Tech Support Forum banner
Cancel

Help Removing Trojans: New Malware.j / Generic Downloader.f / Downloader-AYL

Jump to Latest Follow
Status
Not open for further replies.
1 - 15 of 15 Posts
P

· Registered
Joined
·
119 Posts
Discussion Starter · #1 ·
First of all would like to say hi to everyone at Tech Support!

Have been referred to this while using McAfeeHelp, my system is infected with New Malware.j / Generic Downloader.f & Downloader-AYL.

Every time i start my browser, McAfee pops with messages of files infected by the above. It is able to delete files infected by Generic Downloader.f & Downloader-AYL but no the ones by New Malware.j. My system's 'TASK MANAGER' is not working. I get a message that 'Task Manager has been disabled by your administrator'.

Have tried scanning with Spyware Doctor 2.0.1.143 & Ad-Aware SE Personal but of no help. Reading the previous threads, have downloaded HijackThis. Kindly assist, find below the log file of HijackThis.

Logfile of HijackThis v1.99.1
Scan saved at 2:35:07 PM, on 1/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\kernels88.exe
C:\PROGRA~1\MI3AA1~1\wcescomm.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Avant Browser\avant.exe
E:\Softwares\Antispam & Antivirus\HijackThis 1.99.1\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/accounts/Serv...26zy=l&hl=en
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.cyberlink.com.tw/registra...HADHA&Lang=Enu
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\kernels88.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Open In New Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://amiuptodate.mcafee.com/vsc/bi...datePortal.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD4B7F0B-44D4-4F50-A507-7EBD959D9244}: NameServer = 202.56.215.55 202.56.215.54
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe


As i said earlier, this is my first post, in case i have missed out something, please let me know. Looking forward for an early resolution.
 
F

· Registered
Joined
·
2,337 Posts
#2 ·
Hello parry, and welcome to TSF


Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools,
then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.


Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding.
Please ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this
webpage would not be available when you're carrying out the fix.


IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.

----------------------------------------

The fixes we will use are specific to your problems and should only be used for this issue on this machine.

Please only use this topic to reply to. Do not start another thread.
If any other issues arise let me know.

The process is not instant. Please continue to review my answers until I tell you your machine is clear.
Absence of symptoms does not mean that everything is clear. So lets do this to the end!

Please make every effort to reply to my posts in a timely manner. Malware breeds malware and the longer an infection remains on a system, the more
likely additional infections will result.

----------------------------------------

DOWNLOADS


CLEANUP! version 4.52 – TEMP FILE CLEANING


Please download Cleanup! and install it. You will use this later.

Alternative link Cleanup Alt


*NOTE* Cleanup deletes EVERYTHING out of temporary folders and does not make backups.



AVG Anti-Spyware 7.5



Please download AVG Anti Spyware

Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows"





  1. Install AVG Anti-Spyware 7.5.
  2. Double-click the icon on Desktop to launch AVG A-S 7.5
  3. On the top of the main screen click Shield
  4. Click the word active to change it to inactive
  5. On the top of the main screen click Update.
  6. Then click on Start Update. The update will start and a progress bar will show the updates being installed.
  7. I also recommend changing the "Update interval" to something more reasonable like 12 hours.


SDFix

Download SDFix and save it to your desktop.

We will use this later.

----------------------------------------

SAFE MODE RE-BOOT

Please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
5) Login with your usual account. Make sure to close any open browsers.

----------------------------------------

SDFix

  • Right click the SDFix.zip folder and choose Extract All,
  • Open the extracted folder and double click RunThis.bat to start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the contents of the results file
    Report.txt back onto the forum with a new HijackThis log

----------------------------------------

RUNNING SCANNERS


Cleanup

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:

Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files (if present)
  • Cleanup! All Users
  • Click on the Temporary Files tab and uncheck the box for Scan drives for files matching if it’s checked.
Click OK
Press the CleanUp! button to start the program and DO NOT reboot when prompted.


AVG Anti-Spyware 7.5

  • Run AVG A-s with it's updated definitions: (...it's important that all windows must be closed)
    This scan can take quite a while to run, so be prepared.
  • Click Scanner
  • Click on the Scan tab
  • Click Complete System Scan to begin scanning.


  • When the scan is complete click Recommended Action and change it to Quarantine (1),
  • If not click Recommended Action and choose Quarantine from the popup menu. (2)
  • At the bottom of the window click on the Apply all Actions button. (3)

When done, click the Save Scan Report button. (4) then click Save Report As and save it to your desktop.

IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.



Note: DO NOT USE the computer while AVG A/S is scanning. If Explorer or the Control Panel are opened some malware types will
reinfect your system or will not be cleaned properly.

----------------------------------------

SYSTEM RE-BOOT

Reboot into Normal Mode.

----------------------------------------


ON-LINE SCANS

Perform an online scan with Internet Explorer with Panda ActiveScan

  1. Click on
    located at the bottom of the page.
  2. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
  3. Enter your e-mail address, country, and state & click "Free Online Scan" * The download of the 8 MB Panda's ActiveX control will take place *

Begin the scan by selecting

  • If it finds any malware, it will offer you a report.
  • Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
  • Click on
    then click

* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

----------------------------------------

FOLLOW-UP

Please return and post these items in the order listed:

SDFix log
AVG A/S
Panda scan
A new HJT log run in Normal Mode

Please note: In order to properly see what is on your system, all HJT logs must be run in the normal mode

Please let me know how your system is behaving.
 
P

· Registered
Joined
·
119 Posts
Discussion Starter · #4 ·
Scan Log/Results

Hi fredmh,

  • Was able to complete with SDFix, CleanUp & AVG A/S.
  • Task Manager was working.
  • Did not get any pop messages on opening the browser.

But when i started Panda Activescan, faced the following issues:
i) It took about 30-40 minutes to download & install Panda's ActiveX
ii) After it got installed, it went ahead with the updation process & it took more than 3 hrs to update just 75% and then to my bad luck there was a power failure. As a result when i restarted my system it again went for updation. Hence i stopped as it restarted from 0%.

Please confirm whether the above are normal or there's something wrong?
Kindly assist further & also please inform that currently am using the following protections on my system, what else should i install for enhanced protection:

1) McAfee Virus Scan 10.0
2) Spyware Doctor
3) Ad-Aware SE Personal

Find below the log/results for SDFix, AVG A/S & HJT:

I. SDFix Log

----------------------------
SDFix: Version 1.58

Sun 01/14/2007 - 12:42:12.59

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:

Checking Services:

Name:


Path:



Restoring Windows Registry Entries
Restoring Default Hosts File

Rebooting

Normal Mode:

Checking Files:


Files will be copied to Backups folder then removed:

C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDUI.EXE - Deleted
C:\WINDOWS\system32\dlh9jkd1q1.exe - Deleted
C:\WINDOWS\system32\dlh9jkd1q8.exe - Deleted
C:\WINDOWS\system32\kernels88.exe - Deleted

Could Not Remove C:\PROGRA~1\GRISOFT\AVGANT~1.5\GUARD.EXE !


Alternate Stream Check:

C:\WINDOWS\system32
No streams found.
Final Check:

Remaining Services:
------------------


Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
"D:\\Tally\\tally72.exe"="D:\\Tally\\tally72.exe:*:Enabled:tally72"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Avant Browser\\avant.exe"="C:\\Program Files\\Avant Browser\\avant.exe:*:Enabled:Avant Browser"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"


Remaining Files:
---------------
C:\PROGRA~1\GRISOFT\AVGANT~1.5\GUARD.EXE

Backups Folder: - C:\SDFix\backups\backups.zip

Listing Files with hidden attributes:

C:\NTDETECT.COM
C:\WINDOWS\system32\cdplayer.exe.manifest
C:\WINDOWS\system32\logonui.exe.manifest
C:\IO.SYS
C:\MSDOS.SYS
C:\pagefile.sys

Finished

----------------------------

II. AVG A/S Log

----------------------------

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 1:08:00 PM 1/14/2007

+ Scan result:



C:\SDFix\backups\backups.zip/backups/kernels88.exe -> Downloader.Small.dam : Cleaned with backup (quarantined).
C:\SDFix\backups\backups.zip/backups/dlh9jkd1q1.exe -> Hijacker.Small.ja : Cleaned with backup (quarantined).


::Report end


----------------------------

III. HJT Log

----------------------------

Logfile of HijackThis v1.99.1
Scan saved at 4:23:00 PM, on 1/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\MI3AA1~1\wcescomm.exe
C:\Program Files\Spyware Doctor\spydoctor.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/accounts/Ser...ttp://mail.google.com/mail?ui=html&zy=l&hl=en
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.cyberlink.com.tw/registr...UTOMOBILE_TRADERS&FName=DHRUV_CHADHA&Lang=Enu
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://amiuptodate.mcafee.com/vsc/bin/2,0,0,0/McUpdatePortal.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD4B7F0B-44D4-4F50-A507-7EBD959D9244}: NameServer = 202.56.215.55 202.56.215.54
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

----------------------------
 
P

· Registered
Joined
·
119 Posts
Discussion Starter · #5 ·
Panda ActiveScan Report

Hi fredmh,

Restarted my system, tried running ActiveScan & this time it was thru with the installation & updation process in 10 mins.
Find below the scan report:

-------------------------------------
Incident Status Location

Adware:adware/adsmart Not disinfected c:\windows\system32\vx.tll
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\DHRUV CHADHA\Cookies\dhruv [email protected][2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\DHRUV CHADHA\Cookies\dhruv [email protected][2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\DHRUV CHADHA\Cookies\dhruv [email protected][1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\DHRUV CHADHA\Desktop\SDFix.zip[SDFix.exe][SDFix\apps\Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\SDFix\apps\Process.exe
Virus:Trj/Downloader.KNM Disinfected C:\SDFix\backups\backups.zip[backups/dlh9jkd1q1.exe]
Adware:Adware/SecurityError Not disinfected C:\SDFix\backups\backups.zip[backups/kernels88.exe]
Potentially unwanted tool:Application/Processor Not disinfected E:\Softwares\Antispam & Antivirus\SDFix.zip[SDFix.exe][SDFix\apps\Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected E:\Softwares\Antispam & Antivirus\SDFix\SDFix.exe[SDFix\apps\Process.exe]

-------------------------------------

Kindly assist further action!
 
F

· Registered
Joined
·
2,337 Posts
#6 ·
We got the major infection and the logs are looking good. Just a couple of items left.

----------------------------------------

Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist.

c:\windows\system32\vx.tll


If the file resists deletion, boot to Safe Mode and delete

----------------------------------------


ComboFix



1. Download this file - You MUST save it to your desktop

COMBOFIX




2. Double click combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that log in your next reply c:\combofix.txt

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
 
P

· Registered
Joined
·
119 Posts
Discussion Starter · #7 ·
Hi Fredmh,

Thanx for your support …

Kindly assist:
1) After I deleted the vx.tll file in safe mode, the system restarted & it did not appear in the recycle bin.
2) You had asked to delete Folders indicated in BLUE, pls clarify.
3) Should I uninstall or remove SDFix now ?
4) AVG A/S is trial version, should I uninstall it too or let it be?
5) In case in need to keep AVG, should activate the ‘Resident Shield’?
6) I have installed AD-Aware SE personal & Spyware Doctor are they good & worth or should I uninstall them?
7) Earlier I had uninstalled Norton Internet Security, the Symantec & NIS Folders still persist in the program files, should they remain?
8) How often should I run ‘CleanUp!’?
9) Do I need to install any other softwares for extra protection?
10) Any other advice/ support to keep my system running in a good condition?

Find below the log for Combofix:

"DHRUV CHADHA" - 07-01-16 14:45:31 Service Pack 2
ComboFix 07-01-16 - Running from: "C:\Documents and Settings\DHRUV CHADHA\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-12-16 to 2007-01-16 ))))))))))))))))))))))))))))))))))


2007-01-14 13:38 <DIR> d-------- C:\Program Files\Hijackthis
2007-01-14 13:15 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-01-14 12:40 <DIR> d-------- C:\SDFix
2007-01-14 12:30 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-01-14 12:30 <DIR> d-------- C:\Program Files\Grisoft
2007-01-13 17:05 <DIR> d-------- C:\sdat
2007-01-13 16:46 13,429,148 --a------ C:\sdat4938.exe
2007-01-13 12:40 <DIR> d-------- C:\WINDOWS\pss
2007-01-12 16:10 <DIR> d-------- C:\Program Files\Lavasoft
2007-01-12 16:10 <DIR> d-------- C:\DOCUME~1\DHRUVC~1\Application Data\Lavasoft
2007-01-12 16:03 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-01-09 18:13 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-01-09 17:58 30,592 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2007-01-09 17:58 12,800 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
2007-01-09 17:57 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-01-06 14:00 <DIR> d-------- C:\Program Files\WIDCOMM
2007-01-06 12:57 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2007-01-06 12:57 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2007-01-06 12:57 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2007-01-06 12:57 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2007-01-06 12:57 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2007-01-06 12:57 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
2007-01-06 11:56 38,016 --a------ C:\WINDOWS\system32\drivers\bthmodem.sys
2007-01-06 11:52 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2007-01-06 11:48 <DIR> d-------- C:\DOCUME~1\DHRUVC~1\Bluetooth Software
2007-01-06 11:47 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-01-06 11:47 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2007-01-06 11:47 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2007-01-06 11:47 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2007-01-06 11:46 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-01-06 11:46 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-01-06 11:46 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-01-06 11:46 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-01-06 11:44 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2007-01-06 11:44 59,648 --a------ C:\WINDOWS\system32\drivers\rfcomm.sys
2007-01-06 11:44 274,304 --a------ C:\WINDOWS\system32\drivers\bthport.sys
2007-01-06 11:44 27,136 --a------ C:\WINDOWS\system32\irmon.dll
2007-01-06 11:44 18,944 --a------ C:\WINDOWS\system32\drivers\BTHUSB.SYS
2007-01-06 11:44 17,024 --a------ C:\WINDOWS\system32\drivers\BthEnum.sys
2007-01-06 11:44 152,576 --a------ C:\WINDOWS\system32\irftp.exe
2007-01-06 11:44 100,992 --a------ C:\WINDOWS\system32\drivers\bthpan.sys
2006-12-21 16:54 731 --a------ C:\WINDOWS\F.BAT
2006-12-21 16:51 <DIR> d--h----- C:\WINDOWS\PIF
2006-12-21 16:49 6,042 --a------ C:\WINDOWS\LIST.COM
2006-12-21 16:49 42,166 --a------ C:\WINDOWS\PKZIP.EXE
2006-12-21 16:49 32,375 --a------ C:\WINDOWS\NE.COM
2006-12-21 16:49 29,378 --a------ C:\WINDOWS\PKUNZIP.EXE
2006-12-21 16:49 247,808 --a------ C:\WINDOWS\FOX.EXE
2006-12-21 16:49 23 --a------ C:\WINDOWS\CONFIG.SYS
2006-12-21 16:49 213 --a------ C:\WINDOWS\AUTOEXEC.BAT
2006-12-21 16:49 122 --a------ C:\WINDOWS\SCREEN.COM
2006-12-21 13:40 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2006-12-21 13:40 <DIR> d-------- C:\DOCUME~1\SKCHAD~1\Application Data\PC Suite
2006-12-21 13:40 <DIR> d-------- C:\DOCUME~1\SKCHAD~1\Application Data\Adobe
2006-12-16 16:51 <DIR> d-------- C:\DOCUME~1\DHRUVC~1\Phone Browser
2006-12-16 16:51 <DIR> d-------- C:\DOCUME~1\DHRUVC~1\Application Data\Datalayer
2006-12-16 16:46 <DIR> d-------- C:\DOCUME~1\DHRUVC~1\Application Data\Nokia


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-16 12:50 -------- d-------- C:\Program Files\microsoft intellitype pro
2007-01-16 12:50 -------- d-------- C:\Program Files\microsoft intellipoint
2007-01-16 12:50 -------- d-------- C:\Program Files\microsoft activesync
2007-01-16 12:48 -------- d-------- C:\Program Files\avant browser
2007-01-09 18:03 -------- d---s---- C:\DOCUME~1\DHRUVC~1\Application Data\microsoft
2007-01-09 18:01 2508 --a------ C:\DOCUME~1\DHRUVC~1\Application Data\$_hpcst$.hpc
2006-12-21 16:51 23 --a------ C:\CONFIG.SYS
2006-12-21 16:50 19 --a------ C:\AUTOEXEC.BAT
2006-12-14 17:37 -------- d-------- C:\DOCUME~1\DHRUVC~1\Application Data\macromedia
2006-12-14 12:49 -------- d-------- C:\Program Files\mcafee.com
2006-12-14 12:45 -------- d-------- C:\Program Files\Common Files\symantec shared
2006-12-14 12:41 -------- d-------- C:\Program Files\symantec
2006-12-14 12:28 -------- d-------- C:\Program Files\norton internet security
2006-12-14 12:24 -------- d-------- C:\DOCUME~1\DHRUVC~1\Application Data\adobe
2006-12-14 11:31 -------- d-------- C:\Program Files\difx
2006-12-14 11:31 -------- d-------- C:\DOCUME~1\DHRUVC~1\Application Data\pc suite
2006-12-14 11:30 -------- d-------- C:\Program Files\nokia
2006-12-14 11:30 -------- d-------- C:\Program Files\Common Files\pcsuite
2006-12-14 11:30 -------- d-------- C:\Program Files\Common Files\nokia
2006-12-14 11:27 -------- d-------- C:\DOCUME~1\DHRUVC~1\Application Data\corel
2006-12-14 11:18 -------- d--h----- C:\Program Files\installshield installation information
2006-12-14 11:16 -------- d-------- C:\Program Files\corel
2006-12-14 11:16 -------- d-------- C:\Program Files\Common Files\corel
2006-12-14 11:15 -------- d-------- C:\Program Files\Common Files\installshield
2006-12-13 22:48 -------- d-------- C:\Program Files\Common Files\speechengines
2006-12-13 22:48 -------- d-------- C:\Program Files\Common Files\odbc
2006-12-13 22:47 62 --ahs---- C:\DOCUME~1\DHRUVC~1\Application Data\desktop.ini
2006-12-13 18:59 -------- d-------- C:\DOCUME~1\DHRUVC~1\Application Data\sun
2006-12-13 18:58 -------- d-------- C:\Program Files\java
2006-12-13 18:51 -------- d-------- C:\Program Files\Common Files\java
2006-12-13 18:48 -------- d-------- C:\Program Files\msn messenger
2006-12-13 18:41 -------- d-------- C:\DOCUME~1\DHRUVC~1\Application Data\avant profiles
2006-12-13 18:35 -------- d-------- C:\Program Files\Common Files\adobe
2006-12-13 18:28 -------- d-------- C:\Program Files\microsoft.net
2006-12-13 17:57 -------- d-------- C:\Program Files\cyberlink
2006-12-13 17:56 -------- d-------- C:\Program Files\Common Files\nero
2006-12-13 17:55 -------- d-------- C:\Program Files\Common Files\ahead
2006-12-13 17:55 -------- d-------- C:\Program Files\ahead
2006-12-13 17:53 -------- d-------- C:\Program Files\realtek
2006-12-13 17:30 -------- d-------- C:\DOCUME~1\DHRUVC~1\Application Data\identities
2006-12-13 17:26 0 -rahs---- C:\MSDOS.SYS
2006-12-13 17:26 0 -rahs---- C:\IO.SYS
2006-12-13 17:26 -------- d-------- C:\Program Files\microsoft frontpage
2006-12-13 17:24 -------- d--h----- C:\Program Files\windowsupdate
2006-12-13 17:24 -------- d-------- C:\Program Files\online services
2006-12-13 17:24 -------- d-------- C:\Program Files\movie maker
2006-12-13 17:24 -------- d-------- C:\Program Files\Common Files\mssoap
2006-12-13 17:22 -------- d-------- C:\Program Files\windows nt
2006-12-13 17:22 -------- d-------- C:\Program Files\msn gaming zone
2006-12-13 17:22 -------- d-------- C:\Program Files\messenger


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"H/PC Connection Agent"="\"C:\\PROGRA~1\\MI3AA1~1\\wcescomm.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe"
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"SoundMan"="SOUNDMAN.EXE"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"type32"="\"C:\\Program Files\\Microsoft IntelliType Pro\\type32.exe\""
"IntelliPoint"="\"C:\\Program Files\\Microsoft IntelliPoint\\point32.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"CoolSwitch"="C:\\WINDOWS\\system32\\taskswitch.exe"
"PCSuiteTrayApplication"="C:\\PROGRA~1\\Nokia\\NOKIAP~1\\LAUNCH~1.EXE -startup"
"VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"VirusScan Online"="C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe"
"OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AGRSMMSG"
"hkey"="HKLM"
"command"="AGRSMMSG.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ALCMTR"
"hkey"="HKLM"
"command"="ALCMTR.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ALCWZRD"
"hkey"="HKLM"
"command"="ALCWZRD.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0


Completion time: 07-01-16 14:46:25
 
F

· Registered
Joined
·
2,337 Posts
#8 ·
I'll answer your questions first and post again after reviewing your CF Log:

1 - As long as you deleted it, you're fine.
2 - I didn't list any folders for deletion, just the file
3 - You can uninstall SDFix. We won't need it any longer.
4 - You can keep it for the trial period. It's a very good program.
5 - Activate the resident shield
6 - Again, two very good programs. Just make sure yu keep them updated.
7 - Norton needs to be uninstalled with a Norton tool. I'll give you the link.
8 - That's debatable. Some people run it every day, others every week or so. That's up to you.
9 - I'll include some information for you when we're done cleaning, a closing speach.
10- Same




NORTON REMOVAL TOOL
 
F

· Registered
Joined
·
2,337 Posts
#9 ·
Your logs are now clean. Please complete the next "housekeeping" steps and read through the information below.


----------------------------------------

Windows XP - Reset Hidden Files


  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Deselect the Show hidden files and folders option.
  • Select the Hide file extensions for known types option.
  • Select the Hide protected operating system files option.
  • Click Yes to confirm.
  • Click OK.

----------------------------------------

Clean-out and Reset System Restore

This will clean out any junk or malicious files left behind in System Restore

  • To turn off System Restore click Start > Right Click My Computer > Properties.
  • Click the System Restore tab and Check
  • "Turn off System Restore" or "Turn off System Restore on all drives" Click Apply.
  • When turning off System Restore, the existing restore points will be deleted. Click Yes to do this then Click OK.

  • Turn on System Restore by Clicking Start. Right-click My Computer, and then click Properties.
  • Click the System Restore tab. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives."
  • Click Apply, and then OK.

This will create a new Restore Point.

----------------------------------------

RE-ENABLE ANTI-SPYWARE APPLICATIONS

If you were instructed to dis-able Anti-spyware applications during this fix, you may re-enable them

----------------------------------------

Please read through the following information to help protect your computer in the future.


KEEP YOUR OPERATING SYSTEM UPDATED

Please ensure that you have already patched your system against the recent WMF exploit. Go to this page to get the KB912919 patch

MICROSOFT UPDATES

It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser
up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft
and download all the critical updates to help prevent possible re-infection.


ENABLE WINDOWS AUTO UPDATE

Go to Start>Run - type wuaucpl.cpl
tick on the checkbox - "Keep my computer up to date"
Under settings, choose "Automatically download the updates, and install them on the schedule that I specify".
Click on "OK".


ENABLE WINDOWS AUTO UPDATE

From within Internet Explorer click on the Tools menu and then click on Internet Options.
  • Select the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Select Custom Level .
      • Change 'Download signed ActiveX controls' to Prompt
      • Change 'Download unsigned ActiveX controls' to Disable
      • Change 'Initialize and script ActiveX controls not marked as safe' to Disable
      • Change 'Installation of desktop items' to Prompt
      • Change 'Launching programs and files in an IFRAME' to Prompt
      • Change 'Navigate sub-frames across different domains' to Prompt
      • When all these changes have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Select OK to exit the Internet Properties page.



TOOLS TO HELP KEEP YOUR SYSTEM CLEAN

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:

SpywareBlaster to help prevent spyware from installing in the first place.
  • Install & update SpywareBlaster with the latest definitions.
  • After you have updated, click the button - enable protection for all unprotected items


SpywareGuard to catch and block spyware before it can execute.


SPYBOT - SEARCH & DESTROY Download and install Spybot - Search & Destroy with its
TeaTimer option.
This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with
the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here


AD-AWARE Download and install Ad-Aware. You should use this program to scan
your computer on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product
can be found here


IE-SPYAD IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • Download IE-SpyAD - Extract the contents to a new folder
  • From within the folder, double-click install.bat
  • Select Option #2 - Install the new IE-SPYAD list.
  • Then return to the main menu.
  • Select option #4 - Add the old porn sites domain

A tutorial for IE-SPYAD can be found here


MVPS HOST FILE The MVPS Hosts file replaces your current HOSTS file
with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to
those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.

  • Download Host.zip to your desktop.
  • From your Desktop right-click (hosts.zip) and select:
    Extract All from the menu.
  • Click Next, click Next, select the option:
    "Show Extracted files"
  • Click Finish

This will open the newly created hosts folder on your Desktop.

Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated
HOSTS file to the correct location on your machine.


MCAFEE SITE ADVISOR SITE ADVISOR is a free IE plug-in (also suport for Firefox browser)
which is used in conjunction with the Google search engine. It advises which web sites are considered safe and which sites could pose a problem.
It also shows what problems were encountered with each site, such as malicious downloads, spam, and related links.


ANTI-VIRUS AND FIREWALL PROGRAMS


ANTIVIRUS SOFTWARE It is very important that you have anti-virus software running on your machine.
This alone can save you a lot of trouble with malware in the future.
See this link for a listing of some online antivirus scanners: Anti-Spyware Tutorial

Here are some very good free Antivirus products which are available:




If you do not have a firewall, here are 4 free ones available for personal use:

Understanding and Using Firewalls



INFORMATIONAL READING


In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles:




Please respond one more time and let me know you received this post so it can be marked resolved



If you feel that we have helped you, please help us keep this site free for all. Please visit our DONATION PAGE.
 
P

· Registered
Joined
·
119 Posts
Discussion Starter · #10 ·
Hi Fredmh,

1) Am done with the following:
  • Windows XP - Reset Hidden Files
  • Clean-out and Reset System Restore
  • RE-ENABLE ANTI-SPYWARE APPLICATIONS

2) I used the NRT, it removed NIS from Add/Remove Programs but the folder still exists in the program files. Should I delete it manually?

3) To uninstall SDFix, do i have delete the folder in C: manually, as it is not showing in Add/Remove Programs?

4) By activating the 'Resident Shield' in AVG, will it effect my internet speed?

5) I have stopped Spyware Doctor from running at windows startup, i guess it was making the system slow, is it true???

6) My OS in not original, should i activate windows update???

7) Is it okay & harmless installing different spyware removal programs?

8) I was asking about the deleting the Blue folders per your following instruction:

fredmh said:
We got the major infection and the logs are looking good. Just a couple of items left.

----------------------------------------

Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist.

c:\windows\system32\vx.tll


If the file resists deletion, boot to Safe Mode and delete

----------------------------------------
Click to expand...
 
F

· Registered
Joined
·
2,337 Posts
#11 ·
To answer your questions:

2: You can manually delete the folder under Program files.

3: Right click on the folder and delete.

4: It may or may not, depending on your system, but it is advisable to activate it for better protection.

5: Once again, that depends on your system. The moe unnecessary programs running at startup, the slower the system
If you do a scan with HJT, the 04 section will tell you what is running at startup. You can also post a new HJT log
and I'll be happy to go through the entries.

6: In this case, I would use manual updates from the Microsoft site in case it won't let you use auto.

7: Multiple spyware programs won't do any harm. Just don't use multiple Anti-virus programs which will conflict with each other
and cause system instability

8: I did not list any folders for deletion. Just delete the file I listed.
 
P

· Registered
Joined
·
119 Posts
Discussion Starter · #12 ·
Find below HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 12:21:28 PM, on 1/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\MI3AA1~1\wcescomm.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Avant Browser\avant.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.cyberlink.com.tw/registr...UTOMOBILE_TRADERS&FName=DHRUV_CHADHA&Lang=Enu
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Open In New Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://amiuptodate.mcafee.com/vsc/bin/2,0,0,0/McUpdatePortal.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD4B7F0B-44D4-4F50-A507-7EBD959D9244}: NameServer = 202.56.215.55 202.56.215.54
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
 
F

· Registered
Joined
·
2,337 Posts
#13 ·
These are the 04-Startup entries which are not really necessary to run at Startup.

Ref used = http://www.castlecops.com

Disabling them may or may not give you system more speed at startup.

They may be disabled through Start>>Run. Type in msconfig and hit enter. Then go to Startup.

NOTE: Do not fix using HJT. This will erase them from your system and registry and may cause your system not to function properly


You can also post questions in the Windows XP Support forum.

Those folks are better able to answer Operating System questions.




O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
Realtek audio card related; probably adds the odd feature to one of the "Sounds" Control Panel applet tabs - doesn't appear to be required

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
Quick access to the control panel via a System Tray icon for graphics based upon the Intel chipsets (ie, i810). These chipsets are often included
on motherboards. Available via Start -> Settings -> Control Panel

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
Installed by the Intel 810 and 815 chipset graphic drivers. If you want the Ctrl Alt F12 or similar keypresses to access Intel's customised graphics
properties, you need it, otherwise not. Can be disabled via the Display Properties in Control Panel

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
Associated with the Common User Interface module for Intel graphics cards

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
System Tray icon for the Realtek AC97 Audio Sound Manager for AC97 onboard audio. Available via Start -> Settings-> Control Panel

O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
For MS programmable keyboards. If you disable Intellitype in Startup, any "Hot Keys" that are changed by the user to perform functions other than default
settings, defer back to their default settings. Not required unless you have changed them

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
Checks with Sun's Java updates site to see if newer Java versions are available. Visit http://java.sun.com or just run the Java Plug-In Control Panel

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
System Tray icon for Nokia PC Suite. PC Suite lets you synchronize, edit, and back up many of your phone's files on a compatible PC through a wireless
or cable connection. PC Suite can also be launched through Start Menu.

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
Speeds up the time it takes to load the Adobe_Reader application. Your choice, but not required for Adobe Reader to function properly
 
1 - 15 of 15 Posts
Status
Not open for further replies.
About this Discussion
14 Replies
2 Participants
Last post:
fredmh
Tech Support Forum
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Windows XP Support Windows 7 , Windows Vista Support Motherboards, Bios|UEFI & CPU Networking Support Laptop Support
Top