Author Topic: Hijackthis log - help please (Read 2787 times)

DSExpress · « **on:** February 11, 2005, 07:24:58 PM »

my computer has been running ridiculously slow. i can't get the task manager to open either. i would appreciate any advice.

thanks a lot

hijackthis log is below:

Logfile of HijackThis v1.99.0
Scan saved at 7:21:35 PM, on 2/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Dell\QuickSet\QuickSet.exe
C:\WINDOWS\System32\DSentry.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\WINDOWS\system32\WINRAR32.EXE
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\svchost.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\David Schneider\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://education.dellnet.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe files\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [Winrar Compression Utility] WINRAR32.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [Winrar Compression Utility] WINRAR32.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1408.g.akamai.net/7/1408/9955/2003...iTunesSetup.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...84/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield - Unknown - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WLTRYSVC - Unknown - C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe (file missing)

guestolo · « **Reply #1 on:** February 11, 2005, 07:45:13 PM »

Print this out or save to a notepad file on the desktop

RESTART your Computer in SAFE MODE

Find and delete this file
C:\WINDOWS\system32\WINRAR32.EXE <--this file
If it says it's in use
Open Hijackthis>>Open Misc Tools section>>Open Process Manager and kill it's process if running

Do another scan with Hijackthis and put a check next to these entries:

O4 - HKLM\..\Run: [Winrar Compression Utility] WINRAR32.EXE

O4 - HKCU\..\RunOnce: [Winrar Compression Utility] WINRAR32.EXE

An optional component to have installed is Viewpoint Manager
I say optional>>Many consider spyware
If you choose to fix it
Disable auto-update within the Viewpoint Manager Control Panel.
Have hijackthis fix this entry
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Restart back to Normal mode
Does Task Manager work now?

Post back with a fresh hijackthis log afterwards

You may choose to uninstall Veiwpoint from the Add/Remove Programs

DSExpress · « **Reply #2 on:** February 11, 2005, 09:47:15 PM »

I did what you recommended. Task manager opens now, but computer is still running very slowly. Task manager says that CPU is running at 100%. New highjack this log is below. Thank you so much for your help. Much appreciated...

Logfile of HijackThis v1.99.0
Scan saved at 9:42:56 PM, on 2/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Dell\QuickSet\QuickSet.exe
C:\WINDOWS\System32\DSentry.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realevent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Documents and Settings\David Schneider\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://education.dellnet.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe files\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1408.g.akamai.net/7/1408/9955/2003...iTunesSetup.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...84/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield - Unknown - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WLTRYSVC - Unknown - C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe (file missing)

guestolo · « **Reply #3 on:** February 12, 2005, 01:44:40 AM »

Can you download Process Explorer from this link
http://www.sysinternals.com/files/procexpnt.zip

Unzip it to a folder
Double click to run Process explorer

Click File>>Save as
Save the log on your desktop and post it back here

DSExpress · « **Reply #4 on:** February 12, 2005, 02:32:21 AM »

Here is the saved log from Process Explorer:

Process   PID   CPU   Description   Company Name
System Idle Process   0
Interrupts   n/a   1.96   Hardware Interrupts
DPCs   n/a   1.96   Deferred Procedure Calls
System   4   0.98
smss.exe   448      Windows NT Session Manager   Microsoft Corporation
csrss.exe   840      Client Server Runtime Process   Microsoft Corporation
winlogon.exe   864      Windows NT Logon Application   Microsoft Corporation
services.exe   908   0.98   Services and Controller app   Microsoft Corporation
svchost.exe   1064      Generic Host Process for Win32 Services   Microsoft Corporation
MpfAgent.exe   760      McAfee Personal Firewall Agent Interface   McAfee Security
mcvsftsn.exe   2848      McAfee VirusScan Instant Messenger Scan Module   Networks Associates Technology, Inc
msmsgs.exe   2792      Windows Messenger   Microsoft Corporation
svchost.exe   1144      Generic Host Process for Win32 Services   Microsoft Corporation
svchost.exe   1176      Generic Host Process for Win32 Services   Microsoft Corporation
svchost.exe   1220      Generic Host Process for Win32 Services   Microsoft Corporation
svchost.exe   1388      Generic Host Process for Win32 Services   Microsoft Corporation
spoolsv.exe   1816      Spooler SubSystem App   Microsoft Corporation
cisvc.exe   600      Content Index service   Microsoft Corporation
CIDAEMON.EXE   2636      Indexing Service filter daemon   Microsoft Corporation
CIDAEMON.EXE   1744      Indexing Service filter daemon   Microsoft Corporation
mcvsrte.exe   640      McAfee VirusScan Real-time Engine   Networks Associates Technology, Inc
MpfService.exe   664      McAfee Personal Firewall Service   McAfee Corporation
MSKSrvr.exe   692   24.50   McAfee SpamKiller Server   Networks Associates Technology. Inc.
nvsvc32.exe   836      NVIDIA Driver Helper Service, Version 42.58   NVIDIA Corporation
svchost.exe   1096      Generic Host Process for Win32 Services   Microsoft Corporation
WLTRYSVC.EXE   1364
BCMWLTRY.EXE   1412      Wireless Network Tray Applet   Broadcom Corporation
alg.exe   360      Application Layer Gateway Service   Microsoft Corporation
iPodService.exe   2896      iPodService Module   Apple Computer, Inc.
svchost.exe   3336      Generic Host Process for Win32 Services   Microsoft Corporation
McShield.exe   1344   65.66   NT On-Access Scanner service.   Network Associates, Inc.
lsass.exe   920      LSA Shell (Export Version)   Microsoft Corporation
explorer.exe   1580   0.98   Windows Explorer   Microsoft Corporation
Apoint.exe   528      Alps Pointing-device Driver   Alps Electric Co., Ltd.
pctspk.exe   1256      pctvoice MFC Application
quickset.exe   1320      QuickSet MFC Application
DSentry.exe   1328      DVDSentry   Dell - Advanced Desktop Engineering
mcagent.exe   1336      McAfee SecurityCenter Agent   McAfee, Inc
realsched.exe   832      RealNetworks Scheduler   RealNetworks, Inc.
realevent.exe   272      RealNetworks Event Launcher   RealNetworks, Inc.
Directcd.exe   1376      DirectCD Application   Roxio
mcvsshld.exe   1560      McAfee VirusScan ActiveShield Resource   Networks Associates Technology, Inc
McVSEscn.exe   2212      McAfee VirusScan E-mail Scan Module   Networks Associates Technology, Inc
WkUFind.exe   2204      Microsoft® Works Update Detection   Microsoft® Corporation
mmtask.exe   2224      TODO: <File description>   TODO: <Company name>
iTunesHelper.exe   2276      iTunesHelper Module   Apple Computer, Inc.
MpfTray.exe   2336      McAfee Personal Firewall Tray Monitor   McAfee Security
mscifapp.exe   2516      McAfee Privacy Service   Networks Associates Technology, Inc
MSKAgent.exe   2556      McAfee SpamKiller Agent Interface module   Networks Associates Technology, Inc
aim.exe   1396   0.98   AOL Instant Messenger   America Online, Inc.
firefox.exe   1048      Firefox   Mozilla
procexp.exe   3420   0.98   Sysinternals Process Explorer   Sysinternals
procexp.exe   2912      Sysinternals Process Explorer   Sysinternals
ApntEx.exe   2988   0.98   Alps Pointing-device Driver for Windows NT/2000   Alps Electric Co., Ltd.

Process: Procexp Pid: -2

Type   Name

guestolo · « **Reply #5 on:** February 12, 2005, 02:48:08 AM »

I don't really see that much wrong, we could try shutting down some optional programs running on startup

Just one check>>In Process Explorer when you open it up
Beside the SYSTEM IDLE PROCESS
What is the number sitting at under CPU?
It may flucutate a bit

Alternatively
Because I like this scanner, I know you have McAfee's but for a double check

Download this virus checker from eScan
Mwav.exe
There's nothing to install, save it and then double click to run
It will self extract

Select all local drives, scan all files, press 'SCAN' and when it is completed, anything found will be displayed in the lower pane.
In the Virus Log Information Pane
Left click and Highlight all the info in the Lower pane--- Use "CTRL C" on your Keyboard to copy all found in the lower pane and paste it in your next reply.

****If prompted that a Virus was found and you need to purchase the product to remove the malware, just close out the prompt and let it continue scanning
We just want to see where the bad guys are

If it comes up clean we should look more into programs and services running at startup
How much Ram do you have installed on the computer?

