Okee dokee, i did do your last HJT scan check instructions, but the machine did lock at the fix this stage, so might not have completed and I cannot remember if I did it again - I was trying to have a short life outside of my pc over the weekend!
I have just done the latest HJT scan check and fix and the only one I couldn't find and therefore check and fix was the line below:
O23 - Service: Windows Update Manager (UpdateManager) - Unknown owner - C:\WINDOWS\update\updmgr.exe
In safe mode, I couldn't find and therefore delete
:\WINDOWS\web\related.htm
C:\WINDOWS\system32\csrs.exe
C:\WINDOWS\update\updmgr.exe
C:\WINDOWS\system32\spoolsvc.exe
or find winsis32.exe to delete it, am starting to feel a little inadequate, lol
Anyway, ... all scsan result requests below - enjoy!!
L
FSEcure scan results below:
08/21/06 16:55:25 [Info]: BlackLight Engine 1.0.46 initialized
08/21/06 16:55:25 [Info]: OS: 5.0 build 2195 (Service Pack 4)
08/21/06 16:55:26 [Note]: 7019 4
08/21/06 16:55:26 [Note]: 7005 0
08/21/06 16:55:35 [Note]: 7006 0
08/21/06 16:55:35 [Note]: 7011 764
08/21/06 16:55:36 [Note]: 7026 0
08/21/06 16:55:36 [Note]: 7026 0
08/21/06 16:56:02 [Note]: FSRAW library version 1.7.1019
08/21/06 17:01:07 [Note]: 2000 1006
08/21/06 17:01:18 [Note]: 7007 0
Combofix scan results below:
Administrator - Mon 21/08/2006 17:02:45.75
ComboFix 06.08.18 - Running from: C:\Documents and Settings\Administrator\Desktop
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Installer3.exe
C:\WINDOWS\SYSTEM32\atmtd.dll.tmp
((((((((((((((((((((((((((((((( Files Created from 2006-07-21 to 2006-08-21 ))))))))))))))))))))))))))))))))))
2006-08-20 22:38 157,696 C:\WINDOWS\system32\Sygate.exe
2006-08-13 01:00 349,760 C:\WINDOWS\system32\mcinsctl.dll
2006-08-13 01:00 288,320 C:\WINDOWS\system32\mcgdmgr.dll
2006-08-06 12:28 <DIR> C:\WINDOWS\McAfee.com
2006-08-05 22:15 90,112 C:\WINDOWS\system32\hpovst08.dll
2006-08-05 22:15 565,248 C:\WINDOWS\system32\hpotscl.dll
2006-08-05 22:15 262,144 C:\WINDOWS\system32\HPZc3212.dll
2006-08-05 22:15 229,376 C:\WINDOWS\system32\hpgtpusd.dll
2006-08-05 22:02 94,208 C:\WINDOWS\system32\HPZipt12.dll
2006-08-05 22:02 65,795 C:\WINDOWS\system32\HPZipm12.exe
2006-08-05 22:02 61,699 C:\WINDOWS\system32\HPZinw12.exe
2006-08-05 22:02 57,344 C:\WINDOWS\system32\HPZisn12.dll
2006-08-05 22:01 266,296 C:\WINDOWS\system32\HPZidr12.dll
2006-08-05 22:01 196,608 C:\WINDOWS\system32\HPZipr12.dll
2006-07-30 19:00 89,088 C:\WINDOWS\system32\atl71.dll
2006-07-30 19:00 499,712 C:\WINDOWS\system32\msvcp71.dll
2006-07-30 19:00 348,160 C:\WINDOWS\system32\msvcr71.dll
2006-07-30 19:00 1,060,864 C:\WINDOWS\system32\mfc71.dll
2006-07-25 18:20 1,063 C:\WINDOWS\system32\aaa00000.sys
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-08-21 16:10 -------- d-------- C:\Program Files\HijackThis
2006-08-20 23:32 -------- d-------- C:\Program Files\McAfee.com
2006-08-20 22:39 157696 -ra------ C:\WINDOWS\SYSTEM32\Sygate.exe
2006-08-20 17:44 -------- d-a------ C:\Program Files\Common Files
2006-08-20 14:33 -------- d-a------ C:\Program Files\ewido anti-spyware 4.0
2006-08-06 16:01 -------- d-ah----- C:\Program Files\Uninstall Information
2006-08-06 15:58 -------- d-a------ C:\Program Files\NetMeeting
2006-08-06 12:23 -------- d-a------ C:\Program Files\Yahoo!
2006-08-06 12:23 -------- d-a------ C:\Program Files\Common Files\Scanner
2006-08-06 00:29 -------- d-a------ C:\Program Files\Terminal Services Client
2006-08-05 23:55 -------- d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2006-07-30 20:47 -------- d-a------ C:\Program Files\Compaq
2006-07-30 20:23 -------- d-------- C:\Program Files\Common Files\Companion Wizard
2006-07-25 19:19 20480 --a------ C:\WINDOWS\drs.exe
2006-07-25 18:20 1063 --a------ C:\WINDOWS\SYSTEM32\aaa00000.sys
2006-07-22 20:58 -------- d-a------ C:\Program Files\Accessories
2006-07-19 19:49 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Kazaa Lite
2006-07-19 18:43 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2006-07-19 18:39 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2006-07-19 18:37 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2006-07-03 22:44 271 ---h----- C:\Program Files\desktop.ini
2006-07-03 22:44 21952 ---h----- C:\Program Files\folder.htt
2006-07-03 22:43 -------- d-a------ C:\Program Files\Windows Media Player
2006-05-31 23:55 0 --a------ C:\WINDOWS\SYSTEM32\eraseme_04516.exe
2006-05-31 22:57 79 --a------ C:\MSDOS.SYS
2006-05-31 22:57 700688 --a------ C:\WINDOWS\SYSTEM32\migicons.exe
2006-05-31 22:57 27 ---h----- C:\CONFIG.SYS
2006-05-31 22:57 259 ---h----- C:\AUTOEXEC.BAT
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe /logon"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_07\\bin\\jusched.exe"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb09.exe"
"VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"VirusScan Online"="C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe"
"OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"
"ntdll.dll"="C:\\PROGRA~1\\McAfee.com\\Agent\\mcregwiz.exe /autorun"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonceex]
"Flags"=""
"Title"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:000000b5
"CDRAutoRun"=hex:00,00,00,00
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000003
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="C:\\Program Files\\Accessories\\kyzene.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,77,01,00,00,00,00,00,00,60,02,00,00,e4,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f0,01,00,00,b5,00,00,00,80,00,00,00,76,00,\
00,00,01,00,00,00
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe"
"ozuz"="C:\\Program Files\\Common Files\\ozuz\\ozuzm.exe"
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:000000b5
"CDRAutoRun"=hex:00,00,00,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Maintenance-Defragment programs.job
C:\WINDOWS\tasks\Maintenance-Disk cleanup.job
C:\WINDOWS\tasks\Tune-up Application Start.job
Completion time: Mon 2006-08-21 17:04:33.45
ComboFix.txt
HJT scan results below:
Logfile of HijackThis v1.99.1
Scan saved at 17:11:55, on 8/21/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\system32\stisvc.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\internat.exe
C:\Corel\Graphics8\Programs\MFIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
c:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://search.presario.net/scripts/redi ... 9&s=search
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://search.yahoo.com/search?p=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BTopenworld
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN TOOLBAR\01.01.1629.0\EN-GB\MSNTB.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YT.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [ntdll.dll] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\COMMON\YHEXBMESUK.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\COMMON\YHEXBMESUK.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - c:\WINDOWS\system32\SHDOCVW.DLL
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) -
http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) -
http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupda ... 9117949366
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) -
http://support.f-secure.com/ols3/fscax.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD58CA12-8424-47D5-BD30-97C19F9BF87A}: NameServer = 62.6.40.178 194.72.9.38
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\WINDOWS\system32\spoolsv.exe (file missing)