WE'RE SURE THAT YOU'LL LOVE US!
Hey there! 
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.
Try What the Tech -- It's free!
PC infected by malware
Started by
kam
, Jun 17 2006 12:49 AM
-
This topic is locked
7 replies to this topic
#1
kam
-
- New Member
-
- 4 posts
New Member
Posted 17 June 2006 - 12:49 AM
Register to Remove
#2
pskelley
-
- Authentic Member
-
- 3,879 posts
R.I.P Always in our hearts
- Interests:Computers, fishing, biking, basketball, travel
Posted 18 June 2006 - 02:56 PM
Hello and welcome to TomCoyote forum. I don't see a lot in this HJT log, but I do see two antivirus programs running at the same time. See what Symantec has to say about that:
http://service1.syma...000031316555206 and Microsoft:
"Microsoft recommends that you have only one anti-virus program installed on your computer."
So many issues can be caused by the conflictions as these programs run at the same time it is impossible to troubleshoot other issues. I suggest you uninstall one of them completely, then if you are still having issues, post a new HJT log and I will take a look.
This information may also help once you have removed one of the av programs:
http://www.microsoft...s/IEtopten.mspx
http://vlaurie.com/c...s/runbetter.htm
http://www.linkgrind...rs_article.html
http://www.techbuild...ecipes/59201471
Thanks...pskelley
TomCoyote forum
Expert Member
http://service1.syma...000031316555206 and Microsoft:
"Microsoft recommends that you have only one anti-virus program installed on your computer."
So many issues can be caused by the conflictions as these programs run at the same time it is impossible to troubleshoot other issues. I suggest you uninstall one of them completely, then if you are still having issues, post a new HJT log and I will take a look.
This information may also help once you have removed one of the av programs:
http://www.microsoft...s/IEtopten.mspx
http://vlaurie.com/c...s/runbetter.htm
http://www.linkgrind...rs_article.html
http://www.techbuild...ecipes/59201471
Thanks...pskelley
TomCoyote forum
Expert Member
MS-MVP Windows Security 2007-8-9 Proud Member ASAP UNITE Member 2006
#3
kam
-
- New Member
-
- 4 posts
New Member
Posted 19 June 2006 - 06:26 AM
Thanks pskelley for your advice.
Shall do as you advised pronto and generate another log. Your reply was very timely because I was feeling quite ignored, wondering whether I did anything wrong. Novice in forum. Forced to this extremity by badly-infected PC.
Thanks again.
Kam
#4
kam
-
- New Member
-
- 4 posts
New Member
Posted 19 June 2006 - 10:26 AM
Dear pskelley,
Previously had AVG Antivirus and McAfee Antispyware installed. I suppose McAfee Antispyware could count as another antivirus program. I have therefore uninstalled it leaving AVG Antivirus alone on my PC.
But my problem still persists. When I try to access my usual websites, I very often get "Server not found" of "The connection timed out" messages. I then have to disconnect from the Internet, reconnect again and hope that the problem does not recur. I sometime have to disconnect and disconnect several times before I can successfully surf the Web. Sometimes it starts OK but after 10 t0 15 minutes, I get the foregoing messages nad have to give up totally.
Please refer to the new HijackThis log below. THis after unistalling McAfee Antispyware.
Logfile of HijackThis v1.99.1
Scan saved at 11:57:39 PM, on 19-Jun-06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\system32\UStorSrv.exe
D:\WINDOWS\system32\Rundll32.exe
D:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
D:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\QuickTime\qttask.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\DOCUME~1\b\LOCALS~1\Temp\2006619235018_mcinfo.exe
D:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Broderbund\Mavis Beacon Teaches Typing Deluxe 15\minimavis.exe
D:\Program Files\HijackThis\HijackThis.exe
F3 - REG:win.ini: run=
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] D:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [msci] D:\DOCUME~1\b\LOCALS~1\Temp\2006619235018_mcinfo.exe /insfin
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = D:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Personal Coach.lnk = ?
O4 - Global Startup: Event Reminder.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: UStorage Server Service - OTi - D:\WINDOWS\system32\UStorSrv.exe
CAN YOU HELP, PSKELLEY OR ANYONE ELSE? NEVER HAD SUCH A PROBLEM IN ALMOST A DECADE OF SURFING!
THANKS VERY MUCH IN ADVANCE.
Kam
#5
pskelley
-
- Authentic Member
-
- 3,879 posts
R.I.P Always in our hearts
- Interests:Computers, fishing, biking, basketball, travel
Posted 19 June 2006 - 11:51 AM
The problem is to many logs and not enough volunteers to helpYour reply was very timely because I was feeling quite ignored, wondering whether I did anything wrong. Novice in forum
Let's discuss McAfee/Ave first. If I had only seen this:
d:\progra~1\mcafee\mcafee antispyware\massrv.exe I would not have mentioned it because the antispyware program should not have caused issues with AVG antivirus. I was however seeing this:
d:\program files\mcafee.com\agent\mcdetect.exe
d:\PROGRA~1\mcafee.com\agent\mctskshd.exe
D:\PROGRA~1\mcafee.com\agent\mcagent.exe
D:\progra~1\mcafee\MCAFEE~1\masalert.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - d:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - d:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - D:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
and that sure looked like two antivirus programs running to me. I can see no reason why you can't run the McAfee Antispyware program if you wish.
I believe you should contact your ISP and ask them to check, to make sure your settings are right because that could be your problem. The kind of issues you describe are usually ISP related.
Make sure you review this information in case it have something to do with your browser:
http://www.microsoft...s/IEtopten.mspx
I would also like you to run system file checker to make sure a corrupt or mising file is not the problem, make sure you have your Windows CD handy in case you are asked for it.
Click Start > Run, type in sfc /scannow, hit Enter.
Note: there is a space between sfc and /scannow
This should replace any corrupted/missing system files and will hopefully fix things.
You still have a couple of items in a TEMP folder that look like McAfee, lets do a good cleaning and remove those items unless you can see a reason for them.
ewido scan:
Please download Ewido Security Suite it is a trial version of the program.
- Install ewido security suite
- Launch ewido, there should be an icon on your desktop double-click it.
- The program will now go to the main screen
- On the left hand side of the main screen click update
- Then click on Start Update
If you are having problems with the updater, you can use this link to manually update Ewido.
Ewido manual updates
Once the updates are installed do the following:
- Click on scanner
- Click on Complete System Scan and the scan will begin.
- NOTE: During some scans with ewido it is finding cases of false positives.**
- You will need to step through the process of cleaning files one-by-one.
- If ewido detects a file you KNOW to be legitimate, select none as the action.
- DO NOT select "Perform action on all infections"
- If you are unsure of any entry found select none for now.
- Once the scan has completed, there will be a button located on the bottom of the screen named Save report
- Click Save report.
- Save the report .txt file to your desktop.
**(Ewido for example has been flagging parts of AVG Anti-Virus, pcAnywhere and the game "Risk")
Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:
F3 - REG:win.ini: run=
O4 - HKLM\..\Run: [msci] D:\DOCUME~1\b\LOCALS~1\Temp\2006619235018_mcinfo.exe /insfin
Close all programs but HJT and all browser windows, then click on "Fix Checked"
Enable hidden files&folders..reverse the process when finished.
http://www.xtra.co.n...1916458,00.html
RIGHT Click on Start then click on Explore. Locate and delete these items:
D:\DOCUMENTS & Settings~1\b\LOCALS~1\Temp\2006619235018_mcinfo.exe <<< delete everything in that TEMP folder (not the folder)
C:\Windows\Prefetch\ >>> delete the contents (NOT THE FOLDER)
Prefetch info: http://www.windowsne...refetch-XP.html
Download CCleaner from this link: http://www.ccleaner.com/ Review the instructions http://www.ccleaner.com/help/tour1.asp
Run CCleaner, Windows & Applications when you run the registry cleaner (Issues) you will be prompted to backup before you can remove stuff, make sure you do.
Restart the computer and post the ewido scan results and a new HJT log. My gut feeling is this is an issue with your Service Provider or your Browser. Please let me know about any changes in performance when you try the suggestions posted above. Your ISP given the information about the problem, should be able to check to see if there is a problem with your settings. I see no malware, and this cleaning can not hurt.
Thanks...Phil
Edited by pskelley, 19 June 2006 - 11:54 AM.
MS-MVP Windows Security 2007-8-9 Proud Member ASAP UNITE Member 2006
#6
kam
-
- New Member
-
- 4 posts
New Member
Posted 20 June 2006 - 11:25 AM
Thanks very much pskelley/Phil for the enormous trouble you have taken over my log. I am really taken aback by the lengths you gone and the time you must have spent to help a complete stranger! I am really grateful!!!!!
I shall implement your advice as soon as I have some spare time. I have a heavy workload presently. I have to go real slow because I am a relative novice at this. I regard the Registry and toying with it with real dread.
Once again, my sincere thanks and gratitude for your assistance to a stranger.
Kam
#7
pskelley
-
- Authentic Member
-
- 3,879 posts
R.I.P Always in our hearts
- Interests:Computers, fishing, biking, basketball, travel
Posted 22 June 2006 - 01:58 PM
Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
http://boards.cexx.o...topic.php?t=957
http://russelltexas....re/allclear.htm
http://forum.malware...wtopic.php?t=14
http://www.bleepingc...topict2520.html
http://cybercoyote.o...not-admin.shtml
Thanks...pskelley
http://boards.cexx.o...topic.php?t=957
http://russelltexas....re/allclear.htm
http://forum.malware...wtopic.php?t=14
http://www.bleepingc...topict2520.html
http://cybercoyote.o...not-admin.shtml
Thanks...pskelley
MS-MVP Windows Security 2007-8-9 Proud Member ASAP UNITE Member 2006
#8
pskelley
-
- Authentic Member
-
- 3,879 posts
R.I.P Always in our hearts
- Interests:Computers, fishing, biking, basketball, travel
Posted 22 June 2006 - 01:58 PM
Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.
Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.
Coyote's Installed programs for prevention:
http://forums.tomcoy...showtopic=31418
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.
Visit the CoyoteStore http://TomCoyote.org/coyotestore.php
Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.
Coyote's Installed programs for prevention:
http://forums.tomcoy...showtopic=31418
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.
Visit the CoyoteStore http://TomCoyote.org/coyotestore.php
MS-MVP Windows Security 2007-8-9 Proud Member ASAP UNITE Member 2006
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
