1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: task manager and folder problems

Discussion in 'Virus & Other Malware Removal' started by jdominic379, Jan 26, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. jdominic379

    jdominic379 Thread Starter

    Joined:
    Jun 10, 2006
    Messages:
    17
    Hello all, I am running MS XP Pro. Here are my problems. First I am unable to delete a folder on an external hard drive. I attempted to use DOS commands without luck. Each time I attempt to open the folder, I recieve an MS error message whcih wants to report. I also seem to be having issues with the task manager. Does not look normal, and does not want to close. I am only able to see Icons of what program is running. below is the HJT that I just ran. Thanks for your assistance in advance.
    JD

    Logfile of HijackThis v1.99.1
    Scan saved at 3:12:59 PM, on 1/26/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\CTsvcCDA.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    C:\WINDOWS\System32\svchost.exe
    c:\program files\mcafee.com\vso\mcvsshld.exe
    c:\program files\mcafee.com\agent\mcagent.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Linksys Wireless-G PCI Wireless

    Network Monitor\WLService.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Linksys Wireless-G PCI Wireless

    Network Monitor\WMP54Gv4.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Hewlett-Packard\HP

    Share-to-Web\hpgs2wnd.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program

    Files\Nikon\PictureProject\NkbMonitor.exe
    C:\Program Files\Nikon\NkView6\NkvMon.exe
    C:\Program Files\Hewlett-Packard\HP

    Share-to-Web\hpgs2wnf.exe
    C:\Program

    Files\Creative\SBLive\Diagnostics\diagent.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\alg.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet

    Explorer\Main,Default_Page_URL =

    http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet

    Explorer\Main,Default_Search_URL =

    http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet

    Explorer\Main,Search Page =

    http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet

    Explorer\Main,Start Page =

    http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection

    Wizard,ShellNext = wmplayer.exe
    R1 - HKCU\Software\Microsoft\Internet

    Explorer\Main,Window Title = Microsoft Internet

    Explorer provided by Comcast
    O2 - BHO: AcroIEHlprObj Class -

    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

    Files\Adobe\Acrobat

    6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: McBrwHelper Class -

    {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program

    files\mcafee.com\mps\mcbrhlpr.dll
    O2 - BHO: McAfee PopupKiller -

    {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program

    files\mcafee.com\mps\popupkiller.dll
    O2 - BHO: DriveLetterAccess -

    {5CA3D70E-1895-11CF-8E15-001234567890} -

    C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class -

    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

    Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: AcroIEToolbarHelper Class -

    {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program

    Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: McAfee VirusScan -

    {BA52B914-B692-46c4-B683-905236F6F655} -

    c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: Adobe PDF -

    {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program

    Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [diagent] "C:\Program

    Files\Creative\SBLive\Diagnostics\diagent.exe"

    startup
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [dla]

    C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program

    Files\Common Files\Sonic\Update Manager\sgtray.exe"

    /r
    O4 - HKLM\..\Run: [MPFExe]

    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [MCAgentExe]

    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe]

    C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [MPSExe]

    c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
    O4 - HKLM\..\Run: [VSOCheckTask]

    "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe"

    /checktask
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program

    Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program

    Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program

    Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon]

    C:\Program Files\Hewlett-Packard\HP

    Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program

    Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

    Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program

    Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager]

    C:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.ex

    e
    O4 - HKCU\..\Run: [ctfmon.exe]

    C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: NkbMonitor.exe.lnk =

    C:\Program

    Files\Nikon\PictureProject\NkbMonitor.exe
    O4 - Global Startup: NkvMon.exe.lnk = C:\Program

    Files\Nikon\NkView6\NkvMon.exe
    O8 - Extra context menu item: E&xport to Microsoft

    Excel -

    res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) -

    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

    Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console -

    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

    Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: ComcastHSI -

    {669B269B-0D4E-41FB-A3D8-FD67CA94F646} -

    http://www.comcast.net/ (file missing)
    O9 - Extra button: Support -

    {8828075D-D097-4055-AA02-2DBFA9D85E8A} -

    http://www.comcastsupport.com/ (file missing)
    O9 - Extra button: Research -

    {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

    C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Help -

    {97809617-3937-4F84-B335-9BB05EF1A8D4} -

    http://online.comcast.net/help/ (file missing)
    O9 - Extra button: (no name) -

    {e2e2dd38-d088-4134-82b7-f2ba38496583} -

    %windir%\Network Diagnostic\xpnetdiag.exe (file

    missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

    {e2e2dd38-d088-4134-82b7-f2ba38496583} -

    %windir%\Network Diagnostic\xpnetdiag.exe (file

    missing)
    O9 - Extra button: Messenger -

    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

    Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger -

    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

    Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}

    (McAfee.com Operating System Class) -

    http://download.mcafee.com/molbin/shared/mcinsctl/4

    ,0,0,101/mcinsctl.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389}

    (DwnldGroupMgr Class) -

    http://download.mcafee.com/molbin/shared/mcgdmgr/1,

    0,0,26/mcgdmgr.cab
    O17 -

    HKLM\System\CCS\Services\Tcpip\..\{8C1367C1-D770-45

    82-9230-349787550578}: NameServer =

    85.255.113.138,85.255.112.171
    O17 -

    HKLM\System\CCS\Services\Tcpip\..\{B7B84B1B-2F94-41

    CF-9510-CEDB147DD1FD}: NameServer =

    85.255.113.138,85.255.112.171
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters:

    NameServer = 85.255.113.138 85.255.112.171
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters:

    NameServer = 85.255.113.138 85.255.112.171
    O20 - Winlogon Notify: WgaLogon -

    C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Adobe LM Service - Unknown owner -

    C:\Program Files\Common Files\Adobe Systems

    Shared\Service\Adobelmsvc.exe
    O23 - Service: Adrelassp - Unknown owner - (no

    file)
    O23 - Service: Creative Service for CDROM Access -

    Creative Technology Ltd -

    C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: InstallDriver Table Manager

    (IDriverT) - Macrovision Corporation - C:\Program

    Files\Common Files\InstallShield\Driver\11\Intel

    32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc.

    - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee WSC Integration

    (McDetect.exe) - McAfee, Inc - c:\program

    files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) -

    McAfee Inc. -

    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe)

    - McAfee, Inc -

    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager

    (mcupdmgr.exe) - McAfee, Inc -

    C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service

    (MpfService) - McAfee Corporation -

    C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    O23 - Service: WMP54Gv4SVC - Unknown owner -

    C:\Program Files\Linksys Wireless-G PCI Wireless

    Network Monitor\WLService.exe" "WMP54Gv4.exe (file

    missing)
     
  2. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Hi, jdominic379 :)

    Welcome to TSG.

    Please open Notepad. Select Format from the menu, then Word Wrap. Keep Notepad with these settings. It will help us read these reports more effectively.

    Please print out these instructions for reference, since you will have to restart your computer during the fix.

    Please download FixWareout from Here or Here.

    1. Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
    2. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.
    3. Once the desktop loads a text file will open (report.txt), you can close it - the file has already been saved.
    Run HijackThis. Click "Do a System Scan Only", and place a check next to the following items (if found):

    O17 - HKLM\System\CCS\Services\Tcpip\..\{8C1367C1-D770-4582-9230-349787550578}: NameServer = 85.255.113.138,85.255.112.171
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B7B84B1B-2F94-41CF-9510-CEDB147DD1FD}: NameServer = 85.255.113.138,85.255.112.171
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.138 85.255.112.171
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.138 85.255.112.171


    Click FIX CHECKED. Close HijackThis.
    1. Enter your Control Panel and double-click on Network Connections
    2. Then right click on your Default Connection
      • Usually Local Area Connection for Cable and DSL, or AOL Connection.
    3. Left click on Properties
    4. Double-Click on the Internet Protocol (TCP/IP) item
    5. Select the radio dial that says Obtain DNS Servers Automatically
    6. Press OK twice to get out of the properties screen
    7. Restart the computer
    Go to Start->Run->Type CMD and click Ok. The MSDOS Window will be displayed. At the command prompt, type the following and press Enter after each line:

    ipconfig /flushdns (The space between g and / is needed)
    Exit

    Restart the computer.

    Finally, please post the contents of the text file that opened earlier (you can find it at C:\fixwareout\report.txt ), along with a new HijackThis log into this topic.
     
