Tech Support Forum - View Single Post - having probs- virus or something else

woodman667 · 02-27-2005, 10:08 AM

not sure whats happened but things are going slow on already slow pc
any help gladly welcome

===========================================================================================================================
Log was analyzed using HijackThis Analyzer - Updated on 1/7/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\GUARDIAN\CMGRDIAN.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\INSTANT UPDATER\RULAUNCH.EXE
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
O4 - HKLM\..\Run: [McAfee Guardian] "C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\GUARDIAN\CMGRDIAN.EXE" /SU
O4 - HKLM\..\RunServices: [McVsRte] C:\PROGRA~1\MCAFEE.COM\VSO\mcvsrte.exe /embedding
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.0
Scan saved at 16:44:19, on 27-02-05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\SCRSVC.EXE
C:\WINDOWS\SYSTEM\BOOTPD.EXE
C:\TBRIDGE\FLATBED.EXE
C:\WINDOWS\SYSTEM\BOOTPD.EXE
C:\ATI\ATIDESK\ATISCHED.EXE
C:\PROGRAM FILES\OPENOFFICE.ORG1.1.2\PROGRAM\SOFFICE.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSFTSN.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dial.blueyonder.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dial.blueyonder.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by blueyonder
F1 - win.ini: run=hpfsched
O1 - Hosts: 66.180.173.39 www.google.ae
O1 - Hosts: 66.180.173.39 www.google.am
O1 - Hosts: 66.180.173.39 www.google.as
O1 - Hosts: 66.180.173.39 www.google.at
O1 - Hosts: 66.180.173.39 www.google.az
O1 - Hosts: 66.180.173.39 www.google.be
O1 - Hosts: 66.180.173.39 www.google.bi
O1 - Hosts: 66.180.173.39 www.google.ca
O1 - Hosts: 66.180.173.39 www.google.cd
O1 - Hosts: 66.180.173.39 www.google.cg
O1 - Hosts: 66.180.173.39 www.google.ch
O1 - Hosts: 66.180.173.39 www.google.ci
O1 - Hosts: 66.180.173.39 www.google.cl
O1 - Hosts: 66.180.173.39 www.google.co.cr
O1 - Hosts: 66.180.173.39 www.google.co.hu
O1 - Hosts: 66.180.173.39 www.google.co.il
O1 - Hosts: 66.180.173.39 www.google.co.in
O1 - Hosts: 66.180.173.39 www.google.co.je
O1 - Hosts: 66.180.173.39 www.google.co.jp
O1 - Hosts: 66.180.173.39 www.google.co.ke
O1 - Hosts: 66.180.173.39 www.google.co.kr
O1 - Hosts: 66.180.173.39 www.google.co.ls
O1 - Hosts: 66.180.173.39 www.google.co.nz
O1 - Hosts: 66.180.173.39 www.google.co.th
O1 - Hosts: 66.180.173.39 www.google.co.ug
O1 - Hosts: 66.180.173.39 www.google.co.uk
O1 - Hosts: 66.180.173.39 www.google.co.ve
O1 - Hosts: 66.180.173.39 www.google.com
O1 - Hosts: 66.180.173.39 www.google.com.ag
O1 - Hosts: 66.180.173.39 www.google.com.ar
O1 - Hosts: 66.180.173.39 www.google.com.au
O1 - Hosts: 66.180.173.39 www.google.com.br
O1 - Hosts: 66.180.173.39 www.google.com.co
O1 - Hosts: 66.180.173.39 www.google.com.cu
O1 - Hosts: 66.180.173.39 www.google.com.do
O1 - Hosts: 66.180.173.39 www.google.com.ec
O1 - Hosts: 66.180.173.39 www.google.com.fj
O1 - Hosts: 66.180.173.39 www.google.com.gi
O1 - Hosts: 66.180.173.39 www.google.com.gr
O1 - Hosts: 66.180.173.39 www.google.com.gt
O1 - Hosts: 66.180.173.39 www.google.com.hk
O1 - Hosts: 66.180.173.39 www.google.com.ly
O1 - Hosts: 66.180.173.39 www.google.com.mt
O1 - Hosts: 66.180.173.39 www.google.com.mx
O1 - Hosts: 66.180.173.39 www.google.com.my
O1 - Hosts: 66.180.173.39 www.google.com.na
O1 - Hosts: 66.180.173.39 www.google.com.nf
O1 - Hosts: 66.180.173.39 www.google.com.ni
O1 - Hosts: 66.180.173.39 www.google.com.np
O1 - Hosts: 66.180.173.39 www.google.com.pa
O1 - Hosts: 66.180.173.39 www.google.com.pe
O1 - Hosts: 66.180.173.39 www.google.com.ph
O1 - Hosts: 66.180.173.39 www.google.com.pk
O1 - Hosts: 66.180.173.39 www.google.com.pr
O1 - Hosts: 66.180.173.39 www.google.com.py
O1 - Hosts: 66.180.173.39 www.google.com.sa
O1 - Hosts: 66.180.173.39 www.google.com.sg
O1 - Hosts: 66.180.173.39 www.google.com.sv
O1 - Hosts: 66.180.173.39 www.google.com.tr
O1 - Hosts: 66.180.173.39 www.google.com.tw
O1 - Hosts: 66.180.173.39 www.google.com.ua
O1 - Hosts: 66.180.173.39 www.google.com.uy
O1 - Hosts: 66.180.173.39 www.google.com.vc
O1 - Hosts: 66.180.173.39 www.google.com.vn
O1 - Hosts: 66.180.173.39 www.google.de
O1 - Hosts: 66.180.173.39 www.google.dj
O1 - Hosts: 66.180.173.39 www.google.dk
O1 - Hosts: 66.180.173.39 www.google.es
O1 - Hosts: 66.180.173.39 www.google.fi
O1 - Hosts: 66.180.173.39 www.google.fm
O1 - Hosts: 66.180.173.39 www.google.fr
O1 - Hosts: 66.180.173.39 www.google.gg
O1 - Hosts: 66.180.173.39 www.google.gl
O1 - Hosts: 66.180.173.39 www.google.gm
O1 - Hosts: 66.180.173.39 www.google.hn
O1 - Hosts: 66.180.173.39 www.google.ie
O1 - Hosts: 66.180.173.39 www.google.it
O1 - Hosts: 66.180.173.39 www.google.kz
O1 - Hosts: 66.180.173.39 www.google.li
O1 - Hosts: 66.180.173.39 www.google.lt
O1 - Hosts: 66.180.173.39 www.google.lu
O1 - Hosts: 66.180.173.39 www.google.lv
O1 - Hosts: 66.180.173.39 www.google.mn
O1 - Hosts: 66.180.173.39 www.google.ms
O1 - Hosts: 66.180.173.39 www.google.mu
O1 - Hosts: 66.180.173.39 www.google.mw
O1 - Hosts: 66.180.173.39 www.google.nl
O1 - Hosts: 66.180.173.39 www.google.no
O1 - Hosts: 66.180.173.39 www.google.off.ai
O1 - Hosts: 66.180.173.39 www.google.pl
O1 - Hosts: 66.180.173.39 www.google.pn
O1 - Hosts: 66.180.173.39 www.google.pt
O1 - Hosts: 66.180.173.39 www.google.ro
O1 - Hosts: 66.180.173.39 www.google.ru
O1 - Hosts: 66.180.173.39 www.google.rw
O1 - Hosts: 66.180.173.39 www.google.se
O1 - Hosts: 66.180.173.39 www.google.sh
O1 - Hosts: 66.180.173.39 www.google.sk
O1 - Hosts: 66.180.173.39 www.google.sm
O1 - Hosts: 66.180.173.39 www.google.td
O1 - Hosts: 66.180.173.39 www.google.tm
O2 - BHO: Band Class - {8272B062-BD4D-4EAD-A149-45B3CE3F5CDA} - C:\WINDOWS\GPALM.DLL
O2 - BHO: (no name) - {5483427F-93B8-1470-5A89-E6B56484CDB2} - C:\WINDOWS\TEMP\lorvtigvqhh.dll
O3 - Toolbar: Band Class - {8272B062-BD4D-4EAD-A149-45B3CE3F5CDA} - C:\WINDOWS\GPALM.DLL
O4 - HKLM\..\Run: [VortexTray] ASP4TRAY.EXE
O4 - HKLM\..\Run: [GreasyPalmUpdate] C:\WINDOWS\GreasyPalmUpdate.exe
O4 - HKLM\..\Run: [scrsvc] C:\WINDOWS\SYSTEM\SCRSVC.EXE
O4 - HKLM\..\Run: [bootpd.exe] C:\WINDOWS\SYSTEM\BOOTPD.EXE
O4 - HKCU\..\RunOnce: [CleanUp!] C:\PROGRAM FILES\CLEANUP!\CLEANUP.exe /WindowsRestart
O4 - HKCU\..\RunServicesOnce: [CleanUp!] C:\PROGRAM FILES\CLEANUP!\CLEANUP.exe /WindowsRestart
O4 - Startup: Detector.lnk = C:\Tbridge\Flatbed.exe
O4 - Startup: OpenOffice.org 1.1.2.lnk = C:\Program Files\OpenOffice.org1.1.2\program\quickstart.exe
O4 - Startup: ATI Scheduler.lnk = C:\ati\atidesk\atisched.exe
O14 - IERESET.INF: START_PAGE_URL=http://dial.blueyonder.co.uk
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f007.mail.lycos.co.uk/app/upl...leUploader.cab
O16 - DPF: {4D561B31-49A0-4E2C-8AFF-353468EC669B} (GreasyPalmInstallHelper Class) - http://www.greasypalm.co.uk/bho/update/GreasyPalm.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.telewest.co.uk/motive/fil...ivePreQual.cab
O16 - DPF: Win32 Classes - file://C:\WINDOWS\Java\classes\win32ie4.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab

End of HijackThis Analyzer Log.
===========================================================================================================================

StartDreck (build 2.1.7 public stable) - 2005-02-27 @ 17:07:27 (GMT +00:00)
Platform: Windows 98 (Win 4.10.1998 )
Internet Explorer: 6.0.2600.0000
Logged in as sandra woodroffe at W98SYSREC

»Registry
»Run Keys
»Current User
»Run
*McAfee.InstantUpdate.Monitor="C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
*MsnMsgr="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
»RunOnce
»Default User
»Run
*McAfee.InstantUpdate.Monitor="C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
*MsnMsgr="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
»RunOnce
»Local Machine
»Run
*ScanRegistry=C:\WINDOWS\scanregw.exe /autorun
*TaskMonitor=C:\WINDOWS\taskmon.exe
*Batchreg1=
*SystemTray=SysTray.Exe
*Recover=
*VSOCheckTask="C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
*VirusScan Online="C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe"
*MCAgentExe=C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
*MCUpdateExe=C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
*Atikey=Atitask.exe
*AtiCwd32=Aticwd32.exe
*VortexTray=ASP4TRAY.EXE
*TkBellExe="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
*QuickTime Task="C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
*McAfee Guardian="C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\GUARDIAN\CMGRDIAN.EXE" /SU
*LoadQM=loadqm.exe
*GreasyPalmUpdate=C:\WINDOWS\GreasyPalmUpdate.exe
*WinampAgent=C:\Program Files\Winamp\winampa.exe
*scrsvc=C:\WINDOWS\SYSTEM\SCRSVC.EXE
*LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
*bootpd.exe=C:\WINDOWS\SYSTEM\BOOTPD.EXE
»RunOnce
»RunServices
*McVsRte=C:\PROGRA~1\MCAFEE.COM\VSO\mcvsrte.exe /embedding
*LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
*SchedulingAgent=C:\WINDOWS\SYSTEM\mstask.exe
»RunServicesOnce
»RunOnceEx
»RunServicesOnceEx
»File Associations (CR)
+.bat
*batfile="%1" %*
+.com
*comfile="%1" %*
+.exe
*exefile="%1" %*
+.hta
*htafile=C:\WINDOWS\SYSTEM\MSHTA.EXE "%1" %*
+.htm
*htmlfile="C:\PROGRA~1\INTERN~1\iexplore.exe" -nohome
+.html
*htmlfile="C:\PROGRA~1\INTERN~1\iexplore.exe" -nohome
+.js
*JSFile=C:\WINDOWS\WScript.exe "%1" %*
+.jse
*JSEFile=C:\WINDOWS\WScript.exe "%1" %*
+.pif
*piffile="%1" %*
+.reg
*regfile=regedit.exe "%1"
+.scr
*scrfile="%1" /S
+.txt
*txtfile=C:\WINDOWS\NOTEPAD.EXE %1
+.vbs
*VBSFile=C:\WINDOWS\WScript.exe "%1" %*
+.vbe
*VBEFile=C:\WINDOWS\WScript.exe "%1" %*
+.wsh
*WSHFile=C:\WINDOWS\WScript.exe "%1" %*
+.wsf
*WSFFile=C:\WINDOWS\WScript.exe "%1" %*
+.lnk
`lnkfile= [key or value does not exist]
»Browser Helper Objects (LM)
*AcroIEHelper.AcroIEHlprObj.1/{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
`InprocServer32=C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
*GreasyPalm.Band.1/{8272B062-BD4D-4EAD-A149-45B3CE3F5CDA}
`InprocServer32=C:\WINDOWS\GPALM.DLL
*{5483427F-93B8-1470-5A89-E6B56484CDB2}
`InprocServer32=C:\WINDOWS\TEMP\lorvtigvqhh.dll
»Files
»Autostart Folders
»Current User
*C:\WINDOWS\Start Menu\Programs\StartUp\Detector.lnk
*C:\WINDOWS\Start Menu\Programs\StartUp\WinZip Quick Pick.lnk
*C:\WINDOWS\Start Menu\Programs\StartUp\OpenOffice.org 1.1.2.lnk
*C:\WINDOWS\Start Menu\Programs\StartUp\ATI Scheduler.lnk
»Default User
*C:\WINDOWS\Start Menu\Programs\StartUp\Detector.lnk
*C:\WINDOWS\Start Menu\Programs\StartUp\WinZip Quick Pick.lnk
*C:\WINDOWS\Start Menu\Programs\StartUp\OpenOffice.org 1.1.2.lnk
*C:\WINDOWS\Start Menu\Programs\StartUp\ATI Scheduler.lnk
»Local Machine
»INI-Files
»WIN.INI\[windows]
*LOAD=
*RUN=hpfsched
»SYSTEM.INI\[boot]
*SHELL=Explorer.exe
»Text Files
*C:\msdos.sys
*C:\config.sys
*C:\autoexec.bat
*C:\WINDOWS\wininit.bak
*C:\WINDOWS\dosstart.bat
*C:\WINDOWS\hosts
»System/Drivers
»Running Processes
+FFEF42C3=C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFF9C03=C:\WINDOWS\SYSTEM\MSGSRV32.EXE
+FFFF8AF3=C:\WINDOWS\SYSTEM\MPREXE.EXE
+FFFE0727=C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE
+FFFE5DBB=C:\WINDOWS\SYSTEM\MSTASK.EXE
+FFFE499B=C:\WINDOWS\SYSTEM\mmtask.tsk
+FFFFD8AF=C:\WINDOWS\EXPLORER.EXE
+FFFEC76B=C:\WINDOWS\TASKMON.EXE
+FFFD3E5B=C:\WINDOWS\SYSTEM\SYSTRAY.EXE
+FFFD14F7=C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
+FFFD0D17=C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
+FFFD610F=C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
+FFFD8BDF=C:\WINDOWS\SYSTEM\ATITASK.EXE
+FFFDF3F3=C:\WINDOWS\SYSTEM\ATICWD32.EXE
+FFFD5E27=C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
+FFFDEF87=C:\WINDOWS\SYSTEM\QTTASK.EXE
+FFFD1797=C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\GUARDIAN\CMGRDIAN.EXE
+FFFDC103=C:\WINDOWS\LOADQM.EXE
+FFFC1213=C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
+FFFC6133=C:\WINDOWS\SYSTEM\SCRSVC.EXE
+FFFC081F=C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\INSTANT UPDATER\RULAUNCH.EXE
+FFFC0F43=C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
+FFF31153=C:\TBRIDGE\FLATBED.EXE
+FFF36333=C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
+FFF3AC63=C:\ATI\ATIDESK\ATISCHED.EXE
+FFF3D64B=C:\PROGRAM FILES\OPENOFFICE.ORG1.1.2\PROGRAM\SOFFICE.EXE
+FFF24A27=C:\WINDOWS\SYSTEM\DDHELP.EXE
+FFF3FBFB=C:\WINDOWS\SYSTEM\RNAAPP.EXE
+FFF16773=C:\WINDOWS\SYSTEM\TAPISRV.EXE
+FFF0DECF=C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSFTSN.EXE
+FFF5C6AB=C:\STARTDREK\STARTDRECK.EXE
»NT Services
»Application specific

---------------------------
like i say getting lots of system hangs
and boot pd seems to be running twice in task manager

thanks jase

02-27-2005, 10:08 AM	#1 (permalink)
woodman667 Registered User Join Date: Feb 2005 Location: england Posts: 5 OS: win98	having probs- virus or something else not sure whats happened but things are going slow on already slow pc any help gladly welcome =========================================================================================================================== Log was analyzed using HijackThis Analyzer - Updated on 1/7/05 Get updates at http://www.greyknight17.com/download.htm#programs *Security Programs Detected* C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\GUARDIAN\CMGRDIAN.EXE C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\INSTANT UPDATER\RULAUNCH.EXE O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask O4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe" O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE O4 - HKLM\..\Run: [McAfee Guardian] "C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\GUARDIAN\CMGRDIAN.EXE" /SU O4 - HKLM\..\RunServices: [McVsRte] C:\PROGRA~1\MCAFEE.COM\VSO\mcvsrte.exe /embedding O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Logfile of HijackThis v1.99.0 Scan saved at 16:44:19, on 27-02-05 Platform: Windows 98 Gold (Win9x 4.10.1998) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\SYSTEM\SCRSVC.EXE C:\WINDOWS\SYSTEM\BOOTPD.EXE C:\TBRIDGE\FLATBED.EXE C:\WINDOWS\SYSTEM\BOOTPD.EXE C:\ATI\ATIDESK\ATISCHED.EXE C:\PROGRAM FILES\OPENOFFICE.ORG1.1.2\PROGRAM\SOFFICE.EXE C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSFTSN.EXE C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dial.blueyonder.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dial.blueyonder.co.uk R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by blueyonder F1 - win.ini: run=hpfsched O1 - Hosts: 66.180.173.39 www.google.ae O1 - Hosts: 66.180.173.39 www.google.am O1 - Hosts: 66.180.173.39 www.google.as O1 - Hosts: 66.180.173.39 www.google.at O1 - Hosts: 66.180.173.39 www.google.az O1 - Hosts: 66.180.173.39 www.google.be O1 - Hosts: 66.180.173.39 www.google.bi O1 - Hosts: 66.180.173.39 www.google.ca O1 - Hosts: 66.180.173.39 www.google.cd O1 - Hosts: 66.180.173.39 www.google.cg O1 - Hosts: 66.180.173.39 www.google.ch O1 - Hosts: 66.180.173.39 www.google.ci O1 - Hosts: 66.180.173.39 www.google.cl O1 - Hosts: 66.180.173.39 www.google.co.cr O1 - Hosts: 66.180.173.39 www.google.co.hu O1 - Hosts: 66.180.173.39 www.google.co.il O1 - Hosts: 66.180.173.39 www.google.co.in O1 - Hosts: 66.180.173.39 www.google.co.je O1 - Hosts: 66.180.173.39 www.google.co.jp O1 - Hosts: 66.180.173.39 www.google.co.ke O1 - Hosts: 66.180.173.39 www.google.co.kr O1 - Hosts: 66.180.173.39 www.google.co.ls O1 - Hosts: 66.180.173.39 www.google.co.nz O1 - Hosts: 66.180.173.39 www.google.co.th O1 - Hosts: 66.180.173.39 www.google.co.ug O1 - Hosts: 66.180.173.39 www.google.co.uk O1 - Hosts: 66.180.173.39 www.google.co.ve O1 - Hosts: 66.180.173.39 www.google.com O1 - Hosts: 66.180.173.39 www.google.com.ag O1 - Hosts: 66.180.173.39 www.google.com.ar O1 - Hosts: 66.180.173.39 www.google.com.au O1 - Hosts: 66.180.173.39 www.google.com.br O1 - Hosts: 66.180.173.39 www.google.com.co O1 - Hosts: 66.180.173.39 www.google.com.cu O1 - Hosts: 66.180.173.39 www.google.com.do O1 - Hosts: 66.180.173.39 www.google.com.ec O1 - Hosts: 66.180.173.39 www.google.com.fj O1 - Hosts: 66.180.173.39 www.google.com.gi O1 - Hosts: 66.180.173.39 www.google.com.gr O1 - Hosts: 66.180.173.39 www.google.com.gt O1 - Hosts: 66.180.173.39 www.google.com.hk O1 - Hosts: 66.180.173.39 www.google.com.ly O1 - Hosts: 66.180.173.39 www.google.com.mt O1 - Hosts: 66.180.173.39 www.google.com.mx O1 - Hosts: 66.180.173.39 www.google.com.my O1 - Hosts: 66.180.173.39 www.google.com.na O1 - Hosts: 66.180.173.39 www.google.com.nf O1 - Hosts: 66.180.173.39 www.google.com.ni O1 - Hosts: 66.180.173.39 www.google.com.np O1 - Hosts: 66.180.173.39 www.google.com.pa O1 - Hosts: 66.180.173.39 www.google.com.pe O1 - Hosts: 66.180.173.39 www.google.com.ph O1 - Hosts: 66.180.173.39 www.google.com.pk O1 - Hosts: 66.180.173.39 www.google.com.pr O1 - Hosts: 66.180.173.39 www.google.com.py O1 - Hosts: 66.180.173.39 www.google.com.sa O1 - Hosts: 66.180.173.39 www.google.com.sg O1 - Hosts: 66.180.173.39 www.google.com.sv O1 - Hosts: 66.180.173.39 www.google.com.tr O1 - Hosts: 66.180.173.39 www.google.com.tw O1 - Hosts: 66.180.173.39 www.google.com.ua O1 - Hosts: 66.180.173.39 www.google.com.uy O1 - Hosts: 66.180.173.39 www.google.com.vc O1 - Hosts: 66.180.173.39 www.google.com.vn O1 - Hosts: 66.180.173.39 www.google.de O1 - Hosts: 66.180.173.39 www.google.dj O1 - Hosts: 66.180.173.39 www.google.dk O1 - Hosts: 66.180.173.39 www.google.es O1 - Hosts: 66.180.173.39 www.google.fi O1 - Hosts: 66.180.173.39 www.google.fm O1 - Hosts: 66.180.173.39 www.google.fr O1 - Hosts: 66.180.173.39 www.google.gg O1 - Hosts: 66.180.173.39 www.google.gl O1 - Hosts: 66.180.173.39 www.google.gm O1 - Hosts: 66.180.173.39 www.google.hn O1 - Hosts: 66.180.173.39 www.google.ie O1 - Hosts: 66.180.173.39 www.google.it O1 - Hosts: 66.180.173.39 www.google.kz O1 - Hosts: 66.180.173.39 www.google.li O1 - Hosts: 66.180.173.39 www.google.lt O1 - Hosts: 66.180.173.39 www.google.lu O1 - Hosts: 66.180.173.39 www.google.lv O1 - Hosts: 66.180.173.39 www.google.mn O1 - Hosts: 66.180.173.39 www.google.ms O1 - Hosts: 66.180.173.39 www.google.mu O1 - Hosts: 66.180.173.39 www.google.mw O1 - Hosts: 66.180.173.39 www.google.nl O1 - Hosts: 66.180.173.39 www.google.no O1 - Hosts: 66.180.173.39 www.google.off.ai O1 - Hosts: 66.180.173.39 www.google.pl O1 - Hosts: 66.180.173.39 www.google.pn O1 - Hosts: 66.180.173.39 www.google.pt O1 - Hosts: 66.180.173.39 www.google.ro O1 - Hosts: 66.180.173.39 www.google.ru O1 - Hosts: 66.180.173.39 www.google.rw O1 - Hosts: 66.180.173.39 www.google.se O1 - Hosts: 66.180.173.39 www.google.sh O1 - Hosts: 66.180.173.39 www.google.sk O1 - Hosts: 66.180.173.39 www.google.sm O1 - Hosts: 66.180.173.39 www.google.td O1 - Hosts: 66.180.173.39 www.google.tm O2 - BHO: Band Class - {8272B062-BD4D-4EAD-A149-45B3CE3F5CDA} - C:\WINDOWS\GPALM.DLL O2 - BHO: (no name) - {5483427F-93B8-1470-5A89-E6B56484CDB2} - C:\WINDOWS\TEMP\lorvtigvqhh.dll O3 - Toolbar: Band Class - {8272B062-BD4D-4EAD-A149-45B3CE3F5CDA} - C:\WINDOWS\GPALM.DLL O4 - HKLM\..\Run: [VortexTray] ASP4TRAY.EXE O4 - HKLM\..\Run: [GreasyPalmUpdate] C:\WINDOWS\GreasyPalmUpdate.exe O4 - HKLM\..\Run: [scrsvc] C:\WINDOWS\SYSTEM\SCRSVC.EXE O4 - HKLM\..\Run: [bootpd.exe] C:\WINDOWS\SYSTEM\BOOTPD.EXE O4 - HKCU\..\RunOnce: [CleanUp!] C:\PROGRAM FILES\CLEANUP!\CLEANUP.exe /WindowsRestart O4 - HKCU\..\RunServicesOnce: [CleanUp!] C:\PROGRAM FILES\CLEANUP!\CLEANUP.exe /WindowsRestart O4 - Startup: Detector.lnk = C:\Tbridge\Flatbed.exe O4 - Startup: OpenOffice.org 1.1.2.lnk = C:\Program Files\OpenOffice.org1.1.2\program\quickstart.exe O4 - Startup: ATI Scheduler.lnk = C:\ati\atidesk\atisched.exe O14 - IERESET.INF: START_PAGE_URL=http://dial.blueyonder.co.uk O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f007.mail.lycos.co.uk/app/upl...leUploader.cab O16 - DPF: {4D561B31-49A0-4E2C-8AFF-353468EC669B} (GreasyPalmInstallHelper Class) - http://www.greasypalm.co.uk/bho/update/GreasyPalm.cab O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.telewest.co.uk/motive/fil...ivePreQual.cab O16 - DPF: Win32 Classes - file://C:\WINDOWS\Java\classes\win32ie4.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab End of HijackThis Analyzer Log. =========================================================================================================================== StartDreck (build 2.1.7 public stable) - 2005-02-27 @ 17:07:27 (GMT +00:00) Platform: Windows 98 (Win 4.10.1998 ) Internet Explorer: 6.0.2600.0000 Logged in as sandra woodroffe at W98SYSREC »Registry »Run Keys »Current User »Run McAfee.InstantUpdate.Monitor="C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR MsnMsgr="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background »RunOnce »Default User »Run McAfee.InstantUpdate.Monitor="C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR MsnMsgr="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background »RunOnce »Local Machine »Run ScanRegistry=C:\WINDOWS\scanregw.exe /autorun TaskMonitor=C:\WINDOWS\taskmon.exe Batchreg1= SystemTray=SysTray.Exe Recover= VSOCheckTask="C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask VirusScan Online="C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe" MCAgentExe=C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe MCUpdateExe=C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE Atikey=Atitask.exe AtiCwd32=Aticwd32.exe VortexTray=ASP4TRAY.EXE TkBellExe="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot QuickTime Task="C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime McAfee Guardian="C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\GUARDIAN\CMGRDIAN.EXE" /SU LoadQM=loadqm.exe GreasyPalmUpdate=C:\WINDOWS\GreasyPalmUpdate.exe WinampAgent=C:\Program Files\Winamp\winampa.exe scrsvc=C:\WINDOWS\SYSTEM\SCRSVC.EXE LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme bootpd.exe=C:\WINDOWS\SYSTEM\BOOTPD.EXE »RunOnce »RunServices McVsRte=C:\PROGRA~1\MCAFEE.COM\VSO\mcvsrte.exe /embedding LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme SchedulingAgent=C:\WINDOWS\SYSTEM\mstask.exe »RunServicesOnce »RunOnceEx »RunServicesOnceEx »File Associations (CR) +.bat batfile="%1" % +.com comfile="%1" % +.exe exefile="%1" % +.hta htafile=C:\WINDOWS\SYSTEM\MSHTA.EXE "%1" % +.htm htmlfile="C:\PROGRA~1\INTERN~1\iexplore.exe" -nohome +.html htmlfile="C:\PROGRA~1\INTERN~1\iexplore.exe" -nohome +.js JSFile=C:\WINDOWS\WScript.exe "%1" % +.jse JSEFile=C:\WINDOWS\WScript.exe "%1" % +.pif piffile="%1" % +.reg regfile=regedit.exe "%1" +.scr scrfile="%1" /S +.txt txtfile=C:\WINDOWS\NOTEPAD.EXE %1 +.vbs VBSFile=C:\WINDOWS\WScript.exe "%1" %* +.vbe VBEFile=C:\WINDOWS\WScript.exe "%1" % +.wsh WSHFile=C:\WINDOWS\WScript.exe "%1" % +.wsf WSFFile=C:\WINDOWS\WScript.exe "%1" % +.lnk `lnkfile= [key or value does not exist] »Browser Helper Objects (LM) AcroIEHelper.AcroIEHlprObj.1/{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} `InprocServer32=C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX GreasyPalm.Band.1/{8272B062-BD4D-4EAD-A149-45B3CE3F5CDA} `InprocServer32=C:\WINDOWS\GPALM.DLL {5483427F-93B8-1470-5A89-E6B56484CDB2} `InprocServer32=C:\WINDOWS\TEMP\lorvtigvqhh.dll »Files »Autostart Folders »Current User C:\WINDOWS\Start Menu\Programs\StartUp\Detector.lnk C:\WINDOWS\Start Menu\Programs\StartUp\WinZip Quick Pick.lnk C:\WINDOWS\Start Menu\Programs\StartUp\OpenOffice.org 1.1.2.lnk C:\WINDOWS\Start Menu\Programs\StartUp\ATI Scheduler.lnk »Default User C:\WINDOWS\Start Menu\Programs\StartUp\Detector.lnk C:\WINDOWS\Start Menu\Programs\StartUp\WinZip Quick Pick.lnk C:\WINDOWS\Start Menu\Programs\StartUp\OpenOffice.org 1.1.2.lnk C:\WINDOWS\Start Menu\Programs\StartUp\ATI Scheduler.lnk »Local Machine »INI-Files »WIN.INI\[windows] LOAD= RUN=hpfsched »SYSTEM.INI\[boot] SHELL=Explorer.exe »Text Files C:\msdos.sys C:\config.sys C:\autoexec.bat C:\WINDOWS\wininit.bak C:\WINDOWS\dosstart.bat C:\WINDOWS\hosts »System/Drivers »Running Processes +FFEF42C3=C:\WINDOWS\SYSTEM\KERNEL32.DLL +FFFF9C03=C:\WINDOWS\SYSTEM\MSGSRV32.EXE +FFFF8AF3=C:\WINDOWS\SYSTEM\MPREXE.EXE +FFFE0727=C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE +FFFE5DBB=C:\WINDOWS\SYSTEM\MSTASK.EXE +FFFE499B=C:\WINDOWS\SYSTEM\mmtask.tsk +FFFFD8AF=C:\WINDOWS\EXPLORER.EXE +FFFEC76B=C:\WINDOWS\TASKMON.EXE +FFFD3E5B=C:\WINDOWS\SYSTEM\SYSTRAY.EXE +FFFD14F7=C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE +FFFD0D17=C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE +FFFD610F=C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE +FFFD8BDF=C:\WINDOWS\SYSTEM\ATITASK.EXE +FFFDF3F3=C:\WINDOWS\SYSTEM\ATICWD32.EXE +FFFD5E27=C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE +FFFDEF87=C:\WINDOWS\SYSTEM\QTTASK.EXE +FFFD1797=C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\GUARDIAN\CMGRDIAN.EXE +FFFDC103=C:\WINDOWS\LOADQM.EXE +FFFC1213=C:\PROGRAM FILES\WINAMP\WINAMPA.EXE +FFFC6133=C:\WINDOWS\SYSTEM\SCRSVC.EXE +FFFC081F=C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\INSTANT UPDATER\RULAUNCH.EXE +FFFC0F43=C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE +FFF31153=C:\TBRIDGE\FLATBED.EXE +FFF36333=C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE +FFF3AC63=C:\ATI\ATIDESK\ATISCHED.EXE +FFF3D64B=C:\PROGRAM FILES\OPENOFFICE.ORG1.1.2\PROGRAM\SOFFICE.EXE +FFF24A27=C:\WINDOWS\SYSTEM\DDHELP.EXE +FFF3FBFB=C:\WINDOWS\SYSTEM\RNAAPP.EXE +FFF16773=C:\WINDOWS\SYSTEM\TAPISRV.EXE +FFF0DECF=C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSFTSN.EXE +FFF5C6AB=C:\STARTDREK\STARTDRECK.EXE »NT Services »Application specific --------------------------- like i say getting lots of system hangs and boot pd seems to be running twice in task manager thanks jase