Reboot prompt.
  • Click "Yes" at the Pending Operations prompt to restart your computer. You do not need to reboot into Safe Mode this time.
  • When your computer reboots, please run Find-Qoologic2.bat again and post the new log here.

  • 0

Advertisements


#17
MichelleB99

MichelleB99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Here's the log...Are we making any progress...I'm SO lost and confused! :tazz:

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
»»»»»»»»»»»»»»»»»»»»»»»» Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


»»»»»»»»»»»»»»»»»»»»»»»» startup files»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


»»»»»»»»»»»»»»»»»»»»»»»» Checking Global Startup »»»»»»»»»»»»»»»»»»»»»»

(fstarts by IMM - test ver. 0.001) NOT using address check -- 0x77f75fae

Global Startup:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
.
..
DESKTOP.INI
Digital Line Detect.lnk
Event Reminder.lnk
ItsDeductible7PopUp.lnk
Microsoft Office.lnk
Pagis Schedule Monitor.lnk

User Startup:
C:\Documents and Settings\Michelle Bain\Start Menu\Programs\Startup
.
..
DESKTOP.INI
PowerReg Scheduler V3.exe
reminder-ScanSoft Product Registration.lnk

»»»»»»»»»»»»»»»»»»»»»»»» Registry Entries Found »»»»»»»»»»»»»»»»»»»»»»»

! REG.EXE VERSION 3.0

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
<NO NAME> REG_SZ {57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\fxqqkqgs
<NO NAME> REG_SZ {cc6f2d39-fd91-4855-af1d-69fae5e7f312}

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
<NO NAME> REG_SZ {750fdf0e-2a26-11d1-a3ea-080036587f03}

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
<NO NAME> REG_SZ {09799AFB-AD67-11d1-ABCD-00C04FC30936}

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
<NO NAME> REG_SZ {A470F8CF-A1E8-4f65-8335-227475AA5C46}

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\SrchToolContextMenu
<NO NAME> REG_SZ {4B83AF60-33CC-11CF-8562-00AA00A39D4B}

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
<NO NAME> REG_SZ Start Menu Pin

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{CFC7205E-2792-4378-9591-3879CC6C9022}

»»»»»»»»»»»»»»»»»»»»»»»»» Active setup »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

"Find activesetup", version1, launched at: 22:13
Operating System: Windows XP


HKLM\Software\Microsoft\Active Setup\Installed Components\
">{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\(Default)" = "Microsoft Windows Media Player"
\StubPath = "C:\WINDOWS\inf\unregmp2.exe /ShowWMP" [MS]
"{306D6C21-C1B6-4629-986C-E59E1875B8AF}\(Default)" = ""
\StubPath = ""C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser" [MS]
  • 0

#18
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Please run Notepad and paste the following text into a new file:

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\fxqqkqgs]


Save the file to the desktop as fix.reg and make sure the "Save as Type" field says "All Files". Then please go to the desktop and double-click on fix.reg, and click Yes to merge it with the registry.


Reboot the PC and post a fresh HJT log here
  • 0

#19
MichelleB99

MichelleB99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Good Morning! I've done the above, and here is my new HJT log. It seems as though my computer is getting better, although its still taking a while to load pages. 1 minute vs. 3 or 4, so that's an improvement, right!? :tazz:

Thank you and have a nice day!

Logfile of HijackThis v1.99.1
Scan saved at 8:06:06 AM, on 7/12/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\ScanSoft\Pagis\Monitor.exe
C:\Program Files\ScanSoft\Pagis\Ereg\REMIND32.EXE
C:\Documents and Settings\Michelle Bain\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [_AntiSpyware] C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAgentExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe /startup
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\rpmmum.exe reg_run
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\ScanSoft\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\ScanSoft\Pagis\Ereg\REMIND32.EXE
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe
O4 - Global Startup: ItsDeductible7PopUp.lnk = C:\Program Files\ItsDeductible7\ItsD7.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Pagis Schedule Monitor.lnk = C:\Program Files\ScanSoft\Pagis\Monitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.clarkcolo...larkActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1119994519875
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {F461205D-ABDC-42FE-B2E2-AFD4600B905E} (MASHControl Class) - http://www.amiuptoda...,0,0,7/mash.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - McAfee, Inc. - c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
  • 0

#20
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi Michelle,

Its good that things are improving. By the time I am finished, your PC will be zipping around on the information highway !!!!!!!


Run Hijack This and click on scan. The following items need to be fixed -

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\rpmmum.exe reg_run
O4 - Global Startup: ItsDeductible7PopUp.lnk = C:\Program Files\ItsDeductible7\ItsD7.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)


Close all windows other than Hijack This. Check the boxes next to above items and click on Fix checked.

Reboot the PC. Post a fresh HJT log here and let me know how your PC is behaving
  • 0

#21
MichelleB99

MichelleB99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Just to clarify, "It's Deductible" is a tax program (used to calculate $ for donatations for itemizing). Interesting though that every single tech I've talked with in the last month (I was working unsuccessfully with McAfee techs before I found your site), flagged it and told me to delete. I installed it. Is it okay to leave? :tazz:

Thanks again!!! ;)
  • 0

#22
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi Michelle,

I am asking you to fix the entry in HJT only. I am not asking you to delete the file.

If you fix the entry in HJT, it will prevent all those files from running at Startup. That will conserve resources on your System !!!

So dont worry go ahead and fix those entries in HJT
  • 0

#23
MichelleB99

MichelleB99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hi there TampaBelle! ;) Ok, I did the above instructions, and to follow is my new HJT log. I should tell you my system is going in REVERSE SLOW mode, and took me 10 minutes to get into email today, and it kept freezing up. I finally went to logout and log back on to windows, and when i did Ctr-Alt-Del, instead of bringing up TaskManager, it said "ending program 'O' " and another box on top of it "ending program ' GDWH' " . I have no idea, but I'm guessing it has something to do with the slowness of my system, as I didn't have any programs open with this name. Don't even know what they are for that matter.

I should also mention, not sure if this is standard, but each time my system boots up (I have McAfee security), the M icon on the bottom is black and when I go over it it says Personal Firewall disabled, until my system is fully loaded up then the icon turns red and Firewall is active. Is this normal do you know? I just noticed it now. Seems to have just started. I also recently installed McAfee Privacy..I HATE IT!!! Each time I go in to disable it it takes forever, and if I log out and back on I have to do it again. It seems like this program is also slowing down my system immensely, as I can't do anything until it loads and I type in the password, and it takes several minutes to load. It seems like today the system has taken a few steps back, :tazz: but hopefully that will prepare for leaps and bounds forward. Anyhow, here's my log. Thanks again, and have a great night/morning. Talk to you soon!

Logfile of HijackThis v1.99.1
Scan saved at 11:19:37 PM, on 7/12/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
C:\WINDOWS\System32\hkcmd.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\ScanSoft\Pagis\Monitor.exe
C:\Program Files\ScanSoft\Pagis\Ereg\REMIND32.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Michelle Bain\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [_AntiSpyware] C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAgentExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe /startup
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\ScanSoft\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\ScanSoft\Pagis\Ereg\REMIND32.EXE
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe
O4 - Global Startup: Pagis Schedule Monitor.lnk = C:\Program Files\ScanSoft\Pagis\Monitor.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.clarkcolo...larkActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1119994519875
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {F461205D-ABDC-42FE-B2E2-AFD4600B905E} (MASHControl Class) - http://www.amiuptoda...,0,0,7/mash.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - McAfee, Inc. - c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
  • 0

#24
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi Michelle,

Those random named process dont sound good. Please visit Kaspersky and do an online scan. Save the scan report.

If you are having problems with McAfee, then you probably consider getting one of the following AV softwares -

AVG Anti-Virus --- freeware
Avast Home Edition --- freeware


Please post back the Kaspersky scan report.
  • 0

#25
MichelleB99

MichelleB99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Good morning, Tampabelle! I ran the Kaspersky scan, and selected "My Computer" for the selected Target. I wasn't sure and you didn't specify, so I hope this was right. Anyhow, it flagged several infections, so here goes:

KASPERSKY ANTI-VIRUS WEB SCANNER REPORT
Wednesday, July 13, 2005 10:16:12
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky Anti-Virus Web Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 13/07/2005
Kaspersky Anti-Virus database records: 130477
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 47589
Number of viruses found: 5
Number of infected objects: 6
Number of suspicious objects: 0
Duration of the scan process: 1955 sec

Infected Object Name - Virus Name
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP5\A0001591.dll Infected: Trojan-Downloader.Win32.Apropo.ad
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP5\A0001593.cpl Infected: Trojan-Downloader.Win32.Qoologic.p
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP5\A0001594.dll Infected: Trojan-Downloader.Win32.Qoologic.s
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP5\A0001596.dll Infected: Trojan-Downloader.Win32.Qoologic.p
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP5\A0001597.dll Infected: Trojan-Downloader.Win32.Qoologic.t
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP5\A0001668.exe Infected: Trojan-Downloader.Win32.Qoologic.u

Scan process completed.


Now, here's my concern...I was telling you that I was previously working with techs from McAfee virus team, well they were messing with my system restore functions and now I'm seeing that these files are linked to there, where they weren't coming up earlier. Is this something to be worried about? I'm just not that knowledgable about system restore...

Thanks much for your time. Have a nice day!
  • 0

Advertisements


#26
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi Michelle,

Regarding those infections found by Kaspersky, It just shows that your PC recently had infections. System Restore points store the settings of the PC at different points which can be loaded back in case you want to roll back changes in your PC. These do not pose a problem unless you do a system restore, in wwhich case, the infections would get activated again.

It is usually a good idea to clear system restore points only after the PC is totally clean. Lets leave them alone for now.

Looks like it is conflict between some OEM software on your PC and McAfee !!!!!!!!

I suggest you download and install AVG anti-virus software and then uninstall McAfee. Let me know how your PC behaves now.
  • 0

#27
MichelleB99

MichelleB99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hmmm.....

Our computer isn't that old (just over 1 yr) and when we got it, it came with McAfee VirusScan and Firewall. Well, both of those expired and it was during that time that our computer got infected. We renewed VS and FW, and upgraded to the Security Suite pkg which also includes Privacy and Spamkiller. I already went ahead and deleted Privacy, and will probably do the same with Spam. We also purchased Anti-spy. It seems that the computer has been running unusually slow since adding all of these things, but we had never had a probelm before with just virusscan and/or firewall. I am a bit nervous to get rid of them, though, at least the 2. I have downloaded so many other files though in trying to get rid of the multiple infections, I am wondering if I can get rid of any of those?

Are you saying it looks like everything else is clear?

And as a FYI, my "turn off system restore" box is NOT checked...they checked it at one time and it's been unchecked since then. I've been working on cleaning up this system for about 3 weeks now :tazz:

Thoughts?

Thanks! ;)
  • 0

#28
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi Michelle,

I understand your concerns !!!

I give the same advice to everybody I know and follow it myself !!!!!!!

Please install -


AVG Anti-Virus --- freeware
Sygate Personal Firewall,

Not only are they free but they are comparable to McAfee if not better !!!!

After installing these two products, then uninstall McAfee products

Please understand that I wouldnt want to compromise the security of your PC in any way. I dont like people coming back time and again :tazz: ;)

Edited by tampabelle, 13 July 2005 - 02:16 PM.

  • 0

#29
MichelleB99

MichelleB99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hi Tampabelle!

Thanks again for sharing your infinate computer wisdom with me! I am learning quickly, but there is still so much to know and be hesitant about! I appreciate your patience in working through this mess. I did as you asked and downloaded those 2 programs. I went ahead and deleted McAfee Spamkiller and Privacy, but not Firewall, VirusScan, or Antispy yet. Don't ask why, I just didn't do it yet. I guess I just look at it as I had the first 2 since I've had my computer, and Anti-spy is new, but I was told to get it with all of the issues I'm having. I have since also downloaded Spybot, is this comparable enough to replace McAfee Antispy?

Ok, here's what I've gotten since downloading these things: the first time I ran AVG, it gave me a detected virus "TROJAN DOWNLOADER 'APROPO.AJ' " in C:\System Volume Information\_restore {B37680 B2-BAOA-4E5D...} The program deleted it out. It has since run twice with other detected files.

Now, since I've installed the firewall, I've been getting all kinds of pop-up flags about what is going on with my system and who's trying to use what. The one I've gotten like a million times is regarding "Generic Host Process for Win 32 services (svchost.exe) trying to access the internet as well as being accessed by a remote machine". I blocked that one b/c I didn't know what it was, and it didn't sound good, and since I did that, I was getting flags every few minutes that the application was blocked.

As far as email goes, when I signed on to OE today, the system asked for McAfee Virusscan to access the sytem and I denied it, and then asked for IE to access which I granted and it came right up. But then I immediately got a message that said "Application Hijacking has been detected" in a window that just popped up and went away just as quickly. SO....I'm feeling like there's still something ugly lurking in my system.

What do you think?

Edited by MichelleB99, 14 July 2005 - 02:07 PM.

  • 0

#30
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Can you post a fresh HJT log here ????
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP