[Lisa2005]

I dont know how to change my XP theme back to what it was originally. Everything else I dont have a problem with

[Advertisements]

Right-click on your desktop > properties > Appearances tab and choose Windows XP style again under windows and buttons.
Click apply and OK.

[Rawe]

Right-click on your desktop > properties > Appearances tab and choose Windows XP style again under windows and buttons.
Click apply and OK.

[Lisa2005]

Do I need to put anything in before MRT?

Caus Im not getting anything...

[Rawe]

No.. Click start, then run. Type in Mrt
nothing else.

If still comes up nothing, are you sure you have all the latest critical updates?

[Rawe]

No.. Wait. I'm not sure if it only works on SP2. Post me all the other logs, then we'll get you cleaned up in no time and we'll get you the latest critical updates from Microsoft.
But first we really need to make sure your PC is clean.
Forget that Windows Malicious software removal tool for now.. (Mrt)

- Rawe

[Rawe]

But I really have to go to bed now, night!

I'll get back to you in the morning - will look at your response then.

[Lisa2005]

HiJackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 17:29:21, on 11/08/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Explorer.EXE
C:\HJT\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.karoo.co.uk/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\en-us\msntb.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IW ControlCenter] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\Fujitsu\Adsl\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Fujitsu\Adsl\dslagent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\NASDAK\OmniMouse Driver\4.0\MOUSE32A.EXE
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zone...ee/cm/ICSCM.cab
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe


Smitfiles


smitRem log file
version 2.3

by noahdfear

The current date is: 11/08/2005
The current time is: 16:54:38.01

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ShudderLTD key present! Running LTDFix!

ShudderLTD key was successfully removed!


Pre-run Files Present


~~~ Program Files ~~~

PSGuard


~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~

ole32vbs.exe
intmon.exe
logfiles


~~~ Icons in System32 ~~~



~~~ Windows directory ~~~

sites.ini


~~~ Drive root ~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Post-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Wininet.dll ~~~

wininet.dll INFECTED!! Starting replacement procedure.


~~~~ Looking for C:\WINDOWS\system32\dllcache\wininet.dll ~~~~


~~~~ C:\WINDOWS\system32\dllcache\wininet.dll Present! ~~~~


~~~~ Checking dllcache\wininet.dll for infection ~~~~


~~~~ dllcache\wininet.dll Clean! ~~~~

~~~ Replaced wininet.dll from dllcache ~~~



~~~ Upon reboot ~~~

wininet.old present!
oleadm.dll not present!
oleext.dll not present!


~~~ Upon completion ~~~

wininet.old not present!
oleadm.dll not present!
oleext.dll not present!


~~~~ Rechecking C:\WINDOWS\system32\wininet.dll for infection ~~~~


~~~~ C:\WINDOWS\system32\wininet.dll Clean! ~~~~


~~~ Upon reboot ~~~

wininet.old not present!
oleadm.dll not present!
oleext.dll not present!


Hm, I just need to find out where I put my Ewido report log thingy.

Can I found out where it is? I saved it somewhere but I cant remember where lol.

Oh, and hope you have a good sleep

[Rawe]

I instructed you to save it to your desktop
That's where it is unless you saved it somewhere else.
You can, of course, do a Windows Search.

[Lisa2005]

Can you explain what a Windows Search does?

[Rawe]

Ok, I guess we just have to forget that Ewido log. I don't think it's named as Ewido report.. Or it might. Click -> Start -> Search -> Files or Folders -> Write in something like Ewido report
or log
or you can try if you have saved the log in the Ewido's folder..

[Lisa2005]

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 18:54:47, 11/08/2005
+ Report-Checksum: FE73A89F

+ Scan result:

C:\WINDOWS\system32\lpt.exe -> Heuristic.Win32.Dialer : Cleaned with backup
C:\Documents and Settings\kevin\Local Settings\Temporary Internet Files\Content.IE5\VXVOXV7C\dba2089[1].exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\kevin\Local Settings\Temporary Internet Files\Content.IE5\41SLMV8L\bridge-c9[1].cab/MediaAccX.dll -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\kevin\Local Settings\Temporary Internet Files\Content.IE5\41SLMV8L\tbd_web[1].htm -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Cleaned with backup
C:\Documents and Settings\kevin\Local Settings\Temporary Internet Files\Content.IE5\KZ38W9ZX\0006_regular[1].cab/istactivex.dll -> TrojanDownloader.IstBar : Cleaned with backup
C:\Documents and Settings\kevin\Local Settings\Temporary Internet Files\Content.IE5\JYXAXD3O\games5[1].cab/games.exe -> Heuristic.Win32.Dialer : Cleaned with backup
C:\Documents and Settings\kevin\Local Settings\Temporary Internet Files\Content.IE5\JYXAXD3O\bridge-c9[1].cab/MediaAccX.dll -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\kevin\Local Settings\Temporary Internet Files\Content.IE5\GPEF81MB\gdnNL1756[1].exe -> TrojanDownloader.Small.ayl : Cleaned with backup
C:\Documents and Settings\kevin\Cookies\kevin@burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\kevin\Cookies\[email protected][2].txt -> Spyware.Cookie.Euroclick : Cleaned with backup
C:\Documents and Settings\kevin\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\kevin\Cookies\[email protected][1].txt -> Spyware.Cookie.Itrack : Cleaned with backup
C:\Documents and Settings\kevin\Cookies\kevin@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\kevin\Cookies\[email protected][1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\kevin\Cookies\[email protected][1].txt -> Spyware.Cookie.Euroclick : Cleaned with backup
C:\Documents and Settings\kevin\Cookies\[email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\kevin\Cookies\[email protected][2].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\kevin\Cookies\[email protected][1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\kevin\Cookies\[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\kevin\Cookies\[email protected][1].txt -> Spyware.Cookie.Epilot : Cleaned with backup
C:\Documents and Settings\kevin\Cookies\[email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\kevin\Cookies\kevin@burstnet[3].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\kevin\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\kevin\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\kevin\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\kevin\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.12:C:\Documents and Settings\kevin\Application Data\Mozilla\Firefox\Profiles\xlg02da6.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.21:C:\Documents and Settings\kevin\Application Data\Mozilla\Firefox\Profiles\xlg02da6.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.46:C:\Documents and Settings\kevin\Application Data\Mozilla\Firefox\Profiles\xlg02da6.default\cookies.txt -> Spyware.Cookie.Epilot : Cleaned with backup
:mozilla.62:C:\Documents and Settings\kevin\Application Data\Mozilla\Firefox\Profiles\xlg02da6.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.63:C:\Documents and Settings\kevin\Application Data\Mozilla\Firefox\Profiles\xlg02da6.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.64:C:\Documents and Settings\kevin\Application Data\Mozilla\Firefox\Profiles\xlg02da6.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.65:C:\Documents and Settings\kevin\Application Data\Mozilla\Firefox\Profiles\xlg02da6.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.77:C:\Documents and Settings\kevin\Application Data\Mozilla\Firefox\Profiles\xlg02da6.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.79:C:\Documents and Settings\kevin\Application Data\Mozilla\Firefox\Profiles\xlg02da6.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.85:C:\Documents and Settings\kevin\Application Data\Mozilla\Firefox\Profiles\xlg02da6.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.86:C:\Documents and Settings\kevin\Application Data\Mozilla\Firefox\Profiles\xlg02da6.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.152:C:\Documents and Settings\kevin\Application Data\Mozilla\Firefox\Profiles\xlg02da6.default\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
:mozilla.153:C:\Documents and Settings\kevin\Application Data\Mozilla\Firefox\Profiles\xlg02da6.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.169:C:\Documents and Settings\kevin\Application Data\Mozilla\Firefox\Profiles\xlg02da6.default\cookies.txt -> Spyware.Cookie.Masterstats : Cleaned with backup
:mozilla.187:C:\Documents and Settings\kevin\Application Data\Mozilla\Firefox\Profiles\xlg02da6.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.202:C:\Documents and Settings\kevin\Application Data\Mozilla\Firefox\Profiles\xlg02da6.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.223:C:\Documents and Settings\kevin\Application Data\Mozilla\Firefox\Profiles\xlg02da6.default\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
:mozilla.224:C:\Documents and Settings\kevin\Application Data\Mozilla\Firefox\Profiles\xlg02da6.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.254:C:\Documents and Settings\kevin\Application Data\Mozilla\Firefox\Profiles\xlg02da6.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.274:C:\Documents and Settings\kevin\Application Data\Mozilla\Firefox\Profiles\xlg02da6.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.330:C:\Documents and Settings\kevin\Application Data\Mozilla\Firefox\Profiles\xlg02da6.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.346:C:\Documents and Settings\kevin\Application Data\Mozilla\Firefox\Profiles\xlg02da6.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.377:C:\Documents and Settings\kevin\Application Data\Mozilla\Firefox\Profiles\xlg02da6.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.385:C:\Documents and Settings\kevin\Application Data\Mozilla\Firefox\Profiles\xlg02da6.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.421:C:\Documents and Settings\kevin\Application Data\Mozilla\Firefox\Profiles\xlg02da6.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.424:C:\Documents and Settings\kevin\Application Data\Mozilla\Firefox\Profiles\xlg02da6.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\System Volume Information\_restore{22029FAE-1B93-447E-9320-62B1CDF1E44E}\RP51\A0015823.exe -> Trojan.Puper.af : Cleaned with backup
C:\System Volume Information\_restore{22029FAE-1B93-447E-9320-62B1CDF1E44E}\RP51\A0015833.exe -> Trojan.Puper.af : Cleaned with backup
C:\System Volume Information\_restore{22029FAE-1B93-447E-9320-62B1CDF1E44E}\RP51\A0015849.exe -> Trojan.Puper.af : Cleaned with backup
C:\System Volume Information\_restore{22029FAE-1B93-447E-9320-62B1CDF1E44E}\RP52\A0015865.exe -> Trojan.Puper.af : Cleaned with backup
C:\System Volume Information\_restore{22029FAE-1B93-447E-9320-62B1CDF1E44E}\RP52\A0015874.exe -> Trojan.Puper.af : Cleaned with backup
C:\System Volume Information\_restore{22029FAE-1B93-447E-9320-62B1CDF1E44E}\RP52\A0015883.exe -> Trojan.Puper.af : Cleaned with backup
C:\System Volume Information\_restore{22029FAE-1B93-447E-9320-62B1CDF1E44E}\RP52\A0015893.exe -> Trojan.Puper.af : Cleaned with backup
C:\System Volume Information\_restore{22029FAE-1B93-447E-9320-62B1CDF1E44E}\RP52\A0016060.exe -> Trojan.Small.ev : Cleaned with backup
C:\System Volume Information\_restore{22029FAE-1B93-447E-9320-62B1CDF1E44E}\RP53\A0018441.exe -> TrojanDownloader.Petrolin.a : Cleaned with backup
C:\System Volume Information\_restore{22029FAE-1B93-447E-9320-62B1CDF1E44E}\RP60\A0019083.dll -> Trojan.Agent.ff : Cleaned with backup
C:\System Volume Information\_restore{22029FAE-1B93-447E-9320-62B1CDF1E44E}\RP60\A0019087.exe -> Trojan.Puper.af : Cleaned with backup


::Report End

I think thats the ewido log youre looking for

[Rawe]

Are you noticing any problems at the moment?

Can you post me a new HiJackThis log.

- Rawe

[Lisa2005]

I have been fine the past couple of days. Oh, just wanted to ask you something. How do I get Windows Updates in the future?

Also, my ZA trial is running out, what do I do now?

Do you just want me to do a HiJackThis log now?

[Rawe]

Yes, I just want a fresh HijackThis log.

You will need to get Service Pack 2 immediately if you are clean. Just visit www.windowsupdate.com with your Internet Explorer.. (There is also a possibility to install windowsupdates with Firefox nowadays. I'll give you link soon, can you just first post the new log to make sure you're clean.)

- Rawe

[Lisa2005]

Logfile of HijackThis v1.99.1
Scan saved at 16:04:20, on 15/08/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fujitsu\Adsl\dslstat.exe
C:\Program Files\Fujitsu\Adsl\dslagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\NASDAK\OmniMouse Driver\4.0\MOUSE32A.EXE
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Netropa\InetKb\Inetkb.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\svchost.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Explorer.EXE
C:\HJT\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.karoo.co.uk/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\en-us\msntb.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IW ControlCenter] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\Fujitsu\Adsl\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Fujitsu\Adsl\dslagent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\NASDAK\OmniMouse Driver\4.0\MOUSE32A.EXE
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zone...ee/cm/ICSCM.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{48F5A24A-99CF-45FF-87BC-A6D2564DD7C6}: NameServer = 212.50.160.100 213.249.130.100
O17 - HKLM\System\CS1\Services\Tcpip\..\{48F5A24A-99CF-45FF-87BC-A6D2564DD7C6}: NameServer = 212.50.160.100 213.249.130.100
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe