vssrvc.exe DOS window pops up upon boot up...many times!
Upon booting this PC I get numerous DOS windows popping up with the \vssrve.exe trying to start up.
I have run several virus scans and removed several virus/spyware apps, but it still has this issue.
Any help would be appreciated!!
Wayne
I have run several virus scans and removed several virus/spyware apps, but it still has this issue.
Any help would be appreciated!!
Wayne
A Hijackthis scan log would help to show what is going on on your pc.
Download here:
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
Download the installer. Click on "Do a system scan and save a logfile". Post the scan log here via the "attach code snippet" box below.
Download here:
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
Download the installer. Click on "Do a system scan and save a logfile". Post the scan log here via the "attach code snippet" box below.
1.Probably caused by a virus/malware. Does it happen in Safe Mode too?
It sounds as if you're infected. Try a few of the free, online scans listed
here: http://www.bleepingcomputer.com/blo...?showentry=1252
It sounds as if you're infected. Try a few of the free, online scans listed
here: http://www.bleepingcomputer.com/blo...?showentry=1252
ASKER
phototropic,
Sorry I am so slow getting back with you, but attached is my HJT log file.
Thanks!
Wayne
Sorry I am so slow getting back with you, but attached is my HJT log file.
Thanks!
Wayne
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:25:23 AM, on 11/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cisvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\ntvdm.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus9.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.r21.mchsi.com:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.r21.mchsi.com;localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Xpyzzf] C:\WINDOWS\system32\d?dplay.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Bcigy] C:\WINDOWS\system32\M?crosoft.NET\j?vaw.exe
O4 - HKCU\..\Run: [Valws] "C:\Documents and Settings\Owner\My Documents\s?curity\?canregw.exe"
O4 - HKCU\..\Run: [Xdel] "C:\Documents and Settings\Owner\My Documents\??mantec\m?config.exe"
O4 - HKCU\..\Run: [Wcjk] "C:\Program Files\Common Files\s?curity\m?dtc.exe"
O4 - HKCU\..\Run: [Ulg] "C:\Program Files\Common Files\F?nts\?explore.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?ddfb74e499b047368c3a6483cc7d840b
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?ddfb74e499b047368c3a6483cc7d840b
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} (shizmoo Class) - http://www.uproar.com/applets/activex/shizmoo/flipside_web18.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {972BB342-14A7-4660-83C1-51DDBEE171DB} - http://www.pacimedia.com/install/pcs_0012.exe
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O20 - AppInit_DLLs: karna.dat
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe (file missing)
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\WINDOWS\system32\spoolsv.exe
--
End of file - 8651 bytesASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
photorpic,
I have already run Malwarebytes on this PC.
I will run smitfraud next and post the log. If smitfraud does not fix it, should I run SDFix before contatcting you again?
Do you want me to remove those entries with HJT??
Thanks!
Wayne
I have already run Malwarebytes on this PC.
I will run smitfraud next and post the log. If smitfraud does not fix it, should I run SDFix before contatcting you again?
Do you want me to remove those entries with HJT??
Thanks!
Wayne
If you have run Mbam, could you post the log?
HJT cannot fix those entries. If Smitfraud does not help, the next step would be Combofix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please post the smitfraud and combofix logs. Thanks.
HJT cannot fix those entries. If Smitfraud does not help, the next step would be Combofix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please post the smitfraud and combofix logs. Thanks.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I don't know if Smitfraudfix even removes purityscan infection, I would just go for combofix.
I was thinking that smitfraud would get rid of the karna.dat entry. I'm surprised mbam didn't pick up the Purityscan files.
wayneg12345,
Please could you post a recent mbam scan log. Thanks.
wayneg12345,
Please could you post a recent mbam scan log. Thanks.
ASKER
phototropic & rpggamergirl,
Thank you so much for the time you have spent with me on this virus issue!! Unfortunatly for some reason this virus has developed even more issues. I can no longer run Malware bytes or any other scan for that case, even in safe mode!!!
I have deceided that it is time to reload the OS and be done with this once and for all. Since I am new to this forum, can I split the 500 points between the two of you? I appreciate the time you have spent, and I want to do what is right.
Please advise what & how is the proceedure to accomplish this.
Thanks again for your time!
Wayne
Thank you so much for the time you have spent with me on this virus issue!! Unfortunatly for some reason this virus has developed even more issues. I can no longer run Malware bytes or any other scan for that case, even in safe mode!!!
I have deceided that it is time to reload the OS and be done with this once and for all. Since I am new to this forum, can I split the 500 points between the two of you? I appreciate the time you have spent, and I want to do what is right.
Please advise what & how is the proceedure to accomplish this.
Thanks again for your time!
Wayne
"...I can no longer run Malware bytes or any other scan for that case, even in safe mode!!!..."
Sometimes it is necessary to rename av apps. (before you download them) in order to get them to run on an infected pc.
Sorry to hear that we couldn't get on top of this one. Question closing FAQs here:
https://www.experts-exchange.com/help.jsp#hi366
Sometimes it is necessary to rename av apps. (before you download them) in order to get them to run on an infected pc.
Sorry to hear that we couldn't get on top of this one. Question closing FAQs here:
https://www.experts-exchange.com/help.jsp#hi366
The file is a part of MS virtual server. Hope this link explains more.