  3. jdominic379

    jdominic379 Thread Starter

    Joined:
    Jun 10, 2006
    Messages:
    17
    Below is the Fixwareout reprot file. I can now access the external file folder. My task manager is still whacky. I can open the application, but I can not close the task manager. Attempting to right click to close from the taskbar is not sucessful. The only way to close task manager is to log off. task manager when opened is only a window, no additional functions except three buttons on the bottom of the window. End Task, Switch To, New task. thanks once again for the assistance.
    JD
    ------------------------------
    Fixwareout
    Last edited 1/14/2006
    Post this report in the forums please
    ...
    Prerun check
    »»»»» HKLM run and Winlogon System values
    »»»»» System restarted
    ...
    Reg Entries that were deleted
    ...
    Random Runs removed from HKLM
    ...

    PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

    »»»»» Searching by size/names...

    »»»»»
    Search five digit cs, dm kd and jb files.
    This WILL/CAN also list Legit Files, Submit them at Virustotal

    Other suspects.

    »»»»» Misc files.

    »»»»» Checking for older varients covered by the Rem3 tool.

    »»»»» Postrun check
    »»»»» HKLM run
    »»»»» Winlogon System value
    "system"=""
    »»»»»
     
  4. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Hi, jdominic379 :)

    Post a fresh Hijackthis log.
     
  5. jdominic379

    jdominic379 Thread Starter

    Joined:
    Jun 10, 2006
    Messages:
    17
    sorry...Here is the HJT log.
    JD
    ---------------------------

    Logfile of HijackThis v1.99.1
    Scan saved at 1:00:09 PM, on 1/27/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Linksys Wireless-G PCI Wireless

    Network Monitor\WLService.exe
    C:\Program Files\Linksys Wireless-G PCI Wireless

    Network Monitor\WMP54Gv4.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
    C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    C:\Program Files\McAfee.com\VSO\oasclnt.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Hewlett-Packard\HP

    Share-to-Web\hpgs2wnd.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program

    Files\Nikon\PictureProject\NkbMonitor.exe
    C:\Program Files\Nikon\NkView6\NkvMon.exe
    C:\Program

    Files\Creative\SBLive\Diagnostics\diagent.exe
    C:\Program Files\Hewlett-Packard\HP

    Share-to-Web\hpgs2wnf.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Adobe\Acrobat

    6.0\Acrobat\Acrobat.exe
    C:\WINDOWS\system32\WISPTIS.EXE
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Connection

    Wizard,ShellNext = wmplayer.exe
    R1 - HKCU\Software\Microsoft\Internet

    Explorer\Main,Window Title = Microsoft Internet

    Explorer provided by Comcast
    O2 - BHO: AcroIEHlprObj Class -

    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

    Files\Adobe\Acrobat

    6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: McBrwHelper Class -

    {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program

    files\mcafee.com\mps\mcbrhlpr.dll
    O2 - BHO: McAfee PopupKiller -

    {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program

    files\mcafee.com\mps\popupkiller.dll
    O2 - BHO: DriveLetterAccess -

    {5CA3D70E-1895-11CF-8E15-001234567890} -

    C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class -

    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

    Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: AcroIEToolbarHelper Class -

    {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program

    Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: McAfee VirusScan -

    {BA52B914-B692-46c4-B683-905236F6F655} -

    c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: Adobe PDF -

    {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program

    Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [diagent] "C:\Program

    Files\Creative\SBLive\Diagnostics\diagent.exe"

    startup
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [dla]

    C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program

    Files\Common Files\Sonic\Update Manager\sgtray.exe"

    /r
    O4 - HKLM\..\Run: [MPFExe]

    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [MCAgentExe]

    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe]

    c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [MPSExe]

    c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
    O4 - HKLM\..\Run: [VSOCheckTask]

    "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe"

    /checktask
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program

    Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program

    Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program

    Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon]

    C:\Program Files\Hewlett-Packard\HP

    Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program

    Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

    Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program

    Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager]

    C:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.ex

    e
    O4 - HKCU\..\Run: [ctfmon.exe]

    C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: NkbMonitor.exe.lnk =

    C:\Program

    Files\Nikon\PictureProject\NkbMonitor.exe
    O4 - Global Startup: NkvMon.exe.lnk = C:\Program

    Files\Nikon\NkView6\NkvMon.exe
    O8 - Extra context menu item: E&xport to Microsoft

    Excel -

    res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) -

    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

    Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console -

    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

    Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: ComcastHSI -

    {669B269B-0D4E-41FB-A3D8-FD67CA94F646} -

    http://www.comcast.net/ (file missing)
    O9 - Extra button: Support -

    {8828075D-D097-4055-AA02-2DBFA9D85E8A} -

    http://www.comcastsupport.com/ (file missing)
    O9 - Extra button: Research -

    {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

    C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Help -

    {97809617-3937-4F84-B335-9BB05EF1A8D4} -

    http://online.comcast.net/help/ (file missing)
    O9 - Extra button: (no name) -

    {e2e2dd38-d088-4134-82b7-f2ba38496583} -

    %windir%\Network Diagnostic\xpnetdiag.exe (file

    missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

    {e2e2dd38-d088-4134-82b7-f2ba38496583} -

    %windir%\Network Diagnostic\xpnetdiag.exe (file

    missing)
    O9 - Extra button: Messenger -

    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

    Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger -

    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

    Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}

    (McAfee.com Operating System Class) -

    http://download.mcafee.com/molbin/shared/mcinsctl/4

    ,0,0,101/mcinsctl.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389}

    (DwnldGroupMgr Class) -

    http://download.mcafee.com/molbin/shared/mcgdmgr/1,

    0,0,26/mcgdmgr.cab
    O20 - Winlogon Notify: WgaLogon -

    C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Adobe LM Service - Unknown owner -

    C:\Program Files\Common Files\Adobe Systems

    Shared\Service\Adobelmsvc.exe
    O23 - Service: Adrelassp - Unknown owner - (no

    file)
    O23 - Service: Creative Service for CDROM Access -

    Creative Technology Ltd -

    C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: InstallDriver Table Manager

    (IDriverT) - Macrovision Corporation - C:\Program

    Files\Common Files\InstallShield\Driver\11\Intel

    32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc.

    - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee WSC Integration

    (McDetect.exe) - McAfee, Inc - c:\program

    files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) -

    McAfee Inc. -

    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe)

    - McAfee, Inc -

    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager

    (mcupdmgr.exe) - McAfee, Inc -

    C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service

    (MpfService) - McAfee Corporation -

    C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    O23 - Service: WMP54Gv4SVC - Unknown owner -

    C:\Program Files\Linksys Wireless-G PCI Wireless

    Network Monitor\WLService.exe" "WMP54Gv4.exe (file

    missing)
     
  6. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Hi, jdominic379 :)

    You have to set Notepad to Word Wrap. It is very difficult to read those logs without setting Notepad to Word Wrap.

    Download ComboFix from Here or Here. to your Desktop.

    Reboot to Safe mode:

    Restart your computer and begin tapping the F8 key on your keyboard just before Windows starts to load. If done right a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter.

    Perform the following actions in Safe Mode.
    • Double click combofix.exe and follow the prompts.
    • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall
     
  7. jdominic379

    jdominic379 Thread Starter

    Joined:
    Jun 10, 2006
    Messages:
    17
    I completed the combofix instructions in safe mode and also ran the HJT. The logs are below with word wrap on...I increasd the window size. Still have the task manager symptom. I hope this helps. Thanks.
    JD
    ---------------
    "JD" - 07-01-27 15:00:30 Service Pack 2
    ComboFix 07-01-25 - Running from: "C:\Documents and Settings\JD\Desktop"

    ((((((((((((((((((((((((((((((( Files Created from 2006-12-27 to 2007-01-27 ))))))))))))))))))))))))))))))))))


    2007-01-27 11:21 <DIR> d-------- C:\fixwareout
    2007-01-26 15:04 79,360 --a------ C:\WINDOWS\system32\swxcacls.exe
    2007-01-26 15:04 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2007-01-26 15:04 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2007-01-26 15:04 40,960 --a------ C:\WINDOWS\system32\swsc.exe
    2007-01-26 15:04 3,374 --a------ C:\WINDOWS\system32\tmp.reg
    2007-01-26 15:04 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2007-01-26 15:04 135,168 --a------ C:\WINDOWS\system32\swreg.exe
    2007-01-26 13:45 <DIR> d-------- C:\DOCUME~1\download\Application Data\Talkback
    2007-01-19 18:51 356,663 --a------ C:\WINDOWS\12-b101c483c2fe3ac4a2bd5fae3377ef4f.exe
    2007-01-19 18:51 <DIR> d-------- C:\WINDOWS\system32\SearchTool
    2007-01-10 21:26 <DIR> d-------- C:\WINDOWS\ie7updates


