Member Avatar for BrentA

In the last couple days, my desktop has been running REALLY SLOW! I'm fairly computer literate, just need a step-by-step. I also know my way around the registry with 'walk through' assistance. (HJT log is at the end of the thread). THANKS!

I have McAfee running in the background (from startup), as well as their Privacy Service and Personal Firewall programs. I ran their antivirus and it didn't detect anything.

I also ran the following:

*BitDefender Scan Online -- while this program was running, a red alert dialog box from the McAfee antivirus application popped up saying it found the New Poly Win32 Virus. It wouldn't clean, quarantine, or delete it.

* CWShredder -- it found nothing.

* Ran 'Clean Up' application.

* Registry Mechanic (Trial Version) -- It found 234 items, and fixed 4 of them.

* Ad-Aware SE Personal -- it found, and quarantined, ALEXA virus.

NOTE: When I attempt going in to Safe Mode the system 'hangs' before it gets to the bare bones desktop. I'm also unable to locate my Windows 2000 CDs. Also, I use Firefox as my main browser. I only use Internet Explorer if a website doesn't like Firefox.

HERE'S THE HJT LOG:

Logfile of HijackThis v1.99.1
Scan saved at 2:58:47 PM, on 5/16/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\SMC\SMC.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\Program Files\Common Files\System\MAPI\1033\nt\MAPISP32.EXE
C:\Program Files\Hijack This\HijackThis2.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [SMC] C:\SMC\SMC.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/Shared/ComCtl32/6,0,80,22/ComCtl32.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/products/protected/mvt/mvt.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe

THANKS MUCH FOR THE HELP !

Brent

Hi, and welcome to DaniWeb.

That log looks short. If you ran it in safe mode, which, judging by how you said it hangs while going into safe mode I don't think you did, or if you have latley or in the pass disabled startup items, please re-enable them and then in Normal mode, please run another HJT scan.

That current log showed no sign of infection.

____________________________________________________________

Also please do this...

Please download ewido anti-malware it is a free version of the program.

  1. Install ewido anti-malware
  2. When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  3. Launch ewido, there should be an icon on your desktop, double-click it.
  4. The program will now open to the main screen.
  5. When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  6. You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  7. The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful" )

If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Once the updates are installed do the following:

  • Open up Ewido
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
  • Close ewido anti-malware.

Reboot.

Then post the HJT log, and the ewido log

Member Avatar for BrentA

tayspen,

Thanks for the quick reply! Yes, the first HJT log was done in Normal mode rather than Safe Mode. I haven't disabled any startup items recently.

I've installed ewido. It might take awhile for the scan. When it's finished, I'll save the ewido log, re-boot, get a current HJT log and post both of them.

Thanks!

You are welcome. We will be waiting :)

Member Avatar for BrentA

OK, I've done the following, in order:

1. Scanned with ewido and saved the report.
2. Rebooted.
3. Saved new HJT log.

**It was still running slow, so I defragged, saved the defrag report and re-booted. It's still slooow.

HJT log, ewido log, and defrag log are below:

HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 5:44:45 PM, on 5/16/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\SMC\SMC.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Hijack This\HijackThis2.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [SMC] C:\SMC\SMC.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/Shared/ComCtl32/6,0,80,22/ComCtl32.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/products/protected/mvt/mvt.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe

--------------------------------------------

ewido log:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 5:34:58 PM, 5/16/2006
+ Report-Checksum: A3689DF5

+ Scan result:

:mozilla.6:C:\Documents and Settings\Brent\Application Data\Mozilla\Firefox\Profiles\hedtf2qh.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Brent\Application Data\Mozilla\Firefox\Profiles\hedtf2qh.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Brent\Application Data\Mozilla\Firefox\Profiles\hedtf2qh.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Brent\Application Data\Mozilla\Firefox\Profiles\hedtf2qh.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Brent\Application Data\Mozilla\Firefox\Profiles\hedtf2qh.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Brent\Application Data\Mozilla\Firefox\Profiles\hedtf2qh.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Brent\Application Data\Mozilla\Firefox\Profiles\hedtf2qh.default\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Brent\Application Data\Mozilla\Firefox\Profiles\hedtf2qh.default\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup


::Report End

-------------------------------------------------------

defrag log:

Volume (C:):
Volume size = 9,750 MB
Cluster size = 4 KB
Used space = 5,371 MB
Free space = 4,378 MB
Percent free space = 44 %

Volume fragmentation
Total fragmentation = 0 %
File fragmentation = 0 %
Free space fragmentation = 0 %

File fragmentation
Total files = 20,497
Average file size = 337 KB
Total fragmented files = 8
Total excess fragments = 40
Average fragments per file = 1.00

Pagefile fragmentation
Pagefile size = 1,000 MB
Total fragments = 3

Directory fragmentation
Total directories = 2,105
Fragmented directories = 1
Excess directory fragments = 1

Master File Table (MFT) fragmentation
Total MFT size = 31,381 KB
MFT record count = 22,675
Percent MFT in use = 72 %
Total MFT fragments = 2

--------------------------------------------------------------------------------
Fragments File Size Files that did not defragment
18 1 KB \WINNT\system32\config\software.LOG
2 1 KB \WINNT\system32\config\default.LOG
2 1 KB \WINNT\system32\config\SECURITY.LOG
2 1,171 KB \WINNT\ShellIconCache
2 1 KB \Documents and Settings\Brent\ntuser.dat.LOG
2 16 KB \Documents and Settings\Brent\Local Settings\Temp\~DF207D.tmp
3 18 KB \Program Files\McAfee.com\Agent\Data\Logs\TaskScheduler\McTskshd000.log


***Did you want me to re-scan with BitDefender and see if McAfee still kicks up a 'New Poly Win32' virus warning message?

Thanks !
Brent

Hmm alrite, another clean log.

We're gonna try 2 things:

1) Running Ccleaner:

Begin by downloading CCleaner, and specifically choosing the most recent version.

Then, follow these steps:

1. Close all programs so that you are at your desktop.
2. Double-click on the "My Computer" icon.
3. Select the "Tools" menu and click "Folder Options".
4. After the new window appears select the "View" tab.
5. Place a checkmark in the checkbox labeled "Display the contents of system folders".
6. Under the "Hidden files and folders" section select the radio button labeled "Show hidden files and folders".
7. Remove the checkmark from the checkbox labeled "Hide file extensions for known file types".
8. Remove the checkmark from the checkbox labeled "Hide protected operating system files". 9. Press the "Apply" button and then the "OK" button and shutdown My Computer.
10. Now your computer is configured to show all hidden files.

Now, install the program. Open it, and choose the 'Options' tab. Inside, hit the 'Custom' tab, and add the following folders (Note: Not all of these files are on every computer. If one of these isn't present, skip it):

C:\Windows\Temp
C:\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\<Every user listed>\Local Settings\History
C:\Documents and Settings\<Every user listed>\Cookies
C:\Windows\Prefetch

After doing this, move back to the 'Cleaner' tab, and inside this, be sure your open to the 'Windows' tab. Inside, check the box labeled 'Custom Files and Folders'.

Next, after following all of these steps, you're ready to scan. Run scans in both the 'Cleaner' and 'Issues'. Note: It might take several scans in each to remove all of the junk.

___________________

And running SpySweeper (link in sig below)

Download, update its latest definitions, and run a full scan, saving the log.

Post back with the SpySweeper log and a new HJT log.

Thanks :)

Member Avatar for BrentA

OK, ran CCleaner and SpySweeper. SpySweeper and new HJT logs follow:

SpySweeper log:

********
12:02 PM: | Start of Session, Wednesday, May 17, 2006 |
12:02 PM: Spy Sweeper started
12:02 PM: Sweep initiated using definitions version 678
12:02 PM: Starting Memory Sweep
12:31 PM: Memory Sweep Complete, Elapsed Time: 00:29:03
12:31 PM: Starting Registry Sweep
12:33 PM: Found Adware: navexcel navhelper
12:33 PM: HKCR\appid\nhelper.dll\ (1 subtraces) (ID = 135511)
12:33 PM: HKLM\software\classes\appid\nhelper.dll\ (1 subtraces) (ID = 135525)
12:34 PM: Registry Sweep Complete, Elapsed Time:00:02:49
12:34 PM: Starting Cookie Sweep
12:34 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
12:34 PM: Starting File Sweep
12:56 PM: Found Adware: coolwebsearch (cws)
12:56 PM: muninst.exe:acaydb (ID = 54051)
12:56 PM: Found Adware: cws_ns3
12:56 PM: muninst.exe:rxdlem (ID = 56451)
1:18 PM: Warning: Failed to open file "c:\documents and settings\brent\start menu\programs\ccleaner\ccleaner.lnk". Access is denied
1:57 PM: twunk_32.exe:sfwhxh (ID = 56287)
1:58 PM: Warning: Failed to open file "c:\documents and settings\brent\start menu\programs\internet explorer.lnk". Access is denied
2:05 PM: pfbmz.dll:wgzqtp (ID = 54051)
2:07 PM: uninst.exe:lgpmrj (ID = 56451)
3:12 PM: mfche32.dll:ekfuck (ID = 56451)
4:02 PM: nbcie.dll:scsdfl (ID = 56287)
4:03 PM: ieuninst.exe:trmtet (ID = 56287)
4:10 PM: Warning: Failed to open file "c:\documents and settings\brent\start menu\programs\ccleaner\ccleaner homepage.url". Access is denied
4:16 PM: Warning: Failed to open file "c:\documents and settings\brent\start menu\programs\ccleaner\uninstall ccleaner.lnk". Access is denied
4:25 PM: wmsyspr9.prx:zdorfo (ID = 54051)
4:31 PM: yuuhq.dll:kyogea (ID = 56287)
4:32 PM: psuah.dll:phkvnr (ID = 56287)
4:32 PM: trnjh.dll:aeebvx (ID = 54051)
4:32 PM: koowd.dll:mjnpaa (ID = 56287)
4:34 PM: ydbar.dll:nyjmwx (ID = 54051)
4:34 PM: nbcie.dll:yeuwel (ID = 54051)
4:34 PM: nkqmf.dll:qfnjyv (ID = 56287)
4:34 PM: yuuhq.dll:dbkaih (ID = 54051)
4:34 PM: zcwtg.dll:wjayif (ID = 56451)
4:34 PM: bwyco.dll:fweymx (ID = 56451)
4:34 PM: mqzbq.dll:zxlgcc (ID = 56287)
4:34 PM: bbzpl.dll:nvtssv (ID = 56287)
4:34 PM: yuuhq.dll:dihtgu (ID = 56287)
4:34 PM: zcwtg.dll:dzylgl (ID = 56451)
4:35 PM: koowd.dll:fsacvq (ID = 56451)
4:37 PM: File Sweep Complete, Elapsed Time: 04:02:31
4:37 PM: Full Sweep has completed. Elapsed time 04:28:42
4:37 PM: Traces Found: 28
4:45 PM: Removal process initiated
4:45 PM: Quarantining All Traces: cws_ns3
4:45 PM: Quarantining All Traces: coolwebsearch (cws)
4:45 PM: Quarantining All Traces: navexcel navhelper
4:46 PM: Removal process completed. Elapsed time 00:00:59
********
11:56 AM: | Start of Session, Wednesday, May 17, 2006 |
11:56 AM: Spy Sweeper started
11:59 AM: Messenger service has been disabled.
12:02 PM: Your spyware definitions have been updated.
12:02 PM: | End of Session, Wednesday, May 17, 2006 |


HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 4:49:34 PM, on 5/17/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\SMC\SMC.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Hijack This\HijackThis2.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee Privacy Service Popup Blocker - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [SMC] C:\SMC\SMC.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/Shared/ComCtl32/6,0,80,22/ComCtl32.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/products/protected/mvt/mvt.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

*********************

Brent

Member Avatar for BrentA

Still having problems with a slow-motion PC. I think I found the culprit...a temp directory (tmp00000171). That directory was referenced when I got the McAfee Red Alert saying I had the New Poly Win32 virus when I originally ran the BitDefender Online scan. (See earlier posts in this thread).

I tried Killbox, but that didn't work. I ran a new Spysweeper scan. I think it says it fixed the problem, but it didn't. See log below. I also went in to Command Prompt (I can't go in to Safe Mode) and tried to delete it that way but it wouldn't let me do that, either. (See text below from Command Prompt screen.)

********
12:33 PM: | Start of Session, Thursday, May 18, 2006 |
12:33 PM: Spy Sweeper started
12:33 PM: Sweep initiated using definitions version 680
12:33 PM: Starting Memory Sweep
1:00 PM: Memory Sweep Complete, Elapsed Time: 00:26:10
1:00 PM: Starting Registry Sweep
1:02 PM: Registry Sweep Complete, Elapsed Time:00:02:34
1:02 PM: Starting Cookie Sweep
1:02 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
1:02 PM: Starting File Sweep
1:24 PM: Warning: Failed to open file "c:\documents and settings\brent\start menu\programs\ccleaner\ccleaner.lnk". Access is denied
1:45 PM: Warning: Failed to open file "c:\documents and settings\brent\start menu\programs\internet explorer.lnk". Access is denied
3:49 PM: Warning: Failed to open file "c:\documents and settings\brent\start menu\programs\ccleaner\ccleaner homepage.url". Access is denied
3:54 PM: Warning: Failed to open file "c:\documents and settings\brent\start menu\programs\ccleaner\uninstall ccleaner.lnk". Access is denied
5:19 PM: Found System Monitor: potentially rootkit-masked files
5:19 PM: tmp00000000 (ID = 0)
5:29 PM: File Sweep Complete, Elapsed Time: 04:26:43
5:29 PM: Full Sweep has completed. Elapsed time 04:55:35
5:29 PM: Traces Found: 1
5:30 PM: Removal process initiated
5:30 PM: Quarantining All Traces: potentially rootkit-masked files
5:30 PM: potentially rootkit-masked files is in use. It will be removed on reboot.
5:30 PM: tmp00000000 is in use. It will be removed on reboot.
5:31 PM: Preparing to restart your computer. Please wait...
5:31 PM: Removal process completed. Elapsed time 00:01:29
12:33 PM: | End of Session, Thursday, May 18, 2006

****************

C:\Documents and Settings\Brent\Local Settings\Temp>dir
Volume in drive C has no label.
Volume Serial Number is 3CB1-784C

Directory of C:\Documents and Settings\Brent\Local Settings\Temp

05/18/2006 07:02p <DIR> .
05/18/2006 07:02p <DIR> ..
05/18/2006 07:02p 65 kb.log
05/16/2006 01:24p <DIR> tmp00000171
1 File(s) 65 bytes
3 Dir(s) 4,589,318,144 bytes free

C:\Documents and Settings\Brent\Local Settings\Temp>rd tmp00000171
Access is denied.

This is really starting to annoy me. ANY HELP IS APPRECIATED!

Thanks
Brent

5:30 PM: tmp00000000 is in use. It will be removed on reboot.

Reboot. If you have not already.

Member Avatar for BrentA

I rebooted before, and just rebooted again. When I rebooted this time, I got an error message saying 'The Spysweeper installation has been damaged. Please re-install product.'

Should I uninstall and re-install Spysweeper?

Thanks

Yes. Then when it is reinstalled, scan with it and then post another HJT log.

Member Avatar for BrentA

OK, I uninstalled and re-installed Spy Sweeper, then re-booted.

Then I ran Spy Sweeper.

When it completed, There was a Sweeper message: System Monitor Found: potentially rootkit-masked files.

I 'removed' it to the Quarantine folder, deleted it from the Quarantine folder, and saved the Sweeper log. Then I re-booted. As it was re-booting, there was a system message on the screen saying "The 'Remove' Failed." I then ran an HJT log. (See both below). I thought this would take care of the problem. It didn't. Things are still sloooow.

The path of the Sweeper file was:

C:\Documents and Settings\Brent\Local Settings\Temp\tmp00000171

SWEEPER LOG:

********
10:57 AM: | Start of Session, Saturday, May 20, 2006 |
10:57 AM: Spy Sweeper started
10:57 AM: Sweep initiated using definitions version 682
10:57 AM: Starting Memory Sweep
11:25 AM: Memory Sweep Complete, Elapsed Time: 00:28:18
11:25 AM: Starting Registry Sweep
11:28 AM: Registry Sweep Complete, Elapsed Time:00:03:01
11:28 AM: Starting Cookie Sweep
11:28 AM: Cookie Sweep Complete, Elapsed Time: 00:00:00
11:28 AM: Starting File Sweep
11:41 AM: Warning: Failed to open file "c:\documents and settings\brent\start menu\programs\ccleaner\ccleaner.lnk". Access is denied
11:56 AM: Warning: Failed to open file "c:\documents and settings\brent\start menu\programs\internet explorer.lnk". Access is denied
1:12 PM: Warning: Failed to open file "c:\documents and settings\brent\start menu\programs\ccleaner\ccleaner homepage.url". Access is denied
1:15 PM: Warning: Failed to open file "c:\documents and settings\brent\start menu\programs\ccleaner\uninstall ccleaner.lnk". Access is denied
2:02 PM: Found System Monitor: potentially rootkit-masked files
2:02 PM: tmp00000000 (ID = 0)
2:11 PM: File Sweep Complete, Elapsed Time: 02:42:47
2:11 PM: Full Sweep has completed. Elapsed time 03:14:17
2:11 PM: Traces Found: 1
10:30 PM: Removal process initiated
10:30 PM: Quarantining All Traces: potentially rootkit-masked files
10:30 PM: potentially rootkit-masked files is in use. It will be removed on reboot.
10:30 PM: tmp00000000 is in use. It will be removed on reboot.
10:30 PM: Preparing to restart your computer. Please wait...
10:30 PM: Removal process completed. Elapsed time 00:00:21
********
10:50 AM: | Start of Session, Saturday, May 20, 2006 |
10:50 AM: Spy Sweeper started
10:52 AM: IE Tracking Cookies Shield is activated
10:54 AM: Your spyware definitions have been updated.
10:57 AM: | End of Session, Saturday, May 20, 2006 |


*******************************************************

HJT LOG:

Logfile of HijackThis v1.99.1
Scan saved at 10:51:24 PM, on 5/20/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\SMC\SMC.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINNT\system32\svchost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Hijack This\HijackThis2.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
c:\program files\mcafee.com\agent\mcupdate.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee Privacy Service Popup Blocker - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [SMC] C:\SMC\SMC.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/Shared/ComCtl32/6,0,80,22/ComCtl32.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/products/protected/mvt/mvt.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

Review the previous posts in this thread and take a look at the 2 new logs and see if you see anything out of the ordinary.:confused:

Thanks,
Brent

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.