Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help! Virus attack, system locking up [CLOSED]

Started by rockyroo , Jul 17 2005 05:13 PM

  • This topic is locked This topic is locked

#1
rockyroo
Posted 17 July 2005 - 05:13 PM

rockyroo

    New Member

  • Member
  • Pip
  • 8 posts
Hi Guys, Hope you can help. Ipicked up something that has gotten steadily worse to the point that when I boot up the computer I never get control of the mouse. It has something running inthe background that is locking me up. I am able to get in in safe mode and was able to delete a few things. I have run adaware, spybot and my Mcafee. One of the the entries on my Hyjack said file missing so when I was in safe mode I ran a search and found it (svcproc) in Prefetch where I deleted it. I also deleted csrss.exe and when I rebooted I was able to get back in withthe mouse working and get on the web and came straight to you guys. Hope you can help. here is the last Hyjack log.

Rockyroo :tazz:

Logfile of HijackThis v1.99.1
Scan saved at 9:42:05 AM, on 7/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [VortexTray] C:\WINDOWS\au30setp.exe 3
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: MK9908.lnk = C:\Documents and Settings\Robinson\Start Menu\Programs\Keyboard\MK9908.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01CA75F1-054B-4A63-9221-C6926369EC52} (HS_live Control) - http://install.homes...ive/HS_live.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...83/mcinsctl.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,20/mcgdmgr.cab
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
  • 0

Advertisements

#2
tampabelle
Posted 23 July 2005 - 09:35 AM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi,


We are sorry to have missed your log due to heavy traffic.

If you still need help, please post back a fresh Hijack This log.

If the problem has been resolved, please let us know.
  • 0

#3
rockyroo
Posted 23 July 2005 - 11:10 PM

rockyroo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thanks for the reply and yes I am still having some problems although I can still get in without having to do it in safe mode. Here is my latest Hijack log.

Logfile of HijackThis v1.99.1
Scan saved at 12:07:06 AM, on 7/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
C:\Documents and Settings\Robinson\Start Menu\Programs\Keyboard\MK9908.exe
C:\Program Files\Outlook Express\Msimn.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [VortexTray] C:\WINDOWS\au30setp.exe 3
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: MK9908.lnk = C:\Documents and Settings\Robinson\Start Menu\Programs\Keyboard\MK9908.exe
O16 - DPF: {01CA75F1-054B-4A63-9221-C6926369EC52} (HS_live Control) - http://install.homes...ive/HS_live.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...83/mcinsctl.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,20/mcgdmgr.cab
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
  • 0

#4
tampabelle
Posted 24 July 2005 - 07:32 AM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi rockyroo,


Please print out these instructions or copy them into a text file on your Desktop for easy access.

During the fix, u will be asked to fix some entries, delete some files or uninstall some programs. If in case, you do not see those entries / files / programs, please make a note of it. Continue with the fix and in your next post please inform me of all deviations from the fix prescribed.

1. Download Programs

Please download these programs and save them in a new folder on your desktop -

CleanUp
Ewido Security Suite

Install Ewido, and update the definitions to the newest files. Do NOT run a scan yet.

Nailfix.exe

Double click on this file. It will create a new folder Nailfix on your desktop and place a couple of files in it.


Restart the PC in Safe Mode (repeatedly tap the F8 key when the PC is starting up).

2. Remove Infections

Once in Safe Mode, please double-click on Nailfix.cmd. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

Run CleanUp and delete all temp files including temporary internet files

Run Ewido full scan. Let it fix any items it finds.

3. Run Hijack This

Run Hijack This and click on scan. The following items need to be fixed -

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

Close all windows other than Hijack This. Check the boxes next to above items and click on Fix checked.

4. Delete Rogue files

Open Add or Remove Programs (click on Start ---> Settings ---> Control panel. This should be the 3rd item). Uninstall or remove the following items -

ViewPoint

Open Windows Explorer (right click on Start and then click on explore). Locate and delete the following folder -

C:\Program Files\Viewpoint

Clear out the files in the Prefetch folder. Go to start> run> type into the box Prefetch and delete all the files in that folder. Dont delete the folder, only the files in it !!!!!!!!


Reboot the PC in Normal Mode.


Run Hijack This and post a fresh HJT log along with Ewido scan report.
  • 0

#5
rockyroo
Posted 24 July 2005 - 01:07 PM

rockyroo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi Tampa,

Did the best I could. "Cleanup" deleted 116,410 files for 1.6 GB of new space!!! It also asked me to restart to "complete the process" which I didn't because you still had things listed for me to do. Then got to work on Viewpoint. Deleted two entries in Add and Remove, a Viewpoint Manager and a Viewpoint Media Player. Then I couldn't find anything in Windows explorer under "program files\Viewpoint", but ran a search of all files and couldn't find so I moved on. Here is the new Hijack and Ewido scans. Any conflicts between McAfee and Ewido?? Should I delete Ewido after all the fixes are done, or what will it do? Thanks Rockyroo

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 1:32:43 PM, 7/24/2005
+ Report-Checksum: 2BEDEEEA

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7F6828CA-9E42-462C-BC60-418C8144012C} -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{09CA52B3-703C-4B17-9690-C13F736E3DCD} -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WareOut -> TrojanDownloader.Wareout : Cleaned with backup
HKLM\SOFTWARE\WareOut -> TrojanDownloader.Wareout : Cleaned with backup
HKU\S-1-5-21-1060284298-1343024091-1957994488-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01F44A8A-8C97-4325-A378-76E68DC4AB2E} -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-1060284298-1343024091-1957994488-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{08BEC6AA-49FC-4379-3587-4B21E286C19E} -> Spyware.SBSoft : Cleaned with backup
HKU\S-1-5-21-1060284298-1343024091-1957994488-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2E246FAE-8420-11D9-870D-000C2917DE7F} -> Dialer.Generic : Cleaned with backup
HKU\S-1-5-21-1060284298-1343024091-1957994488-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{467FAEB2-5F5B-4C81-BAE0-2A4752CA7F4E} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-1060284298-1343024091-1957994488-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6828CA-9E42-462C-BC60-418C8144012C} -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\csplj.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\WINDOWS\SYSTEM32\igrfa.dll -> Spyware.SBSoft : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\rdgUS1862.exe -> Dialer.Generic : Cleaned with backup
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug : Cleaned with backup
C:\Program Files\backups\backup-20050501-203514-854.dll -> Spyware.WinAD : Cleaned with backup
C:\Program Files\backups\backup-20050503-233750-514.dll -> Spyware.WinAD : Cleaned with backup
C:\Program Files\backups\backup-20050713-233650-996.dll -> Spyware.SBSoft : Cleaned with backup
C:\System Volume Information\_restore{EDB7D35D-F2B0-43F8-A80A-51C5909A504A}\RP120\A0012586.exe -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{EDB7D35D-F2B0-43F8-A80A-51C5909A504A}\RP120\A0012587.exe -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{EDB7D35D-F2B0-43F8-A80A-51C5909A504A}\RP181\A0021818.dll -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{EDB7D35D-F2B0-43F8-A80A-51C5909A504A}\RP181\A0021825.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{EDB7D35D-F2B0-43F8-A80A-51C5909A504A}\RP182\A0022823.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{EDB7D35D-F2B0-43F8-A80A-51C5909A504A}\RP182\A0023823.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{EDB7D35D-F2B0-43F8-A80A-51C5909A504A}\RP182\A0024823.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{EDB7D35D-F2B0-43F8-A80A-51C5909A504A}\RP182\A0024828.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{EDB7D35D-F2B0-43F8-A80A-51C5909A504A}\RP182\A0024834.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{EDB7D35D-F2B0-43F8-A80A-51C5909A504A}\RP182\A0024840.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{EDB7D35D-F2B0-43F8-A80A-51C5909A504A}\RP182\A0024845.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{EDB7D35D-F2B0-43F8-A80A-51C5909A504A}\RP182\A0024853.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{EDB7D35D-F2B0-43F8-A80A-51C5909A504A}\RP182\A0024860.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{EDB7D35D-F2B0-43F8-A80A-51C5909A504A}\RP182\A0024865.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{EDB7D35D-F2B0-43F8-A80A-51C5909A504A}\RP182\A0024876.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{EDB7D35D-F2B0-43F8-A80A-51C5909A504A}\RP182\A0024884.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{EDB7D35D-F2B0-43F8-A80A-51C5909A504A}\RP182\A0024885.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{EDB7D35D-F2B0-43F8-A80A-51C5909A504A}\RP182\A0024891.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{EDB7D35D-F2B0-43F8-A80A-51C5909A504A}\RP182\A0025890.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{EDB7D35D-F2B0-43F8-A80A-51C5909A504A}\RP182\A0025898.exe -> TrojanDropper.Vidro.p : Cleaned with backup


::Report End


Logfile of HijackThis v1.99.1
Scan saved at 1:53:16 PM, on 7/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Documents and Settings\Robinson\Start Menu\Programs\Keyboard\MK9908.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\ewido\security suite\ewidoguard.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [VortexTray] C:\WINDOWS\au30setp.exe 3
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: MK9908.lnk = C:\Documents and Settings\Robinson\Start Menu\Programs\Keyboard\MK9908.exe
O16 - DPF: {01CA75F1-054B-4A63-9221-C6926369EC52} (HS_live Control) - http://install.homes...ive/HS_live.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...83/mcinsctl.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,20/mcgdmgr.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
  • 0

#6
tampabelle
Posted 24 July 2005 - 02:35 PM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
So CleanUp wants to do some more work ??? Let it do it !!!!

Run CleanUp and delete all temp files including temporary internet files.

Let me know how it goes !!!
  • 0

#7
tampabelle
Posted 09 August 2005 - 02:26 PM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP