Thanks in advance for help. Have a Dell (Win XP sp1) hanging up 4-5 times a day. Has a "heartbeat" - the hourglass appears about every half second for a split second. Looking at task manager cpu - about 95% idle;(hard to tell for sure but csrss appears to pulse 0 to 3% cpu with the heartbeat.)

Dell is on simple 3 computer network - no problems on other two. Internet access via AOL dial up.

Ran (in safe mode)
Cleanup!
Mcafee A/V
CWShredder
Spybot - latest
Ewido Security Suite
TrojanHunter

Did not fix the problem - logs below. Any help MUCH appreciated.

Jim T

Logfile of HijackThis v1.99.1
Scan saved at 12:57:21 PM, on 1/2/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\PROGRA~1\COMMON~1\AOL\113604~1\EE\AOLHOS~1.EXE
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\COMMON~1\AOL\113604~1\EE\AOLServiceHost.exe
C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Kodak\KODAK Picture Transfer Software\pts.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Jim T programs\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [HPWNTOOLBOX] C:\Program Files\Hewlett-Packard\hp business inkjet 1200 series\Toolbox\HPWNTBX.exe "-i"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1136048230\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [THGuard] C:\Program Files\TrojanHunter 4.2\THGuard.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: Office Startup.lnk.disabled
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk.disabled
O4 - Global Startup: KODAK Picture Transfer Software.lnk = ?
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Office.lnk.disabled
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} -
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O16 - DPF: {C130F0B3-CD97-4DFC-B052-2BD17A7B82F5} (Yahoo! Photos Print-at-Home Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/controls/yprintathome/yprintathome.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 12:26:34 PM, 1/2/2006
+ Report-Checksum: B8BC2DF

+ Scan result:

HKLM\SOFTWARE\Classes\Interface\{CABBB49A-4D7B-415B-8250-15C3B854E9FF} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\ToolbarBestToolbarsToolbar.BestToolbarsToolbarObject -> Spyware.FizzleBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ToolbarBestToolbarsToolbar.BestToolbarsToolbarObject\CLSID -> Spyware.FizzleBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ToolbarBestToolbarsToolbar.BestToolbarsToolbarObject\CurVer -> Spyware.FizzleBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup
HKU\S-1-5-21-568757290-2292669556-342351423-1008\Software\Bundles -> Spyware.SecondThought : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\D365AAD1-28BF-400E-9DDD-BABC8A\007ED14D-3F5F-4B2F-A3E7-5B0634 -> Dropper.SurfSide.a : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\E859B253-A506-4353-BE05-796DF8\A4FAF88B-B0F0-4D6C-9DB3-743E77 -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\bundles\HelperInstaller.exe -> Dropper.Delf.z : Cleaned with backup
C:\WINDOWS\bundles\s4Sept.exe -> Spyware.MyWay : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\UWFX5_0001_N57M2811NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned with backup
::Report End


