Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works

Infectious, Recurring Viruses

  • Please log in to reply



    New Member

  • Member
  • Pip
  • 1 posts
Everytime I'm on my computer under my username, my McAfee virus scanner always pops up and warns me about different viruses on my computer. It seems like there are programs that regenerate these viruses under different names all the time because when I delete them, another warning message pops up a few minutes later. I have an HJT log that has a whole bunch of foreign ".exes", which I think are problematic.

Logfile of HijackThis v1.99.1
Scan saved at 12:03:07 AM, on 8/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Bluestreak\Desktop\HijackThis.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
C:\Program Files\McAfee\McAfee VirusScan\VsMain.exe
C:\Program Files\McAfee\McAfee VirusScan\AlogServ.exe

O2 - BHO: Class - {92A397B8-F261-AF47-EE39-AF6C007DEF03} - C:\WINDOWS\mssp.dll
O2 - BHO: Class - {A5F1C6CB-4A7E-5372-1963-B6EBAEC0BB23} - C:\WINDOWS\system32\msyq32.dll
O2 - BHO: Class - {BE37410F-1690-DCC0-B063-5E4D232123E5} - C:\WINDOWS\d3qm.dll
O2 - BHO: Class - {E3676293-59F9-F3B9-B54E-F3180B709DAA} - C:\WINDOWS\system32\ntyr32.dll
O2 - BHO: Class - {E367875D-9ADF-EE62-EABB-EB82124F8315} - C:\WINDOWS\system32\apina.dll
O2 - BHO: Class - {EFDE9EDA-3EDD-9E0C-72B4-AC2CB8167A0E} - C:\WINDOWS\system32\sysbm.dll
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [Wfrmsrv] C:\WINDOWS\Wfrmsrv.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [KONICA MINOLTA PagePro 1350WStatusDisplay] C:\WINDOWS\system32\MSTMON_Q.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [winsl32.exe] C:\WINDOWS\winsl32.exe
O4 - HKLM\..\Run: [d3gm.exe] C:\WINDOWS\system32\d3gm.exe
O4 - HKLM\..\Run: [d3tf32.exe] C:\WINDOWS\system32\d3tf32.exe
O4 - HKLM\..\Run: [mfcms.exe] C:\WINDOWS\mfcms.exe
O4 - HKLM\..\Run: [apiqi.exe] C:\WINDOWS\system32\apiqi.exe
O4 - HKLM\..\Run: [ieng.exe] C:\WINDOWS\system32\ieng.exe
O4 - HKLM\..\Run: [netfq32.exe] C:\WINDOWS\netfq32.exe
O4 - HKLM\..\Run: [appzk.exe] C:\WINDOWS\appzk.exe
O4 - HKLM\..\Run: [netkc.exe] C:\WINDOWS\system32\netkc.exe
O4 - HKLM\..\Run: [sysen.exe] C:\WINDOWS\sysen.exe
O4 - HKLM\..\Run: [atluu32.exe] C:\WINDOWS\atluu32.exe
O4 - HKLM\..\Run: [iebe32.exe] C:\WINDOWS\system32\iebe32.exe
O4 - HKLM\..\RunOnce: [javatu32.exe] C:\WINDOWS\system32\javatu32.exe
O4 - HKLM\..\RunOnce: [mfcfl32.exe] C:\WINDOWS\system32\mfcfl32.exe
O4 - HKLM\..\RunOnce: [ipqy32.exe] C:\WINDOWS\system32\ipqy32.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1121502507648
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/...s/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{30CA713A-7113-456D-B62A-E50B62F9D7F2}: NameServer =
O17 - HKLM\System\CCS\Services\Tcpip\..\{69440D1C-23AB-4713-B7F0-3CEEDA4783A6}: NameServer =
O17 - HKLM\System\CS1\Services\Tcpip\..\{30CA713A-7113-456D-B62A-E50B62F9D7F2}: NameServer =
O17 - HKLM\System\CS2\Services\Tcpip\..\{30CA713A-7113-456D-B62A-E50B62F9D7F2}: NameServer =
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Network Security Service ( 11F#`I) - Unknown owner - C:\WINDOWS\system32\javatu32.exe
O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: McShield - Network Associates, Inc. - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe

I also have programs like "Search Extender", "Search Assistant - My Search", "Shopping Wizard", and "Home Search Assistent" which cannot be removed with any of the programs I've tried. :tazz:

I would appreciate if anyone could help me out.
  • 0




    Member 1K

  • Member
  • PipPipPipPip
  • 1,382 posts
Please go to the malware forum and follow the instructions at the top....Especially the CLICK HERE .

That will give you several steps that will help you clean up 70 percent of all problems by yourself. If at the end of the process you are still having difficulty--and you may not be-- then post a hijackthis log in THAT forum.

If you are still having problems after getting a clean bill of health from the malware expert, please return to this thread.
  • 0

Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP