|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
09-24-2006, 06:06 AM
|
#1 (permalink) |
|
Registered User
Join Date: Sep 2006
Posts: 22
OS: XP
|
Win XP Won't Allow Access To Anything Except My Documents
Hi,
Firstly my apologies - I have read the Read Hijack This Notes before posting but :- 1. I downloaded Ad-Aware SE Personal edition and ran it with latest definitions. It got to "Performing System Scan", "Started Tracking Cookie Scan" and counted up to "Objects Scanned 70643" where it stopped (for about 25 minutes - nothing happening. The "Scanning Browser Cache" said 10 Running Processes, 364 Process Modules. 2. I ran VX2 Cleaner - it came back with Status = System Clean. 3. I ran Spybot Search & Destroy. It loaded up but said I needed to Update first. I have no way of doing this as I cannot connect to the internet. 4. I ran CWShredder by double clicking on it. Hours glass came up for a couple of seconds but that was it - no program launched whatsoever. This is a mates computer. It is running WinXP with Service Pack 2. He has McAfee antivirus which he subscribes to using broadband. No matter what you try to launch i.e. Explorer, My Computer, My Network Places, the computer blanks the desktop for a split second and then just re-displays the desktop again. I can get to the Start button and Programs list and run Applications i.e. Word, Excel, etc, but cannot use basic functions like Explorer. I can access the Run facility if that is any help. If there is any information anyone can offer or anyway I can at least get the basic list of 'before posting' programs to fully execute I would be grateful. I have a HijackThis log file if that is any help. M |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
09-25-2006, 08:31 AM
|
#2 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,615
OS: WinXP and Vista
|
Hello multilayer and welcome to TSF,
Has his McAfee detected anything recently? We will need to see the HijackThis log, as well as the .txt from the following tool: (Use another PC to download it to any removable media and transfer it to this 'sick' system) Download combofix from one of these locations:
Double click on combofix.exe & follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall |
|
|
|
|
09-26-2006, 05:21 PM
|
#3 (permalink) |
|
Registered User
Join Date: Sep 2006
Posts: 22
OS: XP
|
Hi Ried - Many thanks for your reply and the warm welcome - much appreciated.
I am at work tonight, but have downloaded the tool - will try it on my mates puter tomorrow after I wake up and get back to you with the results + the hijack this log. ML |
|
|
|
|
09-27-2006, 06:35 AM
|
#4 (permalink) |
|
Registered User
Join Date: Sep 2006
Posts: 22
OS: XP
|
Hi Ried,
Ran the ComboFix tool and also reran HJT to get an up to the minute log - both are listed below (ComboFix first). When I do anything on this box, I am logged in as the daughter, as I suspect it is her that has inadvertantly caused the problem. Her login is Lolly with no password. In answer to your previous question as to whether the user noticed McAfee detecting anything, the answer is no. This doesn't mean to say it didn't though, as his daughter uses the puter most for her 'homework' and a lot of Messenger! Would appreciate anything else you have to offer. ML ------------------------------------- Lolly - 06-09-27 13:08:52.82 Service Pack 2 ComboFix 06.09.27 - Running from: "C:\Documents and Settings\Lolly.LOLLYSABBIES.000\Desktop" ((((((((((((((((((((((((((((((( Files Created from 2006-08-27 to 2006-09-27 )))))))))))))))))))))))))))))))))) No new files created in this timespan (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-09-24 09:44 -------- d-------- C:\Program Files\Lavasoft 2006-09-24 09:44 -------- d-------- C:\Documents and Settings\Lolly.LOLLYSABBIES.000\Application Data\Lavasoft 2006-09-23 15:51 -------- d-------- C:\Program Files\PC MightyMax 2006-09-19 08:33 790565 --a------ C:\Program Files\defs.ref 2006-07-17 14:34 218112 --a------ C:\HijackThis.exe (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background" "MyWebSearch Email Plugin"="C:\\PROGRA~1\\MYWEBS~1\\bar\\2.bin\\mwsoemon.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe" "SunJavaUpdateSched"="C:\\Program Files\\Java\\j2re1.4.2_03\\bin\\jusched.exe" "PCMService"="\"C:\\Program Files\\Dell\\Media Experience\\PCMService.exe\"" "IntelMeM"="C:\\Program Files\\Intel\\Modem Event Monitor\\IntelMEM.exe" "DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\"" "RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER" "AOL Spyware Protection"="\"C:\\PROGRA~1\\COMMON~1\\AOL\\AOLSPY~1\\AOLSP Scheduler.exe\"" "VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask" "MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe" "MCUpdateExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe" "UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r" "dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe" "BuildBU"="c:\\dell\\bldbubg.exe" "VirusScan Online"="C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe" "DSLSTATEXE"="C:\\Program Files\\BT Voyager 105 ADSL Modem\\dslstat.exe icon" "DSLAGENTEXE"="C:\\Program Files\\BT Voyager 105 ADSL Modem\\dslagent.exe" "%FP%Friendly fts.exe"="\"C:\\Program Files\\VoyagerTest\\fts.exe\"" "MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe" "REGSHAVE"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN" "OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe" "MSKAGENTEXE"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MskAgent.exe" "MSKDetectorExe"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MSKDetct.exe /startup" "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe" "igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe" "igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe" "MyWebSearch Email Plugin"="C:\\PROGRA~1\\MYWEBS~1\\bar\\2.bin\\mwsoemon.exe" "My Web Search Bar"="rundll32 C:\\PROGRA~1\\MYWEBS~1\\bar\\2.bin\\MWSBAR.DLL,S" "PCMMRealtime"="C:\\Program Files\\PC MightyMax\\pcmm.exe /R" @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonceex] @="" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000001 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\ 00,00,01,00,00,00 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (LOLLYSABBIES-Tony).job Completion time: 27/09/2006 13:10:36.37 ComboFix.txt ------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 13:07:19, on 27/09/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\McAfee.com\VSO\mcvsshld.exe C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe C:\Program Files\VoyagerTest\fts.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Program Files\McAfee.com\VSO\oasclnt.exe C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe C:\Program Files\PC MightyMax\pcmm.exe C:\Program Files\AOL 9.0\aoltray.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\WINDOWS\system32\drivers\KodakCCS.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Lolly.LOLLYSABBIES.000\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.co.uk/myway R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe" O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL,S O4 - HKLM\..\Run: [PCMMRealtime] C:\Program Files\PC MightyMax\pcmm.exe /R O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZBzeb032YYGB O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...up1.0.0.15.exe O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe |
|
|
|
|
09-27-2006, 06:40 AM
|
#5 (permalink) |
|
Registered User
Join Date: Sep 2006
Posts: 22
OS: XP
|
Ried - forgot to mention - I installed PC Mighty Max in desperation before joining the forum.
Have to be honest, I don't know anything about it, I just Googled for help and PC Mighty Max came back - but the problem was there before doing this. ML |
|
|
|
|
09-27-2006, 08:18 AM
|
#6 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,615
OS: WinXP and Vista
|
Hi ML,
There's no harm in you installing PC Mighty Max but as you've seen, it's of no help when malware is the cause of system problems.  What I am seeing in these logs doesn't appear to be the cause of all the issues you've mentioned. I know it's inconvenient, but I'd like you to download and run another tool and see if we can ferret out any other malware that may be present. Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. *************************************************** Use another computer and download to either CD or flashdrive if need be: Download ewido anti-spyware from HERE and save that file to your desktop. This is a 30 day trial of the program
----------------------------------- Please reboot your computer in Safe Mode by doing the following: 1) Restart your computer 2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8. 3) Instead of Windows loading as normal, a menu should appear 4) Use the up arrow key to highlight Safe Mode and press Enter. 5) Login with your usual account. Make sure to close any open browsers. ----------------------------------- Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist: MyWebSearch MyWebSearchAssistant ----------------------------------- Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they exist: (make sure you do not miss any) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.co.uk/myway R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL,S O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZBzeb032YYGB O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...up1.0.0.15.exe Click 'Fix Checked' and close HijackThis. ----------------------------------- Go to My Computer->Tools->Folder Options->View tab: * Under the Hidden files and folders heading: * select Show hidden files and folders. * Uncheck Hide protected operating system files (recommended) option. *Also, make sure there is no checkmark beside Hide file extensions for known file types. * Click OK. ----------------------------------- Delete the following Folder if it still exists. **NOTE: If Explorer still doesn't work, try using your Search feature to locate and delete the folder. Click Start>Search>All files and folders C:\Program Files\ MyWebSearch ---------------------------------------- IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess:
----------------------------------- Reboot into Normal Mode. ----------------------------------- If you can access the internet now, please do the following: Perform an online scan using Internet Explorer with Panda ActiveScan ** click on "Free use ActiveScan" located on the top right hand corner
Please include the following in your next reply: Ewido results Panda results New HijackThis log Please provide an update on how the system is behaving. |
|
|
|
|
09-27-2006, 09:41 AM
|
#7 (permalink) |
|
Registered User
Join Date: Sep 2006
Posts: 22
OS: XP
|
Hi Ried,
Thanks for the quick reply - you must type fast. I've downloaded ewido anti-spyware. I will try to put it on the problem box tomorrow (working again tonight). I'll get my mate to take the puter back to his house and reconnect it all up so it's ready for me to download the updated definitions after I install it. One question before I do this - if the box still won't access the internet, how do I go about getting the updated definitions file, if at all? Is it something I can download on my machine as a file and patch it across to his box via flashstick? I had a quick look at the ewido website but I couldn't see anything obvious. ML |
|
|
|
|
09-27-2006, 10:39 AM
|
#8 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,615
OS: WinXP and Vista
|
Hi ML,
You can skip the update of Ewido if you cannot access the internet. The download you will obtain, will have a recent enough base to give us a place to begin. 
|
|
|
|
|
09-28-2006, 11:01 AM
|
#9 (permalink) |
|
Registered User
Join Date: Sep 2006
Posts: 22
OS: XP
|
Hi Ried,
I've done as you requested but to be honest not much worked. I've pasted your details below with my answers in purple. Here goes :- Hi ML, There's no harm in you installing PC Mighty Max but as you've seen, it's of no help when malware is the cause of system problems. What I am seeing in these logs doesn't appear to be the cause of all the issues you've mentioned. I know it's inconvenient, but I'd like you to download and run another tool and see if we can ferret out any other malware that may be present. Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. *************************************************** Use another computer and download to either CD or flashdrive if need be: Download ewido anti-spyware from HERE and save that file to your desktop. This is a 30 day trial of the program Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program. Once the setup is complete you will need run ewido and update the definition files. On the main screen select the icon "Update" then select the "Update now" link. Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed. Could not perform update definitions - still cannot access the inet on this sick box Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab. Once in the Settings screen click on "Recommended actions" and then select "Quarantine". Under "Reports" Select "Automatically generate report after every scan" Un-Select "Only if threats were found" Close ewido anti-spyware, Do Not run a scan just yet, we will shortly Did all this (even took a screen shot to verify) ----------------------------------- Please reboot your computer in Safe Mode by doing the following: 1) Restart your computer 2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8. 3) Instead of Windows loading as normal, a menu should appear 4) Use the up arrow key to highlight Safe Mode and press Enter. 5) Login with your usual account. Make sure to close any open browsers. ----------------------------------- Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist: MyWebSearch MyWebSearchAssistant Could not do this - cannot get to Control Panel. Each time I click on it, I get a banner that says 'Windows is running in safe mode. The special diagnostic mode of windows allows you............. [Yes] [No]. I hit 'Yes' and go back to exactly where I started, with the desktop blanking for approx 1 second before redisplaying ----------------------------------- Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they exist: (make sure you do not miss any) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.co.uk/myway R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL,S O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZBzeb032YYGB O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...up1.0.0.15.exe Click 'Fix Checked' and close HijackThis. Did all the HJT stuff. On one item HJT asked 'HiJackThis is about to remove a BHO and the coresponding file from your system. I hit 'Yes' - it then came back and said that it would have to remove more than just the file, again I hit Yes ----------------------------------- Go to My Computer->Tools->Folder Options->View tab: * Under the Hidden files and folders heading: * select Show hidden files and folders. * Uncheck Hide protected operating system files (recommended) option. *Also, make sure there is no checkmark beside Hide file extensions for known file types. * Click OK. could not do this - cannot get to My Computer ----------------------------------- Delete the following Folder if it still exists. **NOTE: If Explorer still doesn't work, try using your Search feature to locate and delete the folder. Click Start>Search>All files and folders C:\Program Files\MyWebSearch Did this, but not by this method; Search does not work. The only way I could delete this folder was by using Run command, drilling through folders; when I got to MyWebSearch I rightclicked on it and deleted that way. Have not emptied Recycle Bin though - should I. ---------------------------------------- IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess: Lauch ewido-anti-spyware by double-clicking the icon on your desktop. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan". ewido will now begin the scanning process, be patient this may take a little time. Did this - it took approx 40 minutes. It listed 197 infections all Medium apart from one High, which was (I think) Dialer.BT Once the scan is complete do the following: If you have any infections you will prompted, then select "Apply all actions" **Please ensure it is set to Quarantine Did this - all were quarntined. Next select the "Reports" icon at the top. Did this - here's the bummer - text came up saying 'No report to save'. Did I do something wrong - I rechecked the settings and they are as you detailed - even did a screen dump to verify which I will try to post with this reply. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important). Close ewido and reboot your system back into Normal Mode and post the results of the ewido report scan. **Ewido is compatible with most AV and anti-spyware products, and the free version will continue to be useful as a second anti-malware scanner. ----------------------------------- Reboot into Normal Mode. ----------------------------------- If you can access the internet now, please do the following: Still cannot access the internet - therefore could not do items below. Have tried doing this via Connect To > My ISP off the Sart Menu. Brings up a Username and Password box which my mate assures me is correct; although it comes back instantly with 'Cannot verify username/password'. I am suspicious of this - wondering whether it's worth sticking in a dial-up modem. What do you think? Perform an online scan using Internet Explorer with Panda ActiveScan ** click on "Free use ActiveScan" located on the top right hand corner Click Check Now & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it Enter your e-mail address, country, and state & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls Begin the scan by selecting My Computer If it finds any malware, it will offer you a report. Please ignore any entry it finds and wants you to buy the program for removal as we will address this later. Click on see report. Then click Save report Please include the following in your next reply: Ewido results Panda results New HijackThis log Please provide an update on how the system is behaving. Therefore, I don't have much to offer you except another HJT log. Why did I get no log from Ewido? I was pinning my hopes on that. As for how the system is behaving - exactly the same. Cannot use My Computer, Search, Explorer, etc - when used, all blank the Desktop of all icons for about a second and then redisplay them as before without the requested App running. HJT Log Logfile of HijackThis v1.99.1 Scan saved at 14:45:24, on 28/09/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Documents and Settings\Lolly.LOLLYSABBIES.000\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.co.uk/myway R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe" O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL,S O4 - HKLM\..\Run: [PCMMRealtime] C:\Program Files\PC MightyMax\pcmm.exe /R O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZBzeb032YYGB O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...up1.0.0.15.exe O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe Very frustrating. Is there any more you can offer? Thanks for all your efforts so far. ML Last edited by multilayer; 09-28-2006 at 11:04 AM. |
|
|
|
|
09-28-2006, 12:24 PM
|
#10 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,615
OS: WinXP and Vista
|
Hi ML,
Your settings are correct for Ewido. We'll worry about why a report was not produced later--we have more pressing issues at hand. I almost always have more ideas.  ------------------------------------- Try running AdAware and Spybot in Safe Mode and see if they can complete a scan. If you are successful, let me know what they found--with the exception of cookies. -------------------------------------- We're going to go deep here and hopefully we'll get a clue as to what is going on. Once again, you'll need to download to any removable media. Both of these tools are quite small--299kb and 397kb, respectively. --------------------------------------  Please download SilentRunners.vbs - Right click & choose Save As... SilentRunners.vbs Before proceeding, disable any anti-virus or anti-spyware programs that may block/disable scripts Launch SilentRunners by double-clicking the downloaded file. In the ensuing Window, select 'No' to avoid skipping supplementary searches. Please be patient as the script requires a few minutes to complete. When it's done, you'll receive the prompt "All Done!". It will create a file called "Startup Programs". Post ALL its contents here in your next reply. ---------------------------------- Download StartDreck Unzip to its own folder and start the program: Press 'Config' Press 'mark all' Uncheck the following box only: List Modules - (listed under 'Running Proceses') Press 'OK' Press 'Save' and select the location to save the log file (default is the same folder as the application) Post that log here. ------------------------------------ Go to HijackThis> Config> Misc Tools Checkmark/tick 'list also minor sections (full)' Click the 'Generate StartupList log' button Post the log in your next reply. |
|
|
|
|
09-28-2006, 04:13 PM
|
#11 (permalink) |
|
Registered User
Join Date: Sep 2006
Posts: 22
OS: XP
|
Hi Ried,
Thanks for the reply - good to here that you 'almost always have more ideas'. Ok - I'll download now whilst at work (again), and try to tackle it tomorrow afternoon when I've woken. I may be pressed for time tomorrow, so if you don't see a post by 6.00 pm, then it'll be around 11.00pm. Many thanks ML |
|
|
|
|
09-29-2006, 09:16 AM
|
#13 (permalink) |
|
Registered User
Join Date: Sep 2006
Posts: 22
OS: XP
|
Hi Ried,
Right down to it. Tried both AdAware & Spybot in Safe Mode. AdAware did the same as before but got slightly further (approx 'Objects Scanned 76000') and then froze again. As soon as I hit 'Check For Problems' with Spybot, I get an error banner 'You need to install the detection updates first by using the integrated update or the manual update [OK]' - with this I can go no further due to no inet. As for your 2 tools, they seemed to work ok. I wasn't sure whether I should be running in Safe Mode for these as well so I ended up doing all 3 in Safe Mode first and then Normal Mode. For all I was logged in as Lolly. See below for logs in Safe Mode. Shout if you also want them in Normal Mode. I tried to post both but got an error back saying too many characters One other thing I noticed. I tried logging in as my mate 'Tony'. Under his login, the desktop continuously cycles. For 2 seconds all desktop icons are shown, for the next 2 seconds the screen blanks just to the wallpaper (no icons) and then repeats continuously. Out of the four logins, his is the only one that does this, the other three Lolly, Abbie and Julie appear normal without this cycling - well at least until you try to run Explorer, My Computer, etc, when all three blank the screen to the wallpaper and then re-display icons 2 seconds later, but just once per application execution, not in a continuous cycle. I stayed logged in as Tony for approx 10 minutes - all the time it cycled, needless to say I could run nothing whatsoever. The only thing I could do was hit CTRL ALT DEL which gave me the running processes window. In here there were 48 processes running. When the icons are on the screen, two extra processes appear in the list, these being DWWIN.EXE & EXPLORER.EXE. When the icons disappear, these 2 processes disappear from the list. This also cycles in unison with the desktop/icons activity. Anyway, hope the logs are of use. I'll await your next post. Many thanks :- Safe Mode "Silent Runners.vbs", revision 48, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "MsnMsgr" = ""C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "SoundMAXPnP" = "C:\Program Files\Analog Devices\Core\smax4pnp.exe" ["Analog Devices, Inc."] "SunJavaUpdateSched" = "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [null data] "PCMService" = ""C:\Program Files\Dell\Media Experience\PCMService.exe"" ["CyberLink Corp."] "IntelMeM" = "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" ["Intel Corporation"] "DVDLauncher" = ""C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"" ["CyberLink Corp."] "RealTray" = "C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER" ["RealNetworks, Inc."] "AOL Spyware Protection" = ""C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"" ["AOL Spyware Protection"] "VSOCheckTask" = ""C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask" ["McAfee, Inc."] "MCAgentExe" = "c:\PROGRA~1\mcafee.com\agent\mcagent.exe" ["McAfee, Inc"] "MCUpdateExe" = "C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" ["McAfee, Inc"] "UpdateManager" = ""C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r" ["Sonic Solutions"] "dla" = "C:\WINDOWS\system32\dla\tfswctrl.exe" ["Sonic Solutions"] "BuildBU" = "c:\dell\bldbubg.exe" [null data] "VirusScan Online" = "C:\Program Files\McAfee.com\VSO\mcvsshld.exe" ["McAfee, Inc."] "DSLSTATEXE" = "C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon" ["GlobespanVirata, Inc."] "DSLAGENTEXE" = "C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe" [null data] "%FP%Friendly fts.exe" = ""C:\Program Files\VoyagerTest\fts.exe"" ["Friendly Technologies"] "MPFExe" = "C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" ["McAfee Security"] "REGSHAVE" = "C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN" ["FUJI PHOTO FILM CO., LTD."] "OASClnt" = "C:\Program Files\McAfee.com\VSO\oasclnt.exe" ["McAfee, Inc."] "MSKAGENTEXE" = "C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" ["McAfee Inc."] "MSKDetectorExe" = "C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup" ["McAfee, Inc."] "iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."] "QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."] "igfxtray" = "C:\WINDOWS\system32\igfxtray.exe" ["Intel Corporation"] "igfxhkcmd" = "C:\WINDOWS\system32\hkcmd.exe" ["Intel Corporation"] "igfxpers" = "C:\WINDOWS\system32\igfxpers.exe" ["Intel Corporation"] "PCMMRealtime" = "C:\Program Files\PC MightyMax\pcmm.exe /R" ["PC MightyMax"] "(Default)" = (empty string) "!ewido" = ""C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized" ["Anti-Malware Development a.s."] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {02478D38-C3F9-4EFB-9B51-7695ECA05670}\(Default) = (no title provided) -> {HKLM...CLSID} = "Yahoo! Toolbar Helper" \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {41D68ED8-4CFF-4115-88A6-6EBB8AF19000}\(Default) = (no title provided) -> {HKLM...CLSID} = "McAfee AntiPhishing Filter" \InProcServer32\(Default) = "c:\program files\mcafee\spamkiller\mcapfbho.dll" ["McAfee, Inc."] {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"] {5CA3D70E-1895-11CF-8E15-001234567890}\(Default) = (no title provided) -> {HKLM...CLSID} = "DriveLetterAccess" \InProcServer32\(Default) = "C:\WINDOWS\system32\dla\tfswshx.dll" ["Sonic Solutions"] {9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided) -> {HKLM...CLSID} = "Windows Live Sign-in Helper" \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{DEE12703-6333-4D4E-8F34-738C4DCC2E04}" = "RecordNow! SendToExt" -> {HKLM...CLSID} = "RecordNow! SendToExt" \InProcServer32\(Default) = "C:\Program Files\Sonic\RecordNow!\shlext.dll" [null data] "{5CA3D70E-1895-11CF-8E15-001234567890}" = "DriveLetterAccess" -> {HKLM...CLSID} = "DriveLetterAccess" \InProcServer32\(Default) = "C:\WINDOWS\system32\dla\tfswshx.dll" ["Sonic Solutions"] "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes" -> {HKLM...CLSID} = "iTunes" \InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."] "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {HKLM...CLSID} = "Microsoft Office Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Outlook File Icon Extension" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS] "{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band" -> {HKLM...CLSID} = "Shell Search Band" \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] "{acb4a560-3606-11d3-aef4-00104bd0f92d}" = "KodakShellExtension" -> {HKLM...CLSID} = "KodakShellExtension" \InProcServer32\(Default) = "C:\Program Files\Common Files\KODAK\IFSCore\kodakshx.dll" ["Eastman Kodak Company"] "{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders" -> {HKLM...CLSID} = "My Sharing Folders" \InProcServer32\(Default) = "C:\PROGRA~1\MSNMES~1\fsshext.dll" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ INFECTION WARNING! "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "ewido anti-spyware 4.0" -> {HKLM...CLSID} = "CShellExecuteHookImpl Object" \InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll" ["Anti-Malware Development a.s."] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! igfxcui\DLLName = "igfxdev.dll" ["Intel Corporation"] HKLM\Software\Classes\PROTOCOLS\Filter\ INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}" -> {HKLM...CLSID} = "CContextScan Object" \InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}" -> {HKLM...CLSID} = "CContextScan Object" \InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\Lolly.LOLLYSABBIES.000\Local Settings\Application Data\Microsoft\Wallpaper1.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS] Startup items in "Lolly" & "All Users" startup folders: ------------------------------------------------------- C:\Documents and Settings\All Users\Start Menu\Programs\Startup "AOL 9.0 Tray Icon" -> shortcut to: "C:\Program Files\AOL 9.0\aoltray.exe -check" ["America Online, Inc."] "Kodak EasyShare software" -> shortcut to: "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe -h" ["Eastman Kodak Company"] "Kodak software updater" -> shortcut to: "C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" [null data] Enabled Scheduled Tasks: ------------------------ "McAfee.com Scan for Viruses - My Computer (LOLLYSABBIES-Tony)" -> launches: "c:\program files\mcafee.com\vso\mcmnhdlr.exe /runtask:0" ["McAfee, Inc."] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" -> {HKLM...CLSID} = "Yahoo! Toolbar" \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ {FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\(Default) = (no title provided) -> {HKLM...CLSID} = "Real.com" \InProcServer32\(Default) = "C:\WINDOWS\system32\Shdocvw.dll" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Console" "CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" {39FD89BF-D3F1-45B6-BB56-3582CCF489E1}\ "MenuText" = "McAfee AntiPhishing Filter" "CLSIDExtension" = "{7DD73374-7187-4103-8F29-622AA25E7C40}" -> {HKLM...CLSID} = "MyCfgDlgCmdTarget Class" \InProcServer32\(Default) = "c:\program files\mcafee\spamkiller\mcapfbho.dll" ["McAfee, Inc."] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Research" {CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\ "ButtonText" = "Real.com" {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] All Non-Disabled Services (Display Name, Service Name, Path {Service DLL}): --------------------------------------------------------------------------- AOL Connectivity Service, AOL ACS, "C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe" ["America Online, Inc."] Application Management, AppMgmt, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\appmgmts.dll" [file not found]} ASP.NET State Service, aspnet_state, "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe" [MS] ewido anti-spyware 4.0 guard, ewido anti-spyware 4.0 guard, "C:\Program Files\ewido anti-spyware 4.0\guard.exe" ["Anti-Malware Development a.s."] Fax, Fax, "C:\WINDOWS\system32\fxssvc.exe" [MS] HTTP SSL, HTTPFilter, "C:\WINDOWS\System32\svchost.exe -k HTTPFilter" {"C:\WINDOWS\System32\w3ssl.dll" [MS]} InstallDriver Table Manager, IDriverT, ""C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"" ["Macrovision Corporation"] Intel NCS NetService, NetSvc, "C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe" ["Intel(R) Corporation"] iPodService, iPodService, "C:\Program Files\iPod\bin\iPodService.exe" ["Apple Computer, Inc."] Kodak Camera Connection Software, KodakCCS, "C:\WINDOWS\system32\drivers\KodakCCS.exe" ["Eastman Kodak Company"] Logical Disk Manager Administrative Service, dmadmin, "C:\WINDOWS\System32\dmadmin.exe /com" ["Microsoft Corp., Veritas Software"] McAfee Personal Firewall Service, MpfService, "C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe" ["McAfee Corporation"] McAfee SecurityCenter Update Manager, mcupdmgr.exe, "C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe" ["McAfee, Inc"] McAfee SpamKiller Server, MskService, "C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe" ["McAfee Inc."] McAfee Task Scheduler, McTskshd.exe, "c:\PROGRA~1\mcafee.com\agent\mctskshd.exe" ["McAfee, Inc"] McAfee WSC Integration, McDetect.exe, "c:\program files\mcafee.com\agent\mcdetect.exe" ["McAfee, Inc"] McAfee.com McShield, McShield, "c:\PROGRA~1\mcafee.com\vso\mcshield.exe" ["McAfee Inc."] Messenger Sharing USN Journal Reader service, usnsvc, "C:\WINDOWS\system32\svchost.exe -k usnsvc" {"C:\Program Files\MSN Messenger\usnsvc.dll" [MS]} Network Provisioning Service, xmlprov, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\xmlprov.dll" [MS]} Office Source Engine, ose, ""C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"" [MS] Portable Media Serial Number Service, WmdmPmSN, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\mspmsnsv.dll" [MS]} WMI Performance Adapter, WmiApSrv, "C:\WINDOWS\system32\wbem\wmiapsrv.exe" [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer "No" at the first message box. ---------- (total run time: 35 seconds, including 18 seconds for message boxes) StartDreck (build 2.1.7 public stable) - 2006-09-29 @ 14:18:22 (GMT +01:00) Platform: Windows XP (Win NT 5.1.2600 Service Pack 2) Internet Explorer: 6.0.2900.2180 Logged in as Lolly at LOLLYSABBIES »Registry »Run Keys »Current User »Run *MsnMsgr="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background »RunOnce »Default User »Run *CTFMON.EXE=C:\WINDOWS\system32\CTFMON.EXE »RunOnce »Local Machine »Run *SoundMAXPnP=C:\Program Files\Analog Devices\Core\smax4pnp.exe *SunJavaUpdateSched=C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe *PCMService="C:\Program Files\Dell\Media Experience\PCMService.exe" *IntelMeM=C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe *DVDLauncher="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" *RealTray=C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER *AOL Spyware Protection="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" *VSOCheckTask="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask *MCAgentExe=c:\PROGRA~1\mcafee.com\agent\mcagent.exe *MCUpdateExe=C:\PROGRA~1\mcafee.com\agent\mcupdate.exe *UpdateManager="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r *dla=C:\WINDOWS\system32\dla\tfswctrl.exe *BuildBU=c:\dell\bldbubg.exe *VirusScan Online=C:\Program Files\McAfee.com\VSO\mcvsshld.exe *DSLSTATEXE=C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon *DSLAGENTEXE=C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe *%FP%Friendly fts.exe="C:\Program Files\VoyagerTest\fts.exe" *MPFExe=C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe *REGSHAVE=C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN *OASClnt=C:\Program Files\McAfee.com\VSO\oasclnt.exe *MSKAGENTEXE=C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe *MSKDetectorExe=C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup *iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe" *QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime *igfxtray=C:\WINDOWS\system32\igfxtray.exe *igfxhkcmd=C:\WINDOWS\system32\hkcmd.exe *igfxpers=C:\WINDOWS\system32\igfxpers.exe *PCMMRealtime=C:\Program Files\PC MightyMax\pcmm.exe /R *!ewido="C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized +OptionalComponents +MSFS *Installed=1 +MAPI *Installed=1 *NoChange=1 +MAPI *Installed=1 *NoChange=1 »RunOnce »RunServices »RunServicesOnce »RunOnceEx »RunServicesOnceEx »File Associations (CR) +.bat *batfile="%1" %* +.com *comfile="%1" %* +.disabled *SpybotSD.DisabledFile="C:\Program Files\Spybot - Search & Destroy\blindman.exe" "%1" +.exe *exefile="%1" %* +.hta *htafile=C:\WINDOWS\system32\mshta.exe "%1" %* +.htm *htmlfile="C:\Program Files\Internet Explorer\iexplore.exe" -nohome +.html *htmlfile="C:\Program Files\Internet Explorer\iexplore.exe" -nohome +.js *JSFile=%SystemRoot%\System32\WScript.exe "%1" %* +.jse *JSEFile=%SystemRoot%\System32\WScript.exe "%1" %* +.pif *piffile="%1" %* +.reg *regfile=regedit.exe "%1" +.scr *scrfile="%1" /S +.txt *txtfile=%SystemRoot%\system32\NOTEPAD.EXE %1 +.vbs *VBSFile=%SystemRoot%\System32\WScript.exe "%1" %* +.vbe *VBEFile=%SystemRoot%\System32\WScript.exe "%1" %* +.wsh *WSHFile=%SystemRoot%\System32\WScript.exe "%1" %* +.wsf *WSFFile=%SystemRoot%\System32\WScript.exe "%1" %* +.lnk `lnkfile= [key or value does not exist] »Active Setup (LM) +Internet Explorer/>{26923b43-4d38-484f-9b9e-de460746276c} *StubPath=%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE +Browser Customizations/>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS *StubPath=RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP +Outlook Express/>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} *StubPath=%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE +Themes Setup/{2C7339CF-2B09-4501-B3F3-F3508C9228ED} *StubPath=%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll +Microsoft Outlook Express 6/{44BBA840-CC51-11CF-AAFA-00AA00B6015C} *StubPath="%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install +NetMeeting 3.01/{44BBA842-CC51-11CF-AAFA-00AA00B6015B} *StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT +Internet Explorer/{4b218e3e-bc98-4770-93d3-2731b9329278} *StubPath=%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf +Windows Messenger 4.7/{5945c046-1e7d-11d1-bc44-00c04fd912be} *StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser +Microsoft Windows Media Player/{6BF52A52-394A-11d3-B153-00C04F79FAA6} *StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub +Address Book 6/{7790769C-0471-11d2-AF11-00C04FA35D02} *StubPath="%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install +Windows Desktop Update/{89820200-ECBD-11cf-8B85-00AA005B4340} *StubPath=regsvr32.exe /s /n /i:U shell32.dll +Internet Explorer 6/{89820200-ECBD-11cf-8B85-00AA005B4383} *StubPath=%SystemRoot%\system32\ie4uinit.exe +Fax/{8b15971b-5355-4c82-8c07-7e181ea07608} *StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser »Browser Helper Objects (LM) *yt.YTHelper.2/{02478D38-C3F9-4EFB-9B51-7695ECA05670} `InprocServer32=C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll *AcroIEHelper.AcroIEHlprObj.1/{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} `InprocServer32=C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll *McAfee_Anti_Phishing_BHO.1/{41D68ED8-4CFF-4115-88A6-6EBB8AF19000} `InprocServer32=c:\program files\mcafee\spamkiller\mcapfbho.dll *{53707962-6F74-2D53-2644-206D7942484F} `InprocServer32=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll *DriveLetterAccess/{5CA3D70E-1895-11CF-8E15-001234567890} `InprocServer32=C:\WINDOWS\system32\dla\tfswshx.dll *IDBHO.IDBrowserExtension.1/{9030D464-4C02-4ABF-8ECC-5164760863C6} `InprocServer32=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll »Internet Explorer »Current User *Local Page=C:\WINDOWS\system32\blank.htm *Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch *Start Page=about:blank +SearchUrl *provider= »Default User *Default_Page_URL=http://www.dell.co.uk/myway *First Home Page=http://www.dell.co.uk/myway *Start Page=http://www.dell.co.uk/myway »Local Machine *Default_Search_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch *Local Page=C:\WINDOWS\system32\blank.htm *Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch *Start Page=about:blank *CustomizeSearch=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm *SearchAssistant=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm »ShellServiceObjectDelayLoad (LM) *PostBootReminder={7849596a-48ea-486e-8937-a2a3009f31a9} `InprocServer32=%SystemRoot%\system32\SHELL32.dll *CDBurn={fbeb8a05-beee-4442-804e-409d6c4515e9} `InprocServer32=%SystemRoot%\system32\SHELL32.dll *WebCheck={E6FB5E20-DE35-11CF-9C87-00AA005127ED} `InprocServer32=%SystemRoot%\system32\webcheck.dll *SysTray={35CEC8A3-2BE6-11D2-8773-92E220524153} `InprocServer32=C:\WINDOWS\system32\stobject.dll »Special NT Values »Current User *Load= *Run= *Programs=com exe bat pif cmd *SHELL= »Default User *Load= *Run= *Programs=com exe bat pif cmd *SHELL= »Local Machine *AppInit_DLLs= *SHELL=Explorer.exe *Userinit=C:\WINDOWS\system32\userinit.exe, »Files »Autostart Folders »Current User *C:\Documents and Settings\Lolly.LOLLYSABBIES.000\Start Menu\Programs\Startup\DESKTOP.INI »Default User »Local Machine *C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL 9.0 Tray Icon.lnk *C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI *C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk *C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk »INI-Files »WIN.INI\[windows] *LOAD= *RUN= »SYSTEM.INI\[boot] *SHELL=Explorer.exe »Text Files *C:\boot.ini `[boot loader] `timeout=30 `default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS `[operating systems] `multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect *C:\msdos.sys *C:\config.sys *C:\WINDOWS\system32\config.nt `dos=high, umb `device=%SystemRoot%\system32\himem.sys `files=40 *C:\WINDOWS\system32\autoexec.nt `@echo off `lh %SystemRoot%\system32\mscdexnt.exe `lh %SystemRoot%\system32\redir `lh %SystemRoot%\system32\dosx `SET BLASTER=A220 I5 D1 P330 T3 *C:\WINDOWS\wininit.ini `[Rename] `NUL= `NUL= `NUL= `NUL= `NUL= `NUL= `NUL= `NUL= `NUL= `NUL= `NUL= `NUL= `NUL= `NUL= `NUL= `NUL= `NUL= `NUL= `NUL= `NUL= `NUL= *C:\WINDOWS\system32\drivers\etc\hosts `127.0.0.1 localhost »Program Files *C:\ntldr *C:\ntdetect.com *C:\io.sys *C:\WINDOWS\system32\win.com *C:\WINDOWS\explorer.exe »%PATH% Companion Files +C:\WINDOWS\system32\NOTEPAD.EXE *C:\WINDOWS\NOTEPAD.EXE +C:\WINDOWS\system32\TASKMAN.EXE *C:\WINDOWS\TASKMAN.EXE +C:\WINDOWS\system32\WINHLP32.EXE *C:\WINDOWS\WINHLP32.EXE »System/Drivers »Running Processes +0=<idle> +4=<system> +132=\SystemRoot\System32\smss.exe +180=\??\C:\WINDOWS\system32\csrss.exe +204=\??\C:\WINDOWS\system32\winlogon.exe +248=C:\WINDOWS\system32\services.exe +260=C:\WINDOWS\system32\lsass.exe +408=C:\WINDOWS\system32\svchost.exe +468=C:\WINDOWS\system32\svchost.exe +524=C:\WINDOWS\system32\svchost.exe +1384=C:\WINDOWS\system32\igfxsrvc.exe +1844=C:\WINDOWS\explorer.exe +1992=C:\Documents and Settings\Lolly.LOLLYSABBIES.000\Desktop\StartDreck.exe »NT Services *Alerter Alerter - disabled `binary: C:\WINDOWS\system32\svchost.exe -k LocalService *Application Layer Gateway Service ALG - on demand `binary: C:\WINDOWS\System32\alg.exe *AOL Connectivity Service AOL ACS - auto `binary: C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe *Application Management AppMgmt - on demand `binary: C:\WINDOWS\system32\svchost.exe -k netsvcs *ASP.NET State Service aspnet_state - on demand `binary: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe *Windows Audio AudioSrv - auto `binary: C:\WINDOWS\System32\svchost.exe -k netsvcs *Background Intelligent Transfer Service BITS - on demand `binary: C:\WINDOWS\system32\svchost.exe -k netsvcs *Computer Browser Browser - auto `binary: C:\WINDOWS\system32\svchost.exe -k netsvcs *Indexing Service CiSvc - on demand `binary: C:\WINDOWS\system32\cisvc.exe *ClipBook ClipSrv - disabled `binary: C:\WINDOWS\system32\clipsrv.exe *COM+ System Application COMSysApp - on demand `binary: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} *Cryptographic Services CryptSvc running auto `binary: C:\WINDOWS\system32\svchost.exe -k netsvcs *DCOM Server Process Launcher DcomLaunch running auto `binary: C:\WINDOWS\system32\svchost -k DcomLaunch *DHCP Client Dhcp - auto `binary: C:\WINDOWS\system32\svchost.exe -k netsvcs *Logical Disk Manager Administrative Service dmadmin - on demand `binary: C:\WINDOWS\System32\dmadmin.exe /com *Logical Disk Manager dmserver - on demand `binary: C:\WINDOWS\System32\svchost.exe -k netsvcs *DNS Client Dnscache - auto `binary: C:\WINDOWS\system32\svchost.exe -k NetworkService *Error Reporting Service ERSvc - auto `binary: C:\WINDOWS\System32\svchost.exe -k netsvcs *Event Log Eventlog running auto `binary: C:\WINDOWS\system32\services.exe *COM+ Event System EventSystem - on demand `binary: C:\WINDOWS\system32\svchost.exe -k netsvcs *ewido anti-spyware 4.0 guard ewido anti-spyware 4 - auto `binary: C:\Program Files\ewido anti-spyware 4.0\guard.exe *Fast User Switching Compatibility FastUserSwitchingCom - on demand `binary: C:\WINDOWS\System32\svchost.exe -k netsvcs *Fax Fax - auto `binary: C:\WINDOWS\system32\fxssvc.exe *Help and Support helpsvc running auto `binary: C:\WINDOWS\System32\svchost.exe -k netsvcs *Human Interface Device Access HidServ - disabled `binary: C:\WINDOWS\System32\svchost.exe -k netsvcs *HTTP SSL HTTPFilter - on demand `binary: C:\WINDOWS\System32\svchost.exe -k HTTPFilter *InstallDriver Table Manager IDriverT - on demand `binary: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" *IMAPI CD-Burning COM Service ImapiService - on demand `binary: C:\WINDOWS\system32\imapi.exe *iPodService iPodService - on demand `binary: C:\Program Files\iPod\bin\iPodService.exe *Kodak Camera Connection Software KodakCCS - auto `binary: C:\WINDOWS\system32\drivers\KodakCCS.exe *Server lanmanserver - auto `binary: C:\WINDOWS\system32\svchost.exe -k netsvcs *Workstation lanmanworkstation - auto `binary: C:\WINDOWS\system32\svchost.exe -k netsvcs *TCP/IP NetBIOS Helper LmHosts - auto `binary: C:\WINDOWS\system32\svchost.exe -k LocalService *McAfee WSC Integration McDetect.exe - auto `binary: c:\program files\mcafee.com\agent\mcdetect.exe *McAfee.com McShield McShield - auto `binary: c:\PROGRA~1\mcafee.com\vso\mcshield.exe *McAfee Task Scheduler McTskshd.exe - auto `binary: c:\PROGRA~1\mcafee.com\agent\mctskshd.exe *McAfee SecurityCenter Update Manager mcupdmgr.exe - on demand `binary: C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe *Messenger Messenger - disabled `binary: C:\WINDOWS\system32\svchost.exe -k netsvcs *NetMeeting Remote Desktop Sharing mnmsrvc - on demand `binary: C:\WINDOWS\system32\mnmsrvc.exe *McAfee Personal Firewall Service MpfService - auto `binary: C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe *Distributed Transaction Coordinator MSDTC - on demand `binary: C:\WINDOWS\system32\msdtc.exe *Windows Installer MSIServer - on demand `binary: C:\WINDOWS\system32\msiexec.exe /V *McAfee SpamKiller Server MskService - auto `binary: C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe *Network DDE NetDDE - disabled `binary: C:\WINDOWS\system32\netdde.exe *Network DDE DSDM NetDDEdsdm - disabled `binary: C:\WINDOWS\system32\netdde.exe *Net Logon Netlogon - on demand `binary: C:\WINDOWS\system32\lsass.exe *Network Connections Netman - on demand `binary: C:\WINDOWS\System32\svchost.exe -k netsvcs *Intel NCS NetService NetSvc - on demand `binary: C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe *Network Location Awareness (NLA) Nla - on demand `binary: C:\WINDOWS\system32\svchost.exe -k netsvcs *NT LM Security Support Provider NtLmSsp - on demand `binary: C:\WINDOWS\system32\lsass.exe *Removable Storage NtmsSvc - on demand `binary: C:\WINDOWS\system32\svchost.exe -k netsvcs *Office Source Engine ose - on demand `binary: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" *Plug and Play PlugPlay running auto `binary: C:\WINDOWS\system32\services.exe *IPSEC Services PolicyAgent - auto `binary: C:\WINDOWS\system32\lsass.exe *Protected Storage ProtectedStorage - auto `binary: C:\WINDOWS\system32\lsass.exe *Remote Access Auto Connection Manager RasAuto - on demand `binary: C:\WINDOWS\system32\svchost.exe -k netsvcs *Remote Access Connection Manager RasMan - on demand `binary: C:\WINDOWS\system32\svchost.exe -k netsvcs *Remote Desktop Help Session Manager RDSessMgr - on demand `binary: C:\WINDOWS\system32\sessmgr.exe *Routing and Remote Access RemoteAccess - disabled `binary: C:\WINDOWS\system32\svchost.exe -k netsvcs *Remote Procedure Call (RPC) Locator RpcLocator - on demand `binary: C:\WINDOWS\system32\locator.exe *Remote Procedure Call (RPC) RpcSs running auto `binary: C:\WINDOWS\system32\svchost -k rpcss *QoS RSVP RSVP - on demand `binary: C:\WINDOWS\system32\rsvp.exe *Security Accounts Manager SamSs - auto `binary: C:\WINDOWS\system32\lsass.exe *Smart Card SCardSvr - on demand `binary: C:\WINDOWS\System32\SCardSvr.exe *Task Scheduler Schedule - auto `binary: C:\WINDOWS\System32\svchost.exe -k netsvcs *Secondary Logon seclogon - auto `binary: C:\WINDOWS\System32\svchost.exe -k netsvcs *System Event Notification SENS - auto `binary: C:\WINDOWS\system32\svchost.exe -k netsvcs *Windows Firewall/Internet Connection Sharing (I SharedAccess - auto `CS) `binary: C:\WINDOWS\system32\svchost.exe -k netsvcs *Shell Hardware Detection ShellHWDetection - auto `binary: C:\WINDOWS\System32\svchost.exe -k netsvcs *Print Spooler Spooler - auto `binary: C:\WINDOWS\system32\spoolsv.exe *System Restore Service srservice running auto `binary: C:\WINDOWS\system32\svchost.exe -k netsvcs *SSDP Discovery Service SSDPSRV - on demand `binary: C:\WINDOWS\system32\svchost.exe -k LocalService *Windows Image Acquisition (WIA) stisvc - auto `binary: C:\WINDOWS\system32\svchost.exe -k imgsvc *MS Software Shadow Copy Provider SwPrv - on demand `binary: C:\WINDOWS\system32\dllhost.exe /Processid:{A445BD1E-49EE-4607-B370-5CCA447377C4} *Performance Logs and Alerts SysmonLog - on demand `binary: C:\WINDOWS\system32\smlogsvc.exe *Telephony TapiSrv - on demand `binary: C:\WINDOWS\System32\svchost.exe -k netsvcs *Terminal Services TermService - on demand `binary: C:\WINDOWS\System32\svchost -k DComLaunch *Themes Themes - auto `binary: C:\WINDOWS\System32\svchost.exe -k netsvcs *Distributed Link Tracking Client TrkWks - auto `binary: C:\WINDOWS\system32\svchost.exe -k netsvcs *Universal Plug and Play Device Host upnphost - on demand `binary: C:\WINDOWS\system32\svchost.exe -k LocalService *Uninterruptible Power Supply UPS - on demand `binary: C:\WINDOWS\System32\ups.exe *Messenger Sharing USN Journal Reader service usnsvc - on demand `binary: C:\WINDOWS\system32\svchost.exe -k usnsvc *Volume Shadow Copy VSS - on demand `binary: C:\WINDOWS\System32\vssvc.exe *Windows Time w32time - auto `binary: C:\WINDOWS\system32\svchost.exe -k netsvcs *WebClient WebClient - auto `binary: C:\WINDOWS\system32\svchost.exe -k LocalService *Windows Management Instrumentation winmgmt running auto `binary: C:\WINDOWS\system32\svchost.exe -k netsvcs *Portable Media Serial Number Service WmdmPmSN - on demand `binary: C:\WINDOWS\System32\svchost.exe -k netsvcs *WMI Performance Adapter WmiApSrv - on demand `binary: C:\WINDOWS\system32\wbem\wmiapsrv.exe *Security Center wscsvc - auto `binary: C:\WINDOWS\System32\svchost.exe -k netsvcs *Automatic Updates wuauserv - auto `binary: C:\WINDOWS\system32\svchost.exe -k netsvcs *Wireless Zero Configuration WZCSVC - auto `binary: C:\WINDOWS\System32\svchost.exe -k netsvcs *Network Provisioning Service xmlprov - on demand `binary: C:\WINDOWS\System32\svchost.exe -k netsvcs »NT Kernel- and FS-drivers *Abiosdsk Abiosdsk - disabled `binary: *abp480n5 abp480n5 running boot `binary: \SystemRoot\system32\DRIVERS\ABP480N5.SYS *Microsoft ACPI Driver ACPI running boot `binary: \SystemRoot\system32\DRIVERS\ACPI.sys *ACPIEC ACPIEC - disabled `binary: *adpu160m adpu160m running boot `binary: \SystemRoot\system32\DRIVERS\adpu160m.sys *Microsoft Kernel Acoustic Echo Canceller aec - on demand `binary: system32\drivers\aec.sys *AFD AFD - system `binary: \SystemRoot\System32\drivers\afd.sys *Intel AGP Bus Filter agp440 running boot `binary: \SystemRoot\system32\DRIVERS\agp440.sys *Compaq AGP Bus Filter agpCPQ running boot `binary: \SystemRoot\system32\DRIVERS\agpCPQ.sys *Aha154x Aha154x running boot `binary: \SystemRoot\system32\DRIVERS\aha154x.sys *aic78u2 aic78u2 running boot `binary: \SystemRoot\system32\DRIVERS\aic78u2.sys *aic78xx aic78xx running boot `binary: \SystemRoot\system32\DRIVERS\aic78xx.sys *AliIde AliIde running boot `binary: \SystemRoot\system32\DRIVERS\aliide.sys *ALI AGP Bus Filter alim1541 running boot `binary: \SystemRoot\system32\DRIVERS\alim1541.sys *AMD AGP Bus Filter Driver amdagp running boot `binary: \SystemRoot\system32\DRIVERS\amdagp.sys *amsint amsint running boot `binary: \SystemRoot\system32\DRIVERS\amsint.sys *1394 ARP Client Protocol Arp1394 - on demand `binary: system32\DRIVERS\arp1394.sys *asc asc running boot `binary: \SystemRoot\system32\DRIVERS\asc.sys *asc3350p asc3350p running boot `binary: \SystemRoot\system32\DRIVERS\asc3350p.sys *asc3550 asc3550 running boot `binary: \SystemRoot\system32\DRIVERS\asc3550.sys *ASCTRM ASCTRM - auto `binary: *RAS Asynchronous Media Driver AsyncMac - on demand `binary: system32\DRIVERS\asyncmac.sys *Standard IDE/ESDI Hard Disk Controller atapi running boot `binary: \SystemRoot\system32\DRIVERS\atapi.sys *Atdisk Atdisk - disabled `binary: *ATM ARP Client Protocol Atmarpc - on demand `binary: system32\DRIVERS\atmarpc.sys *Audio Stub Driver audstub - on demand `binary: system32\DRIVERS\audstub.sys *Beep Beep running system `binary: *bvrp_pci bvrp_pci - on demand `binary: *cbidf cbidf running boot `binary: \SystemRoot\system32\DRIVERS\cbidf2k.sys *cbidf2k cbidf2k - disabled `binary: *cd20xrnt cd20xrnt running boot `binary: \SystemRoot\system32\DRIVERS\cd20xrnt.sys *Cdaudio Cdaudio - system `binary: *Cdfs Cdfs running disabled `binary: *CD-ROM Driver Cdrom running system `binary: system32\DRIVERS\cdrom.sys *Changer Changer - system `binary: *CmdIde CmdIde running boot `binary: \SystemRoot\system32\DRIVERS\cmdide.sys *Cpqarray Cpqarray running boot `binary: \SystemRoot\system32\DRIVERS\cpqarray.sys *dac2w2k dac2w2k running boot `binary: \SystemRoot\system32\DRIVERS\dac2w2k.sys *dac960nt dac960nt running boot `binary: \SystemRoot\system32\DRIVERS\dac960nt.sys *Kodak Camera Proxy DcCam running system `binary: system32\DRIVERS\DcCam.sys *DcFpoint DcFpoint - on demand `binary: system32\DRIVERS\DcFpoint.sys *Kodak DCFS2K Driver DCFS2K - auto `binary: system32\drivers\dcfs2k.sys *Legacy Polling Service DcLps - on demand `binary: system32\DRIVERS\DcLps.sys *DcPTP DcPTP - on demand `binary: system32\DRIVERS\DcPTP.sys *Disk Driver Disk running boot `binary: \SystemRoot\system32\DRIVERS\disk.sys *dmboot dmboot - disabled `binary: System32\drivers\dmboot.sys *dmio dmio - disabled `binary: System32\drivers\dmio.sys *dmload dmload - disabled `binary: System32\drivers\dmload.sys *Microsoft Kernel DLS Syntheiszer DMusic - on demand `binary: system32\drivers\DMusic.sys *dpti2o dpti2o running boot `binary: \SystemRoot\system32\DRIVERS\dpti2o.sys *Microsoft Kernel DRM Audio Descrambler drmkaud - on demand `binary: system32\drivers\drmkaud.sys *drvmcdb drvmcdb running boot `binary: \SystemRoot\system32\drivers\drvmcdb.sys *drvnddm drvnddm - auto `binary: system32\drivers\drvnddm.sys *Intel(R) PRO Adapter Driver E100B - on demand `binary: system32\DRIVERS\e100b325.sys *ewido anti-spyware 4.0 driver ewido anti-spyware 4 - system `binary: \??\C:\Program Files\ewido anti-spyware 4.0\guard.sys *Exportit Exportit - system `binary: system32\DRIVERS\exportit.sys *Fastfat Fastfat running disabled `binary: *Floppy Disk Controller Driver Fdc running on demand `binary: system32\DRIVERS\fdc.sys *Fips Fips - system `binary: *Floppy Disk Driver Flpydisk - on demand `binary: system32\DRIVERS\flpydisk.sys *FltMgr FltMgr running boot `binary: \SystemRoot\system32\DRIVERS\fltMgr.sys *Volume Manager Driver Ftdisk running boot `binary: \SystemRoot\system32\DRIVERS\ftdisk.sys *GEAR CDRom Filter GEARAspiWDM running on demand `binary: SYSTEM32\DRIVERS\GEARAspiWDM.sys *Generic Packet Classifier Gpc - on demand `binary: system32\DRIVERS\msgpc.sys *Microsoft HID Class Driver HidUsb - on demand `binary: system32\DRIVERS\hidusb.sys *hpn hpn running boot `binary: \SystemRoot\system32\DRIVERS\hpn.sys *HTTP HTTP - on demand `binary: System32\Drivers\HTTP.sys *i2omgmt i2omgmt running system `binary: *i2omp i2omp running boot `binary: \SystemRoot\system32\DRIVERS\i2omp.sys *i8042 Keyboard and PS/2 Mouse Port Driver i8042prt running system `binary: system32\DRIVERS\i8042prt.sys *ialm ialm - on demand `binary: system32\DRIVERS\ialmnt5.sys *CD-Burning Filter Driver Imapi running system `binary: system32\DRIVERS\imapi.sys *ini910u ini910u running boot `binary: \SystemRoot\system32\DRIVERS\ini910u.sys *IntelC51 IntelC51 - on demand `binary: system32\DRIVERS\IntelC51.sys *IntelC52 IntelC52 - on demand `binary: system32\DRIVERS\IntelC52.sys *IntelC53 IntelC53 - on demand `binary: system32\DRIVERS\IntelC53.sys *IntelIde IntelIde running boot `binary: \SystemRoot\system32\DRIVERS\intelide.sys *Intel Processor Driver intelppm - system `binary: system32\DRIVERS\intelppm.sys *IPv6 Windows Firewall Driver Ip6Fw - on demand `binary: system32\DRIVERS\Ip6Fw.sys *IP Traffic Filter Driver IpFilterDriver - on demand `binary: System32\DRIVERS\ipfltdrv.sys *IP in IP Tunnel Driver IpInIp - on demand `binary: system32\DRIVERS\ipinip.sys *IP Network Address Translator IpNat - on demand `binary: system32\DRIVERS\ipnat.sys *IPSEC driver IPSec - system `binary: system32\DRIVERS\ipsec.sys *IR Enumerator Service IRENUM - on demand `binary: system32\DRIVERS\irenum.sys *PnP ISA/EISA Bus Driver isapnp running boot `binary: \SystemRoot\system32\DRIVERS\isapnp.sys *Keyboard Class Driver Kbdclass running system `binary: system32\DRIVERS\kbdclass.sys *Microsoft Kernel Wave Audio Mixer kmixer - on demand `binary: system32\drivers\kmixer.sys *KSecDD KSecDD running boot `binary: *GlobeSpan USB ADSL LAN Modem lanusb - on demand `binary: system32\DRIVERS\glausb.sys *lbrtfdc lbrtfdc - system `binary: *mnmdd mnmdd - system `binary: *Modem Modem - on demand `binary: *Unimodem Streaming Filter Device MODEMCSA - on demand `binary: system32\drivers\MODEMCSA.sys *mohfilt mohfilt - on demand `binary: system32\DRIVERS\mohfilt.sys *Mouse Class Driver Mouclass running system `binary: system32\DRIVERS\mouclass.sys *MountMgr MountMgr running boot `binary: *MPFIREWL MPFIREWL - system `binary: System32\Drivers\MpFirewall.sys *mraid35x mraid35x running boot `binary: \SystemRoot\system32\DRIVERS\mraid35x.sys *WebDav Client Redirector MRxDAV - on demand `binary: system32\DRIVERS\mrxdav.sys *MRxSmb MRxSmb - system `binary: system32\DRIVERS\mrxsmb.sys *Msfs Msfs running system `binary: *Microsoft Streaming Service Proxy MSKSSRV - on demand `binary: system32\drivers\MSKSSRV.sys *Microsoft Streaming Clock Proxy MSPCLOCK - on demand `binary: system32\drivers\MSPCLOCK.sys *Microsoft Streaming Quality Manager Proxy MSPQM - on demand `binary: system32\drivers\MSPQM.sys *Microsoft System Management BIOS Driver mssmbios running on demand `binary: system32\DRIVERS\mssmbios.sys *Mup Mup running boot `binary: *NaiAvFilter1 NaiAvFilter1 - on demand `binary: system32\drivers\naiavf5x.sys *NDIS System Driver NDIS running boot `binary: *Remote Access NDIS TAPI Driver NdisTapi - on demand `binary: system32\DRIVERS\ndistapi.sys *NDIS Usermode I/O Protocol Ndisuio - on demand `binary: system32\DRIVERS\ndisuio.sys *Remote Access NDIS WAN Driver NdisWan - on demand `binary: system32\DRIVERS\ndiswan.sys *NDIS Proxy NDProxy - on demand `binary: *NetBIOS Interface NetBIOS - system `binary: system32\DRIVERS\netbios.sys *NetBios over Tcpip NetBT - system `binary: system32\DRIVERS\netbt.sys *1394 Net Driver NIC1394 - on demand `binary: system32\DRIVERS\nic1394.sys *Npfs Npfs running system `binary: *Ntfs Ntfs running disabled `binary: *Null Null running system `binary: *nv nv - on demand `binary: system32\DRIVERS\nv4_mini.sys *IPX Traffic Filter Driver NwlnkFlt - on demand `binary: system32\DRIVERS\nwlnkflt.sys *IPX Traffic Forwarder Driver NwlnkFwd - on demand `binary: system32\DRIVERS\nwlnkfwd.sys *Texas Instruments OHCI Compliant IEEE 1394 Host ohci1394 running boot ` Controller `binary: \SystemRoot\system32\DRIVERS\ohci1394.sys *Parallel port driver Parport - on demand `binary: system32\DRIVERS\parport.sys *PartMgr PartMgr running boot `binary: *ParVdm ParVdm - disabled `binary: *PCI Bus Driver PCI running boot `binary: \SystemRoot\system32\DRIVERS\pci.sys *PCIDump PCIDump - system `binary: *PCIIde PCIIde running boot `binary: \SystemRoot\system32\DRIVERS\pciide.sys *Pcmcia Pcmcia - disabled `binary: *PDCOMP PDCOMP - on demand `binary: *PDFRAME PDFRAME - on demand `binary: *PDRELI PDRELI - on demand `binary: *PDRFRAME PDRFRAME - on demand `binary: *perc2 perc2 running boot `binary: \SystemRoot\system32\DRIVERS\perc2.sys *perc2hib perc2hib running boot `binary: \SystemRoot\system32\DRIVERS\perc2hib.sys *PPPoEWin Miniport PPPoEWin - on demand `binary: system32\DRIVERS\PPPoEWin.SYS *WAN Miniport (PPTP) PptpMiniport - on demand `binary: system32\DRIVERS\raspptp.sys *QoS Packet Scheduler PSched - on demand `binary: system32\DRIVERS\psched.sys *Direct Parallel Link Driver Ptilink - on demand `binary: system32\DRIVERS\ptilink.sys *PxHelp20 PxHelp20 running boot `binary: \SystemRoot\System32\Drivers\PxHelp20.sys *ql1080 ql1080 running boot `binary: \SystemRoot\system32\DRIVERS\ql1080.sys *Ql10wnt Ql10wnt running boot `binary: \SystemRoot\system32\DRIVERS\ql10wnt.sys *ql12160 ql12160 running boot `binary: \SystemRoot\system32\DRIVERS\ql12160.sys *ql1240 ql1240 running boot `binary: \SystemRoot\system32\DRIVERS\ql1240.sys *ql1280 ql1280 running boot `binary: \SystemRoot\system32\DRIVERS\ql1280.sys *Remote Access Auto Connection Driver RasAcd - system `binary: system32\DRIVERS\rasacd.sys *WAN Miniport (L2TP) Rasl2tp - on demand `binary: system32\DRIVERS\rasl2tp.sys *Remote Access PPPOE Driver RasPppoe - on demand `binary: system32\DRIVERS\raspppoe.sys *Direct Parallel Raspti - on demand `binary: system32\DRIVERS\raspti.sys *Rdbss Rdbss - system `binary: system32\DRIVERS\rdbss.sys *RDPCDD RDPCDD - system `binary: System32\DRIVERS\RDPCDD.sys *Terminal Server Device Redirector Driver rdpdr - on demand `binary: system32\DRIVERS\rdpdr.sys *RDPWD RDPWD - on demand `binary: *Digital CD Audio Playback Filter Driver redbook running system `binary: system32\DRIVERS\redbook.sys *Secdrv Secdrv - on demand `binary: system32\DRIVERS\secdrv.sys *senfilt senfilt - on demand `binary: system32\drivers\senfilt.sys *Serenum Filter Driver serenum - on demand `binary: system32\DRIVERS\serenum.sys *Serial port driver Serial - system `binary: system32\DRIVERS\serial.sys *High-Capacity Floppy Disk Drive Sfloppy running on demand `binary: system32\DRIVERS\sfloppy.sys *Simbad Simbad - disabled `binary: *SIS AGP Bus Filter sisagp running boot `binary: \SystemRoot\system32\DRIVERS\sisagp.sys *smwdm smwdm - on demand `binary: system32\drivers\smwdm.sys *Sparrow Sparrow running boot `binary: \SystemRoot\system32\DRIVERS\sparrow.sys *Microsoft Kernel Audio Splitter splitter - on demand `binary: system32\drivers\splitter.sys *System Restore Filter Driver sr running boot `binary: \SystemRoot\system32\DRIVERS\sr.sys *Srv Srv - on demand `binary: system32\DRIVERS\srv.sys *sscdbhk5 sscdbhk5 running system `binary: system32\drivers\sscdbhk5.sys *ssrtln ssrtln running system `binary: system32\drivers\ssrtln.sys *Software Bus Driver swenum running on demand `binary: system32\DRIVERS\swenum.sys *Microsoft Kernel GS Wavetable Synthesizer swmidi - on demand `binary: system32\drivers\swmidi.sys *symc810 symc810 running boot `binary: \SystemRoot\system32\DRIVERS\symc810.sys *symc8xx symc8xx running boot `binary: \SystemRoot\system32\DRIVERS\symc8xx.sys *sym_hi sym_hi running boot `binary: \SystemRoot\system32\DRIVERS\sym_hi.sys *sym_u3 sym_u3 running boot `binary: \SystemRoot\system32\DRIVERS\sym_u3.sys *Microsoft Kernel System Audio Device sysaudio - on demand `binary: system32\drivers\sysaudio.sys *TCP/IP Protocol Driver Tcpip - system `binary: system32\DRIVERS\tcpip.sys *TDPIPE TDPIPE - on demand `binary: *TDTCP TDTCP - on demand `binary: *Terminal Device Driver TermDD running system `binary: system32\DRIVERS\termdd.sys *tfsnboio tfsnboio - auto `binary: system32\dla\tfsnboio.sys *tfsncofs tfsncofs - auto `binary: system32\dla\tfsncofs.sys *tfsndrct tfsndrct - auto `binary: system32\dla\tfsndrct.sys *tfsndres tfsndres - auto `binary: system32\dla\tfsndres.sys *tfsnifs tfsnifs - auto `binary: system32\dla\tfsnifs.sys *tfsnopio tfsnopio - auto `binary: system32\dla\tfsnopio.sys *tfsnpool tfsnpool - auto `binary: system32\dla\tfsnpool.sys *tfsnudf tfsnudf - auto `binary: system32\dla\tfsnudf.sys *tfsnudfa tfsnudfa - auto `binary: system32\dla\tfsnudfa.sys *TosIde TosIde running boot `binary: \SystemRoot\system32\DRIVERS\toside.sys *Udfs Udfs - disabled `binary: *ultra ultra running boot `binary: \SystemRoot\system32\DRIVERS\ultra.sys *Microcode Update Driver Update running on demand `binary: system32\DRIVERS\update.sys *USB Audio Driver (WDM) usbaudio - on demand `binary: system32\drivers\usbaudio.sys *Microsoft USB Generic Parent Driver usbccgp - on demand `binary: system32\DRIVERS\usbccgp.sys *Microsoft USB 2.0 Enhanced Host Controller Mini usbehci running on demand `port Driver `binary: system32\DRIVERS\usbehci.sys *USB2 Enabled Hub usbhub running on demand `binary: system32\DRIVERS\usbhub.sys *Microsoft USB PRINTER Class usbprint - on demand `binary: system32\DRIVERS\usbprint.sys *USB Scanner Driver usbscan - on demand `binary: system32\DRIVERS\usbscan.sys *USB Mass Storage Driver USBSTOR running on demand `binary: system32\DRIVERS\USBSTOR.SYS *Microsoft USB Universal Host Controller Minipor usbuhci running on demand `t Driver `binary: system32\DRIVERS\usbuhci.sys *VgaSave VgaSave running system `binary: \SystemRoot\System32\drivers\vga.sys *VIA AGP Bus Filter viaagp running boot `binary: \SystemRoot\system32\DRIVERS\viaagp.sys *ViaIde ViaIde running boot `binary: \SystemRoot\system32\DRIVERS\viaide.sys *VolSnap VolSnap running boot `binary: *Remote Access IP ARP Driver Wanarp - on demand `binary: system32\DRIVERS\wanarp.sys *WAN Miniport (ATW) wanatw - on demand `binary: system32\DRIVERS\wanatw4.sys *WDICA WDICA - on demand `binary: *Microsoft WINMM WDM Audio Compatibility Driver wdmaud - on demand `binary: system32\drivers\wdmaud.sys »VMM32Files (LM) »%System%\VMM32 »%System%\IOSUBSYS »Application specific »MS Office 97/8.0 STARTUP-PATH »Current User »Default User »Local Machine »ICQ NetDetect »Current User »Default User StartupList report, 29/09/2006, 14:20:06 StartupList version: 1.52.2 Started from : C:\Documents and Settings\Lolly.LOLLYSABBIES.000\Desktop\HijackThis.EXE Detected: Windows XP SP2 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180) * Using default options * Showing rarely important sections ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Lolly.LOLLYSABBIES.000\Desktop\HijackThis.exe -------------------------------------------------- Listing of startup folders: Shell folders Common Startup: [C:\Documents and Settings\All Users\Start Menu\Programs\Startup] AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run SoundMAXPnP = C:\Program Files\Analog Devices\Core\smax4pnp.exe SunJavaUpdateSched = C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe PCMService = "C:\Program Files\Dell\Media Experience\PCMService.exe" IntelMeM = C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe DVDLauncher = "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" RealTray = C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER AOL Spyware Protection = "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" VSOCheckTask = "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask MCAgentExe = c:\PROGRA~1\mcafee.com\agent\mcagent.exe MCUpdateExe = C:\PROGRA~1\mcafee.com\agent\mcupdate.exe UpdateManager = "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r dla = C:\WINDOWS\system32\dla\tfswctrl.exe BuildBU = c:\dell\bldbubg.exe VirusScan Online = C:\Program Files\McAfee.com\VSO\mcvsshld.exe DSLSTATEXE = C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon DSLAGENTEXE = C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe %FP%Friendly fts.exe = "C:\Program Files\VoyagerTest\fts.exe" MPFExe = C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe REGSHAVE = C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN OASClnt = C:\Program Files\McAfee.com\VSO\oasclnt.exe MSKAGENTEXE = C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe MSKDetectorExe = C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe" QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime igfxtray = C:\WINDOWS\system32\igfxtray.exe igfxhkcmd = C:\WINDOWS\system32\hkcmd.exe igfxpers = C:\WINDOWS\system32\igfxpers.exe PCMMRealtime = C:\Program Files\PC MightyMax\pcmm.exe /R (Default) = !ewido = "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx (Default) = -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background -------------------------------------------------- Enumerating Active Setup stub paths: HKLM\Software\Microsoft\Active Setup\Installed Components (* = disabled by HKCU twin) [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP [>{26923b43-4d38-484f-9b9e-de460746276c}] * StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] * StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] * StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install [{7790769C-0471-11d2-AF11-00C04FA35D02}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install [{89820200-ECBD-11cf-8B85-00AA005B4340}] * StubPath = regsvr32.exe /s /n /i:U shell32.dll [{89820200-ECBD-11cf-8B85-00AA005B4383}] * StubPath = %SystemRoot%\system32\ie4uinit.exe [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] * StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry value not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Checking for EXPLORER.EXE instances: C:\WINDOWS\Explorer.exe: PRESENT! C:\Explorer.exe: not present C:\WINDOWS\Explorer\Explorer.exe: not present C:\WINDOWS\System\Explorer.exe: not present C:\WINDOWS\System32\Explorer.exe: not present C:\WINDOWS\Command\Explorer.exe: not present C:\WINDOWS\Fonts\Explorer.exe: not present -------------------------------------------------- Checking for superhidden extensions: .lnk: HIDDEN! (arrow overlay: yes) .pif: HIDDEN! (arrow overlay: yes) .exe: not hidden .com: not hidden .bat: not hidden .hta: not hidden .scr: not hidden .shs: HIDDEN! .shb: HIDDEN! .vbs: not hidden .vbe: not hidden .wsh: not hidden .scf: HIDDEN! (arrow overlay: NO!) .url: HIDDEN! (arrow overlay: yes) .js: not hidden .jse: not hidden -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll - {02478D38-C3F9-4EFB-9B51-7695ECA05670} (no name) - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (no name) - c:\program files\mcafee\spamkiller\mcapfbho.dll - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} (no name) - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F} (no name) - C:\WINDOWS\system32\dla\tfswshx.dll - {5CA3D70E-1895-11CF-8E15-001234567890} (no name) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6} -------------------------------------------------- Enumerating Task Scheduler jobs: McAfee.com Scan for Viruses - My Computer (LOLLYSABBIES-Tony).job -------------------------------------------------- Enumerating Download Program Files: [Shockwave ActiveX Control] InProcServer32 = C:\WINDOWS\system32\macromed\Shockwave 10\Download.dll CODEBASE = http://download.macromedia.com/pub/s...irector/sw.cab [MessengerStatsClient Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll CODEBASE = http://messenger.zone.msn.com/binary...t.cab31267.cab [MsnMessengerSetupDownloadControl Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx CODEBASE = http://messenger.msn.com/download/Ms...Downloader.cab -------------------------------------------------- Enumerating Windows NT/2000/XP services AOL Connectivity Service: C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe (autostart) Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Kodak DCFS2K Driver: system32\drivers\dcfs2k.sys (autostart) DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart) DHCP Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart) drvnddm: system32\drivers\drvnddm.sys (autostart) Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Event Log: %SystemRoot%\system32\services.exe (autostart) ewido anti-spyware 4.0 guard: C:\Program Files\ewido anti-spyware 4.0\guard.exe (autostart) Fax: %systemroot%\system32\fxssvc.exe (autostart) Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Kodak Camera Connection Software: %SystemRoot%\system32\drivers\KodakCCS.exe (autostart) Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Workstation: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService (autostart) McAfee WSC Integration: c:\program files\mcafee.com\agent\mcdetect.exe (autostart) McAfee.com McShield: c:\PROGRA~1\mcafee.com\vso\mcshield.exe (autostart) McAfee Task Scheduler: c:\PROGRA~1\mcafee.com\agent\mctskshd.exe (autostart) McAfee Personal Firewall Service: C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe (autostart) McAfee SpamKiller Server: C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe (autostart) Plug and Play: %SystemRoot%\system32\services.exe (autostart) IPSEC Services: %SystemRoot%\system32\lsass.exe (autostart) Protected Storage: %SystemRoot%\system32\lsass.exe (autostart) Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart) Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart) Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart) System Restore Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Windows Image Acquisition (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart) tfsnboio: system32\dla\tfsnboio.sys (autostart) tfsncofs: system32\dla\tfsncofs.sys (autostart) tfsndrct: system32\dla\tfsndrct.sys (autostart) tfsndres: system32\dla\tfsndres.sys (autostart) tfsnifs: system32\dla\tfsnifs.sys (autostart) tfsnopio: system32\dla\tfsnopio.sys (autostart) tfsnpool: system32\dla\tfsnpool.sys (autostart) tfsnudf: system32\dla\tfsnudf.sys (autostart) tfsnudfa: system32\dla\tfsnudfa.sys (autostart) Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Windows Time: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart) Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart) Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart) Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\system32\webcheck.dll SysTray: C:\WINDOWS\system32\stobject.dll -------------------------------------------------- End of report, 12,909 bytes Report generated in 0.063 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only ML |
|
|
|
|
09-29-2006, 08:17 PM
|
#14 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,615
OS: WinXP and Vista
|
Let's try WinsockFix and see if you can get online:
Download WinsockFix and unzip it. Then double click on WinsockFix.exe to run it. -------------------------------------- Download gmer from http://www.gmer.net & unzip it to desktop. Do not run it yet. -------------------------------------- Download Dr.Web CureIt to the desktop: ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
-------------------------------------- Launch gmer.exe by double-clicking it. Select the rootkit tab & make sure the 'Show All' button is unticked. Press scan & when it has finished press copy & paste the log back here Please let me know if there is any improvement in the system at all. |
|
|
|
|
09-30-2006, 12:14 PM
|
#15 (permalink) |
|
Registered User
Join Date: Sep 2006
Posts: 22
OS: XP
|
Hi Ried,
All below done in Normal Mode logged in as Lolly. WinsockFix - did this, came up with 'Repair Complete Please Reboot', which I did. Dr.Web-CureIt - did this. short scan scanned 328 files - nothing found. Log below. Silent Runners.vbs;C:\Documents and Settings\Lolly.LOLLYSABBIES.000\Desktop;Probably BATCH.Virus;Incurable.Moved.; backup-20060928-145039-533.dll;C:\Documents and Settings\Lolly.LOLLYSABBIES.000\Desktop\backups;Adware.MWS;Incurable.Moved.; backup-20060928-145040-686.dll;C:\Documents and Settings\Lolly.LOLLYSABBIES.000\Desktop\backups;Adware.Websearch;Incurable.Moved.; fwRemoteCfg.dll;C:\Program Files\Common Files\FTL Shared;Probably DLOADER.Trojan;Incurable.Moved.; riched20.dll;C:\Program Files\MSN Messenger;Adware.Msearch;Incurable.Moved.; M3HTML.DLL;C:\RECYCLER\S-1-5-21-1551344628-3146701297-20334874-1006\Dc1\bar\1.bin;Adware.Msearch;Incurable.Moved.; MWSBAR.DLL;C:\RECYCLER\S-1-5-21-1551344628-3146701297-20334874-1006\Dc1\bar\1.bin;Adware.MWS;Incurable.Moved.; MWSOEPLG.DLL;C:\RECYCLER\S-1-5-21-1551344628-3146701297-20334874-1006\Dc1\bar\1.bin;Adware.Websearch;Incurable.Moved.; F3HISTSW.DLL;C:\RECYCLER\S-1-5-21-1551344628-3146701297-20334874-1006\Dc1\bar\2.bin;Adware.Msearch;Incurable.Moved.; F3HTTPCT.DLL;C:\RECYCLER\S-1-5-21-1551344628-3146701297-20334874-1006\Dc1\bar\2.bin;Trojan.Isbar.438;Deleted.; F3PSSAVR.SCR;C:\RECYCLER\S-1-5-21-1551344628-3146701297-20334874-1006\Dc1\bar\2.bin;Adware.Msearch;Incurable.Moved.; F3RESTUB.DLL;C:\RECYCLER\S-1-5-21-1551344628-3146701297-20334874-1006\Dc1\bar\2.bin;Adware.Msearch;Incurable.Moved.; F3SCHMON.EXE;C:\RECYCLER\S-1-5-21-1551344628-3146701297-20334874-1006\Dc1\bar\2.bin;Adware.Msearch;Incurable.Moved.; F3SCRCTR.DLL;C:\RECYCLER\S-1-5-21-1551344628-3146701297-20334874-1006\Dc1\bar\2.bin;Trojan.DownLoader.7028;Deleted.; F3WPHOOK.DLL;C:\RECYCLER\S-1-5-21-1551344628-3146701297-20334874-1006\Dc1\bar\2.bin;Adware.Msearch;Incurable.Moved.; M3HTML.DLL;C:\RECYCLER\S-1-5-21-1551344628-3146701297-20334874-1006\Dc1\bar\2.bin;Adware.Msearch;Incurable.Moved.; M3IDLE.DLL;C:\RECYCLER\S-1-5-21-1551344628-3146701297-20334874-1006\Dc1\bar\2.bin;Adware.MWS;Incurable.Moved.; M3OUTLCN.DLL;C:\RECYCLER\S-1-5-21-1551344628-3146701297-20334874-1006\Dc1\bar\2.bin;Adware.Msearch;Incurable.Moved.; M3PLUGIN.DLL;C:\RECYCLER\S-1-5-21-1551344628-3146701297-20334874-1006\Dc1\bar\2.bin;Adware.Msearch;Incurable.Moved.; MWSOEPLG.DLL;C:\RECYCLER\S-1-5-21-1551344628-3146701297-20334874-1006\Dc1\bar\2.bin;Adware.Websearch;Incurable.Moved.; NPMYWEBS.DLL;C:\RECYCLER\S-1-5-21-1551344628-3146701297-20334874-1006\Dc1\bar\2.bin;Adware.Msearch;Incurable.Moved.; A0104508.DLL;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97;Adware.MWS;Incurable.Moved.; A0104509.DLL;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97;Adware.Websearch;Incurable.Moved.; A0104511.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97;Dialer.Btweb;Incurable.Moved.; A0104512.EXE;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97;Adware.Websearch;Incurable.Moved.; A0104513.EXE;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97;Adware.Websearch;Incurable.Moved.; A0109666.DLL;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97;Trojan.Isbar.438;Deleted.; A0109667.DLL;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97;Trojan.DownLoader.7028;Deleted.; Gmer - did this, log below. GMER 1.0.11.11389 - http://www.gmer.net Rootkit 2006-09-30 15:14:05 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.11 ---- SSDT \??\C:\Program Files\ewido anti-spyware 4.0\guard.sys ZwOpenProcess SSDT \??\C:\Program Files\ewido anti-spyware 4.0\guard.sys ZwTerminateProcess ---- Devices - GMER 1.0.11 ---- Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE ED9C1C8A Device \FileSystem\Fastfat \Fat IRP_MJ_CLOSE ED9BE7C8 Device \FileSystem\Fastfat \Fat IRP_MJ_READ ED9BA60A Device \FileSystem\Fastfat \Fat IRP_MJ_WRITE ED9BAAED Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION ED9C5958 Device \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION ED9C8821 Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA ED9D138A Device \FileSystem\Fastfat \Fat IRP_MJ_SET_EA ED9D0D49 Device \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS ED9CABBE Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION ED9CB331 Device \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION ED9D94F4 Device \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL ED9C1B37 Device \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL ED9BD948 Device \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL ED9C746B Device \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN ED9D879D Device \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL ED9D7C4A Device \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP ED9BE2FD Device \FileSystem\Fastfat \Fat IRP_MJ_PNP ED9D81DB Device \FileSystem\Fastfat \Fat FastIoCheckIfPossible ED9D31F9 Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer IRP_MJ_FILE_SYSTEM_CONTROL [EEBDF701] tfsnifs.sys Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer IRP_MJ_FILE_SYSTEM_CONTROL [EEBDF701] tfsnifs.sys Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer IRP_MJ_FILE_SYSTEM_CONTROL [EEBDF701] tfsnifs.sys Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer IRP_MJ_FILE_SYSTEM_CONTROL [EEBDF701] tfsnifs.sys Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer IRP_MJ_FILE_SYSTEM_CONTROL [EEBDF701] tfsnifs.sys Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL [EEBDF89D] tfsnifs.sys ---- Files - GMER 1.0.11 ---- ADS ... ---- EOF - GMER 1.0.11 ---- No improvement in system at all. Still cannot access inet. Can see data activity on modem though whilst trying to login. Owner uses AOL and he is adament that the username and passwords are correct, although whilst trying 2 different ones, Tony's and Lollies, I get the error message shown in the attatched screen dump. Also, his McAfee Spam Killer says 'must connect to McAfee to verify subscription status'. Comes back with 'Access violation at address 7C80AC9B in module "kernel32.dll". Read of address 80040119 [OK]' Hope this means something to you - it sure doesn't to me. ML |
|
|
|
|
09-30-2006, 05:14 PM
|
#16 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,615
OS: WinXP and Vista
|
Hi ML,
Download Hoster Run Hoster.exe. Click "Make Hosts Writable?" in the upper right corner (If available). Click Restore Original Hosts and then click OK. Click the X to exit the program. Any luck accessing the internet now? Try both Internet Explorer and AOL's browsers. ------------------------------------- Let's try invoking Windows File Protection. Go to the Run box on the Start Menu and type in or copy/paste sfc /scannow (there is a space between sfc and /) This command will immediately initiate the Windows File Protection service to scan all protected files and verify their integrity, replacing any files with which it finds a problem. If any problems are found, you will be prompted to insert the Windows XP install disc so have it handy. Please let me know how that went. |
|
|
|
|
10-02-2006, 12:34 PM
|
#17 (permalink) |
|
Registered User
Join Date: Sep 2006
Posts: 22
OS: XP
|
Hi Ried,
Couldn't post anything yesterday as I was tied up with other things. Spent some time on it today, and I type this with a smile on my face!! Logged in as Lolly. Ran 'Hoster' and afterwards I could connect to the internet - but I only new this due to the connection icon in the system tray. When I clicked it, it came up and said how long I had been online and how much data had been sent and received. Also I could see the data light on the modem flashing every so often. I could still not run AOL or Internet Explorer browsers though. Ran sfc /scannow - this took some time to complete and did ask for the Win XP Home disk due to dll problems. This all completed ok. After rebooting, I then tried to get online through AOL - which worked. After making sure this seemed to work ok I then tried the basic system functions like explorer, my computer, etc - and this worked too, without the desktop / icon flashing trick. Tried logging in as Tony and his continuous Desktop flashing had stopped as well I also ran Ewido again and this time it saved the log - turns out it saved the log beforehand - I just wasn't aware it saved it in C:\Program Files\Ewido\Reports as I couldn't use explorer at the time. I have posted todays log below should it be of use. Well done and thanks very much for your persistance. I have told the owner that there may be more to do yet, so I have advised him not to use the system yet, but as far as I can tell at the moment it seems to be running ok It also turns out, now that I can look around the system and 'Control Panel' without it doing it's desktop / icon flashing trick, that his McAffee AV has expired and his Windows Firewall was off. Guess that didn't help at all and is probably partway the reason for getting in this mess in the first place. Is there anything I need to do as a matter of completeness, before I leave it with him to re-subscribe to McAfee etc. Thanks a huge amount - todays Ewido log below. --------------------------------------------------------- ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 17:41:39 02/10/2006 + Scan result: C:\Documents and Settings\Lolly.LOLLYSABBIES.000\DoctorWeb\Quarantine\A0104511.dll -> Dialer.BT.c : Cleaned with backup (quarantined). C:\Documents and Settings\Tony\Cookies\tony@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined). C:\Documents and Settings\Tony\Cookies\tony@112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). C:\Documents and Settings\Tony\Cookies\tony@122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). C:\Documents and Settings\Tony\Cookies\tony@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). C:\Documents and Settings\Tony\Cookies\tony@aoluk.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). C:\Documents and Settings\Tony\Cookies\tony@eurostar.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). C:\Documents and Settings\Tony\Cookies\tony@opodo.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). C:\Documents and Settings\Tony\Cookies\tony@sento.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). C:\Documents and Settings\Tony\Cookies\tony@thomascook.122.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). C:\Documents and Settings\Tony\Local Settings\Temp\Cookies\tony@122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). C:\Documents and Settings\Tony\Local Settings\Temp\Cookies\tony@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). C:\Documents and Settings\Tony\Cookies\tony@media.adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined). C:\Documents and Settings\Tony\Cookies\tony@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined). C:\Documents and Settings\Tony\Cookies\tony@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined). C:\Documents and Settings\Tony\Cookies\tony@adviva[2].txt -> TrackingCookie.Adviva : Cleaned with backup (quarantined). C:\Documents and Settings\Lolly.LOLLYSABBIES.000\Cookies\lolly@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined). C:\Documents and Settings\Tony\Cookies\tony@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined). C:\Documents and Settings\Tony\Local Settings\Temp\Cookies\tony@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined). C:\Documents and Settings\Tony\Cookies\tony@bfast[2].txt -> TrackingCookie.Bfast : Cleaned with backup (quarantined). C:\Documents and Settings\Tony\Cookies\tony@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined). C:\Documents and Settings\Tony\Cookies\tony@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined). C:\Documents and Settings\Tony\Cookies\tony@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned with backup (quarantined). C:\Documents and Settings\Tony\Cookies\tony@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned with backup (quarantined). C:\Documents and Settings\Tony\Cookies\tony@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined). C:\Documents and Settings\Tony\Local Settings\Temp\Cookies\tony@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined). C:\Documents and Settings\Tony\Cookies\tony@e-2dj6wfk4emdzkco.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). C:\Documents and Settings\Tony\Cookies\tony@e-2dj6wfkiwjajeao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). C:\Documents and Settings\Tony\Cookies\tony@e-2dj6wfkoaiczido.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). C:\Documents and Settings\Tony\Cookies\tony@e-2dj6wfkygmcjmeo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). C:\Documents and Settings\Tony\Cookies\tony@e-2dj6wfkyqpcpsdo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). C:\Documents and Settings\Tony\Cookies\tony@e-2dj6wflokoc5edo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). C:\Documents and Settings\Tony\Cookies\tony@e-2dj6wflougdpogo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). C:\Documents and Settings\Tony\Cookies\tony@e-2dj6wfmiggcpwdo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). C:\Documents and Settings\Tony\Cookies\tony@e-2dj6wfmyqkdjkko.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). C:\Documents and Settings\Tony\Cookies\tony@e-2dj6wgkiamczegp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). C:\Documents and Settings\Tony\Cookies\tony@e-2dj6wglighazgfp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). C:\Documents and Settings\Tony\Cookies\tony@e-2dj6wglocmazmco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). C:\Documents and Settings\Tony\Cookies\tony@e-2dj6wgmyapc5idq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). C:\Documents and Settings\Tony\Cookies\tony@e-2dj6wjloqoc5mfq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). C:\Documents and Settings\Tony\Cookies\tony@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined). C:\Documents and Settings\Tony\Cookies\tony@as1.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined). C:\Documents and Settings\Tony\Cookies\tony@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined). C:\Documents and Settings\Tony\Cookies\tony@ehg-baa.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined). C:\Documents and Settings\Tony\Cookies\tony@ehg-debenhams.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined). C:\Documents and Settings\Tony\Cookies\tony@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined). C:\Documents and Settings\Tony\Cookies\tony@ehg-holidaybreak.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined). C:\Documents and Settings\Tony\Cookies\tony@ehg-littlewoods.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined). C:\Documents and Settings\Tony\Cookies\tony@ehg-logantod.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined). C:\Documents and Settings\Tony\Cookies\tony@ehg-onlinetravelgroup.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined). C:\Documents and Settings\Tony\Cookies\tony@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined). C:\Documents and Settings\Tony\Cookies\tony@phg.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined). C:\Documents and Settings\Tony\Cookies\tony@counter.hitslink[2].txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined). C:\Documents and Settings\Tony\Cookies\tony@counter2.hitslink[1].txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined). C:\Documents and Settings\Tony\Cookies\tony@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined). C:\Documents and Settings\Tony\Cookies\tony@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined). C:\Documents and Settings\Tony\Cookies\tony@overture[1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined). C:\Documents and Settings\Tony\Cookies\tony@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined). C:\Documents and Settings\Tony\Cookies\tony@paycounter[2].txt -> TrackingCookie.Paycounter : Cleaned with backup (quarantined). C:\Documents and Settings\Abbie.LOLLYSABBIES.000\Cookies\abbie@ads.planetactive[1].txt -> TrackingCookie.Planetactive : Cleaned with backup (quarantined). C:\Documents and Settings\Tony\Cookies\tony@qksrv[1].txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined). C:\Documents and Settings\Tony\Cookies\tony@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined). C:\Documents and Settings\Tony\Cookies\tony@revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined). C:\Documents and Settings\Tony\Cookies\tony@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined). C:\Documents and Settings\Tony\Cookies\tony@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined). C:\Documents and Settings\Tony\Cookies\tony@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined). C:\Documents and Settings\Tony\Cookies\tony@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Cleaned with backup (quarantined). C:\Documents and Settings\Tony\Cookies\tony@h.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup (quarantined). C:\Documents and Settings\Tony\Cookies\tony@try.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup (quarantined). C:\Documents and Settings\Tony\Cookies\tony@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined). C:\Documents and Settings\Tony\Cookies\tony@targetnet[1].txt -> TrackingCookie.Targetnet : Cleaned with backup (quarantined). C:\Documents and Settings\Tony\Cookies\tony@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined). C:\Documents and Settings\Tony\Cookies\tony@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined). C:\Documents and Settings\Tony\Cookies\tony@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined). C:\Documents and Settings\Tony\Cookies\tony@valueclick[2].txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined). C:\Documents and Settings\Tony\Cookies\tony@server3.web-stat[1].txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined). C:\Documents and Settings\Tony\Cookies\tony@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined). ::Report end ML |
|
|
|
|
10-02-2006, 12:44 PM
|
#18 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,615
OS: WinXP and Vista
|
Are you able to use Internet Explorer?
As we haven't found anything specifically, I'd feel more comfortable if you'd run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course: Please perform an online scan with Internet Explorer at Kaspersky Online Scanner Answer Yes, when prompted to install an ActiveX component.
Also...please run scans with HijackThis under each user acct and post them here as well. Last edited by Ried; 10-02-2006 at 12:46 PM. |
|
|
|
|
10-03-2006, 01:31 AM
|
#19 (permalink) |
|
Registered User
Join Date: Sep 2006
Posts: 22
OS: XP
|
Hi Ried,
Yes I am able to run internet explorer now. I will do as requested, although I am working days this week and not off until Friday. I probably won't get a chance to do it until Friday as I will not be getting home until late each evening - will post reply and logs then. Many thanks ML |
|
|
|
|
10-09-2006, 05:39 AM
|
#20 (permalink) |
|
Registered User
Join Date: Sep 2006
Posts: 22
OS: XP
|
Hi Ried,
Sorry for not getting back sooner - ended up having to work on Friday as well, then the missus had other plans for me at the weekend. Right here goes. I have done everything you requested, which went well. I performed the Kaspersky whilst logged in as Tony, seeing as this was the account that wouldn't allow me to do anything before. Report below :- ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Monday, October 09, 2006 12:04:05 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 9/10/2006 Kaspersky Anti-Virus database records: 230038 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ Scan Statistics: Total number of scanned objects: 87978 Number of viruses found: 11 Number of infected objects: 52 / 0 Number of suspicious objects: 0 Duration of the scan process: 01:08:32 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\Abbie.LOLLYSABBIES.000\Local Settings\Temporary Internet Files\Content.IE5\STEFK56N\index[4].htm Object is locked skipped C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\ph Object is locked skipped C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\variable Object is locked skipped C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\APP10400.LST Object is locked skipped C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\APP10575.LST Object is locked skipped C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\Apps.Lst Object is locked skipped C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\Diction.lst Object is locked skipped C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\main.idx Object is locked skipped C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\sap.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\spool.lst Object is locked skipped C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\STYLE.LST Object is locked skipped C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\sysnews.lst Object is locked skipped C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\Toolbar.lst Object is locked skipped C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\organize\tonyharmes Object is locked skipped C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\organize\tonyharmes.abi Object is locked skipped C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\organize\tonyharmes.aby Object is locked skipped C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\ShopAssist\DataStore\global\clientcache.adb Object is locked skipped C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\ShopAssist\DataStore\users\TonyHarmes.adb Object is locked skipped C:\Documents and Settings\All Users\Application Data\AOL\storage\cache.db Object is locked skipped C:\Documents and Settings\All Users\Application Data\AOL\storage\server.lock Object is locked skipped C:\Documents and Settings\All Users\Application Data\AOL\storage\stderr.txt Object is locked skipped C:\Documents and Settings\All Users\Application Data\AOL\storage\stdout.txt Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Logs\TaskScheduler\McTskshd001.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee.com\VSO\OASLogs\OAS.log Object is locked skipped C:\Documents and Settings\Julie.LOLLYSABBIES.000\Local Settings\Temporary Internet Files\Content.IE5\ZQQBBUH0\hbtools[1].exe/data0008/HbTools.mlp Infected: not-a-virus:AdWare.Win32.HotBar.bq skipped C:\Documents and Settings\Julie.LOLLYSABBIES.000\Local Settings\Temporary Internet Files\Content.IE5\ZQQBBUH0\hbtools[1].exe/data0008 Infected: not-a-virus:AdWare.Win32.HotBar.bq skipped C:\Documents and Settings\Julie.LOLLYSABBIES.000\Local Settings\Temporary Internet Files\Content.IE5\ZQQBBUH0\hbtools[1].exe NSIS: infected - 2 skipped C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Lolly.LOLLYSABBIES.000\DoctorWeb\Quarantine\A0104508.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.aq skipped C:\Documents and Settings\Lolly.LOLLYSABBIES.000\DoctorWeb\Quarantine\A0104509.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped C:\Documents and Settings\Lolly.LOLLYSABBIES.000\DoctorWeb\Quarantine\A0104512.EXE Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped C:\Documents and Settings\Lolly.LOLLYSABBIES.000\DoctorWeb\Quarantine\A0104513.EXE Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped C:\Documents and Settings\Lolly.LOLLYSABBIES.000\DoctorWeb\Quarantine\backup-20060928-145039-533.dll Infected: not-a-virus:AdWare.Win32.MyWebSearch.aq skipped C:\Documents and Settings\Lolly.LOLLYSABBIES.000\DoctorWeb\Quarantine\backup-20060928-145040-686.dll Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped C:\Documents and Settings\Lolly.LOLLYSABBIES.000\DoctorWeb\Quarantine\F3HISTSW.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped C:\Documents and Settings\Lolly.LOLLYSABBIES.000\DoctorWeb\Quarantine\f3PSSav0.scr Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped C:\Documents and Settings\Lolly.LOLLYSABBIES.000\DoctorWeb\Quarantine\F3PSSAVR.SCR Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped C:\Documents and Settings\Lolly.LOLLYSABBIES.000\DoctorWeb\Quarantine\F3RESTUB.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped C:\Documents and Settings\Lolly.LOLLYSABBIES.000\DoctorWeb\Quarantine\F3SCHMON.EXE Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped C:\Documents and Settings\Lolly.LOLLYSABBIES.000\DoctorWeb\Quarantine\F3WPHOOK.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped C:\Documents and Settings\Lolly.LOLLYSABBIES.000\DoctorWeb\Quarantine\M3HTML.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.f skipped C:\Documents and Settings\Lolly.LOLLYSABBIES.000\DoctorWeb\Quarantine\M3HTML_0.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.f skipped C:\Documents and Settings\Lolly.LOLLYSABBIES.000\DoctorWeb\Quarantine\M3IDLE.DLL Infected: not-a-virus:AdWare.Win32.IWon.a skipped C:\Documents and Settings\Lolly.LOLLYSABBIES.000\DoctorWeb\Quarantine\M3OUTLCN.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped C:\Documents and Settings\Lolly.LOLLYSABBIES.000\DoctorWeb\Quarantine\M3PLUGIN.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped C:\Documents and Settings\Lolly.LOLLYSABBIES.000\DoctorWeb\Quarantine\MWSBAR.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped C:\Documents and Settings\Lolly.LOLLYSABBIES.000\DoctorWeb\Quarantine\MWSOEPL0.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.q skipped C:\Documents and Settings\Lolly.LOLLYSABBIES.000\DoctorWeb\Quarantine\MWSOEPLG.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.al skipped C:\Documents and Settings\Lolly.LOLLYSABBIES.000\DoctorWeb\Quarantine\NPMYWEBS.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.i skipped C:\Documents and Settings\Lolly.LOLLYSABBIES.000\DoctorWeb\Quarantine\riched20.dll Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped C:\Documents and Settings\Lolly.LOLLYSABBIES.000\ntuser.dat Object is locked skipped C:\Documents and Settings\Lolly.LOLLYSABBIES.000\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Tony\Cookies\INDEX.DAT Object is locked skipped C:\Documents and Settings\Tony\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_59R.wmdb Object is locked skipped C:\Documents and Settings\Tony\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Tony\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Tony\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped C:\Documents and Settings\Tony\Local Settings\History\History.IE5\MSHist012006100920061010\index.dat Object is locked skipped C:\Documents and Settings\Tony\Local Settings\Temp\Perflib_Perfdata_dfc.dat Object is locked skipped C:\Documents and Settings\Tony\Local Settings\Temp\~DF1B14.tmp Object is locked skipped C:\Documents and Settings\Tony\Local Settings\Temp\~DF304B.tmp Object is locked skipped C:\Documents and Settings\Tony\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Tony\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Tony\ntuser.dat.LOG Object is locked skipped C:\Program Files\Common Files\AOL\ACS\UK\static Object is locked skipped C:\Program Files\Kodak\Kodak EasyShare software\Catalog\EasyShare.me Object is locked skipped C:\Program Files\Kodak\Kodak EasyShare software\Catalog\EasyShare.mm Object is locked skipped C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\BWKDLogs\BWTargetInf.log Object is locked skipped C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\2556\SegRules.tmp Object is locked skipped C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.dat Object is locked skipped C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.idx Object is locked skipped C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.dat Object is locked skipped C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.idx Object is locked skipped C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\D0000000.FCS Object is locked skipped C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\inuse.txt Object is locked skipped C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\L0000001.FCS Object is locked skipped C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\main.log Object is locked skipped C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.dat Object is locked skipped C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.idx Object is locked skipped C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.dat Object is locked skipped C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.idx Object is locked skipped C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.dat Object is locked skipped C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.idx Object is locked skipped C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.dat Object is locked skipped C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.idx Object is locked skipped C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.dat Object is locked skipped C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.idx Object is locked skipped C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.dat Object is locked skipped C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.idx Object is locked skipped C:\Program Files\McAfee.com\Personal Firewall\data\hwcache.xdb Object is locked skipped C:\RECYCLER\S-1-5-21-1551344628-3146701297-20334874-1006\Dc1\bar\1.bin\F3HTMLMU.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped C:\RECYCLER\S-1-5-21-1551344628-3146701297-20334874-1006\Dc1\bar\1.bin\MWSOESTB.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped C:\RECYCLER\S-1-5-21-1551344628-3146701297-20334874-1006\Dc1\bar\2.bin\F3DTACTL.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.al skipped C:\RECYCLER\S-1-5-21-1551344628-3146701297-20334874-1006\Dc1\bar\2.bin\F3HTMLMU.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped C:\RECYCLER\S-1-5-21-1551344628-3146701297-20334874-1006\Dc1\bar\2.bin\F3POPSWT.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped C:\RECYCLER\S-1-5-21-1551344628-3146701297-20334874-1006\Dc1\bar\2.bin\F3SHLLVW.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.aq skipped C:\RECYCLER\S-1-5-21-1551344628-3146701297-20334874-1006\Dc1\bar\2.bin\M3SKIN.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.ad skipped C:\RECYCLER\S-1-5-21-1551344628-3146701297-20334874-1006\Dc1\bar\2.bin\MWSOESTB.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP101\A0111169.dll Infected: not-a-virus:Dialer.Win32.BT.c skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP101\change.log Object is locked skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0109669.dll Infected: not-a-virus:AdWare.Win32.MyWebSearch.aq skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0109670.dll Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0109672.dll Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0109673.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.f skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0109674.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0109675.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.al skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0109676.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0109677.SCR Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0109678.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0109679.EXE Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0109680.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0109681.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.f skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0109682.DLL Infected: not-a-virus:AdWare.Win32.IWon.a skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0109683.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0109684.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0109685.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.q skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0109686.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.i skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0109687.scr Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{2C2990F6-D816-46FD-9678-035EFDC9AEEC}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\Temp\sqlite_CquafRHVhmVlMWd Object is locked skipped C:\WINDOWS\WIADEBUG.LOG Object is locked skipped C:\WINDOWS\WIASERVC.LOG Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed. All four HijackThis logs as requested logged in as each account :- Tony:- Logfile of HijackThis v1.99.1 Scan saved at 12:07:07, on 09/10/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\system32\drivers\KodakCCS.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\McAfee.com\VSO\mcvsshld.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe C:\Program Files\VoyagerTest\fts.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Program Files\McAfee.com\VSO\oasclnt.exe C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\PC MightyMax\pcmm.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\AOL 9.0\aoltray.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\Tony\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.co.uk/myway R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL (file missing) O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe" O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [PCMMRealtime] C:\Program Files\PC MightyMax\pcmm.exe /R O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZBzeb032YYGB O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?23074ace939d4d299d96f0a64791c8d7 O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?23074ace939d4d299d96f0a64791c8d7 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe Julie:- Logfile of HijackThis v1.99.1 Scan saved at 12:13:30, on 09/10/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\system32\drivers\KodakCCS.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\dell\bldbubg.exe C:\Program Files\McAfee.com\VSO\mcvsshld.exe C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe C:\Program Files\VoyagerTest\fts.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Program Files\McAfee.com\VSO\oasclnt.exe C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\PC MightyMax\pcmm.exe C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\Program Files\AOL 9.0\aoltray.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Documents and Settings\Julie.LOLLYSABBIES.000\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL (file missing) O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe" O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [PCMMRealtime] C:\Program Files\PC MightyMax\pcmm.exe /R O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe Lolly:- Logfile of HijackThis v1.99.1 Scan saved at 12:15:11, on 09/10/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\system32\drivers\KodakCCS.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\dell\bldbubg.exe C:\Program Files\McAfee.com\VSO\mcvsshld.exe C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe C:\Program Files\VoyagerTest\fts.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Program Files\McAfee.com\VSO\oasclnt.exe C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\PC MightyMax\pcmm.exe C:\Program Files\ewido anti-spyware 4.0\ewido.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\AOL 9.0\aoltray.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\Lolly.LOLLYSABBIES.000\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe" O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [PCMMRealtime] C:\Program Files\PC MightyMax\pcmm.exe /R O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?115a27e14ad44d1781fe8184ae286777 O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?115a27e14ad44d1781fe8184ae286777 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe Abbey:- Logfile of HijackThis v1.99.1 Scan saved at 12:11:31, on 09/10/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\system32\drivers\KodakCCS.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\McAfee.com\VSO\mcvsshld.exe C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe C:\Program Files\VoyagerTest\fts.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Program Files\McAfee.com\VSO\oasclnt.exe C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\PC MightyMax\pcmm.exe C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\Program Files\AOL 9.0\aoltray.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe C:\Documents and Settings\Abbie.LOLLYSABBIES.000\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.co.uk/myway R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL (file missing) O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe" O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [PCMMRealtime] C:\Program Files\PC MightyMax\pcmm.exe /R O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZBzeb032YYGB O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe Thanks for all so far Ried - will wait to here from you. ML |
|
|
|
| Thread Tools | |
|
|
