Unsolved
This post is more than 5 years old
4 Posts
0
12500
November 29th, 2005 21:00
PUP Found ---Potentially Unwanted Program (Spyware, Adware...........)
Please Help!........I keep getting pop up mesages stating that Mcafee Virus Scan blocked a file from running on my computer. I'm a novice at computers and therefore I haven't acted on the alert. However my laptop (which is less than 3 months old) has become extremely slow. I've ran a complete McAfee Virus scan, but it didn't detect the file. The virus scan by Mcafee recognizes it as a PUP. The message states as follows:
PUP Found
The file
C:\WINDOWS\systems32\mllmk.dll is a Potentially Unwanted Program (spyware, adware, or other malware) and has been blockedfrom running on your computer.
If you do not recognize it, remove this PUP. If you recognize it, trust this PUP, and then rerun the program that triggered this alert.
My choices are as follows:
- Remove this PUP
- Trust This PUP
- Find out more information
- Continue what I was doing
I see some other messages on the Message Boards about this but cannot understand the steps as I am a novice; especially in regards to software issues.
Can you assist me, in 'layman language' (step by step procedure). Thank You.
No Events found!
ky331
5 Journeyman
•
15.6K Posts
•
45K Points
0
November 29th, 2005 22:00
I just replied to your other thread about WinFixer... this particular pup,
C:\WINDOWS\systems32\mllmk.dll
is in fact, the SOURCE of your WinFixer problem.
with this information, i can suggest an appropriate fix:
Download [but do *NOT* yet run] FixVundo from
http://securityresponse.symantec.com/avcenter/FixVundo.exe
[we'll have you run it later]
Note: If you have previously download this file on another occasion, please download it again, to be absolutely sure you have the most current version.
********************
Next, download VirtumundoBeGone from:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
* Save it to your Desktop
* Close all running programs (including your Internet Browser)
* Double-click VirtumundoBeGone.exe on the desktop
* Follow the directions as indicated
please be advised that this program will generate a "BLUE SCREEN OF DEATH"... this is an expected/necessary part of the process, so don't be surprised when it happens.
just reboot if your system "jams"*********************
After rebooting, it's now time to run FixVundo (which you had downloaded earlier).
Make sure all other programs, including your Internet Browser, are closed.
Double-click the FixVundo.exe file to start the removal tool.
Click Start to begin the process, and then allow this tool to run.
Important: Do not launch any new applications while the tool is running!
Reboot your computer.
Run the FixVundo removal tool again to ensure that the system is clean.
*********************
It's now time to report back to us:
VirtumundoBeGone generated a "log" file of its own, which it should have placed on your Desktop... please copy/paste the VirtumundoBeGone log, along with the updated latest HJT log I asked for in the other thread.
riverridge
4 Posts
0
December 13th, 2005 02:00
[12/12/2005, 22:56:55] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Cecilia Darkoh\Desktop\VirtumundoBeGone.exe" )
[12/12/2005, 22:57:05] - Detected System Information:
[12/12/2005, 22:57:05] - Windows Version: 5.1.2600, Service Pack 2
[12/12/2005, 22:57:06] - Current Username: Cecilia Darkoh (Admin)
[12/12/2005, 22:57:06] - Windows is in NORMAL mode.
[12/12/2005, 22:57:06] - Searching for Browser Helper Objects:
[12/12/2005, 22:57:06] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[12/12/2005, 22:57:06] - BHO 2: {4D25F921-B9FE-4682-BF72-8AB8210D6D75} ()
[12/12/2005, 22:57:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/12/2005, 22:57:06] - Checking for HKLM\...\Winlogon\Notify\deSrcAs
[12/12/2005, 22:57:06] - Key not found: HKLM\...\Winlogon\Notify\deSrcAs, continuing.
[12/12/2005, 22:57:06] - BHO 3: {5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
[12/12/2005, 22:57:06] - BHO 4: {8DBF02DA-4360-4A7E-BEA1-347B87816327} (MSEvents Object)
[12/12/2005, 22:57:06] - ALERT: Found MSEvents Object!
[12/12/2005, 22:57:06] - Finished Searching Browser Helper Objects
[12/12/2005, 22:57:06] - *** Detected MSEvents Object
[12/12/2005, 22:57:06] - Trying to remove MSEvents Object...
[12/12/2005, 22:57:07] - Terminating Process: IEXPLORE.EXE
[12/12/2005, 22:57:07] - Terminating Process: RUNDLL32.EXE
[12/12/2005, 22:57:07] - Disabling Automatic Shell Restart
[12/12/2005, 22:57:07] - Terminating Process: EXPLORER.EXE
[12/12/2005, 22:57:07] - Suspending the NT Session Manager System Service
[12/12/2005, 22:57:07] - Terminating Windows NT Logon/Logoff Manager
[12/12/2005, 22:57:07] - Re-enabling Automatic Shell Restart
[12/12/2005, 22:57:07] - File to disable: C:\WINDOWS\system32\jkkjk.dll
[12/12/2005, 22:57:07] - Renaming C:\WINDOWS\system32\jkkjk.dll -> C:\WINDOWS\system32\jkkjk.dll.vir
[12/12/2005, 22:57:07] - ! File rename was unsucessful.
[12/12/2005, 22:57:07] - Attempting to Deny Access to C:\WINDOWS\system32\jkkjk.dll
[12/12/2005, 22:57:07] - *** IMPORTANT: Delete/Rename/Move on reboot (like Killbox) MAY NOT work.
[12/12/2005, 22:57:07] - processed file: C:\WINDOWS\system32\jkkjk.dll
[12/12/2005, 22:57:07] - Removing HKLM\...\Browser Helper Objects\{8DBF02DA-4360-4A7E-BEA1-347B87816327}
[12/12/2005, 22:57:07] - Removing HKCR\CLSID\{8DBF02DA-4360-4A7E-BEA1-347B87816327}
[12/12/2005, 22:57:08] - Adding Kill Bit for ActiveX for GUID: {8DBF02DA-4360-4A7E-BEA1-347B87816327}
[12/12/2005, 22:57:08] - Deleting ATLEvents/MSEvents Registry entries
[12/12/2005, 22:57:08] - Removing HKLM\...\Winlogon\Notify\jkkjk
[12/12/2005, 22:57:08] - Searching for Browser Helper Objects:
[12/12/2005, 22:57:08] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[12/12/2005, 22:57:08] - BHO 2: {4D25F921-B9FE-4682-BF72-8AB8210D6D75} ()
[12/12/2005, 22:57:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/12/2005, 22:57:08] - Checking for HKLM\...\Winlogon\Notify\deSrcAs
[12/12/2005, 22:57:08] - Key not found: HKLM\...\Winlogon\Notify\deSrcAs, continuing.
[12/12/2005, 22:57:08] - BHO 3: {5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
[12/12/2005, 22:57:08] - BHO 4: {8DBF02DA-4360-4A7E-BEA1-347B87816327} ()
[12/12/2005, 22:57:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/12/2005, 22:57:08] - No filename found. Continuing.
[12/12/2005, 22:57:08] - Finished Searching Browser Helper Objects
[12/12/2005, 22:57:08] - Finishing up...
[12/12/2005, 22:57:08] - A restart is needed.
[12/12/2005, 22:57:08] - Automatic Reboot on STOP Error is not set. User will have to manually restart.
[12/12/2005, 22:57:32] - Attempting to Restart via STOP error (Blue Screen!)
Scan saved at 10:38:21 PM, on 12/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\HJT\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: MSEvents Object - {8DBF02DA-4360-4A7E-BEA1-347B87816327} - C:\WINDOWS\system32\jkkjk.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: jkkjk - C:\WINDOWS\system32\jkkjk.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
ky331
5 Journeyman
•
15.6K Posts
•
45K Points
0
December 13th, 2005 13:00