Virus?

[ThurinEthir]

My computer has been acting kind of strangely lately. What I mean is random freezing and lagging. I know I have a lot of unnecessary programs open, and that may be causing some lag, but I always have them open, before his strange stuff started happening. So I think I might have a virus...I did a HJT scan, and here's the log.

 

 

 

Logfile of HijackThis v1.99.1

 

Scan saved at 1:12:02 PM, on 10/7/2006

 

Platform: Windows XP SP2 (WinNT 5.01.2600)

 

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

 

 

Running processes:

 

C:\WINDOWS\System32\smss[Caution: Executable File]

 

C:\WINDOWS\system32\winlogon[Caution: Executable File]

 

C:\WINDOWS\system32\services[Caution: Executable File]

 

C:\WINDOWS\system32\lsass[Caution: Executable File]

 

C:\WINDOWS\system32\svchost[Caution: Executable File]

 

C:\WINDOWS\System32\svchost[Caution: Executable File]

 

C:\WINDOWS\system32\spoolsv[Caution: Executable File]

 

C:\Program Files\Common Files\Acronis\Schedule2\schedul2[Caution: Executable File]

 

C:\WINDOWS\asuskbservice[Caution: Executable File]

 

c:\program files\mcafee.com\agent\mcdetect[Caution: Executable File]

 

c:\PROGRA~1\mcafee.com\vso\mcshield[Caution: Executable File]

 

c:\PROGRA~1\mcafee.com\agent\mctskshd[Caution: Executable File]

 

C:\WINDOWS\system32\nvsvc32[Caution: Executable File]

 

C:\Program Files\Analog Devices\SoundMAX\SMAgent[Caution: Executable File]

 

C:\WINDOWS\system32\svchost[Caution: Executable File]

 

C:\Program Files\Common Files\Acronis\ProcessActivityMonitor\paamsrv[Caution: Executable File]

 

C:\WINDOWS\Explorer[Caution: Executable File]

 

C:\Program Files\Microsoft Works\WksSb[Caution: Executable File]

 

C:\Program Files\Logitech\MouseWare\system\em_exec[Caution: Executable File]

 

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0EIC1[Caution: Executable File]

 

C:\WINDOWS\system32\SK2690DM[Caution: Executable File]

 

C:\Program Files\McAfee.com\VSO\mcvsshld[Caution: Executable File]

 

C:\Program Files\McAfee.com\VSO\oasclnt[Caution: Executable File]

 

C:\PROGRA~1\mcafee.com\agent\mcagent[Caution: Executable File]

 

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp[Caution: Executable File]

 

C:\Program Files\Acronis\PrivacyExpert\Shield[Caution: Executable File]

 

C:\WINDOWS\anvshell[Caution: Executable File]

 

C:\Program Files\iTunesHelper[Caution: Executable File]

 

C:\Program Files\Logitech\Profiler\lwemon[Caution: Executable File]

 

c:\progra~1\mcafee.com\vso\mcvsescn[Caution: Executable File]

 

C:\Program Files\iPod\bin\iPodService[Caution: Executable File]

 

C:\Program Files\Messenger\msmsgs[Caution: Executable File]

 

c:\progra~1\mcafee.com\vso\mcvsftsn[Caution: Executable File]

 

C:\Program Files\Mozilla Firefox\firefox[Caution: Executable File]

 

D:\____\HijackThis[Caution: Executable File]

 

C:\WINDOWS\system32\NOTEPAD[Caution: Executable File]

 

 

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm

 

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL

 

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

 

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

 

O2 - BHO: Acronis Popup Blocker - {E24AD748-155E-4254-B674-4EDF86E7E1DF} - C:\PROGRA~1\Acronis\PRIVAC~1\Blocker.dll

 

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL

 

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

 

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

 

O4 - HKLM\..\Run: [systemTray] SysTray[Caution: Executable File]

 

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb[Caution: Executable File] /AllUsers

 

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect[Caution: Executable File]

 

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX[Caution: Executable File]

 

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy[Caution: Executable File]"

 

O4 - HKLM\..\Run: [EPSON Stylus Photo 820 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0EIC1[Caution: Executable File] /P29 "EPSON Stylus Photo 820 Series" /O6 "USB001" /M "Stylus Photo 820"

 

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG[Caution: Executable File]" /Spoil /RemAdvDef /Migration32

 

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst[Caution: Executable File] /SYNC

 

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP[Caution: Executable File] /SYNC

 

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP[Caution: Executable File] /IMEName

 

O4 - HKLM\..\Run: [Hot Key Kbd 2690 Daemon] SK2690DM[Caution: Executable File]

 

O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr[Caution: Executable File]" /checktask

 

O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld[Caution: Executable File]

 

O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt[Caution: Executable File]

 

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent[Caution: Executable File]

 

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate[Caution: Executable File]

 

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp[Caution: Executable File]"

 

O4 - HKLM\..\Run: [spyWare Shield] "C:\Program Files\Acronis\PrivacyExpert\Shield[Caution: Executable File]"

 

O4 - HKLM\..\Run: [nForce Tray Options] sstray[Caution: Executable File] /r

 

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32[Caution: Executable File] C:\WINDOWS\system32\NvCpl.dll,NvStartup

 

O4 - HKLM\..\Run: [nwiz] nwiz[Caution: Executable File] /install

 

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32[Caution: Executable File] C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

 

O4 - HKLM\..\Run: [anvshell] anvshell[Caution: Executable File]

 

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunesHelper[Caution: Executable File]"

 

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: Executable File]" -atboottime

 

O4 - HKCU\..\Run: [start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon[Caution: Executable File]" /noui

 

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs[Caution: Executable File]" /background

 

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager[Caution: Executable File]" AcRdB7_0_8 -reboot 1

 

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader[Caution: Executable File]

 

O4 - Global Startup: CAMEDIA Master.lnk = C:\Program Files\OLYMPUS\CAMEDIA Master 4.1\CM_camera[Caution: Executable File]

 

O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder[Caution: Executable File]

 

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl[Caution: Executable File]

 

O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html

 

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

 

O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html

 

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html

 

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL[Caution: Executable File]/3000

 

O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html

 

O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html

 

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

 

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

 

O9 - Extra button: Acronis Pop-up Blocker - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - C:\PROGRA~1\Acronis\PRIVAC~1\Blocker.dll

 

O9 - Extra 'Tools' menuitem: Acronis Pop-up Blocker - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - C:\PROGRA~1\Acronis\PRIVAC~1\Blocker.dll

 

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL

 

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL

 

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL

 

O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL

 

O9 - Extra button: (no name) - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINDOWS\system32\shdocvw.dll

 

O9 - Extra 'Tools' menuitem: IMI - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINDOWS\system32\shdocvw.dll

 

O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

 

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: Executable File]

 

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: Executable File]

 

O13 - WWW. Prefix: http://

 

O15 - Trusted Zone: http://*.windowsupdate.com

 

O16 - DPF: Win32 Classes -

 

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

 

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2[Caution: Executable File]

 

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc[Caution: Executable File]

 

O23 - Service: ASUSKeyboardService - ASUSTeK COMPUTER INC. - C:\WINDOWS\asuskbservice[Caution: Executable File]

 

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT[Caution: Executable File]

 

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService[Caution: Executable File]

 

O23 - Service: McAfee WSC Integration (McDetect[Caution: Executable File]) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect[Caution: Executable File]

 

O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield[Caution: Executable File]

 

O23 - Service: McAfee Task Scheduler (McTskshd[Caution: Executable File]) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd[Caution: Executable File]

 

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr[Caution: Executable File]) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr[Caution: Executable File]

 

O23 - Service: %NVSVC.name% (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32[Caution: Executable File]

 

O23 - Service: Process Activity Monitor (paamsrv) - Unknown owner - C:\Program Files\Common Files\Acronis\ProcessActivityMonitor\paamsrv[Caution: Executable File]

 

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent[Caution: Executable File]

 

 

 

 

 

Anything?

[ThurinEthir]

Does anyone know? Because now, this popped up...

 

 

 

 

 

 

Please, I really need help.

[coltm4carbine]

Joke shake is harmless.

 

 

 

Might be some kids playing a joke on you. It is meant to make your screen shake.

 

 

 

Just let McAfee remove it.

[ThurinEthir]

It won't let me delete it. Amd according to McAfee, it's a Trojan that downloads something.

[weezcake]

Load windows in Safe Mode and try again.

[coltm4carbine]

According to McAfee it is a Pup [potentially unwanted program]

 

 

 

PUP usually includes spyware and adware - not trojans or things like that.

 

 

 

Close all internet explorer + firefox windows then clear your tempery internet files and the cookies.

 

 

 

Try safemode and scan - see if it still finds it.

 

 

 

If it still doesn't work tell me the path of this jokeware. [it should be in your temp because this is a javascript that makes your windows shake after visiting a site]

[ThurinEthir]

I turned off the possibly infected computer for now, at least until my dad gets home from Switzerland on Tuesday. I'll use a different computer for now...And my dad should know what to do, he has a major in computer science or something. Nothing should happen if the computer is off, right?

[coltm4carbine]

nothing will happen to it anyway, so the answer to your question is no.