|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
![]() |
|
Topic Tools |
#1
|
||||
|
||||
![]()
I am having trouble shutting down or loggin off. Everytime I do I get the message: End Program:IEXPLORER.EXE. It does it about 4 to 5 times before it actually lets me shut down or Log off
![]() I posted on the internet/browser forum and I received a reply. I was told to run Ad-Aware and Hijack and to post them here. Here are the logs: HIJACK LOG: Logfile of HijackThis v1.99.1 Scan saved at 5:54:55 PM, on 9/15/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Apoint\Apntex.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\McAfee.com\VSO\mcvsshld.exe C:\PROGRA~1\mcafee.com\mps\mscifapp.exe C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe C:\Program Files\McAfee.com\VSO\oasclnt.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe C:\Program Files\Dell Support\DSAgnt.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Digital Line Detect\DLG.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\DOCUME~1\PAOLA'~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = By DSLExtreme R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\PROGRA~1\mcafee.com\mps\POPUPK~1.DLL O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll O2 - BHO: X1IEHook Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\x1IEBHO.dll (file missing) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\McRegWiz.exe O4 - HKLM\..\Run: [_AntiSpyware] C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O8 - Extra context menu item: Display All Images with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/228" O8 - Extra context menu item: Display Image with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/227" O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .aif: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1126402512109 O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.dell.com/Media/Visi.../TLIEFlash.CAB O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe Thank you, pvalencia Last edited by pvalencia; September 15th, 2005 at 01:59 AM. |
#2
|
|||
|
|||
![]()
Well, there's nothing much on your log. This may not be a malware problem.
Please download Silent Runners: http://www.silentrunners.org/Silent%20Runners.vbs Save it to the desktop. Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop. You will see a text file appear on the desktop - it's not done yet, just let it run (it won't appear to be doing anything!) Once you receive the prompt "All Done!", double-click on the new text file on the desktop and copy that entire log and paste it here. If you receive any warning message about scripts, please choose to allow the script to run. ![]() |
#3
|
||||
|
||||
![]()
"Silent Runners.vbs", revision 40.1, http://www.silentrunners.org/
Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \ {++} "DellSupport" = ""C:\Program Files\Dell Support\DSAgnt.exe" /startup" ["Gteko Ltd."] "MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \ {++} "ehTray" = "C:\WINDOWS\ehome\ehtray.exe" [MS] "SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" ["Sun Microsystems, Inc."] "Apoint" = "C:\Program Files\Apoint\Apoint.exe" ["Alps Electric Co., Ltd."] "(Default)" = (empty string) "IntelWireless" = "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless" ["Intel Corporation"] "ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."] "Dell QuickSet" = "C:\Program Files\Dell\QuickSet\quickset.exe" [empty string] "DVDLauncher" = ""C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"" ["CyberLink Corp."] "RealTray" = "C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER" ["RealNetworks, Inc."] "QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."] "ISUSPM Startup" = "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM .exe -startup" ["InstallShield Software Corporation"] "ISUSScheduler" = ""C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start" ["InstallShield Software Corporation"] "VSOCheckTask" = ""C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask" ["McAfee, Inc."] "MCAgentExe" = "c:\PROGRA~1\mcafee.com\agent\mcagent.exe" ["McAfee, Inc"] "MCUpdateExe" = "c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" ["McAfee, Inc"] "VirusScan Online" = "C:\Program Files\McAfee.com\VSO\mcvsshld.exe" ["McAfee, Inc."] "MPSExe" = "c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding" ["McAfee, Inc."] "MSKAGENTEXE" = "C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" ["McAfee Inc."] "MSKDetectorExe" = "C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup" ["McAfee, Inc."] "mmtask" = ""C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"" ["Musicmatch Inc."] "OASClnt" = "C:\Program Files\McAfee.com\VSO\oasclnt.exe" ["McAfee, Inc."] "MPFExe" = "C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" ["McAfee Security"] "dla" = "C:\WINDOWS\system32\dla\tfswctrl.exe" ["Sonic Solutions"] "McRegWiz" = "C:\PROGRA~1\McAfee.com\Agent\McRegWiz.exe /autorun" [empty string] "_AntiSpyware" = "C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe" ["Network Associates, Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {227B8AA8-DAF2-4892-BD1D-73F568BCB24E}\(Default) = "McBrwHelper Class" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll" ["McAfee, Inc."] {3EC8255F-E043-4cae-8B3B-B191550C2A22}\(Default) = "McAfee PopupKiller" -> {CLSID}\InProcServer32\(Default) = "c:\PROGRA~1\mcafee.com\mps\POPUPK~1.DLL" ["McAfee, Inc."] {41D68ED8-4CFF-4115-88A6-6EBB8AF19000}\(Default) = "McAfee Anti-Phishing Filter" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "c:\program files\mcafee\spamkiller\mcapfbho.dll" ["McAfee, Inc."] {52706EF7-D7A2-49AD-A615-E903858CF284}\(Default) = "X1IEHook Class" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\NetZero\qsacc\x1IEBHO.dll" [file not found] {5CA3D70E-1895-11CF-8E15-001234567890}\(Default) = "*Z" (unwritable string) -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\dla\tfswshx.dll" ["Sonic Solutions"] HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension" -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\audiodev.dll" [MS] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\audiodev.dll" [MS] "{7D5C4BDD-B015-4401-8731-1507B87DE297}" = "QBVersionTool" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Intuit\QuickBooks\QBVersionTool.dll" ["Intuit, Inc."] "{5CA3D70E-1895-11CF-8E15-001234567890}" = "DriveLetterAccess" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\dla\tfswshx.dll" ["Sonic Solutions"] "{F2A0229A-C4CA-4789-B606-973D24DCDD1C}" = "McAfee AntiSpyware Shell Extension" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\McAfee\McAfee AntiSpyware\MssShell.dll" ["Network Associates, Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks\ INFECTION WARNING! "{F2A0229A-C4CA-4789-B606-973D24DCDD1C}" = "McAfee AntiSpyware Shell Extension" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\McAfee\McAfee AntiSpyware\MssShell.dll" ["Network Associates, Inc."] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."] INFECTION WARNING! IntelWireless\DLLName = "C:\Program Files\Intel\Wireless\Bin\LgNotify.dll" ["Intel Corporation"] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellState HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\Paola's Access\Local Settings\Application Data\Microsoft\Wallpaper1.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\system32\wpgldfsh.scr" [MS] Startup items in "Paola's Access" & "All Users" startup folders: ---------------------------------------------------------------- C:\Documents and Settings\All Users\Start Menu\Programs\Startup "Digital Line Detect" -> shortcut to: "C:\Program Files\Digital Line Detect\DLG.exe" ["BVRP Software"] "dlbcserv" -> shortcut to: "C:\Program Files\Dell Photo Printer 720\dlbcserv.exe" [null data] "QuickBooks Update Agent" -> shortcut to: "C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe" ["Intuit, Inc."] Enabled Scheduled Tasks: ------------------------ "McAfee AntiSpyware" -> launches: "C:\PROGRA~1\McAfee\MCAFEE~2\McSpy.exe /cmd:Scan" ["Network Associates, Inc."] "McAfee.com Scan for Viruses - My Computer (PAOLA-Paola's Access)" -> launches: "c:\program files\mcafee.com\vso\mcmnhdlr.exe /runtask:0" ["McAfee, Inc."] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: C:\WINDOWS\system32\mclsp.dll ["McAfee, Inc."], 01 - 19, 39 %SystemRoot%\system32\mswsock.dll [MS], 20 - 22, 25 - 38 %SystemRoot%\system32\rsvpsp.dll [MS], 23 - 24 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{BA52B914-B692-46C4-B683-905236F6F655}" = "McAfee VirusScan" -> {CLSID}\InProcServer32\(Default) = "c:\progra~1\mcafee.com\vso\mcvsshl.dll" ["McAfee, Inc."] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ {FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\ = "Real.com" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Shdocvw.dll" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Console" "CLSIDExtension" = "{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll" ["Sun Microsystems, Inc."] {39FD89BF-D3F1-45B6-BB56-3582CCF489E1}\ "MenuText" = "McAfee Anti-Phishing Filter" "CLSIDExtension" = "{7DD73374-7187-4103-8F29-622AA25E7C40}" -> {CLSID}\InProcServer32\(Default) = "c:\program files\mcafee\spamkiller\mcapfbho.dll" ["McAfee, Inc."] {CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\ "ButtonText" = "Real.com" {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."] EvtEng, EvtEng, "C:\Program Files\Intel\Wireless\Bin\EvtEng.exe" ["Intel Corporation"] HTTP SSL, HTTPFilter, "C:\WINDOWS\System32\svchost.exe -k HTTPFilter" {"C:\WINDOWS\System32\w3ssl.dll" [MS]} LexBce Server, LexBceS, "C:\WINDOWS\system32\LEXBCES.EXE" ["Lexmark International, Inc."] McAfee AntiSpyware Real-Time Scanner, McAfeeAntiSpyware, "C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe" ["Network Associates, Inc."] McAfee Personal Firewall Service, MpfService, "C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.ex e" ["McAfee Corporation"] McAfee SpamKiller Server, MskService, "C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe" ["McAfee Inc."] McAfee Task Scheduler, McTskshd.exe, "c:\PROGRA~1\mcafee.com\agent\mctskshd.exe" ["McAfee, Inc"] McAfee WSC Integration, McDetect.exe, "c:\program files\mcafee.com\agent\mcdetect.exe" ["McAfee, Inc"] McAfee.com McShield, McShield, "c:\PROGRA~1\mcafee.com\vso\mcshield.exe" ["McAfee Inc."] Media Center Receiver Service, ehRecvr, "C:\WINDOWS\eHome\ehRecvr.exe" [MS] Media Center Scheduler Service, ehSched, "C:\WINDOWS\eHome\ehSched.exe" [MS] NICCONFIGSVC, NICCONFIGSVC, "C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe" ["Dell Inc."] RegSrvc, RegSrvc, "C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe" ["Intel Corporation"] Spectrum24 Event Monitor, S24EventMonitor, "C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe" ["Intel Corporation "] WLANKEEPER, WLANKEEPER, "C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe" ["Intel® Corporation"] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 123 seconds. + The search for all Registry CLSIDs containing dormant Explorer Bars took 55 seconds. ---------- (total run time: 268 seconds) |
#4
|
|||
|
|||
![]()
Nope, nothing there either. One last try.......go here for an online AV scan:
http://www.pandasoftware.com/product..._principal.htm Scan "Local Disks" and when finished save the scan log and post that log here, okay? ![]() |
#5
|
||||
|
||||
I did the scan you suggested but I can't get a log. How do I get it? Thisi is all I am able to get
No viruses or other malicious software have been found. DetectedDisinfected Virus00 Spyware00 Hacking Tools00 Dialers00 Security Risks 00 Suspicious files 00 I am not sure this link can help, but I thought I would give it a try. Please click on the link below and you will know exactly what problems I have been having all together. I think all these problems are related or maybe it will give you a better idea of what is happening to my computer. Can you believe my computer is only 1 month old? ![]() http://www.cybertechhelp.com/forums/...ad.php?t=88678 Last edited by pvalencia; September 17th, 2005 at 05:20 PM. |
#6
|
|||
|
|||
![]()
There's no log to post from Panda as there was nothing found. It's as I thought, your pc is clean and your problem is not from any security or malware issue.
I would re-visit your other thread and let them know everything checked out clean in this forum and they can continue to troubleshoot your problem. Good luck. ![]() |
#7
|
||||
|
||||
I have done exactly what you suggested.
Thank you so much for all your help ![]() |
#8
|
|||
|
|||
![]()
You're welcome!
|
![]() |
Bookmarks |
«
Previous Topic
|
Next Topic
»
|
|
![]() |
||||
Topic | Topic Starter | Forum | Replies | Last Post |
HJT Logs Please Read | da_moma | Malware Removal | 13 | March 12th, 2006 12:21 AM |
HJT Logs Please Read Again | da_moma | Malware Removal | 4 | January 31st, 2005 08:29 AM |
Please read before posting Hijack This logs. | AnnMarie | Malware Removal | 2 | June 21st, 2004 01:28 AM |
Help me read Hijack logs | enat66 | The Anything Else Board | 2 | April 30th, 2004 09:15 PM |
Another Dyfica.AJ infection..could someone please read my logs? | baldo | Malware Removal | 3 | April 22nd, 2004 02:44 AM |
All times are GMT +1. The time now is 09:59 PM.