Thread: Help My Diseased Computer!
View Single Post
Old 07-10-2005, 07:38 AM   #1 (permalink)
PaperTiger
Registered User
 
Join Date: Jul 2005
Posts: 4
OS: WinXP


Help My Diseased Computer!
Hi. My ever-helpful McAfee has been continually notifying me that it's located and deleted a virus in my Windows System32 files. Seeing as I get this message nearly every time I start up my computer, I suspect McAfee is lying to me, at least about deleting the virus. So I'm turning to you guys for help. Below is my logfile. Any assistance you can provide me would be greatly appreciated.

Thanks,
Nick.


Logfile of HijackThis v1.99.1
Scan saved at 7:34:27 AM, on 7/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.exe
c:\windows\system32\xcrxyj.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-ca\msnappau.exe
C:\Program Files\Common Files\Microsoft Shared\Works

Shared\WkUFind.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\Microsoft Shared\Works

Shared\wkcalrem.exe
C:\PROGRA~1\COMMON~1\AOL\110531~1\EE\AOLHOS~1.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\COMMON~1\AOL\110531~1\EE\AOLServiceHost.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Network Associates\Common

Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\NICKPR~1\LOCALS~1\Temp\Temporary Directory 2 for

hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://dellnet.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://start.shaw.ca
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant

= http://start.shaw.ca/start/enca/addons/search/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant

= about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch

= about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =

Microsoft Internet Explorer provided by Shaw Internet
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} -

C:\WINDOWS\systb.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

- C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program

Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -

C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-ca\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -

C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-ca\msntb.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no

file)
O4 - HKLM\..\Run: [SynTPLpr] C:\Program

Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program

Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network

Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [satmat] C:\WINDOWS\satmat.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common

Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD

Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD

Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program

Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1

\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [Network Associates Error Reporting Service]

"C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN

Apps\Updater\01.02.3000.1001\en-ca\msnappau.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program

Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network

Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common

Files\AOL\1105310569\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32

\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6

"USB002" /M "Stylus CX5400"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [DadApp] C:\Program

Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [conscorr] C:\WINDOWS\conscorr.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI

Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common

Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [ikkfaso] c:\windows\system32\xcrxyj.exe r
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft

Money\System\Money Express.exe"
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program

Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}

- C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-

BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683}

- file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350

\scri350a.htm (file missing) (HKCU)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus

scanner) -

http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI

Utility Class) -

http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online -

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America

Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0

\aoltsmon.exe
O23 - Service: Ati HotKey Poller - Unknown owner -

C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -

C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network

Associates, Inc. - C:\Program Files\Network Associates\Common

Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network

Associates, Inc. - C:\Program Files\Network

Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) -

Network Associates, Inc. - C:\Program Files\Network

Associates\VirusScan\VsTskMgr.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner -

C:\WINDOWS\svcproc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation -

C:\Program Files\Common Files\Symantec Shared\Security

Center\SymWSC.exe
PaperTiger is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here