Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Infectious, Recurring Viruses

Started by ziptree , Aug 05 2005 01:04 AM

  • Please log in to reply

#1
ziptree
Posted 05 August 2005 - 01:04 AM

ziptree

    New Member

  • Member
  • Pip
  • 1 posts
Everytime I'm on my computer under my username, my McAfee virus scanner always pops up and warns me about different viruses on my computer. It seems like there are programs that regenerate these viruses under different names all the time because when I delete them, another warning message pops up a few minutes later. I have an HJT log that has a whole bunch of foreign ".exes", which I think are problematic.

Logfile of HijackThis v1.99.1
Scan saved at 12:03:07 AM, on 8/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\system32\d3tf32.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Bluestreak\Desktop\HijackThis.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
C:\Program Files\McAfee\McAfee VirusScan\VsMain.exe
C:\Program Files\McAfee\McAfee VirusScan\AlogServ.exe

O2 - BHO: Class - {92A397B8-F261-AF47-EE39-AF6C007DEF03} - C:\WINDOWS\mssp.dll
O2 - BHO: Class - {A5F1C6CB-4A7E-5372-1963-B6EBAEC0BB23} - C:\WINDOWS\system32\msyq32.dll
O2 - BHO: Class - {BE37410F-1690-DCC0-B063-5E4D232123E5} - C:\WINDOWS\d3qm.dll
O2 - BHO: Class - {E3676293-59F9-F3B9-B54E-F3180B709DAA} - C:\WINDOWS\system32\ntyr32.dll
O2 - BHO: Class - {E367875D-9ADF-EE62-EABB-EB82124F8315} - C:\WINDOWS\system32\apina.dll
O2 - BHO: Class - {EFDE9EDA-3EDD-9E0C-72B4-AC2CB8167A0E} - C:\WINDOWS\system32\sysbm.dll
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [Wfrmsrv] C:\WINDOWS\Wfrmsrv.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [KONICA MINOLTA PagePro 1350WStatusDisplay] C:\WINDOWS\system32\MSTMON_Q.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [winsl32.exe] C:\WINDOWS\winsl32.exe
O4 - HKLM\..\Run: [d3gm.exe] C:\WINDOWS\system32\d3gm.exe
O4 - HKLM\..\Run: [d3tf32.exe] C:\WINDOWS\system32\d3tf32.exe
O4 - HKLM\..\Run: [mfcms.exe] C:\WINDOWS\mfcms.exe
O4 - HKLM\..\Run: [apiqi.exe] C:\WINDOWS\system32\apiqi.exe
O4 - HKLM\..\Run: [ieng.exe] C:\WINDOWS\system32\ieng.exe
O4 - HKLM\..\Run: [netfq32.exe] C:\WINDOWS\netfq32.exe
O4 - HKLM\..\Run: [appzk.exe] C:\WINDOWS\appzk.exe
O4 - HKLM\..\Run: [netkc.exe] C:\WINDOWS\system32\netkc.exe
O4 - HKLM\..\Run: [sysen.exe] C:\WINDOWS\sysen.exe
O4 - HKLM\..\Run: [atluu32.exe] C:\WINDOWS\atluu32.exe
O4 - HKLM\..\Run: [iebe32.exe] C:\WINDOWS\system32\iebe32.exe
O4 - HKLM\..\RunOnce: [javatu32.exe] C:\WINDOWS\system32\javatu32.exe
O4 - HKLM\..\RunOnce: [mfcfl32.exe] C:\WINDOWS\system32\mfcfl32.exe
O4 - HKLM\..\RunOnce: [ipqy32.exe] C:\WINDOWS\system32\ipqy32.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1121502507648
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/...s/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{30CA713A-7113-456D-B62A-E50B62F9D7F2}: NameServer = 66.81.0.251 66.81.0.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{69440D1C-23AB-4713-B7F0-3CEEDA4783A6}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{30CA713A-7113-456D-B62A-E50B62F9D7F2}: NameServer = 66.81.0.251 66.81.0.252
O17 - HKLM\System\CS2\Services\Tcpip\..\{30CA713A-7113-456D-B62A-E50B62F9D7F2}: NameServer = 66.81.0.251 66.81.0.252
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\javatu32.exe
O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: McShield - Network Associates, Inc. - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe


I also have programs like "Search Extender", "Search Assistant - My Search", "Shopping Wizard", and "Home Search Assistent" which cannot be removed with any of the programs I've tried. :tazz:

I would appreciate if anyone could help me out.
  • 0

Advertisements

#2
darth_ash
Posted 05 August 2005 - 01:07 AM

darth_ash

    Member 1K

  • Member
  • PipPipPipPip
  • 1,382 posts
Please go to the malware forum and follow the instructions at the top....Especially the CLICK HERE .

That will give you several steps that will help you clean up 70 percent of all problems by yourself. If at the end of the process you are still having difficulty--and you may not be-- then post a hijackthis log in THAT forum.

If you are still having problems after getting a clean bill of health from the malware expert, please return to this thread.
  • 0
Back to Windows XP, 2000, 2003, NT · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Retired Forums
  3. Windows XP, 2000, 2003, NT

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP