BleepingComputer.com: I'm Really Not Sure What This All Means

Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • This topic is locked

I'm Really Not Sure What This All Means

#1 User is offline   LucyS 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 8
  • Joined: 27-November 06

Posted 27 November 2006 - 02:43 PM

Logfile of HijackThis v1.99.1
Scan saved at 19:36:31, on 27/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\GEARSec.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\WINDOWS\System32\svchost.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\Digital Line Detect\DLG.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Lucy\Local Settings\Temp\hijackthis\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=6061102
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.co.uk/hws/sb/dell-usuk/e...html?channel=uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk/hws/sb/dell-usuk/e...html?channel=uk
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig/dell?hl=en&...amp;ibd=6061102
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default....;l=en&s=gen
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default....;l=en&s=gen
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.co.uk/hws/sb/dell-usuk/e...html?channel=uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=6061102
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.aol.co.uk/web?isinit=true&query=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.co.uk/ig/dell?hl=en&...amp;ibd=6061102
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Dell Network Assistant.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE




this was the log i got but i have no idea what it means!
sorry for being unspecific but is there anything bad on my pc and can anyone give me any advice please?

thankyou :thumbsup:

#2 User is offline   LucyS 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 8
  • Joined: 27-November 06

Posted 27 November 2006 - 03:23 PM

ok right after i posted that my pc got a virus from some idiot on msn
updated log:




Logfile of HijackThis v1.99.1
Scan saved at 20:19:05, on 27/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\GEARSec.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\WINDOWS\System32\svchost.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\Digital Line Detect\DLG.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\iTunes\iTunes.exe
C:\Documents and Settings\Lucy\winstall.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\msrr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgwb.dat
C:\Program Files\Common Files\{108DF094-063C-1033-0629-06111420002c}\Update.exe
c:\program files\mcafee.com\vso\mcmnhdlr.exe
c:\program files\mcafee.com\shared\mghtml.exe
C:\Documents and Settings\Lucy\Local Settings\Temp\hijackthis\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=6061102
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.co.uk/hws/sb/dell-usuk/e...html?channel=uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk/hws/sb/dell-usuk/e...html?channel=uk
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig/dell?hl=en&...amp;ibd=6061102
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default....;l=en&s=gen
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default....;l=en&s=gen
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.co.uk/hws/sb/dell-usuk/e...html?channel=uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=6061102
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.aol.co.uk/web?isinit=true&query=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.co.uk/ig/dell?hl=en&...amp;ibd=6061102
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Dell Network Assistant.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE





help would be most appreciated

#3 User is offline   Buckeye_Sam 

  • Malware Expert
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 17,382
  • Joined: 23-December 04
  • Gender:Male
  • Location:Pickerington, Ohio

Posted 27 November 2006 - 06:22 PM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

The first thing I need you to do is to uninstall two of these programs.

Norton Antivirus
Mcafee Antivirus
AVG Antivirus


You should only run one antivirus program at a time.

Once you've decided which one you are going to keep, please post a new hijackthis log and let me know what problems you are having.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#4 User is offline   LucyS 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 8
  • Joined: 27-November 06

Posted 27 November 2006 - 06:39 PM

hey,thanks for your time


well i uninstalled AGV but norton is norton ghost not antivirus,so I've left it on
plus that and mcafee came free with the computer :/
new log:


Logfile of HijackThis v1.99.1
Scan saved at 23:32:16, on 27/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\System32\GEARSec.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\{108DF094-063C-1033-0629-06111420002c}\Update.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Lucy\Local Settings\Temp\hijackthis\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=6061102
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.co.uk/hws/sb/dell-usuk/e...html?channel=uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk/hws/sb/dell-usuk/e...html?channel=uk
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig/dell?hl=en&...amp;ibd=6061102
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default....;l=en&s=gen
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default....;l=en&s=gen
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.co.uk/hws/sb/dell-usuk/e...html?channel=uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=6061102
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.aol.co.uk/web?isinit=true&query=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.co.uk/ig/dell?hl=en&...amp;ibd=6061102
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Dell Network Assistant.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

#5 User is offline   Buckeye_Sam 

  • Malware Expert
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 17,382
  • Joined: 23-December 04
  • Gender:Male
  • Location:Pickerington, Ohio

Posted 28 November 2006 - 09:28 AM

Are you sure about Norton? Because this startup is related to Norton's antivirus.

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"


Mcafee is a good one to keep.


What problems are you having with this computer?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#6 User is offline   LucyS 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 8
  • Joined: 27-November 06

Posted 28 November 2006 - 11:46 AM

yeah its definately norton ghost.
i got that virus over msn abd its a brand new laptop so i really want to keep it in good condition,so i was wondering if anything on it was bad and any advice on what things to look out for etc.what did the log show?

#7 User is offline   Buckeye_Sam 

  • Malware Expert
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 17,382
  • Joined: 23-December 04
  • Gender:Male
  • Location:Pickerington, Ohio

Posted 28 November 2006 - 05:26 PM

I do see malware in your log, so we'll need to get some more info from some other logs and then we'll get started cleaning it up.
  • Run Hijackthis.
  • Click on "Open the Misc Tools section".
  • Next click on "Open uninstall manager".
  • Press the button 'save list'. It will open a Notepad file.
  • Place the content of that file here in your in your next reply.
============



Please download ComboFix and save it to your desktop.
Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#8 User is offline   LucyS 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 8
  • Joined: 27-November 06

Posted 28 November 2006 - 06:45 PM

hijackthis log


Ad-Aware SE Personal
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 9 ActiveX
Adobe Help Center 1.0
Adobe Illustrator CS2 Tryout
Adobe Photoshop CS2
Adobe Reader 7.0.8
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
AOL Coach Version 1.0(Build:20040229.1 uk)
AOL Connectivity Services
AOL Spyware Protection
AOL Toolbar
AOL UK (Choose which version to remove)
Apple Software Update
ARTEuro
Broadcom Management Programs
CinepPlayer 30 Update
Conexant HDA D110 MDC V.92 Modem
Dell CinePlayer
Dell Driver Reset Tool
Dell Media Experience
Dell Network Assistant
Dell Support 3.2
Dell Wireless WLAN Card
Digital Line Detect
High Definition Audio Driver Package - KB835221
HijackThis 1.99.1
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Intel® Graphics Media Accelerator Driver for Mobile
iPod for Windows User Guide
iPod System Software Updater 2.1
iTunes
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Learn2 Player (Uninstall Only)
LimeWire 4.12.6
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
McAfee Uninstaller
MCU
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Works
Modem Helper
Mozilla Firefox (1.5.0.8)
MSXML 4.0 SP2 (KB927978)
NetWaiting
Norton Ghost 10.0
QuickSet
QuickTime
RealPlayer
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
SearchAssist
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Sonic Activation Module
Sonic Update Manager
Spybot - Search & Destroy 1.4
Synaptics Pointing Device Driver
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
URL Assistant
Viewpoint Media Player
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Format Runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 10
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859



combofix log

Lucy - 06-11-28 23:39:56.65 Service Pack 2
ComboFix 06.11.27W - Running from: "C:\Documents and Settings\Lucy\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Common Files\{108DF094-063C-1033-0629-06111420002c}
C:\Program Files\Common Files\{308DF094-063C-1033-0629-06111420002c}


((((((((((((((((((((((((((((((( Files Created from 2006-10-28 to 2006-11-28 ))))))))))))))))))))))))))))))))))


2006-11-28 15:44 <DIR> d--h----- C:\Program Files\Uninstall Information
2006-11-27 23:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2006-11-27 23:24 <DIR> d-------- C:\WINDOWS\WBEM
2006-11-27 23:24 <DIR> d-------- C:\WINDOWS\system32\en-US
2006-11-27 23:22 <DIR> d--h-c--- C:\WINDOWS\ie7
2006-11-27 23:21 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2006-11-27 23:20 <DIR> d-------- C:\WINDOWS\network diagnostic
2006-11-27 20:57 77,824 --a------ C:\WINDOWS\system32\cset.exe
2006-11-27 20:57 138,565 --a------ C:\WINDOWS\system32\mcnew.exe
2006-11-27 20:53 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2006-11-27 20:00 77,824 --a------ C:\Documents and Settings\Lucy\cset.exe
2006-11-27 20:00 138,565 --a------ C:\Documents and Settings\Lucy\mcnew.exe
2006-11-26 18:24 16,384 --a------ C:\WINDOWS\system32\FileOps.exe
2006-11-26 18:24 <DIR> d-------- C:\WINDOWS\system32\Adobe
2006-11-26 16:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2006-11-24 20:26 <DIR> d-------- C:\Program Files\Common Files\xing shared
2006-11-24 20:21 <DIR> d-------- C:\Documents and Settings\Lucy\Application Data\Real
2006-11-22 19:02 <DIR> d---s---- C:\Documents and Settings\Lucy\UserData
2006-11-20 23:46 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2006-11-19 12:19 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2006-11-19 12:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2006-11-17 12:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2006-11-17 12:02 <DIR> d-------- C:\af3d93cff495a0e1393c271bba3c0bf5
2006-11-17 01:47 <DIR> d-------- C:\Documents and Settings\Lucy\Application Data\Lavasoft
2006-11-16 23:25 <DIR> d-------- C:\Documents and Settings\Lucy\Shared
2006-11-16 23:25 <DIR> d-------- C:\Documents and Settings\Lucy\Incomplete
2006-11-16 23:21 <DIR> d-------- C:\Program Files\LimeWire
2006-11-16 23:20 <DIR> d-------- C:\Documents and Settings\Lucy\.limewire
2006-11-16 22:48 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2006-11-16 22:40 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2006-11-16 18:57 <DIR> d-------- C:\WINDOWS\Sun
2006-11-16 18:57 <DIR> d-------- C:\Documents and Settings\Lucy\Application Data\Sun
2006-11-16 18:45 <DIR> d-------- C:\Program Files\Lavasoft
2006-11-16 18:44 <DIR> d-------- C:\Program Files\Grisoft
2006-11-16 18:43 <DIR> d-------- C:\Program Files\Zone Labs
2006-11-16 18:42 <DIR> d-------- C:\WINDOWS\Internet Logs
2006-11-16 18:31 <DIR> d-------- C:\Program Files\Mozilla Firefox
2006-11-16 18:31 <DIR> d-------- C:\Documents and Settings\Lucy\Application Data\Mozilla
2006-11-16 18:28 <DIR> d-------- C:\Program Files\QuickTime
2006-11-16 18:28 <DIR> d-------- C:\Program Files\Apple Software Update
2006-11-16 18:26 <DIR> d-------- C:\Program Files\iMesh Applications
2006-11-16 17:00 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2006-11-16 16:27 <DIR> d-------- C:\Documents and Settings\Lucy\Contacts
2006-11-16 16:26 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2006-11-16 16:26 <DIR> d-------- C:\Program Files\MSN Messenger
2006-11-16 16:19 <DIR> d-------- C:\Program Files\AOL Companion
2006-11-16 16:18 <DIR> d-------- C:\Program Files\AOL Toolbar
2006-11-16 16:17 153,088 --a------ C:\WINDOWS\system32\jgdwmie.dll
2006-11-16 16:16 <DIR> d-------- C:\Program Files\Common Files\aolshare
2006-11-16 16:16 <DIR> d-------- C:\Program Files\AOL 9.0
2006-11-16 16:14 <DIR> d-------- C:\Setup
2006-11-16 15:40 <DIR> d-------- C:\temp
2006-11-12 12:06 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2006-11-12 12:06 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2006-11-12 12:06 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2006-11-09 18:20 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2006-11-09 18:12 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2006-11-08 17:02 <DIR> d-------- C:\Documents and Settings\Lucy\Application Data\Creative
2006-11-07 21:03 6,049,280 --------- C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50,688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458,752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 180,736 --------- C:\WINDOWS\system32\ieui.dll
2006-11-07 17:15 41,984 --------- C:\WINDOWS\Ctregrun.exe
2006-11-07 17:09 149,504 --a------ C:\WINDOWS\UNWISE.EXE
2006-11-07 17:08 <DIR> d-------- C:\WINDOWS\RegisteredPackages
2006-11-07 17:07 <DIR> d-------- C:\Program Files\Creative
2006-11-07 16:51 <DIR> d-------- C:\Documents and Settings\Lucy\Application Data\Apple Computer
2006-11-07 16:50 <DIR> d-------- C:\Documents and Settings\Lucy\Application Data\Macromedia
2006-11-07 16:45 <DIR> d-------- C:\Program Files\iTunes
2006-11-07 16:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2006-11-07 16:43 <DIR> d-------- C:\Program Files\iPod
2006-11-07 16:42 26,496 --a------ C:\WINDOWS\system32\drivers\USBSTOR.SYS
2006-11-07 03:26 13,312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-11-06 20:20 <DIR> d-------- C:\Documents and Settings\Lucy\Application Data\Template
2006-11-06 20:05 <DIR> d-------- C:\Documents and Settings\Lucy\Application Data\AdobeUM
2006-11-06 20:04 <DIR> d-------- C:\Documents and Settings\Lucy\Application Data\Adobe
2006-11-06 19:55 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
2006-11-06 19:55 118,784 --a------ C:\WINDOWS\system32\Msstdfmt.dll
2006-11-06 19:55 102,400 --a------ C:\WINDOWS\system32\SimpleRegistry.dll
2006-11-06 19:55 10,752 --a------ C:\WINDOWS\system32\aamd532.dll
2006-11-06 19:55 <DIR> d-------- C:\Program Files\Common Files\aolback
2006-11-06 19:55 <DIR> d-------- C:\AOLExtras
2006-11-06 19:49 <DIR> d-------- C:\Documents and Settings\Lucy\Application Data\Leadertech
2006-11-06 19:45 5,642 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2006-11-06 19:45 168 -r-hs---- C:\WINDOWS\system32\CCCBC62B3B.sys
2006-11-06 19:45 <DIR> d-------- C:\Documents and Settings\Lucy\Application Data\Corel
2006-11-06 19:39 <DIR> d-------- C:\Documents and Settings\Lucy\Application Data\McAfee.com Personal Firewall
2006-11-06 19:38 <DIR> dr-h----- C:\Documents and Settings\Lucy\SendTo
2006-11-06 19:38 <DIR> dr-h----- C:\Documents and Settings\Lucy\Recent
2006-11-06 19:38 <DIR> dr-h----- C:\Documents and Settings\Lucy\Application Data\.
2006-11-06 19:38 <DIR> dr-h----- C:\Documents and Settings\Lucy\Application Data
2006-11-06 19:38 <DIR> dr------- C:\Documents and Settings\Lucy\Start Menu
2006-11-06 19:38 <DIR> dr------- C:\Documents and Settings\Lucy\My Documents
2006-11-06 19:38 <DIR> dr------- C:\Documents and Settings\Lucy\Favorites
2006-11-06 19:38 <DIR> d--hs---- C:\Documents and Settings\Lucy\Cookies
2006-11-06 19:38 <DIR> d--h----- C:\Documents and Settings\Lucy\Templates
2006-11-06 19:38 <DIR> d--h----- C:\Documents and Settings\Lucy\PrintHood
2006-11-06 19:38 <DIR> d--h----- C:\Documents and Settings\Lucy\NetHood
2006-11-06 19:38 <DIR> d--h----- C:\Documents and Settings\Lucy\Local Settings
2006-11-06 19:38 <DIR> d--h----- C:\Documents and Settings\Lucy\Application Data\Gtek
2006-11-06 19:38 <DIR> d---s---- C:\Documents and Settings\Lucy\Application Data\Microsoft
2006-11-06 19:38 <DIR> d-------- C:\Documents and Settings\Lucy\Desktop
2006-11-06 19:38 <DIR> d-------- C:\Documents and Settings\Lucy\Application Data\You've Got Pictures Screensaver
2006-11-06 19:38 <DIR> d-------- C:\Documents and Settings\Lucy\Application Data\Symantec
2006-11-06 19:38 <DIR> d-------- C:\Documents and Settings\Lucy\Application Data\Identities
2006-11-06 19:38 <DIR> d-------- C:\Documents and Settings\Lucy\Application Data\AOL
2006-11-06 19:38 <DIR> d-------- C:\Documents and Settings\Lucy\Application Data\..
2006-11-06 19:38 <DIR> d-------- C:\Documents and Settings\Lucy\..
2006-11-06 19:38 <DIR> d-------- C:\Documents and Settings\Lucy\.
2006-11-04 14:14 1,245,696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-11-02 08:53 <DIR> d--hs---- C:\RECYCLER
2006-11-02 08:48 <DIR> d-------- C:\Program Files\Dell Support
2006-11-02 08:48 <DIR> d-------- C:\Program Files\Common Files\Adobe
2006-11-02 08:48 <DIR> d-------- C:\Program Files\Adobe
2006-11-02 08:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GTek
2006-11-02 08:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2006-11-02 08:47 <DIR> d-------- C:\Program Files\Microsoft Works
2006-11-02 08:47 <DIR> d-------- C:\Program Files\Microsoft Office
2006-11-02 08:47 <DIR> d-------- C:\Program Files\Dell Network Assistant
2006-11-02 08:45 <DIR> d-------- C:\Program Files\Sonic
2006-11-02 08:45 <DIR> d-------- C:\Program Files\Google
2006-11-02 08:45 <DIR> d-------- C:\Program Files\BAE
2006-11-02 08:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2006-11-02 08:43 94,263 --a------ C:\WINDOWS\DLA.EXE
2006-11-02 08:43 89,264 --a------ C:\WINDOWS\system32\drivers\DRVMCDB.SYS
2006-11-02 08:43 61,500 --a------ C:\WINDOWS\system32\DLAAPI_W.DLL
2006-11-02 08:43 5,628 --a------ C:\WINDOWS\system32\drivers\DLACDBHM.SYS
2006-11-02 08:43 40,544 --a------ C:\WINDOWS\system32\drivers\DRVNDDM.SYS
2006-11-02 08:43 22,684 --a------ C:\WINDOWS\system32\drivers\DLARTL_N.SYS
2006-11-02 08:43 <DIR> d-------- C:\WINDOWS\system32\DLA
2006-11-02 08:43 <DIR> d-------- C:\Program Files\Roxio
2006-11-02 08:43 <DIR> d-------- C:\Program Files\McAfee
2006-11-02 08:43 <DIR> d-------- C:\Program Files\Common Files\TiVo Shared
2006-11-02 08:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2006-11-02 08:42 9,216 --a------ C:\WINDOWS\system32\MpfApi.dll
2006-11-02 08:42 80,640 --a------ C:\WINDOWS\system32\drivers\MpFirewall.sys
2006-11-02 08:42 114,464 --a------ C:\WINDOWS\system32\drivers\naiavf5x.sys
2006-11-02 08:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
2006-11-02 08:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com
2006-11-02 08:40 349,760 --a------ C:\WINDOWS\system32\mcinsctl.dll
2006-11-02 08:40 288,320 --a------ C:\WINDOWS\system32\mcgdmgr.dll
2006-11-02 08:40 <DIR> d-------- C:\Program Files\McAfee.com
2006-11-02 08:39 712,704 --a------ C:\WINDOWS\system32\DellSystemRestore.dll
2006-11-02 08:39 4,608 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
2006-11-02 08:39 <DIR> d-------- C:\Program Files\Norton Ghost
2006-11-02 08:38 <DIR> d-------- C:\Program Files\Symantec
2006-11-02 08:38 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2006-11-02 08:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2006-11-02 08:37 8,552 --a------ C:\WINDOWS\system32\drivers\asctrm.sys
2006-11-02 08:37 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2006-11-02 08:37 <DIR> d-------- C:\WINDOWS\occache
2006-11-02 08:37 <DIR> d-------- C:\Program Files\Viewpoint
2006-11-02 08:37 <DIR> d-------- C:\Program Files\Real
2006-11-02 08:37 <DIR> d-------- C:\Program Files\Learn2.com
2006-11-02 08:37 <DIR> d-------- C:\Program Files\Common Files\Real
2006-11-02 08:37 <DIR> d-------- C:\Program Files\Common Files\Nullsoft
2006-11-02 08:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2006-11-02 08:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2006-11-02 08:36 54,784 --a------ C:\WINDOWS\system32\Inetwh32.dll
2006-11-02 08:36 1,044,480 --a------ C:\WINDOWS\system32\roboex32.dll
2006-11-02 08:36 <DIR> d-------- C:\Program Files\Common Files\AOL
2006-11-02 08:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL
2006-11-02 08:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Corel
2006-11-02 08:33 94,299 --a------ C:\WINDOWS\system32\SynTPAPI.dll
2006-11-02 08:33 82,014 --a------ C:\WINDOWS\system32\SynCOM.dll
2006-11-02 08:33 81,920 --a------ C:\WINDOWS\system32\SynTPCo2.dll
2006-11-02 08:33 69,723 --a------ C:\WINDOWS\system32\SynTPFcs.dll
2006-11-02 08:33 667,648 --a------ C:\WINDOWS\system32\BCMLogon.dll
2006-11-02 08:33 61,440 --a------ C:\WINDOWS\system32\KPower.dll
2006-11-02 08:33 307,200 --a------ C:\WINDOWS\system32\BMAPI.dll
2006-11-02 08:33 191,872 --a------ C:\WINDOWS\system32\drivers\SynTP.sys
2006-11-02 08:33 16,128 --a------ C:\WINDOWS\system32\drivers\APPDRV.SYS
2006-11-02 08:33 114,688 --a------ C:\WINDOWS\system32\SynCtrl.dll
2006-11-02 08:33 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2006-11-02 08:33 <DIR> d-------- C:\Program Files\Synaptics
2006-11-02 08:33 <DIR> d-------- C:\Program Files\Digital Line Detect
2006-11-02 08:33 <DIR> d-------- C:\Program Files\Broadcom
2006-11-02 08:32 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2006-11-02 08:32 <DIR> d-------- C:\Program Files\NetWaiting
2006-11-02 08:32 <DIR> d-------- C:\Program Files\Modem Helper
2006-11-02 08:32 <DIR> d-------- C:\Program Files\InterActual
2006-11-02 08:32 <DIR> d-------- C:\Program Files\Dell
2006-11-02 08:32 <DIR> d-------- C:\Program Files\Common Files\Sonic Shared
2006-11-02 08:32 <DIR> d-------- C:\Program Files\Common Files\Roxio Shared
2006-11-02 08:32 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2006-11-02 08:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sonic
2006-11-02 08:31 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2006-11-02 08:31 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2006-11-02 08:31 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2006-11-02 08:30 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2006-11-02 08:30 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2006-11-02 08:30 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2006-11-02 08:30 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2006-11-02 08:30 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2006-11-02 08:30 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2006-11-02 08:30 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2006-11-02 08:30 282,624 --a------ C:\WINDOWS\stsystra.exe
2006-11-02 08:30 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2006-11-02 08:30 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2006-11-02 08:30 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2006-11-02 08:30 1,052,672 --a------ C:\WINDOWS\system32\stlang.dll
2006-11-02 08:30 <DIR> d-------- C:\Program Files\Sigmatel
2006-11-02 08:30 <DIR> d-------- C:\Program Files\CONEXANT
2006-11-02 08:29 28,672 --------- C:\WINDOWS\system32\verclsid.exe
2006-11-02 08:29 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2006-11-02 08:29 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-11-02 08:26 <DIR> d-------- C:\Program Files\Java
2006-11-02 08:26 <DIR> d-------- C:\Program Files\Common Files\Java
2006-11-02 08:25 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2006-11-02 08:20 135,168 --a------ C:\WINDOWS\system32\igfxres.dll
2006-11-02 08:16 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
2006-11-02 08:14 9,344 --a------ C:\WINDOWS\system32\drivers\compbatt.sys
2006-11-02 08:14 14,080 --a------ C:\WINDOWS\system32\drivers\CmBatt.sys
2006-11-02 08:14 14,080 --a------ C:\WINDOWS\system32\drivers\battc.sys
2006-11-02 08:13 <DIR> d--hs---- C:\WINDOWS\..
2006-11-02 08:13 <DIR> d-------- C:\WINDOWS\.
2006-11-02 08:13 <DIR> d-------- C:\WINDOWS
2006-11-02 08:13 <DIR> d-------- C:\dell
2006-11-02 08:10 89,088 --a------ C:\WINDOWS\system32\ATL71.DLL
2006-11-02 08:10 86,016 --a------ C:\WINDOWS\system32\preflib.dll
2006-11-02 08:10 757,760 --a------ C:\WINDOWS\system32\bcm1xsup.dll
2006-11-02 08:10 69,632 --a------ C:\WINDOWS\system32\bcmwlpkt.dll
2006-11-02 08:10 49,152 --a------ C:\WINDOWS\setpwrcg.exe
2006-11-02 08:10 44,544 --a------ C:\WINDOWS\system32\drivers\bcm4sbxp.sys
2006-11-02 08:10 44,032 --a------ C:\WINDOWS\system32\wltrynt.dll
2006-11-02 08:10 424,320 --a------ C:\WINDOWS\system32\drivers\BCMWL5.SYS
2006-11-02 08:10 33,664 --a------ C:\WINDOWS\system32\drivers\BCMWLNPF.SYS
2006-11-02 08:10 253,952 --a------ C:\WINDOWS\system32\bcmwlu00.exe
2006-11-02 08:10 208,896 --a------ C:\WINDOWS\system32\stacapi.dll
2006-11-02 08:10 2,129,920 --a------ C:\WINDOWS\system32\WLBCGCBPRO731.DLL
2006-11-02 08:10 18,944 --a------ C:\WINDOWS\system32\WLTRYSVC.EXE
2006-11-02 08:10 112,128 --a------ C:\WINDOWS\system32\staco.dll
2006-11-02 08:10 1,347,584 --a------ C:\WINDOWS\system32\WLTRAY.EXE
2006-11-02 08:10 1,200,128 --a------ C:\WINDOWS\system32\BCMWLTRY.EXE
2006-11-02 08:10 1,156,648 --a------ C:\WINDOWS\system32\drivers\sthda.sys
2006-11-02 08:10 <DIR> d-------- C:\drivers
2006-11-02 08:09 94,208 --a------ C:\WINDOWS\system32\igfxtray.exe
2006-11-02 08:09 94,208 --a------ C:\WINDOWS\system32\igfxext.exe
2006-11-02 08:09 901,242 --a------ C:\WINDOWS\system32\ialmdd5.dll
2006-11-02 08:09 86,016 --a------ C:\WINDOWS\system32\mdmxsdk.dll
2006-11-02 08:09 86,016 --a------ C:\WINDOWS\system32\igfxdo.dll
2006-11-02 08:09 77,824 --a------ C:\WINDOWS\system32\hkcmd.exe
2006-11-02 08:09 73,728 --a------ C:\WINDOWS\system32\hccutils.dll
2006-11-02 08:09 717,952 --a------ C:\WINDOWS\system32\drivers\HSF_CNXT.sys
2006-11-02 08:09 61,440 --a------ C:\WINDOWS\system32\iAlmCoIn_v4410.dll
2006-11-02 08:09 57,344 --a------ C:\WINDOWS\system32\igfxsrvc.dll
2006-11-02 08:09 53,248 --a------ C:\WINDOWS\system32\oemdspif.dll
2006-11-02 08:09 524,288 --a------ C:\WINDOWS\system32\igldev32.dll
2006-11-02 08:09 49,152 --a------ C:\WINDOWS\system32\ialmrem.dll
2006-11-02 08:09 446,464 --a------ C:\WINDOWS\system32\igfxcfg.exe
2006-11-02 08:09 40,960 --a------ C:\WINDOWS\system32\igfxexps.dll
2006-11-02 08:09 40,960 --a------ C:\WINDOWS\system32\ialmuTRK.dll
2006-11-02 08:09 40,960 --a------ C:\WINDOWS\system32\ialmuTHA.dll
2006-11-02 08:09 40,960 --a------ C:\WINDOWS\system32\ialmuSVE.dll
2006-11-02 08:09 40,960 --a------ C:\WINDOWS\system32\ialmuRUS.dll
2006-11-02 08:09 40,960 --a------ C:\WINDOWS\system32\ialmuPTG.dll
2006-11-02 08:09 40,960 --a------ C:\WINDOWS\system32\ialmuPTB.dll
2006-11-02 08:09 40,960 --a------ C:\WINDOWS\system32\ialmuPLK.dll
2006-11-02 08:09 40,960 --a------ C:\WINDOWS\system32\ialmuNOR.dll
2006-11-02 08:09 40,960 --a------ C:\WINDOWS\system32\ialmuNLD.dll
2006-11-02 08:09 40,960 --a------ C:\WINDOWS\system32\ialmuKOR.dll
2006-11-02 08:09 40,960 --a------ C:\WINDOWS\system32\ialmuJPN.dll
2006-11-02 08:09 40,960 --a------ C:\WINDOWS\system32\ialmuITA.dll
2006-11-02 08:09 40,960 --a------ C:\WINDOWS\system32\ialmuHUN.dll
2006-11-02 08:09 40,960 --a------ C:\WINDOWS\system32\ialmuHEB.dll
2006-11-02 08:09 40,960 --a------ C:\WINDOWS\system32\ialmuFRC.dll
2006-11-02 08:09 40,960 --a------ C:\WINDOWS\system32\ialmuFRA.dll
2006-11-02 08:09 40,960 --a------ C:\WINDOWS\system32\ialmuFIN.dll
2006-11-02 08:09 40,960 --a------ C:\WINDOWS\system32\ialmuESP.dll
2006-11-02 08:09 40,960 --a------ C:\WINDOWS\system32\ialmuENG.dll
2006-11-02 08:09 40,960 --a------ C:\WINDOWS\system32\ialmuELL.dll
2006-11-02 08:09 40,960 --a------ C:\WINDOWS\system32\ialmuDEU.dll
2006-11-02 08:09 40,960 --a------ C:\WINDOWS\system32\ialmuDAN.dll
2006-11-02 08:09 40,960 --a------ C:\WINDOWS\system32\ialmuCSY.dll
2006-11-02 08:09 40,960 --a------ C:\WINDOWS\system32\ialmuCHT.dll
2006-11-02 08:09 40,960 --a------ C:\WINDOWS\system32\ialmuCHS.dll
2006-11-02 08:09 40,960 --a------ C:\WINDOWS\system32\ialmuARB.dll
2006-11-02 08:09 40,960 --a------ C:\WINDOWS\system32\ialmuARA.dll
2006-11-02 08:09 36,990 --a------ C:\WINDOWS\system32\ialmrnt5.dll
2006-11-02 08:09 213,274 --a------ C:\WINDOWS\system32\ialmdev5.dll
2006-11-02 08:09 201,600 --a------ C:\WINDOWS\system32\drivers\HSFHWAZL.sys
2006-11-02 08:09 2,310,144 --a------ C:\WINDOWS\system32\iglicd32.dll
2006-11-02 08:09 159,744 --a------ C:\WINDOWS\system32\igfxsrvc.exe
2006-11-02 08:09 147,456 --a------ C:\WINDOWS\system32\igfxpph.dll
2006-11-02 08:09 135,168 --a------ C:\WINDOWS\system32\igfxdev.dll
2006-11-02 08:09 13,059 --a------ C:\WINDOWS\system32\drivers\mdmxsdk.sys
2006-11-02 08:09 118,395 --a------ C:\WINDOWS\system32\ialmdnt5.dll
2006-11-02 08:09 114,688 --a------ C:\WINDOWS\system32\igfxzoom.exe
2006-11-02 08:09 114,688 --a------ C:\WINDOWS\system32\igfxpers.exe
2006-11-02 08:09 114,688 --a------ C:\WINDOWS\system32\ialmudlg.exe
2006-11-02 08:09 110,592 --a------ C:\WINDOWS\system32\uci100.dll
2006-11-02 08:09 1,503,232 --a------ C:\WINDOWS\system32\igfxress.dll
2006-11-02 08:09 1,302,812 --a------ C:\WINDOWS\system32\drivers\ialmnt5.sys
2006-11-02 08:09 1,035,008 --a------ C:\WINDOWS\system32\drivers\HSF_DPV.sys
2006-11-02 08:09 <DIR> d-------- C:\WINDOWS\system32\drivers\..
2006-11-02 08:09 <DIR> d-------- C:\WINDOWS\system32\drivers\.
2006-11-02 08:09 <DIR> d-------- C:\WINDOWS\system32\drivers
2006-11-02 08:09 <DIR> d-------- C:\i386
2006-11-02 08:08 884,736 --a------ C:\WINDOWS\system32\msimsg.dll
2006-11-02 08:08 78,848 --a------ C:\WINDOWS\system32\msiexec.exe
2006-11-02 08:08 453,120 --a------ C:\WINDOWS\system32\drivers\mrxsmb.sys
2006-11-02 08:08 271,360 --a------ C:\WINDOWS\system32\msihnd.dll
2006-11-02 08:08 2,890,240 --a------ C:\WINDOWS\system32\msi.dll
2006-11-02 08:08 15,360 --a------ C:\WINDOWS\system32\msisip.dll
2006-11-02 08:08 <DIR> d-------- C:\WINDOWS\system32\oobe
2006-11-02 08:08 <DIR> d-------- C:\WINDOWS\system32\dllcache
2006-11-02 08:08 <DIR> d-------- C:\WINDOWS\system32\..
2006-11-02 08:08 <DIR> d-------- C:\WINDOWS\system32\.
2006-11-02 08:08 <DIR> d-------- C:\WINDOWS\system32


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-28 23:40 -------- d-------- C:\Program Files\Common Files
2006-11-27 23:29 -------- d-------- C:\Program Files\Internet Explorer
2006-11-27 20:56 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-11-27 18:47 -------- d-------- C:\Program Files\Windows Media Player
2006-11-02 08:29 -------- d-------- C:\Program Files\Outlook Express
2006-11-02 08:29 -------- d-------- C:\Program Files\Common Files\System
2006-11-02 08:27 -------- d-------- C:\Program Files\Messenger


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"SigmatelSysTrayApp"="stsystra.exe"
"DMXLauncher"="C:\\Program Files\\Dell\\Media Experience\\DMXLauncher.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"Broadcom Wireless Manager UI"="C:\\WINDOWS\\system32\\WLTRAY.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"Norton Ghost 10.0"="\"C:\\Program Files\\Norton Ghost\\Agent\\GhostTray.exe\""
"VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"
"MSKDetectorExe"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MSKDetct.exe /startup"
"DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE"
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"MSKAGENTEXE"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MskAgent.exe"
"VirusScan Online"="C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe"
"MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"AOLDialer"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"AOL Spyware Protection"="\"C:\\PROGRA~1\\COMMON~1\\AOL\\AOLSPY~1\\AOLSP Scheduler.exe\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,02,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (D52YRK2J-Lucy).job

Completion time: 06-11-28 23:41:08.73
C:\ComboFix.txt ... 06-11-28 23:41

#9 User is offline   Buckeye_Sam 

  • Malware Expert
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 17,382
  • Joined: 23-December 04
  • Gender:Male
  • Location:Pickerington, Ohio

Posted 28 November 2006 - 10:29 PM

Click Start -> Control Panel -> Add Remove Programs and uninstall these programs:

J2SE Runtime Environment 5.0 Update 6
SearchAssist
Viewpoint Media Player



Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report along with a new hijackthis log.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#10 User is offline   LucyS 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 8
  • Joined: 27-November 06

Posted 29 November 2006 - 11:40 AM

ok,hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 16:34:25, on 29/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\System32\GEARSec.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\DOCUME~1\Lucy\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=6061102
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig/dell?hl=en&...amp;ibd=6061102
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default....;l=en&s=gen
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default....;l=en&s=gen
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=6061102
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.aol.co.uk/web?isinit=true&query=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.co.uk/ig/dell?hl=en&...amp;ibd=6061102
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Dell Network Assistant.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE




Panda log

Incident Status Location

Possible Virus. Not disinfected C:\dell\Utilities\DSR\demo\DEMO.EXE
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Lucy\Application Data\Mozilla\Firefox\Profiles\273o9dzy.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Lucy\Application Data\Mozilla\Firefox\Profiles\273o9dzy.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Lucy\Application Data\Mozilla\Firefox\Profiles\273o9dzy.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Lucy\Application Data\Mozilla\Firefox\Profiles\273o9dzy.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Lucy\Application Data\Mozilla\Firefox\Profiles\273o9dzy.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Lucy\Application Data\Mozilla\Firefox\Profiles\273o9dzy.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Lucy\Application Data\Mozilla\Firefox\Profiles\273o9dzy.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Lucy\Application Data\Mozilla\Firefox\Profiles\273o9dzy.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Lucy\Application Data\Mozilla\Firefox\Profiles\273o9dzy.default\cookies.txt[.adtech.de/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Lucy\Application Data\Mozilla\Firefox\Profiles\273o9dzy.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Lucy\Application Data\Mozilla\Firefox\Profiles\273o9dzy.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Lucy\Application Data\Mozilla\Firefox\Profiles\273o9dzy.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Lucy\Application Data\Mozilla\Firefox\Profiles\273o9dzy.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Lucy\Application Data\Mozilla\Firefox\Profiles\273o9dzy.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Lucy\Application Data\Mozilla\Firefox\Profiles\273o9dzy.default\cookies.txt[.as-eu.falkag.net/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Lucy\Application Data\Mozilla\Firefox\Profiles\273o9dzy.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Lucy\Application Data\Mozilla\Firefox\Profiles\273o9dzy.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Lucy\Application Data\Mozilla\Firefox\Profiles\273o9dzy.default\cookies.txt[.qksrv.net/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Lucy\Application Data\Mozilla\Firefox\Profiles\273o9dzy.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Lucy\Application Data\Mozilla\Firefox\Profiles\273o9dzy.default\cookies.txt[.overture.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Lucy\Application Data\Mozilla\Firefox\Profiles\273o9dzy.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Lucy\Application Data\Mozilla\Firefox\Profiles\273o9dzy.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Adviva Not disinfected C:\Documents and Settings\Lucy\Application Data\Mozilla\Firefox\Profiles\273o9dzy.default\cookies.txt[.adviva.net/]
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Lucy\Application Data\Mozilla\Firefox\Profiles\273o9dzy.default\cookies.txt[.bfast.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Lucy\Application Data\Mozilla\Firefox\Profiles\273o9dzy.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Lucy\Application Data\Mozilla\Firefox\Profiles\273o9dzy.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Lucy\Application Data\Mozilla\Firefox\Profiles\273o9dzy.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Lucy\Cookies\lucy@adrevolver[2].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Lucy\Cookies\lucy@adtech[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Lucy\Cookies\lucy@atdmt[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Lucy\Cookies\lucy@com[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Lucy\Cookies\lucy@doubleclick[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Lucy\Cookies\lucy@media.adrevolver[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Lucy\Cookies\lucy@mediaplex[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Lucy\Cookies\lucy@questionmarket[2].txt
Adware:Adware/Mytoolbar Not disinfected C:\Documents and Settings\Lucy\Local Settings\Temporary Internet Files\Content.IE5\QDON6DU1\mccbnew[1].exe
Adware:Adware/Mytoolbar Not disinfected C:\Documents and Settings\Lucy\mcnew.exe
Potentially unwanted tool:Application/RealSpy Not disinfected C:\WINDOWS\system32\actskn45.ocx
Adware:Adware/Mytoolbar Not disinfected C:\WINDOWS\system32\mcnew.exe

#11 User is offline   Buckeye_Sam 

  • Malware Expert
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 17,382
  • Joined: 23-December 04
  • Gender:Male
  • Location:Pickerington, Ohio

Posted 29 November 2006 - 08:51 PM

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.

  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):



    C:\Documents and Settings\Lucy\Local Settings\Temporary Internet Files\Content.IE5\QDON6DU1\mccbnew[1].exe
    C:\Documents and Settings\Lucy\mcnew.exe
    C:\WINDOWS\system32\actskn45.ocx
    C:\WINDOWS\system32\mcnew.exe
    C:\WINDOWS\system32\cset.exe
    C:\Documents and Settings\Lucy\cset.exe




  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.

  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

    If your computer does not restart automatically, please restart it manually.


  • After rebooting, open up Killbox again. Click File -> Logs -> Actions History Log
  • Post this log in your next reply.
How is your computer working now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#12 User is offline   LucyS 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 8
  • Joined: 27-November 06

Posted 30 November 2006 - 11:11 AM

log:

Pocket Killbox version 2.0.0.881
Running on Windows XP as Lucy(Administrator)
was started @ Thursday, November 30, 2006, 3:59 PM

# 1 [Delete on Reboot]
Path = C:\Documents and Settings\Lucy\Local Settings\Temporary Internet Files\Content.IE5\QDON6DU1\mccbnew[1].exe


# 2 [Delete on Reboot]
Path = C:\Documents and Settings\Lucy\mcnew.exe


# 3 [Delete on Reboot]
Path = C:\WINDOWS\system32\actskn45.ocx


# 4 [Delete on Reboot]
Path = C:\WINDOWS\system32\mcnew.exe


# 5 [Delete on Reboot]
Path = C:\WINDOWS\system32\cset.exe


# 6 [Delete on Reboot]
Path = C:\Documents and Settings\Lucy\cset.exe


I Rebooted @ 4:00:23 PM
Killbox Closed(Exit) @ 4:00:34 PM
__________________________________________________

Pocket Killbox version 2.0.0.881
Running on Windows XP as Lucy(Administrator)
was started @ Thursday, November 30, 2006, 4:06 PM




when i ran that panda programme,it said some files were infected,was i supposed to disinfect them because i just left them?
is it worth redoing it and "disinfecting" them?

#13 User is offline   Buckeye_Sam 

  • Malware Expert
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 17,382
  • Joined: 23-December 04
  • Gender:Male
  • Location:Pickerington, Ohio

Posted 30 November 2006 - 05:24 PM

Most of what Panda found was just cookies, which are harmless but simple enough to get rid of anytime.


Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Click the "Delete Cookies" button
  • Next to it, Click the "Delete Files" button
  • When prompted, place a check in: "Delete all offline content", click OK
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu on the left side of the Options window.
  • Click the Clear button located to the right of each option (History, Cookies, Cache).
  • Click OK to close the Options window
    Alternatively, you can clear all information stored while browsing by clicking Clear All.
    A confirmation dialog box will be shown before clearing the information.
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
The other files that Panda found are those that we just deleted using Killbox. So if you run Panda again after cleaning your cookies, it should come back nearly clean.

Please post a new hijackthis log.
How is your computer running now? Any problems?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#14 User is offline   LucyS 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 8
  • Joined: 27-November 06

Posted 30 November 2006 - 06:17 PM

Logfile of HijackThis v1.99.1
Scan saved at 23:12:01, on 30/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\System32\GEARSec.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\WINDOWS\System32\svchost.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\vssvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\Lucy\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=6061102
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig/dell?hl=en&...amp;ibd=6061102
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default....;l=en&s=gen
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default....;l=en&s=gen
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=6061102
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.aol.co.uk/web?isinit=true&query=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.co.uk/ig/dell?hl=en&...amp;ibd=6061102
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
O4 - HKLM\..\RunOnce: [MSKSrvr.exe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe /regserver
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Dell Network Assistant.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE




mcafee keeps reporting trojans and im still full of spyware :/

#15 User is offline   Buckeye_Sam 

  • Malware Expert
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 17,382
  • Joined: 23-December 04
  • Gender:Male
  • Location:Pickerington, Ohio

Posted 01 December 2006 - 08:33 PM

Quote

mcafee keeps reporting trojans and im still full of spyware :/
Is Mcafee popping up to notify you of an infection, or does it find trojans on a scan?

Are you getting other indications, besides Mcafee, that you are "full of spyware"?



Flush your system restore, this will delete any restore points that you have but it will also make sure that any malware hiding in system restore will be booted off.

Turn off System Restore:
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK.
Restart your computer, turn it back on and create a restore point.

Create a restore point:
  • Click Start and point to All Programs.
  • Mouse over Accessories, then System Tools, and select System Restore.
  • In the System Restore wizard, select the box next the text labeled "Create a
    restore point" and click the Next button.
  • Type a description for your new restore point. Something like "After
    cleanup". Click Create and you're done.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

Share this topic:


  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users