-----Original Message-----
-----Original Message-----
Barb:
The file mwsvm.exe appears to be related to SeekSearch search hijacker.
Download/install/update/scan with Ad-Aware from
http://www.lavasoftusa.com
to find and remove this and other scumware. You may
also
want to try Hijack
This at
http://mjc1.com/mirror/hjt/
--
randwulf57
I usually can navagate my way around and figure things
out but I receive a message everytime I reboot my
computer that states: Mwsvm.exe ordinal not found
"The ordinal 6877 could not be located in the dynamic
link library MFC42.DLL"
any suggestions from the experts would be greatly
appreciated.
Randwulf57
Thank you for your help, I ran the Ad-Ware and still
received the message. Attached is the log file from
HijackThis, I don't want to delete the wrong things.
Logfile of HijackThis v1.97.7
Scan saved at 12:17:55 PM, on 1/23/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Works
Shared\WkUFind.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Roxio\Easy CD Creator 5
\DirectCD\DirectCD.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Program Files\Microsoft Works\WksSb.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\slmss\slmss.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\Dell Computer\Dell Image
Expert\IXApplet.exe
C:\Program Files\Common Files\Microsoft Shared\Works
Shared\wkcalrem.exe
C:\Program Files\QUICKENW\QWDLLS.EXE
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\America Online 9.0\aolwbspd.exe
C:\Documents and Settings\Barb\Local
Settings\Temp\Temporary Directory 1 for
hijackthis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page =
http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start
Page =
http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,SearchAssistant =
http://www.seekseek.com/quicksearch.asp? session=E4C96E90-
DFD1-4586-A926-AC9816183E1C&version_id=18
O1 - Hosts: comments (such as these) may be inserted on
individual
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-
7695ECA05670} - C:\WINDOWS\Downloaded Program
Files\ycomp5_0_2_7.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0
\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DefaultSearch.SeekSeek - {5074851C-F67A-488E-
A9C9-C244573F4068} - C:\WINDOWS\ieasst.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-
FADC6B084872} - C:\Program Files\Norton
AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-
209B6AD74ACC} - C:\Program Files\Microsoft
Money\System\mnyviewer.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238- 8AD1-
7859DF00B1D6} - C:\Program Files\Norton
AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-
00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2- 892F-
0090271D4F88} - C:\WINDOWS\Downloaded Program
Files\ycomp5_0_2_7.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection]
C:\Program Files\Common Files\Microsoft Shared\Works
Shared\WkUFind.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32
\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32
\hkcmd.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1
\navapw32.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program
Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] C:\PROGRA~1
\LEXMAR~1\ACMonitor_X73.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Manager] C:\PROGRA~1
\LEXMAR~1\AcBtnMgr_X73.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32
\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program
Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [RealTray] C:\Program
Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [slmss] C:\Program Files\Common
Files\slmss\slmss.exe
O4 - HKLM\..\Run: [Mwsvm] C:\WINDOWS\mwsvm.exe
O4 - HKLM\..\Run: [frsk] C:\WINDOWS\frsk.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program
Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection]
C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Spino] C:\Program Files\Jurassic Park
III Games\Danger Zone\DINO3.EXE
O4 - Global Startup: America Online Tray Icon.lnk =
C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program
Files\AOL Companion\companion.exe
O4 - Global Startup: Billminder.lnk = C:\Program
Files\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Camio Viewer.lnk = C:\Program
Files\Dell Computer\Dell Image Expert\IXApplet.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program
Files\Broderbund\PrintMaster\PMremind.exe
O4 - Global Startup: Microsoft Works Calendar
Reminders.lnk = ?
O4 - Global Startup: Quicken Startup.lnk = C:\Program
Files\QUICKENW\QWDLLS.EXE
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: Dice Derby by pogo.com -
http://checkeredflag.pogo.com/applet/checkeredflag/check er
edflag-ob-assets.cab
O16 - DPF: Pop Fu by pogo.com -
http://popfu.pogo.com/applet/popfu/popfu-ob-assets.cab
O16 - DPF: Squelchies by pogo.com -
http://squelchies.pogo.com/applet/squelchies/squelchies-
ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo.com -
http://whackdown.pogo.com/applet/whackdown/whackdown-ob-
assets.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
(Shockwave ActiveX Control) -
http://download.macromedia.com/pub/shockwave/cabs/direct or
/sw.cab
O16 - DPF: {1DB3B8DD-5801-443F-B2D5-9BF8912B980E}
(dmgrax2Ctrl Class) -
http://www.lxsystems.com/downloads/Install.cab
O16 - DPF: {1FDEC088-A699-46FE-BF76-D5FD6DAE6150}
(UCSearch.ucUCSearch) -
http://www.armbender.com/UCSearch.CAB
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000}
(CInstall Class) -
http://www.wildtangent.com/webdrivers/webinstall/Install ..c
ab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B}
(QDiagAOLCCUpdateObj Class) -
http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B}
(GSDACtl Class) -
https://www.gamespyid.com/alaunch.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61}
(HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2003120501/housecall. an
tivirus.com/housecall/xscan53.cab
O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51}
(InstallShield Setup Player 2K2) -
http://www.learn2type.com/Rel091/setup.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
(Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/ sw
flash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6}
(McFreeScan Class) -
http://download.mcafee.com/molbin/iss-loc/vso/en-
us/tools/mcfscan/1,5,0,4290/mcfscan.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo!
Companion) -
http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/ yi
ebio5_0_2_7.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E4ED047-238F-
4542-A3BA-A01A51785FA4}: NameServer = 205.188.146.146
.
