Sponsored By

cromwell_4

Members
  • Content Count

    21
  • Joined

  • Last visited

About cromwell_4

  • Rank
    Member
  1. It is a HP Pavillion 423.uk I emailed HP and they have replied with the following: The current CPU is an Intel Celeron Williamette 1.8. I can upgrade to a Williamette 2.0 Any idea if there is a noticeable difference between the two speeds or should I not bother? Many thanks.
  2. I have a windows HP desktop with an Intel Celeron Processor 1.80GHz. It runs slow, even though the RAM has been upgraded to 512MB. I would like to upgrade the processor. How do I find out if the new processor is compatible with my PC or will any Intel do? I was told the processor has to be compatible with the motherboard but can't find anything online to help with this. Operating System: Windows XP Home Edition Service Pack 2 (build 2600) Processor: 1.80 gigahertz Intel Celeron, 8 kilobyte primary memory cache, 128 kilobyte secondary memory cache Main Circuit Board: Board: Hewlett-Packard HP System Board HP P/N, Bus Clock: 100 megahertz Many thanks.
  3. cromwell_4

    Home Pc Riddled

    Logfile of HijackThis v1.99.1 Scan saved at 22:07:35, on 19/10/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wuauclt.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE C:\WINDOWS\system32\pctspk.exe C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe C:\WINDOWS\system32\ps2.exe C:\Program Files\INTEL\DSLSetup\ProDsl.exe C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Logitech\Video\LogiTray.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\LVComS.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\hp center\137903\Program\BackWeb-137903.exe C:\Documents and Settings\Owner\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 195.51.87.140:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 213.*;170.*;*.soups.com;*.cpb.com;;localhost;<local> O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [instantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [ZingSpooler] C:\Program Files\Common Files\Zing\ZingSpooler.exe O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [DSL Connection Manager] C:\Program Files\INTEL\DSLSetup\ProDsl.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: customize__IE.lnk = C:\hp\REGION\customizeIe.wsf O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: JavaConnect - http://dsdiebe01.europe.soups.com/sametime...JavaConnect.cab O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} - http://survey.otxresearch.com/Preloader.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://workplaceeu.campbellsoup.com/iNotes.cab O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://dmcamuk10.europe.soups.com/iNotes6.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.co.uk/SnapfishUKActivia.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-24.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://cromwell4.spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5E943D9C-F8DC-4258-8E3F-A61BB3405A33} (ZingBatchAXDwnl Class) - http://www.imagestation.com/common/classes...ion=4,3,2,20802 O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.143/code/PWActiveXImgCtl.CAB O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1136917368609 O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.co.uk/downloads/BUM/BUM_W..._1/axofupld.cab O16 - DPF: {719433EA-60DE-45A8-8255-115826F16D5B} (STConnectivityAgent Control) - http://dscamus01.soups.com/sametime/javaco...STConnAgent.cab O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www.ibm.com/pc/support/access/sdcco...ad/IbmEgath.cab O16 - DPF: {88C51E90-8E9C-4C96-8A45-574D88B63FAF} - http://acceso.masminutos.com/laaplicacion.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://[email protected]/Compon...id/MSSurVid.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/51/install/gtdownls.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://[email protected]/Compon...ior/Outside.cab O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} - O16 - DPF: {E82ED244-76EF-4D34-BDB3-AB21A522F38E} (webhelper Class) - http://www.btconnect.com/public/home/downl...bcontrol013.cab O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326 O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...351/mcfscan.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: WUSB54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe (file missing)
  4. cromwell_4

    Home Pc Riddled

    Hi, the files were not present. Logfile of HijackThis v1.99.1 Scan saved at 20:42:31, on 18/10/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\Explorer.EXE C:\windows\system\hpsysdrv.exe C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE C:\WINDOWS\system32\pctspk.exe C:\WINDOWS\system32\ps2.exe C:\Program Files\INTEL\DSLSetup\ProDsl.exe C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Logitech\Video\LogiTray.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\LVComS.exe C:\Program Files\hp center\137903\Program\BackWeb-137903.exe C:\Documents and Settings\Owner\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 195.51.87.140:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 213.*;170.*;*.soups.com;*.cpb.com;;localhost;<local> O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [instantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [ZingSpooler] C:\Program Files\Common Files\Zing\ZingSpooler.exe O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [DSL Connection Manager] C:\Program Files\INTEL\DSLSetup\ProDsl.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: customize__IE.lnk = C:\hp\REGION\customizeIe.wsf O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: JavaConnect - http://dsdiebe01.europe.soups.com/sametime...JavaConnect.cab O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} - http://survey.otxresearch.com/Preloader.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://workplaceeu.campbellsoup.com/iNotes.cab O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://dmcamuk10.europe.soups.com/iNotes6.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.co.uk/SnapfishUKActivia.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-24.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://cromwell4.spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/1254e8fc6134b2...ip/RdxIE601.cab O16 - DPF: {5E943D9C-F8DC-4258-8E3F-A61BB3405A33} (ZingBatchAXDwnl Class) - http://www.imagestation.com/common/classes...ion=4,3,2,20802 O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.143/code/PWActiveXImgCtl.CAB O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1136917368609 O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.co.uk/downloads/BUM/BUM_W..._1/axofupld.cab O16 - DPF: {719433EA-60DE-45A8-8255-115826F16D5B} (STConnectivityAgent Control) - http://dscamus01.soups.com/sametime/javaco...STConnAgent.cab O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www.ibm.com/pc/support/access/sdcco...ad/IbmEgath.cab O16 - DPF: {88C51E90-8E9C-4C96-8A45-574D88B63FAF} - http://acceso.masminutos.com/laaplicacion.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://[email protected]/Compon...id/MSSurVid.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/51/install/gtdownls.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://[email protected]/Compon...ior/Outside.cab O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} - O16 - DPF: {E82ED244-76EF-4D34-BDB3-AB21A522F38E} (webhelper Class) - http://www.btconnect.com/public/home/downl...bcontrol013.cab O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326 O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...351/mcfscan.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: WUSB54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe (file missing)
  5. cromwell_4

    Home Pc Riddled

    Incident Status Location Spyware:spyware/bridge Not disinfected c:\windows\downloaded program files\bridge.inf Dialer:dialer.db Not disinfected c:\windows\downloaded program files\msa64chk.inf Spyware:spyware/searchcentrix Not disinfected Windows Registry Adware:adware/otx Not disinfected Windows Registry Adware:adware/powerstrip Not disinfected Windows Registry Potentially unwanted tool:Application/HideWindow.A Not disinfected C:\hp\bin\FondleWindow.exe Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe Potentially unwanted tool:Application/KillApp.A Not disinfected C:\hp\bin\Terminator.exe Adware:Adware/Startpage.RF Not disinfected C:\WINDOWS\Downloaded Program Files\search.inf
  6. cromwell_4

    Home Pc Riddled

    --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 22:54:45 16/10/2006 + Scan result: C:\WINDOWS\system32\gtdownls_95.ocx -> Adware.Gdown : Cleaned. C:\Documents and Settings\Ben\Cookies\[email protected][1].txt -> TrackingCookie.247realmedia : Cleaned. C:\Documents and Settings\Thomas\Cookies\[email protected][2].txt -> TrackingCookie.247realmedia : Cleaned. C:\Documents and Settings\Ben\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Ben\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Ben\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Ben\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Ben\Cookies\[email protected]2.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Ben\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Ben\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Ben\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Thomas\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Thomas\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Thomas\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Thomas\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Ben\Cookies\[email protected][2].txt -> TrackingCookie.Adbrite : Cleaned. C:\Documents and Settings\Ben\Cookies\[email protected][2].txt -> TrackingCookie.Admarketplace : Cleaned. C:\Documents and Settings\Ben\Cookies\[email protected][4].txt -> TrackingCookie.Adrevolver : Cleaned. C:\Documents and Settings\Ben\Cookies\[email protected][2].txt -> TrackingCookie.Adviva : Cleaned. C:\Documents and Settings\Thomas\Cookies\[email protected][2].txt -> TrackingCookie.Adviva : Cleaned. C:\Documents and Settings\Ben\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned. C:\Documents and Settings\Thomas\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned. C:\Documents and Settings\Thomas\Cookies\[email protected][1].txt -> TrackingCookie.Bluestreak : Cleaned. C:\Documents and Settings\Ben\Cookies\[email protected][1].txt -> TrackingCookie.Casalemedia : Cleaned. C:\Documents and Settings\Thomas\Cookies\[email protected][2].txt -> TrackingCookie.Casalemedia : Cleaned. C:\Documents and Settings\Ben\Cookies\[email protected][1].txt -> TrackingCookie.Com : Cleaned. C:\Documents and Settings\Thomas\Cookies\[email protected][2].txt -> TrackingCookie.Com : Cleaned. C:\Documents and Settings\Ben\Cookies\[email protected][1].txt -> TrackingCookie.Coremetrics : Cleaned. C:\Documents and Settings\Thomas\Cookies\[email protected][1].txt -> TrackingCookie.Coremetrics : Cleaned. C:\Documents and Settings\Ben\Cookies\[email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned. C:\Documents and Settings\Ben\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Ben\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Ben\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Ben\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Ben\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Ben\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Ben\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Ben\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Ben\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Ben\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Ben\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Ben\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Ben\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Ben\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Ben\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Ben\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Ben\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Ben\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Ben\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Ben\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Ben\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Ben\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Ben\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Ben\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Ben\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Ben\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Ben\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Ben\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Ben\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Thomas\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Thomas\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Thomas\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Thomas\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Thomas\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Thomas\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Thomas\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Thomas\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Thomas\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Thomas\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Thomas\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Thomas\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Thomas\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Thomas\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Thomas\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Thomas\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Thomas\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Thomas\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Thomas\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Thomas\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Thomas\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Thomas\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Thomas\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Thomas\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Ben\Cookies\[email protected][2].txt -> TrackingCookie.Euroclick : Cleaned. C:\Documents and Settings\Thomas\Cookies\[email protected][2].txt -> TrackingCookie.Euroclick : Cleaned. C:\Documents and Settings\Thomas\Cookies\[email protected][2].txt -> TrackingCookie.Falkag : Cleaned. C:\Documents and Settings\Ben\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Ben\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Ben\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Ben\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Ben\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Ben\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Thomas\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Thomas\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Thomas\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Thomas\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Thomas\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Thomas\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Thomas\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Thomas\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Ben\Cookies\[email protected][2].txt -> TrackingCookie.Hitslink : Cleaned. C:\Documents and Settings\Thomas\Cookies\[email protected][2].txt -> TrackingCookie.Itrack : Cleaned. C:\Documents and Settings\Ben\Cookies\[email protected][2].txt -> TrackingCookie.Liveperson : Cleaned. C:\Documents and Settings\Ben\Cookies\[email protected][1].txt -> TrackingCookie.Mediaplex : Cleaned. C:\Documents and Settings\Thomas\Cookies\[email protected][1].txt -> TrackingCookie.Mediaplex : Cleaned. C:\Documents and Settings\Thomas\Cookies\[email protected][2].txt -> TrackingCookie.Overture : Cleaned. C:\Documents and Settings\Thomas\Cookies\[email protected][2].txt -> TrackingCookie.Overture : Cleaned. C:\Documents and Settings\Thomas\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned. C:\Documents and Settings\Thomas\Cookies\[email protected][1].txt -> TrackingCookie.Pointroll : Cleaned. C:\Documents and Settings\Ben\Cookies\[email protected][2].txt -> TrackingCookie.Questionmarket : Cleaned. C:\Documents and Settings\Thomas\Cookies\[email protected][1].txt -> TrackingCookie.Questionmarket : Cleaned. C:\Documents and Settings\Ben\Cookies\[email protected][1].txt -> TrackingCookie.Revenue : Cleaned. C:\Documents and Settings\Thomas\Cookies\[email protected][2].txt -> TrackingCookie.Revenue : Cleaned. C:\Documents and Settings\Ben\Cookies\[email protected][2].txt -> TrackingCookie.Ru4 : Cleaned. C:\Documents and Settings\Ben\Cookies\[email protected][1].txt -> TrackingCookie.Serving-sys : Cleaned. C:\Documents and Settings\Ben\Cookies\[email protected][2].txt -> TrackingCookie.Serving-sys : Cleaned. C:\Documents and Settings\Thomas\Cookies\[email protected][1].txt -> TrackingCookie.Serving-sys : Cleaned. C:\Documents and Settings\Thomas\Cookies\[email protected][2].txt -> TrackingCookie.Serving-sys : Cleaned. C:\Documents and Settings\Thomas\Cookies\[email protected][1].txt -> TrackingCookie.Smartadserver : Cleaned. C:\Documents and Settings\Ben\Cookies\[email protected][2].txt -> TrackingCookie.Statcounter : Cleaned. C:\Documents and Settings\Thomas\Cookies\[email protected][2].txt -> TrackingCookie.Statcounter : Cleaned. C:\Documents and Settings\Ben\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned. C:\Documents and Settings\Thomas\Cookies\[email protected][1].txt -> TrackingCookie.Tracking101 : Cleaned. C:\Documents and Settings\Ben\Cookies\[email protected][1].txt -> TrackingCookie.Tradedoubler : Cleaned. C:\Documents and Settings\Thomas\Cookies\[email protected][2].txt -> TrackingCookie.Tradedoubler : Cleaned. C:\Documents and Settings\Ben\Cookies\[email protected][1].txt -> TrackingCookie.Tribalfusion : Cleaned. C:\Documents and Settings\Thomas\Cookies\[email protected][1].txt -> TrackingCookie.Tribalfusion : Cleaned. C:\Documents and Settings\Ben\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned. C:\Documents and Settings\Thomas\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned. C:\Documents and Settings\Thomas\Cookies\[email protected][2].txt -> TrackingCookie.Zedo : Cleaned. ::Report end
  7. cromwell_4

    Home Pc Riddled

    Hi guys, ran a check on my home PC after letting my husband loose on it and was amazed to find many registry entries listed in Spybot. Have run and fixed Spybot and Adware. Could you please have a look at my log? Logfile of HijackThis v1.99.1 Scan saved at 21:14:56, on 10/10/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\Explorer.EXE C:\windows\system\hpsysdrv.exe C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE C:\WINDOWS\system32\pctspk.exe C:\WINDOWS\system32\ps2.exe C:\Program Files\INTEL\DSLSetup\ProDsl.exe C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Hewlett-Packard\hp deskjet 460 series\Toolbox\HPWRTBX.exe C:\WINDOWS\system32\LVComS.exe C:\Program Files\hp center\137903\Program\BackWeb-137903.exe C:\Documents and Settings\Owner\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 195.51.87.140:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 213.*;170.*;*.soups.com;*.cpb.com;;localhost;<local> O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [instantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [ZingSpooler] C:\Program Files\Common Files\Zing\ZingSpooler.exe O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [DSL Connection Manager] C:\Program Files\INTEL\DSLSetup\ProDsl.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [HPWRTOOLBOX] C:\Program Files\Hewlett-Packard\hp deskjet 460 series\Toolbox\HPWRTBX.exe "-i" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: customize__IE.lnk = C:\hp\REGION\customizeIe.wsf O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: JavaConnect - http://dsdiebe01.europe.soups.com/sametime...JavaConnect.cab O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} - http://survey.otxresearch.com/Preloader.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://workplaceeu.campbellsoup.com/iNotes.cab O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://dmcamuk10.europe.soups.com/iNotes6.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.co.uk/SnapfishUKActivia.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-24.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://cromwell4.spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/1254e8fc6134b2...ip/RdxIE601.cab O16 - DPF: {5E943D9C-F8DC-4258-8E3F-A61BB3405A33} (ZingBatchAXDwnl Class) - http://www.imagestation.com/common/classes...ion=4,3,2,20802 O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.143/code/PWActiveXImgCtl.CAB O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1136917368609 O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.co.uk/downloads/BUM/BUM_W..._1/axofupld.cab O16 - DPF: {719433EA-60DE-45A8-8255-115826F16D5B} (STConnectivityAgent Control) - http://dscamus01.soups.com/sametime/javaco...STConnAgent.cab O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www.ibm.com/pc/support/access/sdcco...ad/IbmEgath.cab O16 - DPF: {88C51E90-8E9C-4C96-8A45-574D88B63FAF} - http://acceso.masminutos.com/laaplicacion.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://[email protected]/Compon...id/MSSurVid.cab O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/51/install/gtdownls.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://[email protected]/Compon...ior/Outside.cab O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} - O16 - DPF: {E82ED244-76EF-4D34-BDB3-AB21A522F38E} (webhelper Class) - http://www.btconnect.com/public/home/downl...bcontrol013.cab O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326 O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...351/mcfscan.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: WUSB54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe (file missing)
  8. cromwell_4

    Is This Pc Infected?

    One of my users had a virtual memory error. Everything looks ok. I have run Spybot and Adaware. Could you please have a quick look at the log below and let me know if there are any issues? Many thanks for all of your help. Logfile of HijackThis v1.99.1 Scan saved at 10:04:35, on 29/09/2006 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\svchost.exe C:\WINNT\floplock.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\program files\notes\ntmulti.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\WINNT\Explorer.Exe C:\WINNT\System32\igfxtray.exe C:\WINNT\System32\hkcmd.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\McAfee\Common Framework\UpdaterUI.exe C:\WINNT\system32\internat.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE E:\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 195.51.87.140:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 213.62.*;170.230.*;*.cpb.com;*.soups.com;62.185.95.179;129.39.225.188;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O1 - Hosts: 170.230.110.20 ocie O1 - Hosts: 170.230.107.200 ftp.campbellplace.com www.campbellplace.com O1 - Hosts: 194.118.99.14 GBBSERVER1 KGLHUB01 O1 - Hosts: 213.62.238.230 GBBIPMS O1 - Hosts: 195.118.243.105 GBCAMP01 GBCAMP01-IP O1 - Hosts: 195.51.85.1 PUURS O1 - Hosts: 195.118.243.101 GBBDGM1 O1 - Hosts: 32.77.1.31 DMCAMUS02 O1 - Hosts: 32.77.1.28 DMCAMUS06 O1 - Hosts: 170.230.46.6 DACAMUS04 DACAMUS04.SOUPS.COM O1 - Hosts: 170.230.115.80 campbellcorner O1 - Hosts: 213.62.238.15 DMKGLUK01 O1 - Hosts: 195.118.243.108 DHDIEBE01 O1 - Hosts: 195.118.243.100 Y2CAMD00 Y2CAMD00-IP O1 - Hosts: 194.253.61.57 COMFIERY O1 - Hosts: 194.253.61.73 GENFIERY O1 - Hosts: 213.62.238.49 GBBTOWER O1 - Hosts: 203.8.80.233 DMSYDAU01 O1 - Hosts: 203.8.80.234 DMSYDAU02 O1 - Hosts: 141.94.135.6 FIREWALL1 O1 - Hosts: 141.94.135.4 FIREWALL2 O1 - Hosts: 213.62.238.12 EKGLAPP02 O1 - Hosts: 213.62.238.20 EKGLCMB01 O1 - Hosts: 170.230.105.27 DACAMUS02 O1 - Hosts: 128.1.0.9 S4441272 O1 - Hosts: 128.1.0.10 CBS270 O1 - Hosts: 195.118.243.109 EURAPP01 O1 - Hosts: 213.62.238.11 GBBSERVER2 O1 - Hosts: 213.62.238.23 GBBSQL O1 - Hosts: 170.230.236.44 GBBCOGNOS O1 - Hosts: 170.230.113.75 CAMPBELLDW01 O1 - Hosts: 170.230.46.5 DACAMUS03 DACAMUS03.SOUPS.COM O1 - Hosts: 213.62.238.17 DAKGLUK01 O1 - Hosts: 170.230.185.20 DMASHUK10 O1 - Hosts: 170.230.240.20 DMWORUK10 O1 - Hosts: 170.230.197.20 DMCRAUK10 O1 - Hosts: 213.62.238.30 GBBPSOFT O1 - Hosts: 213.62.238.40 GBBIPMS2 O1 - Hosts: 213.62.238.5 FIREWALL O1 - Hosts: 195.118.243.110 EUCAMD00 O1 - Hosts: 170.230.113.75 WHQDWH41 O1 - Hosts: 170.230.104.217 DDACAMUS01 O1 - Hosts: 170.230.240.15 EWORCMB01 O1 - Hosts: 170.230.185.15 EASHCMB01 O1 - Hosts: 170.230.197.50 ECRACMB01 O1 - Hosts: 170.230.191.3 DMDUNFR10 O1 - Hosts: 213.62.238.34 GBBCITRIX O1 - Hosts: 213.62.238.18 EKGLAPP04 O1 - Hosts: 170.230.185.20 DMASHUK10 O1 - Hosts: 170.230.189.178 DAKARSE01 O1 - Hosts: 170.230.113.149 psacpt PSACPT O1 - Hosts: 170.230.128.36 DMTORCA01 O1 - Hosts: 170.230.243.9 CAMBOURNE-UNITY O1 - Hosts: 170.230.243.7 CAMBOURNE-PUB O1 - Hosts: 170.230.215.123 DMHBUAU10 O1 - Hosts: 170.230.115.101 DMCAMUS12 O1 - Hosts: 170.230.46.11 DMCAMUS10 O1 - Hosts: 213.62.238.25 DGKGLUK01 O1 - Hosts: 170.230.236.42 DMCAMUK10 O1 - Hosts: 170.230.115.80 CAMPBELLCORNER O1 - Hosts: 195.51.83.8 DMBOUFR10 O1 - Hosts: 170.230.113.198 DCCAMUS01 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [igfxTray] C:\WINNT\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe" O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe" O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe" O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - Startup: dg_connect_eukinapp09.bat O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O14 - IERESET.INF: START_PAGE_URL=about:blank O16 - DPF: Oracle Sales Analyzer 6,4,0 Patch 5 - http://iri.cpgnetwork.co.uk/osaweb/java/osa640.cab O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://dccamus01.soups.com/qp2.cab O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://dmcamuk10/iNotes6.cab O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx O16 - DPF: {62CEC9E0-3811-4C36-A94E-4F7565DCD23F} (DDSC Class) - http://portal.som.cranfield.ac.uk/msc/Port...rces/msddsc.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ouk.com O17 - HKLM\System\CCS\Services\Tcpip\..\{6B4BD674-3036-4F86-921D-3A2D75D2D051}: NameServer = 170.230.236.46,170.230.236.36 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ouk.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ouk.com,europe.soups.com,eu.cpb.com,cpb.com,soups.com,oie.com O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ouk.com O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ouk.com,europe.soups.com,eu.cpb.com,cpb.com,soups.com,oie.com O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ouk.com,europe.soups.com,eu.cpb.com,cpb.com,soups.com,oie.com O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll O23 - Service: Client Access Express Remote Command (Cwbrxd) - IBM Corporation - C:\WINNT\CWBRXD.EXE O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: floppylock - Unknown owner - C:\WINNT\floplock.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing) O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: Multi-user Cleanup Service - Unknown owner - C:\program files\notes\ntmulti.exe O23 - Service: OracleOracle_homeClientCache - Unknown owner - C:\orant\BIN\ONRSD.EXE O23 - Service: PictureTaker - LANovation - C:\WINNT\System32\PCTKRNT.SYS
  9. One of my users has two infected files on his laptop. c:\a.bat and c:\winnt\system32 I have run spybot and adware, rebooted, and then created the following log. Logfile of HijackThis v1.99.1 Scan saved at 11:46:31, on 28/09/2006 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\ibmpmsvc.exe C:\WINNT\system32\Ati2evxx.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows 2000\FireSvc.exe C:\WINNT\floplock.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\mcshield.exe C:\Program Files\Network Associates\VirusScan\vstskmgr.exe C:\program files\notes\ntmulti.exe C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\TpKmpSVC.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\PROGRA~1\Xpoint\xpadmin\xpadmin.exe C:\PROGRA~1\Xpoint\agent\Xpagent.exe C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe C:\PROGRA~1\Xpoint\EEClient\xpclient.exe C:\WINNT\system32\cmd.exe C:\PROGRA~1\Xpoint\SAS\jre\bin\javaw.exe C:\WINNT\system32\Ati2evxx.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\ltmsg.exe C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe C:\Program Files\IBM\Client Access\cwbckver.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\WINNT\AGRSMMSG.exe C:\Program Files\IBM\Messages By IBM\ibmmessages.exe C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe C:\Program Files\Xpoint\PE\Skin\rrpcsb.exe C:\WINNT\system32\RunDll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\Program Files\Xpoint\PE\pcrecsa.exe C:\WINNT\system32\TpShocks.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\INTEL\DSLSetup\ProDsl.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe C:\Program Files\McAfee\Common Framework\UpdaterUI.exe C:\WINNT\system32\internat.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows 2000\FireTray.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Documents and Settings\linescj\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 195.51.87.140:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 213.62.*;170.230.*;*.cpb.com;*.soups.com;62.185.95.179;129.39.225.188;<local> O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9 O4 - HKLM\..\Run: [tourpath] regedit /s c:\winnt\tour.reg O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [TP4EX] tp4ex.exe O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe" O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe" O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe" O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [uC_Start] C:\IBMTools\Updater\ucstartup.exe O4 - HKLM\..\Run: [Rapid Restore] C:\Program Files\Xpoint\PE\Skin\rrpcsb.exe O4 - HKLM\..\Run: [bMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor O4 - HKLM\..\Run: [bMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE O4 - HKLM\..\Run: [bMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [setupType] Portable O4 - HKLM\..\Run: [DSL Connection Manager] C:\Program Files\INTEL\DSLSetup\ProDsl.exe O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: McAfee Desktop Firewall Tray.lnk = C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows 2000\FireTray.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll O11 - Options group: [JAVA_IBM] Java (IBM) O14 - IERESET.INF: START_PAGE_URL=about:blank O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ouk.com O17 - HKLM\System\CCS\Services\Tcpip\..\{3A22ECFD-1D48-4F30-A047-F4AB3D5657DC}: Domain = europe.soups.com O17 - HKLM\System\CCS\Services\Tcpip\..\{E6B6CEA5-4CF2-4550-9CCB-E7A8F1B20603}: Domain = europe.soups.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ouk.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ouk.com eu.cpb.com cpb.com europe.soups.com soups.com oie.com O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ouk.com O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ouk.com eu.cpb.com cpb.com europe.soups.com soups.com oie.com O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ouk.com eu.cpb.com cpb.com europe.soups.com soups.com oie.com O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing) O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe O23 - Service: Client Access Express Remote Command (Cwbrxd) - IBM Corporation - C:\WINNT\CWBRXD.EXE O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: McAfee Desktop Firewall Service (FireSvc) - Networks Associates Technology, Inc. - C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows 2000\FireSvc.exe O23 - Service: floppylock - Unknown owner - C:\WINNT\floplock.exe O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINNT\system32\ibmpmsvc.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing) O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe O23 - Service: Multi-user Cleanup Service - Unknown owner - C:\program files\notes\ntmulti.exe O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE O23 - Service: Xpoint PCRadmin Server (PCRadminServer) - Unknown owner - C:\PROGRA~1\Xpoint\PE\pcradmin.exe O23 - Service: PictureTaker - LANovation - C:\WINNT\System32\PCTKRNT.SYS O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINNT\system32\PsaSrv.exe O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINNT\system32\TpKmpSVC.exe O23 - Service: Xpoint Admin Server (XPadminServer) - Unknown owner - C:\PROGRA~1\Xpoint\xpadmin\xpadmin.exe O23 - Service: Xpoint Agent Server (xpAgentServer) - Unknown owner - C:\PROGRA~1\Xpoint\agent\Xpagent.exe Thanks
  10. I never thought to check out the service pack. Many thanks for that!
  11. I have a user who was having an issue in Microsoft Excel 2003. The calculation of the spreadsheet seems to hang. I you click onto the spreadsheet it stops calculating and you can continue working as normal. I have downgraded the user to Excel 2000 and we have no problems in this version. I am not looking to work on this issue, but it would be nice to know if anyone else out here has seen this issue and knows what causes it. Thanks.
  12. cromwell_4

    Another Powerreg Scheduler V3.exe[RESOLVED]

    One of the entries you liste dis not in the Hijackthis list. The missing entry is: O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/0128d30675f9af...ip/RdxIE601.cab I have deleted the other entries as requested. Logfile of HijackThis v1.99.1 Scan saved at 09:20:24, on 21/09/2006 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\ibmpmsvc.exe C:\WINNT\system32\Ati2evxx.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe C:\WINNT\floplock.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\mcshield.exe C:\Program Files\Network Associates\VirusScan\vstskmgr.exe C:\program files\notes\ntmulti.exe C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\TpKmpSVC.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\PROGRA~1\Xpoint\xpadmin\xpadmin.exe C:\PROGRA~1\Xpoint\agent\Xpagent.exe C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe C:\PROGRA~1\Xpoint\EEClient\xpclient.exe C:\WINNT\system32\cmd.exe C:\PROGRA~1\Xpoint\SAS\jre\bin\javaw.exe C:\WINNT\system32\Ati2evxx.exe C:\WINNT\Explorer.EXE C:\WINNT\System32\svchost.exe C:\WINNT\system32\ltmsg.exe C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\WINNT\AGRSMMSG.exe C:\Program Files\IBM\Messages By IBM\ibmmessages.exe C:\Program Files\Xpoint\PE\Skin\rrpcsb.exe C:\WINNT\system32\RunDll32.exe C:\Program Files\Xpoint\PE\pcrecsa.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\WINNT\system32\TpShocks.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe C:\Program Files\McAfee\Common Framework\UpdaterUI.exe C:\WINNT\system32\internat.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\hijack this\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 195.51.87.140:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 213.62.*;170.230.*;*.cpb.com;*.soups.com;62.185.95.179;129.39.225.188;<local> O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9 O4 - HKLM\..\Run: [tourpath] regedit /s c:\winnt\tour.reg O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [TP4EX] tp4ex.exe O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe" O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe" O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe" O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [uC_Start] C:\IBMTools\Updater\ucstartup.exe O4 - HKLM\..\Run: [Rapid Restore] C:\Program Files\Xpoint\PE\Skin\rrpcsb.exe O4 - HKLM\..\Run: [bMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor O4 - HKLM\..\Run: [bMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE O4 - HKLM\..\Run: [bMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll O11 - Options group: [JAVA_IBM] Java (IBM) O16 - DPF: {7261EE42-318E-490A-AE8F-77649DBA1ECA} (JNILoader Control) - http://dsdiebe01.europe.soups.com/sametime...STJNILoader.cab O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www-3.ibm.com/pc/support/access/sdc...ad/IbmEgath.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ouk.com O17 - HKLM\System\CCS\Services\Tcpip\..\{3A22ECFD-1D48-4F30-A047-F4AB3D5657DC}: Domain = europe.soups.com O17 - HKLM\System\CCS\Services\Tcpip\..\{E6B6CEA5-4CF2-4550-9CCB-E7A8F1B20603}: Domain = europe.soups.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ouk.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ouk.com,eu.cpb.com,cpb.com,europe.soups.com,soups.com,oie.com O17 - HKLM\System\CS1\Services\Tcpip\..\{3A22ECFD-1D48-4F30-A047-F4AB3D5657DC}: Domain = europe.soups.com O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ouk.com O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ouk.com,eu.cpb.com,cpb.com,europe.soups.com,soups.com,oie.com O17 - HKLM\System\CS2\Services\Tcpip\..\{3A22ECFD-1D48-4F30-A047-F4AB3D5657DC}: Domain = europe.soups.com O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ouk.com,eu.cpb.com,cpb.com,europe.soups.com,soups.com,oie.com O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing) O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe O23 - Service: Client Access Express Remote Command (Cwbrxd) - IBM Corporation - C:\WINNT\CWBRXD.EXE O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: floppylock - Unknown owner - C:\WINNT\floplock.exe O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINNT\system32\ibmpmsvc.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing) O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe O23 - Service: Multi-user Cleanup Service - Unknown owner - C:\program files\notes\ntmulti.exe O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE O23 - Service: Xpoint PCRadmin Server (PCRadminServer) - Unknown owner - C:\PROGRA~1\Xpoint\PE\pcradmin.exe O23 - Service: PictureTaker - LANovation - C:\WINNT\System32\PCTKRNT.SYS O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINNT\system32\PsaSrv.exe O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINNT\system32\TpKmpSVC.exe O23 - Service: Xpoint Admin Server (XPadminServer) - Unknown owner - C:\PROGRA~1\Xpoint\xpadmin\xpadmin.exe O23 - Service: Xpoint Agent Server (xpAgentServer) - Unknown owner - C:\PROGRA~1\Xpoint\agent\Xpagent.exe
  13. Another one of my users has the following error when she logs onto her laptop: c:\documents and settings\grifficl\start menu\programs\startup\PowerReg Scheduler V3.exe Access to the specified device, path, or file is denied. I am unable to delete the file as it tells me access denied. The source file may be in use. I have checked Task manager but the program is not listed. I have run Spybot and AdAware. Here is the hijackthis log. Any help would be greatly appreciated. Logfile of HijackThis v1.99.1 Scan saved at 09:33:02, on 20/09/2006 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\ibmpmsvc.exe C:\WINNT\system32\Ati2evxx.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe C:\WINNT\floplock.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\mcshield.exe C:\Program Files\Network Associates\VirusScan\vstskmgr.exe C:\program files\notes\ntmulti.exe C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\TpKmpSVC.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\PROGRA~1\Xpoint\xpadmin\xpadmin.exe C:\PROGRA~1\Xpoint\agent\Xpagent.exe C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe C:\PROGRA~1\Xpoint\EEClient\xpclient.exe C:\WINNT\system32\cmd.exe C:\PROGRA~1\Xpoint\SAS\jre\bin\javaw.exe C:\WINNT\system32\Ati2evxx.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\ltmsg.exe C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\WINNT\AGRSMMSG.exe C:\Program Files\IBM\Messages By IBM\ibmmessages.exe C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe C:\Program Files\Xpoint\PE\Skin\rrpcsb.exe C:\WINNT\system32\RunDll32.exe C:\Program Files\Xpoint\PE\pcrecsa.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\WINNT\system32\TpShocks.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe C:\Program Files\McAfee\Common Framework\UpdaterUI.exe C:\WINNT\system32\internat.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\hijack this\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 195.51.87.140:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 213.62.*;170.230.*;*.cpb.com;*.soups.com;62.185.95.179;129.39.225.188;<local> O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9 O4 - HKLM\..\Run: [tourpath] regedit /s c:\winnt\tour.reg O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [TP4EX] tp4ex.exe O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe" O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe" O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe" O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [uC_Start] C:\IBMTools\Updater\ucstartup.exe O4 - HKLM\..\Run: [Rapid Restore] C:\Program Files\Xpoint\PE\Skin\rrpcsb.exe O4 - HKLM\..\Run: [bMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor O4 - HKLM\..\Run: [bMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE O4 - HKLM\..\Run: [bMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe O4 - Startup: PowerReg Scheduler V3.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll O11 - Options group: [JAVA_IBM] Java (IBM) O14 - IERESET.INF: START_PAGE_URL=about:blank O16 - DPF: {7261EE42-318E-490A-AE8F-77649DBA1ECA} (JNILoader Control) - http://dsdiebe01.europe.soups.com/sametime...STJNILoader.cab O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www-3.ibm.com/pc/support/access/sdc...ad/IbmEgath.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ouk.com O17 - HKLM\System\CCS\Services\Tcpip\..\{3A22ECFD-1D48-4F30-A047-F4AB3D5657DC}: Domain = europe.soups.com O17 - HKLM\System\CCS\Services\Tcpip\..\{E6B6CEA5-4CF2-4550-9CCB-E7A8F1B20603}: Domain = europe.soups.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ouk.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ouk.com,eu.cpb.com,cpb.com,europe.soups.com,soups.com,oie.com O17 - HKLM\System\CS1\Services\Tcpip\..\{3A22ECFD-1D48-4F30-A047-F4AB3D5657DC}: Domain = europe.soups.com O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ouk.com O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ouk.com,eu.cpb.com,cpb.com,europe.soups.com,soups.com,oie.com O17 - HKLM\System\CS2\Services\Tcpip\..\{3A22ECFD-1D48-4F30-A047-F4AB3D5657DC}: Domain = europe.soups.com O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ouk.com,eu.cpb.com,cpb.com,europe.soups.com,soups.com,oie.com O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing) O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe O23 - Service: Client Access Express Remote Command (Cwbrxd) - IBM Corporation - C:\WINNT\CWBRXD.EXE O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: floppylock - Unknown owner - C:\WINNT\floplock.exe O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINNT\system32\ibmpmsvc.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing) O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe O23 - Service: Multi-user Cleanup Service - Unknown owner - C:\program files\notes\ntmulti.exe O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE O23 - Service: Xpoint PCRadmin Server (PCRadminServer) - Unknown owner - C:\PROGRA~1\Xpoint\PE\pcradmin.exe O23 - Service: PictureTaker - LANovation - C:\WINNT\System32\PCTKRNT.SYS O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINNT\system32\PsaSrv.exe O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINNT\system32\TpKmpSVC.exe O23 - Service: Xpoint Admin Server (XPadminServer) - Unknown owner - C:\PROGRA~1\Xpoint\xpadmin\xpadmin.exe O23 - Service: Xpoint Agent Server (xpAgentServer) - Unknown owner - C:\PROGRA~1\Xpoint\agent\Xpagent.exe
  14. cromwell_4

    Powerreg Scheduler V3.exe[RESOLVED]

    Many thanks for the fast response. I have remove the items as listed, and rebooted before running HijackThis again. Logfile of HijackThis v1.99.1 Scan saved at 09:16:23, on 18/09/2006 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\ibmpmsvc.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\floplock.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\mcshield.exe C:\Program Files\Network Associates\VirusScan\vstskmgr.exe C:\program files\notes\ntmulti.exe C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINNT\system32\TpKmpSVC.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\ltmsg.exe C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\WINNT\AGRSMMSG.exe C:\Program Files\IBM\Messages By IBM\ibmmessages.exe C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe C:\WINNT\system32\RunDll32.exe C:\WINNT\system32\rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\WINNT\system32\TpShocks.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINNT\system32\igfxtray.exe C:\WINNT\system32\hkcmd.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe C:\WINNT\system32\UMonit2k.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe C:\Program Files\McAfee\Common Framework\UpdaterUI.exe C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe C:\WINNT\System32\svchost.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\WINNT\system32\internat.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Documents and Settings\thompse\Desktop\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://workplaceeu.campbellsoup.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 195.51.87.140:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 213.62.*;170.230.*;*.cpb.com;*.soups.com;62.185.95.179;129.39.225.188;<local> O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9 O4 - HKLM\..\Run: [tourpath] regedit /s c:\winnt\tour.reg O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [TP4EX] tp4ex.exe O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe" O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe" O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe" O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [uC_Start] C:\IBMTools\Updater\ucstartup.exe O4 - HKLM\..\Run: [bMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor O4 - HKLM\..\Run: [bMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE O4 - HKLM\..\Run: [bMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [igfxTray] C:\WINNT\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINNT\system32\UMonit2k.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [NetSP - restore settings on power failure] "C:\Program Files\AT&T Global Network Client\NetSP.exe" -show O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll O11 - Options group: [JAVA_IBM] Java (IBM) O16 - DPF: {7261EE42-318E-490A-AE8F-77649DBA1ECA} (JNILoader Control) - http://dsdiebe01.europe.soups.com/sametime...STJNILoader.cab O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ouk.com O17 - HKLM\System\CCS\Services\Tcpip\..\{3A22ECFD-1D48-4F30-A047-F4AB3D5657DC}: Domain = europe.soups.com O17 - HKLM\System\CCS\Services\Tcpip\..\{E6B6CEA5-4CF2-4550-9CCB-E7A8F1B20603}: Domain = europe.soups.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ouk.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ouk.com,eu.cpb.com,cpb.com,europe.soups.com,soups.com,oie.com O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ouk.com O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ouk.com,eu.cpb.com,cpb.com,europe.soups.com,soups.com,oie.com O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ouk.com,eu.cpb.com,cpb.com,europe.soups.com,soups.com,oie.com O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe O23 - Service: Client Access Express Remote Command (Cwbrxd) - IBM Corporation - C:\WINNT\CWBRXD.EXE O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: floppylock - Unknown owner - C:\WINNT\floplock.exe O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINNT\system32\ibmpmsvc.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing) O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe O23 - Service: Multi-user Cleanup Service - Unknown owner - C:\program files\notes\ntmulti.exe O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE O23 - Service: PictureTaker - LANovation - C:\WINNT\System32\PCTKRNT.SYS O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINNT\system32\PsaSrv.exe O23 - Service: ptssvc - KODAK - C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINNT\system32\TpKmpSVC.exe
  15. One of my users has the following error when he logs onto his laptop: c:\documents and settings\thompse\start menu\programs\startup\PowerReg Scheduler V3.exe Access to the specified device, path, or file is denied. I am unable to delete the file as it tells me access denied. The source file may be in use. I have checked Task manager but the program is not listed. I have run Spybot and AdAware. Here is the hijackthis log. Any help would be greatly appreciated. Logfile of HijackThis v1.99.1 Scan saved at 15:48:23, on 15/09/2006 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\ibmpmsvc.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\floplock.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\mcshield.exe C:\Program Files\Network Associates\VirusScan\vstskmgr.exe C:\program files\notes\ntmulti.exe C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\TpKmpSVC.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\ltmsg.exe C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\WINNT\AGRSMMSG.exe C:\Program Files\IBM\Messages By IBM\ibmmessages.exe C:\WINNT\system32\RunDll32.exe C:\WINNT\system32\rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\WINNT\system32\TpShocks.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINNT\system32\igfxtray.exe C:\WINNT\system32\hkcmd.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe C:\WINNT\system32\UMonit2k.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe C:\Program Files\McAfee\Common Framework\UpdaterUI.exe C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe C:\WINNT\system32\internat.exe C:\WINNT\System32\svchost.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Documents and Settings\thompse\Desktop\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://workplaceeu.campbellsoup.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 195.51.87.140:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 213.62.*;170.230.*;*.cpb.com;*.soups.com;62.185.95.179;129.39.225.188;<local> O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9 O4 - HKLM\..\Run: [tourpath] regedit /s c:\winnt\tour.reg O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [TP4EX] tp4ex.exe O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe" O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe" O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe" O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [uC_Start] C:\IBMTools\Updater\ucstartup.exe O4 - HKLM\..\Run: [bMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor O4 - HKLM\..\Run: [bMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE O4 - HKLM\..\Run: [bMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [igfxTray] C:\WINNT\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINNT\system32\UMonit2k.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [NetSP - restore settings on power failure] "C:\Program Files\AT&T Global Network Client\NetSP.exe" -show O4 - Startup: PowerReg Scheduler V3.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll O11 - Options group: [JAVA_IBM] Java (IBM) O14 - IERESET.INF: START_PAGE_URL=about:blank O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/0128d30675f9af...ip/RdxIE601.cab O16 - DPF: {7261EE42-318E-490A-AE8F-77649DBA1ECA} (JNILoader Control) - http://dsdiebe01.europe.soups.com/sametime...STJNILoader.cab O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ouk.com O17 - HKLM\System\CCS\Services\Tcpip\..\{3A22ECFD-1D48-4F30-A047-F4AB3D5657DC}: Domain = europe.soups.com O17 - HKLM\System\CCS\Services\Tcpip\..\{E6B6CEA5-4CF2-4550-9CCB-E7A8F1B20603}: Domain = europe.soups.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ouk.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ouk.com,eu.cpb.com,cpb.com,europe.soups.com,soups.com,oie.com O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ouk.com O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ouk.com,eu.cpb.com,cpb.com,europe.soups.com,soups.com,oie.com O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ouk.com,eu.cpb.com,cpb.com,europe.soups.com,soups.com,oie.com O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe O23 - Service: Client Access Express Remote Command (Cwbrxd) - IBM Corporation - C:\WINNT\CWBRXD.EXE O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: floppylock - Unknown owner - C:\WINNT\floplock.exe O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINNT\system32\ibmpmsvc.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing) O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe O23 - Service: Multi-user Cleanup Service - Unknown owner - C:\program files\notes\ntmulti.exe O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE O23 - Service: PictureTaker - LANovation - C:\WINNT\System32\PCTKRNT.SYS O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINNT\system32\PsaSrv.exe O23 - Service: ptssvc - KODAK - C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINNT\system32\TpKmpSVC.exe