Help - msclock.dll and other problems

Logs must be posted from normal boot mode and for future reference, only when they are requested (as indicated in the stickies).

Please post a HijackThis log from normal boot mode and do not reboot or power down after posting. You show signs of some malware that recreates itself with new names at shutdown.

 

If you are using WinXP or WinMe, make sure you have system restore disabled (per the tutorial).
For all OS types, make sure viewing of hidden files is enabled (per the tutorial).


Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: (no name) - {28BC2EC4-5EAD-45E1-9F9F-82CD5E293601} - (no file)
O4 - HKLM\..\Run: [qihuktp] c:\windows\system32\qihuktp.exe -start
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {BFC9677B-8006-4336-9D49-2C797AEFCB9E} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1058_XP.cab
O16 - DPF: {C0B285F6-DB2B-4908-9C58-F6D95397D747} - http://www.pacimedia.com/install/pcs_0006.exe
O16 - DPF: {EF4DCD99-D26B-44A4-BA77-CFDCC97E7291} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1062_XP.cab
O16 - DPF: {FA83E942-B796-46DE-9155-1632ECC5473B} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1061_XP.cab

After clicking Fix, exit HJT.

Boot into safe mode and use Windows Explorer to delete:
c:\windows\system32\qihuktp.exe

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.


Now run Ccleaner (installed while running the READ ME FIRST). Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.

Now reboot in normal mode and continue with the below steps to run Ewido


- Download this trial version of Ewido Security Suite

• Install ewido security suite
• Launch ewido, there should be an icon on your desktop double-click it.
• The program will have a window come up. One of the buttons on the left is to Update. Click the Update button.and then Start the Update. The update will start and a progress bar will show the updates being installed.
• After it completes the update, click the Scanner button

Now exit Ewido. Now print the below instructions or save them locally because I want you do have no browsers opened and also have no connection to the internet (unplug your cable) while doing the below.

Okay, reboot into safe mode and follow the steps below. (If you have any problems at all trying to get into safe mode to complete these steps, just run them in normal boot mode and make sure you tell me when you come back.)

Open up Ewido and do the following:

• Click on Scanner
• Then click Settings
• Under What to Scan? Select Scan every file
• Then click OK
• Click on Complete System Scan and the scan will start.
• Let the program scan the machine

While the scan is in progress you will be prompted to clean files that are infected. Leave the defaults selections (to Remove and backup) and click OK. To save yourself some time, you can select Perform action with all infections and then click OK. With the option to scan every file, a lot of cookies will be removed.

Once the scan has completed, there will be a button located on the bottom of the screen named Save report

• Click Save report
• Save the report to your desktop or anyplace you will be able to find it to upload here.

Reboot into normal mode and reconnect to the internet.

Come back here and post the Ewido Scan Report. And tell me if you are still having any problems. This log could get quite large and you may need to compress it into a ZIP file to upload it.

Post this Ewido log.

And now also post a new HJT log. And tell us how things are working.

 

See this: http://www.liutilities.com/products/wintaskspro/processlibrary/tgcmd/

And decide whether you need to keep it. Will you ever need this (I doubt it)?

The below line is still in your log. Try fixing it again:

O3 - Toolbar: (no name) - {28BC2EC4-5EAD-45E1-9F9F-82CD5E293601} - (no file)

Other than that, you are clean. How are things working? If everything is still good, then you should follow the steps in the below link:

How to Protect yourself from malware!

 

You need to have an antivirus so if you decide to remove McAfee you would need to install another.
As you can see from you log, McAfee is rather bloated and can cause some PCs to slow down. Symantec/Norton is very similar. It's up to you whether you like it or not. The How to Protect thread tells you about that kinds of tools you must have installed and provides some pointers to some very useful (and many are free) programs. Which ones you install (even ones from other companies) are up to you. But be careful with spyware type tools! There are loads of rogues out there. See: http://www.spywarewarrior.com/rogue_anti-spyware.htm

 

That's really a Software Forum issue! What fragments are you talking about?

 

AVG will constantly monitor but you need to get updates when they come out and do periodic full scans. Things can sneak in prior to the updates that can detect them.

Unless you purchase Ad-Aware SE, it does not monitor anything. It is just a scanner.

You need to do the stuff I gave you in message # 9 in the How to Protect thread.