Guest · « **Reply #6 on:** February 13, 2005, 09:19:36 AM »

Sorry it took so long to respond. I just finished running eScan. It took over 16 hours. Is that normal? Virus log is below:

File C:\DOCUME~1\DAVIDS~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\FV83SNCY\Install_AIM[1].exe infected by "not-a-virus:AdWare.MiniBug" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\DAVIDS~1\LOCALS~1\TEMPOR~1\Content.IE5\SL2NOL27\prompt[2].php infected by "Exploit.HTML.CodeBaseExec" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\DAVIDS~1\LOCALS~1\TEMPOR~1\Content.IE5\SL2NOL27\prompt[3].php infected by "Exploit.HTML.CodeBaseExec" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\David Schneider\Local Settings\Temp\Temporary Internet Files\Content.IE5\FV83SNCY\Install_AIM[1].exe infected by "not-a-virus:AdWare.MiniBug" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\David Schneider\Local Settings\Temporary Internet Files\Content.IE5\SL2NOL27\prompt[2].php infected by "Exploit.HTML.CodeBaseExec" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\David Schneider\Local Settings\Temporary Internet Files\Content.IE5\SL2NOL27\prompt[3].php infected by "Exploit.HTML.CodeBaseExec" Virus. Action Taken: No Action Taken.
File C:\Program Files\AIM\Sysfiles\WxBug.EXE infected by "not-a-virus:AdWare.MiniBug" Virus. Action Taken: No Action Taken.
File C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll infected by "not-a-virus:AdWare.MiniBug" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP290\A0026673.exe infected by "not-a-virus:AdWare.MiniBug" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP290\A0026769.EXE infected by "not-a-virus:AdWare.MiniBug" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP290\A0026805.dll infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP290\A0026861.exe infected by "Backdoor.Win32.Spyboter.gen" Virus. Action Taken: No Action Taken.

In process explorer, there is no number under CPU directly beside System Idle Process. Numbers flash next to Interrupts, DPCs, System usually around .95 but sometimes higher.

My computer has 512 MB of RAM.

Thanks again.

-Dave

guestolo · « **Reply #7 on:** February 13, 2005, 04:35:54 PM »

16 hours, hmmm
You sure you had nothing interfering with the scan
It's possible that McAfee's might of been getting in the way
Or possibly a Screensaver trying to initiate in the background

I tried a scan on both my computers with this setting
Left the defaults but
Put a check in DRIVE and ensured all drives were selected

Both took no more than 30 minutes to finish

Download and Install this small program
to help clean your temp folders,cookies,prefetch folder, etc...
Windows Cleanup
Install for now but Don't run a scan yet

Restart into safe mode
Find and delete this folder
C:\Program Files\AWS <-folder

Can you also navigate to this file
C:\Program Files\AIM\Sysfiles\WxBug.EXE
Right click and rename it to WxBug.EX_
I just want to see if AIM can live without it

Stay in safe mode
Open Windows CleanUp!
START>>All programs>>CleanUp
Click the Cleanup button
Let it finish scanning for files
Restart to Normal mode

If everything still seems normal, we should Clean your Restore folders
You should disable system restore---restart your computer--enable system restore
This will clear all your restore points and ensure you don't restore any nasties
Once reenabled it will create a fresh restore point
How to Disable and Re-enable System Restore feature

Once back in Windows and System Restore is reenabled

Could you run Windows CleanUp! one more time
Log off and back on

Enter your task manager
Look for System Idle Process
Let me know what CPU% it's at

DSExpress · « **Reply #8 on:** February 13, 2005, 05:52:47 PM »

I did as you said. CPU % for System Idle Process in Task Manager is 00. My machine is still running pretty slowly. It won't let me watch a DVD properly. Is there anything else that could be slowing things down?

guestolo · « **Reply #9 on:** February 13, 2005, 06:11:15 PM »

What, in the task manager is hogging all the resources?

What's the last thing you remember installing before you noticed the slowdown?

DSExpress · « **Reply #10 on:** February 14, 2005, 08:33:44 PM »

McShield.exe (I assume this is McAffee?) is at about 65 and MSKSrvr.exe is at about 35. That's about it. I don't remember having installed anything recently.

guestolo · « **Reply #11 on:** February 17, 2005, 12:24:30 AM »

So are you saying that McAfee's Virus scan is using 65% resources
and the other going to McAfee"s Spamkiller?

TheTechGuide Forum

News:

Author Topic: Hijackthis log - help please (Read 2787 times)

DSExpress

Hijackthis log - help please

guestolo

Hijackthis log - help please

DSExpress

Hijackthis log - help please

guestolo

Hijackthis log - help please

DSExpress

Hijackthis log - help please

guestolo

Hijackthis log - help please

Guest

Hijackthis log - help please

guestolo

Hijackthis log - help please

DSExpress

Hijackthis log - help please

guestolo

Hijackthis log - help please

DSExpress

Hijackthis log - help please

guestolo

Hijackthis log - help please