01/02/06 12:53:37 [Info]: BlackLight Engine 1.0.30 initialized
01/02/06 12:53:37 [Info]: OS: 5.1 build 2600 (Service Pack 1)
01/02/06 12:53:37 [Note]: 7019 4
01/02/06 12:53:37 [Note]: 7005 0
01/02/06 12:53:41 [Note]: 7006 0
01/02/06 12:53:41 [Note]: 7011 1508
01/02/06 12:53:41 [Note]: 7018 624
01/02/06 12:53:41 [Info]: Hidden process: C:\PROGRAM FILES\MICWS NT\MAPWDIAL.EXE
01/02/06 12:53:41 [Note]: 7018 1616
01/02/06 12:53:41 [Info]: Hidden process: C:\WINDOWS\SYSTEM32\ISRBDLT1.EXE
01/02/06 12:53:42 [Note]: FSRAW library version 1.7.1014
01/02/06 12:53:43 [Info]: Hidden file: C:\Program Files\Micws nt\ace.dll
01/02/06 12:53:43 [Note]: 7002 0
01/02/06 12:53:43 [Note]: 7003 1
01/02/06 12:53:43 [Note]: 10002 3
01/02/06 12:53:43 [Info]: Hidden file: C:\Program Files\Micws nt\adpawsax.exe
01/02/06 12:53:43 [Note]: 7002 0
01/02/06 12:53:43 [Note]: 7003 1
01/02/06 12:53:43 [Note]: 10002 3
01/02/06 12:53:43 [Info]: Hidden file: C:\Program Files\Micws nt\AI_02-01-2006.log
01/02/06 12:53:43 [Note]: 7002 0
01/02/06 12:53:43 [Note]: 7003 1
01/02/06 12:53:43 [Note]: 10002 3
01/02/06 12:53:43 [Info]: Hidden file: C:\Program Files\Micws nt\AI_27-12-2005.log
01/02/06 12:53:43 [Note]: 7002 0
01/02/06 12:53:43 [Note]: 7003 1
01/02/06 12:53:43 [Note]: 10002 3
01/02/06 12:53:43 [Info]: Hidden file: C:\Program Files\Micws nt\AI_28-12-2005.log
01/02/06 12:53:43 [Note]: 7002 0
01/02/06 12:53:43 [Note]: 7003 1
01/02/06 12:53:43 [Note]: 10002 3
01/02/06 12:53:43 [Info]: Hidden file: C:\Program Files\Micws nt\AI_29-12-2005.log
01/02/06 12:53:43 [Note]: 7002 0
01/02/06 12:53:43 [Note]: 7003 1
01/02/06 12:53:43 [Note]: 10002 3
01/02/06 12:53:43 [Info]: Hidden file: C:\Program Files\Micws nt\AI_30-12-2005.log
01/02/06 12:53:43 [Note]: 7002 0
01/02/06 12:53:43 [Note]: 7003 1
01/02/06 12:53:43 [Note]: 10002 3
01/02/06 12:53:43 [Info]: Hidden file: C:\Program Files\Micws nt\AI_31-12-2005.log
01/02/06 12:53:43 [Note]: 7002 0
01/02/06 12:53:43 [Note]: 7003 1
01/02/06 12:53:43 [Note]: 10002 3
01/02/06 12:53:43 [Info]: Hidden file: C:\Program Files\Micws nt\data.bin
01/02/06 12:53:43 [Note]: 7002 0
01/02/06 12:53:43 [Note]: 7003 1
01/02/06 12:53:43 [Note]: 10002 3
01/02/06 12:53:43 [Info]: Hidden file: C:\PROGRAM FILES\MICWS NT\MAPWDIAL.EXE
01/02/06 12:53:43 [Note]: 7002 0
01/02/06 12:53:43 [Note]: 7003 1
01/02/06 12:53:43 [Note]: 10002 3
01/02/06 12:53:43 [Info]: Hidden file: C:\Program Files\Micws nt\WinGenerics.dll
01/02/06 12:53:43 [Note]: 7002 0
01/02/06 12:53:43 [Note]: 7003 1
01/02/06 12:53:43 [Note]: 10002 3
01/02/06 12:54:25 [Note]: 10002 3
01/02/06 12:54:25 [Note]: 10002 3
01/02/06 12:54:25 [Note]: 10002 3
01/02/06 12:54:25 [Note]: 10002 3
01/02/06 12:54:25 [Note]: 10002 3
01/02/06 12:54:25 [Note]: 10002 3
01/02/06 12:54:25 [Note]: 10002 3
01/02/06 12:54:25 [Note]: 10002 3
01/02/06 12:54:25 [Note]: 10002 3
01/02/06 12:54:25 [Note]: 10002 3
01/02/06 12:54:25 [Note]: 10002 3
01/02/06 12:54:45 [Info]: Hidden file: C:\WINDOWS\SYSTEM32\DRIVERS\clatdtcp.sys
01/02/06 12:54:45 [Note]: 7002 0
01/02/06 12:54:45 [Note]: 7003 1
01/02/06 12:54:45 [Note]: 10002 1
01/02/06 12:54:52 [Info]: Hidden file: C:\WINDOWS\SYSTEM32\ISRBDLT1.EXE
01/02/06 12:54:52 [Note]: 7002 0
01/02/06 12:54:52 [Note]: 7003 1
01/02/06 12:54:52 [Note]: 10002 1
01/02/06 12:56:45 [Note]: 7007 0

Hi

Copy these instructions to notepad and save them to your desktop. You will need them to refer to.

1. download AproposFix :- http://swandog46.geekstogo.com/aproposfix.exe

2. Save it to your desktop but do NOT run it yet.

3. Then reboot into >>>safe mode (http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406)<<< Click Here for instructions

4. Double-click the aproposfix.exe and unzip it to the desktop.

5. Open the aproposfix folder on your desktop and run RunThis.bat to run the fix.

6. Follow the prompts.

When the tool is finished, restart your computer back into Windows normal mode.

Post the entire contents of the log.txt file in the aproposfix folder. + a new hijackthis log + a new Blacklight log


steam

Steam: thanks VERY much for the fast and helpful reply!
I followed your instructions - log files below.

I don't know if we're out of the woods nor if any damage has been done to the OS (what's your read on this?) but after running your Aproposfix pgm the "heartbeat" stopped! The secretary just quit so too soon to tell if the frequent hangups have stopped.

01/04/06 14:28:38 [Info]: BlackLight Engine 1.0.30 initialized
01/04/06 14:28:38 [Info]: OS: 5.1 build 2600 (Service Pack 1)
01/04/06 14:28:38 [Note]: 7019 4
01/04/06 14:28:38 [Note]: 7005 0
01/04/06 14:28:42 [Note]: 7006 0
01/04/06 14:28:42 [Note]: 7011 1616
01/04/06 14:28:42 [Note]: FSRAW library version 1.7.1014
01/04/06 14:30:28 [Note]: 7007 0

Log of AproposFix v1

************

Running from directory:
C:\Documents and Settings\Office Manager\Desktop\aproposfix

************

Registry entries found:

[HKEY_LOCAL_MACHINE\Software\C2iW7A23hjqm]
@="3XP 2F LMMLMMNMG:sGDojbLMMLbOMvhmcnvrMrJDE:7SRM.C3G:CDM\\6zE.E\\ANDJD"
"Device"="\\\\.\\veTvsPKC"
"DriverPath"="C:\\WINDOWS\\System32\\drivers\\clatdtcp.sys"
"DriverName"="i80bhub"
"HideUninstallerName"="C:\\Program Files\\Micws nt\\adpawsax.exe"
"HDll"="C:\\WINDOWS\\System32\\snmtract.dll"
"ServerAddress"="adchannel.contextplus.net"
"LegalNote"="http://adchannel.contextplus.net/legal-note/nonbranded.html"
"PartnerId"="WB.OLD"
"InstallationId"="{H2c77e07-1d3d-0eef-bdee-ab286e5f9f46}"
"PageFiltering"=dword:00000001
"ClientName"="C:\\Program Files\\Micws nt\\mapwdial.exe"
"AutoUpdater"="C:\\WINDOWS\\System32\\isrbdlt1.exe"
"Version"="2.0.106"
"LastAURestoreMsgTS"="2005:11:28-21:03:51:000"

************

Removing hidden service:
Service i80bhub removed.

Removing hidden folder:

Deleting files:

Deletion of file C:\WINDOWS\System32\drivers\clatdtcp.sys succeeded!
Deletion of file C:\WINDOWS\System32\isrbdlt1.exe succeeded!
Deletion of file C:\WINDOWS\System32\snmtract.dll succeeded!

Backing up files:
Done!

Removing registry entries:

REGEDIT4

[-HKEY_CURRENT_USER\Software\C2iW7A23hjqm]
[-HKEY_LOCAL_MACHINE\Software\C2iW7A23hjqm]

Done!

Finished!


Logfile of HijackThis v1.99.1
Scan saved at 2:27:03 PM, on 1/4/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Hewlett-Packard\hp business inkjet 1200 series\Toolbox\HPWNTBX.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\COMMON~1\AOL\113623~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\113623~1\EE\AOLServiceHost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee.com\Agent\mcupdui.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Jim T programs\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - (no file)
O2 - BHO: (no name) - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - (no file)
O2 - BHO: (no name) - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [HPWNTOOLBOX] C:\Program Files\Hewlett-Packard\hp business inkjet 1200 series\Toolbox\HPWNTBX.exe "-i"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1136238878\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk.disabled
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} -
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O16 - DPF: {C130F0B3-CD97-4DFC-B052-2BD17A7B82F5} (Yahoo! Photos Print-at-Home Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/controls/yprintathome/yprintathome.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

I don't know if we're out of the woods nor if any damage has been done to the OS (what's your read on this?) but after running your Aproposfix pgm the "heartbeat" stopped! The secretary just quit so too soon to tell if the frequent hangups have stopped.


HI

Your logs are clean now:bigthumb:

Just these leftovers to clean up :-

Run hijackthis and fix these :-

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - (no file)
O2 - BHO: (no name) - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - (no file)
O2 - BHO: (no name) - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - (no file)

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)


As far as I am aware this particular malware downloads ads to display on your computer, it doesn't do any other damage.

Now that your computer is clean it's a good idea to purge your system restore (going back to a saved restore point could put all the infections you had back)

This will clear all your infected restore points...

Turn off (Disable) System Restore in XP :-

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Restart your computer.

Then...

Turn on (enable) System Restore :-

Follow the same proceedure, but this time uncheck Turn off System Restore

if you have any problem with this... here's a link to instructions :-


Disabling or enabling Windows XP System Restore >

http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?OpenDocument&src=sec_doc_nam

steam

Steam,

I did as you suggested and fixed these items.

Think I still have a virus as I can't update McAfee firewall/AV but I've downloaded McAfee's scanner/dat file and will scan in safe mode/dos.

Standing O! and a big vote of thanks to you and the other experts who donate time and expertise to help our community!!! We really appreciate your efforts.

Jim

As the problem appears to be resolved this topic will be archived.
If you need it re-opened please pm me or one of the forum mods.

Glad we could help. :)