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2007-01-27 14:41 -------- d-------- C:\DOCUME~1\JD\Application Data\adobeum
    2007-01-27 13:00 -------- d-------- C:\Program Files\hijackthis
    2007-01-26 17:08 -------- d-------- C:\Program Files\limewire
    2007-01-26 17:08 -------- d-------- C:\Program Files\incomplete
    2007-01-26 13:45 -------- d-------- C:\Program Files\mozilla firefox
    2007-01-26 13:26 -------- d-------- C:\Program Files\sports illustrated
    2007-01-19 18:51 299 --a------ C:\DOCUME~1\JD\Application Data\internaldb1942.dat
    2007-01-19 18:51 23 --a------ C:\DOCUME~1\JD\Application Data\inifile41.ini
    2007-01-02 12:35 -------- d-------- C:\DOCUME~1\JD\Application Data\adobe
    2006-12-31 11:06 -------- d-------- C:\Program Files\yahoo!
    2006-12-24 17:25 -------- d-------- C:\DOCUME~1\JD\Application Data\map maker
    2006-12-07 00:29 2374472 --a------ C:\WINDOWS\system32\wmvcore.dll
    2006-11-08 00:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
    2006-11-07 21:03 6049280 --------- C:\WINDOWS\system32\ieframe.dll
    2006-11-07 21:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
    2006-11-07 21:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll
    2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
    2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
    2006-11-07 21:03 180736 --------- C:\WINDOWS\system32\ieui.dll
    2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
    2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
    2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
    2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
    2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
    2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
    2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
    2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
    2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
    2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
    2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "PhotoShow Deluxe Media Manager"="C:\\PROGRA~1\\Comcast\\COMCAS~1\\data\\Xtras\\mssysmgr.exe"
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "diagent"="\"C:\\Program Files\\Creative\\SBLive\\Diagnostics\\diagent.exe\" startup"
    "UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
    "dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
    "UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
    "MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
    "MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
    "MCUpdateExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"
    "MPSExe"="c:\\PROGRA~1\\mcafee.com\\mps\\mscifapp.exe /embedding"
    "VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
    "VirusScan Online"="C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe"
    "OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
    "NWEReboot"=""
    "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
    "Share-to-Web Namespace Daemon"="C:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe"
    "RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    @=""
    "NoCDBurning"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0
    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0



    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (D-GRQEILU2R89UN-JD).job

    Completion time: 07-01-27 15:04:11
    -------------------------------------------
    Logfile of HijackThis v1.99.1
    Scan saved at 3:06:22 PM, on 1/27/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
    O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
    O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adrelassp - Unknown owner - (no file)
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)
     
  8. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Hi, jdominic379. :)

    [​IMG]Please download ATF Cleaner by Atribune.
    This program is for XP and Windows 2000 only

    • Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.
    If you use Firefox browser
    • Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser
    • Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main menu to close the program.
    For Technical Support, double-click the e-mail address located at the bottom of each menu.

    [​IMG]Download AVG Anti-Spyware from HERE and save that file to your desktop.
    This is a 30 day trial of the program
    1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
    2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
    3. On the main screen select the icon "Update" then select the "Update now" link.
      • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
    4. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
    5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
    6. Under "Reports"
      • Select "Automatically generate report after every scan"
      • Un-Select "Only if threats were found"
    Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly

    Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.

    Boot into Safe Mode:

    Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

    Perform the following steps in safe mode:

    1. IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
    2. Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
    3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
    4. AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
      Once the scan is complete do the following:
    5. If you have any infections you will prompted, then select "Apply all actions"
    6. Next select the "Reports" icon at the top.
    7. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
    8. Close AVG Anti-Spyware .
    Restart back into Windows normally now.

    Please go HERE to run Panda's ActiveScan
    • Once you are on the Panda site click the Scan your PC button
    • A new window will open...click the Check Now button
    • Enter your Country
    • Enter your State/Province
    • Enter your e-mail address and click send
    • Select either Home User or Company
    • Click the big Scan Now button
    • If it wants to install an ActiveX component allow it
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • When download is complete, click on My Computer to start the scan
    • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
    Post a fresh Hijackthis log along with the AVG Anti-spyware and ActiveScan reports.
     
  9. jdominic379

    jdominic379 Thread Starter

    Joined:
    Jun 10, 2006
    Messages:
    17
    I ran the ATF cleaner, AVG spyware, and Panda scans along with a new HJT. Panda dis not indicate infected files. below are the AVG and HJT reports. Task manager remains the same. Thanks.
    JD
    -------------------------------------------

    ---------------------------------------------------------
    AVG Anti-Spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 6:38:24 PM 1/27/2007

    + Scan result:



    C:\WINDOWS\system32\SearchTool\nstCE.dll -> Adware.SearchEnh : Cleaned.
    C:\WINDOWS\12-b101c483c2fe3ac4a2bd5fae3377ef4f.exe -> Adware.SearchTool : Cleaned.
    C:\WINDOWS\system32\SearchTool\SearchTool.dll -> Adware.SearchTool : Cleaned.
    :mozilla.107:C:\Documents and Settings\MMD\Application Data\Mozilla\Firefox\Profiles\hg8l2mnj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.183:C:\Documents and Settings\MMD\Application Data\Mozilla\Firefox\Profiles\hg8l2mnj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.69:C:\Documents and Settings\MMD\Application Data\Mozilla\Firefox\Profiles\hg8l2mnj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.70:C:\Documents and Settings\MMD\Application Data\Mozilla\Firefox\Profiles\hg8l2mnj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.71:C:\Documents and Settings\MMD\Application Data\Mozilla\Firefox\Profiles\hg8l2mnj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.72:C:\Documents and Settings\MMD\Application Data\Mozilla\Firefox\Profiles\hg8l2mnj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.46:C:\Documents and Settings\MMD\Application Data\Mozilla\Firefox\Profiles\hg8l2mnj.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.48:C:\Documents and Settings\MMD\Application Data\Mozilla\Firefox\Profiles\hg8l2mnj.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.49:C:\Documents and Settings\MMD\Application Data\Mozilla\Firefox\Profiles\hg8l2mnj.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.50:C:\Documents and Settings\MMD\Application Data\Mozilla\Firefox\Profiles\hg8l2mnj.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.53:C:\Documents and Settings\MMD\Application Data\Mozilla\Firefox\Profiles\hg8l2mnj.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.18:C:\Documents and Settings\MMD\Application Data\Mozilla\Firefox\Profiles\hg8l2mnj.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
    :mozilla.86:C:\Documents and Settings\MMD\Application Data\Mozilla\Firefox\Profiles\hg8l2mnj.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
    :mozilla.224:C:\Documents and Settings\MMD\Application Data\Mozilla\Firefox\Profiles\hg8l2mnj.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
    :mozilla.225:C:\Documents and Settings\MMD\Application Data\Mozilla\Firefox\Profiles\hg8l2mnj.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
    :mozilla.158:C:\Documents and Settings\MMD\Application Data\Mozilla\Firefox\Profiles\hg8l2mnj.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
    :mozilla.156:C:\Documents and Settings\MMD\Application Data\Mozilla\Firefox\Profiles\hg8l2mnj.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
    :mozilla.157:C:\Documents and Settings\MMD\Application Data\Mozilla\Firefox\Profiles\hg8l2mnj.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
    :mozilla.159:C:\Documents and Settings\MMD\Application Data\Mozilla\Firefox\Profiles\hg8l2mnj.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
    :mozilla.17:C:\Documents and Settings\download\Application Data\Mozilla\Firefox\Profiles\x0ddf4nk.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
    :mozilla.28:C:\Documents and Settings\MMD\Application Data\Mozilla\Firefox\Profiles\hg8l2mnj.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
    :mozilla.23:C:\Documents and Settings\MMD\Application Data\Mozilla\Firefox\Profiles\hg8l2mnj.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.24:C:\Documents and Settings\MMD\Application Data\Mozilla\Firefox\Profiles\hg8l2mnj.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.25:C:\Documents and Settings\MMD\Application Data\Mozilla\Firefox\Profiles\hg8l2mnj.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.26:C:\Documents and Settings\MMD\Application Data\Mozilla\Firefox\Profiles\hg8l2mnj.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.27:C:\Documents and Settings\MMD\Application Data\Mozilla\Firefox\Profiles\hg8l2mnj.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.87:C:\Documents and Settings\MMD\Application Data\Mozilla\Firefox\Profiles\hg8l2mnj.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.106:C:\Documents and Settings\MMD\Application Data\Mozilla\Firefox\Profiles\hg8l2mnj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.111:C:\Documents and Settings\MMD\Application Data\Mozilla\Firefox\Profiles\hg8l2mnj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.114:C:\Documents and Settings\MMD\Application Data\Mozilla\Firefox\Profiles\hg8l2mnj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.216:C:\Documents and Settings\MMD\Application Data\Mozilla\Firefox\Profiles\hg8l2mnj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.78:C:\Documents and Settings\MMD\Application Data\Mozilla\Firefox\Profiles\hg8l2mnj.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
    :mozilla.79:C:\Documents and Settings\MMD\Application Data\Mozilla\Firefox\Profiles\hg8l2mnj.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
    :mozilla.80:C:\Documents and Settings\MMD\Application Data\Mozilla\Firefox\Profiles\hg8l2mnj.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
