Forum Home
Press F1
Thread ID: 75201	2006-12-19 23:42:00	Family Computers HJT file	cookiemonster (9463)	Press F1

Post ID	Timestamp	Content	User
508227	2006-12-20 07:27:00	Logfile of HijackThis v1.99.1 Scan saved at 8:10:40 p.m., on 20/12/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe C:\Documents and Settings\oem\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = us.rd.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1 F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\ Yahoo! \Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\SiteAdv.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\ Yahoo! \Common\yiesrvc.dll O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\ Yahoo! \Common\YIeTagBm.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.2001.0001\en-us\msntb.dll O2 - BHO: CPub Object - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\PROGRA~1\mcafee\mps\mcpopup.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.2001.0001\en-us\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\SiteAdv.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\ Yahoo! \Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\4608\SiteAdv.exe O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [0320281166594543mcinstcleanup] C:\DOCUME~1\oem\LOCALS~1\Temp\032028~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe O4 - HKLM\..\Run: [MWLExe] C:\Program Files\Mcafee\MWL\MWLGui.exe /Start O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Startup: OpenOffice.org 1.1.0.lnk = C:\Program Files\OpenOffice.org1.1.0\program\quickstart.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: & Yahoo! Search - file:///C:\Program Files\ Yahoo! \Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\ Yahoo! \Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\ Yahoo! \Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\ Yahoo! \Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\ Yahoo! \Common\yiesrvc.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\oem\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: www.neopets.com O16 - DPF: JT's Blocks - download.games.yahoo.com O16 - DPF: Yahoo! Backgammon - download.games.yahoo.com O16 - DPF: Yahoo! Bingo - download.games.yahoo.com O16 - DPF: Yahoo! Chat - us.chat1.yimg.com O16 - DPF: Yahoo! Checkers - download.games.yahoo.com O16 - DPF: Yahoo! Chess - download.games.yahoo.com O16 - DPF: Yahoo! Dice - download.games.yahoo.com O16 - DPF: Yahoo! Dominoes - download.games.yahoo.com O16 - DPF: Yahoo! MahJong - download.games.yahoo.com O16 - DPF: Yahoo! Pyramids - download.games.yahoo.com O16 - DPF: Yahoo! Word Racer - download.games.yahoo.com O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - messenger.zone.msn.com O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - zone.msn.com O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - messenger.zone.msn.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - messenger.zone.msn.com O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - zone.msn.com O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - zone.msn.com O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} (ZPA_WheelOfFortune Object) - zone.msn.com O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - messenger.zone.msn.com O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - messenger.zone.msn.com O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - games-dl.real.com O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - zone.msn.com O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - messenger.zone.msn.com O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\4608\SiteAdv.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: McAfee Application Installer Cleanup (0101471166577808) (0101471166577808mcinstcleanup) - Unknown owner - C:\DOCUME~1\oem\LOCALS~1\Temp\010147~1.EXE (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: McAfee E-mail Proxy (Emproxy) - Unknown owner - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe (file missing) O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MBackMonitor - - C:\Program Files\McAfee\MBK\MBackMonitor.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\Program Files\McAfee\MPS\mps.exe O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: McAfee Wireless Network Security Service (MWLSvc) - McAfee, Inc. - C:\Program Files\Mcafee\MWL\MwlSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\4608\SAService.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe All clean? Cookiemonster	cookiemonster (9463)
508228	2006-12-20 07:47:00	Run HJT again tick these entries and tick fix checked. Close browser/s. O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup The entry below, looks looks like it didn't finish installing or uninstalling. O4 - HKLM\..\Run: [0320281166594543mcinstcleanup] C:\DOCUME~1\oem\LOCALS~1\Temp\032028~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\4608\SiteAdv.exe O23 - Service: McAfee Application Installer Cleanup (0101471166577808) (0101471166577808mcinstcleanup) - Unknown owner - C:\DOCUME~1\oem\LOCALS~1\Temp\010147~1.EXE (file missing)	Speedy Gonzales (78)
508229	2006-12-20 08:29:00	Logfile of HijackThis v1.99.1 Scan saved at 9:15:55 p.m., on 20/12/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\oem\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = us.rd.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1 F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\ Yahoo! \Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\SiteAdv.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\ Yahoo! \Common\yiesrvc.dll O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\ Yahoo! \Common\YIeTagBm.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.2001.0001\en-us\msntb.dll O2 - BHO: CPub Object - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\PROGRA~1\mcafee\mps\mcpopup.dll (file missing) O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.2001.0001\en-us\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\SiteAdv.dll (file missing) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\ Yahoo! \Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe O4 - HKLM\..\Run: [MWLExe] C:\Program Files\Mcafee\MWL\MWLGui.exe /Start O4 - HKLM\..\RunOnce: [mcsysmon.exe] c:\PROGRA~1\mcafee\VIRUSS~1\mcsysmon.exe -regserver O4 - HKLM\..\RunOnce: [!mcvsqt.dll] regsvr32.exe /s c:\PROGRA~1\mcafee\VIRUSS~1\mcvsqt.dll O4 - HKLM\..\RunOnce: [!mvscfg.dll] regsvr32.exe /s c:\PROGRA~1\mcafee\VIRUSS~1\mvscfg.dll O4 - HKLM\..\RunOnce: [!mvsver.dll] regsvr32.exe /s c:\PROGRA~1\mcafee\VIRUSS~1\mvsver.dll O4 - HKLM\..\RunOnce: [!naiann.dll] regsvr32.exe /s c:\PROGRA~1\mcafee\VIRUSS~1\naiann.dll O4 - HKLM\..\RunOnce: [!mcodsax.dll] regsvr32.exe /s c:\PROGRA~1\mcafee\VIRUSS~1\mcodsax.dll O4 - HKLM\..\RunOnce: [mcods.exe] c:\PROGRA~1\mcafee\VIRUSS~1\mcods.exe -regserver O4 - HKLM\..\RunOnce: [!mcvspp.dll] regsvr32.exe /s c:\PROGRA~1\mcafee\VIRUSS~1\mcvspp.dll O4 - HKLM\..\RunOnce: [!mvsap.dll] regsvr32.exe /s c:\PROGRA~1\mcafee\VIRUSS~1\mvsap.dll O4 - HKLM\..\RunOnce: [!mvslog.dll] regsvr32.exe /s c:\PROGRA~1\mcafee\VIRUSS~1\mvslog.dll O4 - HKLM\..\RunOnce: [!hwapips.dll] regsvr32.exe /s c:\PROGRA~1\COMMON~1\mcafee\HACKER~1\hwapips.dll O4 - HKLM\..\RunOnce: [hwapi.exe] c:\PROGRA~1\COMMON~1\mcafee\HACKER~1\hwapi.exe -regserver O4 - HKLM\..\RunOnce: [!redirps.dll] regsvr32.exe /s c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirps.dll O4 - HKLM\..\RunOnce: [!redirver.dll] regsvr32.exe /s c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirver.dll O4 - HKLM\..\RunOnce: [redirsvc.exe] c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe -regserver O4 - HKLM\..\RunOnce: [!fwdrvver.dll] regsvr32.exe /s c:\PROGRA~1\COMMON~1\mcafee\fwdriver\fwdrvver.dll O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: & Yahoo! Search - file:///C:\Program Files\ Yahoo! \Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\ Yahoo! \Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\ Yahoo! \Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\ Yahoo! \Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\ Yahoo! \Common\yiesrvc.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\oem\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: www.neopets.com O16 - DPF: JT's Blocks - download.games.yahoo.com O16 - DPF: Yahoo! Backgammon - download.games.yahoo.com O16 - DPF: Yahoo! Bingo - download.games.yahoo.com O16 - DPF: Yahoo! Chat - us.chat1.yimg.com O16 - DPF: Yahoo! Checkers - download.games.yahoo.com O16 - DPF: Yahoo! Chess - download.games.yahoo.com O16 - DPF: Yahoo! Dice - download.games.yahoo.com O16 - DPF: Yahoo! Dominoes - download.games.yahoo.com O16 - DPF: Yahoo! MahJong - download.games.yahoo.com O16 - DPF: Yahoo! Pyramids - download.games.yahoo.com O16 - DPF: Yahoo! Word Racer - download.games.yahoo.com O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - messenger.zone.msn.com O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - zone.msn.com O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - messenger.zone.msn.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - messenger.zone.msn.com O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - zone.msn.com O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - zone.msn.com O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} (ZPA_WheelOfFortune Object) - zone.msn.com O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - messenger.zone.msn.com O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - messenger.zone.msn.com O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - games-dl.real.com O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - zone.msn.com O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - messenger.zone.msn.com O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\4608\SiteAdv.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: McAfee Application Installer Cleanup (0199541166600880) (0199541166600880mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\019954~1.EXE O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MBackMonitor - Unknown owner - C:\Program Files\McAfee\MBK\MBackMonitor.exe (file missing) O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe O23 - Service: McAfee Proxy Service (McProxy) - Unknown owner - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (file missing) O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\Program Files\McAfee\MPF\MPFSrv.exe (file missing) O23 - Service: McAfee Privacy Service (MPS9) - Unknown owner - C:\Program Files\McAfee\MPS\mps.exe (file missing) O23 - Service: McAfee SpamKiller Service (MSK80Service) - Unknown owner - C:\Program Files\McAfee\MSK\MskSrver.exe (file missing) O23 - Service: McAfee Wireless Network Security Service (MWLSvc) - Unknown owner - C:\Program Files\Mcafee\MWL\MwlSvc.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\4608\SAService.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe This time?? Btw: how come this come back >> O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup C:waughh::(kiem:confused:nster	cookiemonster (9463)
508230	2006-12-20 08:43:00	Umm did you uninstall or delete the Mcafee's folder?? And is that Mcafee's program working? Why these entries are in startup, I don't know. O4 - HKLM\..\RunOnce: [mcsysmon.exe] c:\PROGRA~1\mcafee\VIRUSS~1\mcsysmon.exe -regserver O4 - HKLM\..\RunOnce: [!mcvsqt.dll] regsvr32.exe /s c:\PROGRA~1\mcafee\VIRUSS~1\mcvsqt.dll O4 - HKLM\..\RunOnce: [!mvscfg.dll] regsvr32.exe /s c:\PROGRA~1\mcafee\VIRUSS~1\mvscfg.dll O4 - HKLM\..\RunOnce: [!mvsver.dll] regsvr32.exe /s c:\PROGRA~1\mcafee\VIRUSS~1\mvsver.dll O4 - HKLM\..\RunOnce: [!naiann.dll] regsvr32.exe /s c:\PROGRA~1\mcafee\VIRUSS~1\naiann.dll O4 - HKLM\..\RunOnce: [!mcodsax.dll] regsvr32.exe /s c:\PROGRA~1\mcafee\VIRUSS~1\mcodsax.dll O4 - HKLM\..\RunOnce: [mcods.exe] c:\PROGRA~1\mcafee\VIRUSS~1\mcods.exe -regserver O4 - HKLM\..\RunOnce: [!mcvspp.dll] regsvr32.exe /s c:\PROGRA~1\mcafee\VIRUSS~1\mcvspp.dll O4 - HKLM\..\RunOnce: [!mvsap.dll] regsvr32.exe /s c:\PROGRA~1\mcafee\VIRUSS~1\mvsap.dll O4 - HKLM\..\RunOnce: [!mvslog.dll] regsvr32.exe /s c:\PROGRA~1\mcafee\VIRUSS~1\mvslog.dll O4 - HKLM\..\RunOnce: [!hwapips.dll] regsvr32.exe /s c:\PROGRA~1\COMMON~1\mcafee\HACKER~1\hwapips.dll O4 - HKLM\..\RunOnce: [hwapi.exe] c:\PROGRA~1\COMMON~1\mcafee\HACKER~1\hwapi.exe -regserver O4 - HKLM\..\RunOnce: [!redirps.dll] regsvr32.exe /s c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirps.dll O4 - HKLM\..\RunOnce: [!redirver.dll] regsvr32.exe /s c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirver.dll O4 - HKLM\..\RunOnce: [redirsvc.exe] c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe -regserver O4 - HKLM\..\RunOnce: [!fwdrvver.dll] regsvr32.exe /s c:\PROGRA~1\COMMON~1\mcafee\fwdriver\fwdrvver.dll Or did u just reinstall McAfee's or something and not reboot? O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O23 - Service: McAfee Application Installer Cleanup (0199541166600880) (0199541166600880mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\019954~1.EXE	Speedy Gonzales (78)
508231	2006-12-20 08:55:00	Yes,because it was showing a red X= it need to be fixed or updated,I tryed both but had no luck,so tryed uninstall reinstal in safe mode but it wouldnt uninstall 1 folder in it,So turn computer off,rebooted it,disabled internet,but still had red X,so tryed uninstall from main disc no luck there ethier,So reinstalled it,reconnected internet connection then ran McAfee update,but still have little box with red X in the middle. Serious thinking about reformatting >Family computer,just need to find disc :( P.S. Do I run hjt again and tic fix checked your post entries? I'm now unsure if it is or isnt working properlly	cookiemonster (9463)
508232	2006-12-20 09:08:00	Umm I would delete the Mcafee's folder in c:\program files. Delete the mcafee's folder/s in C:\Documents and Settings\All Users\Application Data. (You'll have to show all files, as some of these are hidden). And delete any Mcafee's folder under C:\Documents and Settings\your username\Application Data And C:\Documents and Settings\your username\Local Settings\Application Data\mcafee's folder, if there's a folder here. Then use ccleaner (www.ccleaner.com) if u haven't got it at the mo. Download it, if u haven't got it, install it, run it. And then click on issues / click on scan for issues, and click on fix selected entries, for whatever comes up. Then click on the cleaner tab, close all browsers, click on run cleaner. Then reboot. Then make sure XP's firewall is on for the time being. Then after u do the above post another log, we'll see whats its like then. Then we'll see if u can install Mcafee's or something else after this. BUT, you maybe right, it maybe better if u reformat if u can find the cd.	Speedy Gonzales (78)
508233	2006-12-20 10:12:00	Tryed all your suggestion,It doesnt seem to want uninstall,I did however delete a file from McAfee,I think,that the missing file has something to do with why it wont uninstall,but I'm unsure?? C:dogeye::mad:kiem:help:nster	cookiemonster (9463)
508234	2006-12-20 12:00:00	Christ on a bike the blimmin time out feature on this site is annoying. Anywhoo, I'm pretty sure Mcafee's have a cleaner that will clean out the sticky files, as does Symantic for their pile of poo. If you can get on the net without catching every greeby going, download AVG free, get off the net (pull the plug), clean out Nortons and Mcafee, then install AVG, then reconnect and update AVG. (Edit: Even better, if you know how, download the latest AVG def file and update manually/locally once AVG is installed without reconnecting to the net.) A quiet word. You have so many toolbars, BHOs and MSN this, Yahoo that, that if they're not up to date they'll be leaving you open to security issues. Not to mention having that much crap lying around on your system is bound to slow it down unless you've got plenty under the hood. While I'm preaching; for pities sake get Firefox or Opera, use that steaming pile of effluent IE strictly for Windows updates only, anything else IE only is not worth bothering with IMO.	Murray P (44)
508235	2006-12-21 03:47:00	Umm I would delete the Mcafee's folder in c:\program files. Delete the mcafee's folder/s in C:\Documents and Settings\All Users\Application Data. (You'll have to show all files, as some of these are hidden). And delete any Mcafee's folder under C:\Documents and Settings\your username\Application Data And C:\Documents and Settings\your username\Local Settings\Application Data\mcafee's folder, if there's a folder here. Then use ccleaner (www.ccleaner.com) if u haven't got it at the mo. Download it, if u haven't got it, install it, run it. And then click on issues / click on scan for issues, and click on fix selected entries, for whatever comes up. Then click on the cleaner tab, close all browsers, click on run cleaner. Then reboot. Then make sure XP's firewall is on for the time being. Then after u do the above post another log, we'll see whats its like then. Then we'll see if u can install Mcafee's or something else after this. BUT, you maybe right, it maybe better if u reformat if u can find the cd. Speedy 3 files cant be deleted >>mcods,mcodsax.dll,scriptcl.dll Any ideas m8?? C:yuck::horrifiedkiem:help:nster	cookiemonster (9463)
508236	2006-12-21 04:05:00	Have you tried deleting them in Safe Mode?	FoxyMX (5)
1 2 3