    :mozilla.81:C:\Documents and Settings\MMD\Application Data\Mozilla\Firefox\Profiles\hg8l2mnj.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
    :mozilla.160:C:\Documents and Settings\MMD\Application Data\Mozilla\Firefox\Profiles\hg8l2mnj.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.161:C:\Documents and Settings\MMD\Application Data\Mozilla\Firefox\Profiles\hg8l2mnj.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.162:C:\Documents and Settings\MMD\Application Data\Mozilla\Firefox\Profiles\hg8l2mnj.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.15:C:\Documents and Settings\MMD\Application Data\Mozilla\Firefox\Profiles\hg8l2mnj.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
    :mozilla.16:C:\Documents and Settings\MMD\Application Data\Mozilla\Firefox\Profiles\hg8l2mnj.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
    :mozilla.18:C:\Documents and Settings\download\Application Data\Mozilla\Firefox\Profiles\x0ddf4nk.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
    :mozilla.76:C:\Documents and Settings\MMD\Application Data\Mozilla\Firefox\Profiles\hg8l2mnj.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
    :mozilla.77:C:\Documents and Settings\MMD\Application Data\Mozilla\Firefox\Profiles\hg8l2mnj.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
    :mozilla.88:C:\Documents and Settings\MMD\Application Data\Mozilla\Firefox\Profiles\hg8l2mnj.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
    :mozilla.89:C:\Documents and Settings\MMD\Application Data\Mozilla\Firefox\Profiles\hg8l2mnj.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
    :mozilla.42:C:\Documents and Settings\MMD\Application Data\Mozilla\Firefox\Profiles\hg8l2mnj.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.43:C:\Documents and Settings\MMD\Application Data\Mozilla\Firefox\Profiles\hg8l2mnj.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.44:C:\Documents and Settings\MMD\Application Data\Mozilla\Firefox\Profiles\hg8l2mnj.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.45:C:\Documents and Settings\MMD\Application Data\Mozilla\Firefox\Profiles\hg8l2mnj.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.96:C:\Documents and Settings\MMD\Application Data\Mozilla\Firefox\Profiles\hg8l2mnj.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
    :mozilla.97:C:\Documents and Settings\MMD\Application Data\Mozilla\Firefox\Profiles\hg8l2mnj.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
    :mozilla.115:C:\Documents and Settings\MMD\Application Data\Mozilla\Firefox\Profiles\hg8l2mnj.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
    :mozilla.116:C:\Documents and Settings\MMD\Application Data\Mozilla\Firefox\Profiles\hg8l2mnj.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
    :mozilla.117:C:\Documents and Settings\MMD\Application Data\Mozilla\Firefox\Profiles\hg8l2mnj.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
    :mozilla.118:C:\Documents and Settings\MMD\Application Data\Mozilla\Firefox\Profiles\hg8l2mnj.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
    :mozilla.119:C:\Documents and Settings\MMD\Application Data\Mozilla\Firefox\Profiles\hg8l2mnj.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
    :mozilla.167:C:\Documents and Settings\MMD\Application Data\Mozilla\Firefox\Profiles\hg8l2mnj.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.168:C:\Documents and Settings\MMD\Application Data\Mozilla\Firefox\Profiles\hg8l2mnj.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.123:C:\Documents and Settings\MMD\Application Data\Mozilla\Firefox\Profiles\hg8l2mnj.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.124:C:\Documents and Settings\MMD\Application Data\Mozilla\Firefox\Profiles\hg8l2mnj.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.125:C:\Documents and Settings\MMD\Application Data\Mozilla\Firefox\Profiles\hg8l2mnj.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.16:C:\Documents and Settings\download\Application Data\Mozilla\Firefox\Profiles\x0ddf4nk.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
    :mozilla.19:C:\Documents and Settings\download\Application Data\Mozilla\Firefox\Profiles\x0ddf4nk.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
    :mozilla.47:C:\Documents and Settings\MMD\Application Data\Mozilla\Firefox\Profiles\hg8l2mnj.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
    :mozilla.52:C:\Documents and Settings\MMD\Application Data\Mozilla\Firefox\Profiles\hg8l2mnj.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
    :mozilla.132:C:\Documents and Settings\MMD\Application Data\Mozilla\Firefox\Profiles\hg8l2mnj.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
    :mozilla.133:C:\Documents and Settings\MMD\Application Data\Mozilla\Firefox\Profiles\hg8l2mnj.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
    :mozilla.57:C:\Documents and Settings\MMD\Application Data\Mozilla\Firefox\Profiles\hg8l2mnj.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
    :mozilla.166:C:\Documents and Settings\MMD\Application Data\Mozilla\Firefox\Profiles\hg8l2mnj.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.213:C:\Documents and Settings\MMD\Application Data\Mozilla\Firefox\Profiles\hg8l2mnj.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
    :mozilla.214:C:\Documents and Settings\MMD\Application Data\Mozilla\Firefox\Profiles\hg8l2mnj.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
    :mozilla.215:C:\Documents and Settings\MMD\Application Data\Mozilla\Firefox\Profiles\hg8l2mnj.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


    ::Report end

    ----------------------------------------
    Logfile of HijackThis v1.99.1
    Scan saved at 6:52:53 PM, on 1/27/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
    C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
    C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    C:\Program Files\McAfee.com\VSO\oasclnt.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
    C:\Program Files\Nikon\NkView6\NkvMon.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
    O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
    O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adrelassp - Unknown owner - (no file)
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)
     
  10. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Hi, jdominic379 :)

    Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

    C:\WINDOWS\system32\SearchTool

    Go to Start->Run, type CMD and click Ok. The MSDOS window will be displayed. At the prompt type the following and press Enter after each line:

    SC Stop Adrelassp
    SC Delete Adrelassp
    Exit


    Open the Task Manager. Doubleclick on one of its borders.

    Let me know how is it doing?
     
  11. jdominic379

    jdominic379 Thread Starter

    Joined:
    Jun 10, 2006
    Messages:
    17
    Bravo! Task manager seems to be functioning well. Thakyou for your time and efforts.
    JD
     
  12. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Hi, jdominic379. :)

    Congratulations.[​IMG]

    Reset and Re-enable your System Restore to remove bad files that have been backed up by Windows. The files in System Restore are protected to prevent any programmes changing them. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected.)

    To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

    (Windows XP)

    1. Turn off System Restore.
    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    Check Turn off System Restore.
    Click Apply, and then click OK.

    2. Reboot.

    3. Turn ON System Restore.

    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    UN-Check *Turn off System Restore*.
    Click Apply, and then click OK..

    Create a Restore point:
    1. Click Start, point to All Programs, point to Accessories, point to System Tools, and then click System Restore.
    2. In the System Restore dialog box, click Create a restore point, and then click Next.
    3. Type a description for your restore point, such as "After Cleanup", then click Create.

    The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
    1. Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
    2. AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
    3. SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
    4. SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
    5. IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
    6. CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
    7. Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
    8. Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
    9. Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
    To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.

    Click Here for some advise from our security Experts.

    Please use the thread's Tools and mark this thread as "Solved".

    Best wishes! [​IMG]
     
  13. jdominic379

    jdominic379 Thread Starter

    Joined:
    Jun 10, 2006
    Messages:
    17
    Thanks again. Pay Pal donation is on the way.
    JD
     
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/538608

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice