|
|||||||||
|
|||||||||
| |||||||||
|
|||||||||
|
|||||||||
| |||||||||
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
Dev Shed Forums Sponsor:
|
|
|
|
#1
May 19th, 2005, 09:34 AM
|
||||
|
||||
|
FireFox data wiped [HJT included]
Ok, so I virus scan everyweek, and anti-spyware scan every
night, but I had an issue with FireFox the other day, all of my profile data got wiped. Bookmarks/passwords/history/the whole lot. So OneMSBi told me to post this log here. I ran HJT 10 mins ago, and this is what it came up with: Logfile of HijackThis v1.99.1 Scan saved at 3:26:50 PM, on 5/19/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Funk Software\Odyssey Client\odClientService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\WindowBlinds\wbload.exe C:\wamp\Apache Group\Apache2\bin\Apache.exe C:\Program Files\BELKIN USB Wireless Monitor\WLService.exe C:\WINDOWS\system32\crypserv.exe C:\Program Files\BELKIN USB Wireless Monitor\WLanCfgG.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\wamp\Apache Group\Apache2\bin\Apache.exe C:\mysql\bin\mysqld-max-nt.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\tlntsvr.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\BCMSMMSG.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Messenger Plus! 3\MsgPlus.exe C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\BELKIN USB Wireless Monitor\InfoMyCa.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\I8kfanGUI\I8kfanGUI.exe C:\PROGRA~1\WHATPU~1\WHATPU~1.EXE C:\Program Files\FeedReader\feedreader.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Logitech\SetPoint\kem.exe C:\PROGRAM FILES\LOGITECH\SETPOINT\KHALMNPR.EXE C:\wamp\Apache Group\Apache2\bin\ApacheMonitor.exe C:\Program Files\Folding@Home\winFAH.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Folding@Home\FahCore_65.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Windows Media Player\wmplayer.exe D:\Downloads\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = N4 - Mozilla: user_pref("browser.startup.homepage", "http://www.google.co.uk/"); (C:\Documents and Settings\Jon\Application Data\Mozilla\Profiles\default\49msmx8g.slt\prefs.js) N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CNetscape_UK.src"); (C:\Documents and Settings\Jon\Application Data\Mozilla\Profiles\default\49msmx8g.slt\prefs.js) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
__________________
Support requests via PM will be ignored! Last edited by oneMSBi : May 19th, 2005 at 09:55 AM. Reason: mod edit: it might be easier to read without the code tags
|
|
#2
May 19th, 2005, 09:55 AM
|
||||
|
||||
|
^^ hijackthis log contd. after mod edit to remove code tags
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [Getca] C:\Program Files\BELKIN USB Wireless Monitor\InfoMyCa.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe /startup O4 - HKCU\..\Run: [WhatPulse] C:\PROGRA~1\WHATPU~1\WHATPU~1.EXE O4 - HKCU\..\Run: [feedreader.exe] C:\Program Files\FeedReader\feedreader.exe O4 - Startup: Folding@Home 5.03.lnk = ? O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Logitech SetPoint.lnk = ? O4 - Global Startup: Monitor Apache Servers.lnk = C:\wamp\Apache Group\Apache2\bin\ApacheMonitor.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O15 - Trusted Zone: http://*.osiris O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1096235913850 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = springfield.local O17 - HKLM\Software\..\Telephony: DomainName = springfield.local O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = springfield.local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = springfield.local O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = springfield.local O20 - Winlogon Notify: LBTServ - C:\Program Files\Common Files\Logitech\Bluetooth\lbtserv.dll O20 - Winlogon Notify: OdysseyClient - C:\WINDOWS\SYSTEM32\odyEvent.dll O20 - Winlogon Notify: WB - C:\PROGRA~1\WINDOW~3\fastload.dll O23 - Service: Apache2 - Unknown owner - C:\wamp\Apache Group\Apache2\bin\Apache.exe" -k runservice (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Belkin 54Mbps Wireless USB Network Service (Belkin 54Mbps Wireless USB) - Unknown owner - C:\Program Files\BELKIN USB Wireless Monitor\WLService.exe O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe O23 - Service: distributed.net client (dnetc) - Unknown owner - C:\WINDOWS\system32\iosdt\iosdt.exe (file missing) O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: MySQL - Unknown owner - C:\mysql\bin\mysqld-max-nt.exe O23 - Service: Odyssey Client (odClientService) - Funk Software, Inc. - C:\Program Files\Funk Software\Odyssey Client\odClientService.exe None of that makes any sense to me, but hopefully someone can decipher it for me! Cheers lads, --Jon. Last edited by oneMSBi : May 19th, 2005 at 09:58 AM.
|
|
#3
May 19th, 2005, 09:57 AM
|
||||
|
||||
|
sorry for the edit chief, but i felt it might be easier to read without the code tags.. its ok if it spans more than one post in this forum. thanks for the consideration.
__________________
Nigel ..Seeking code free nirvana... Nigel Fernandes Blog Never argue with fools. They will bring you down to their level and beat you with experience.  Manchester United Forever  
|
|
#4
May 19th, 2005, 02:03 PM
|
|||
|
|||
|
Hi Jon,
You might want to print these instructions for reference or copy and paste them into notepad and save them on your desktop, as you will be off the internet while using HijackThis. If you have any questions before starting the fix, please don't hesitate to ask! You have a Trojan virus on your PC . iosdt.exe is its main file. Even though the item below says (file missing), it is not a guarantee that it is not running. Logoff your internet/network connection. Run HijackThis > Do a system scan only > Config > Delete an NT service > copy and paste "distributed.net client (dnetc)" (without the quotes) > click OK Next... Run HijackThis, click scan, place a checkmark next to the following item. Close all browsers and any other windows or the fix may not work! Click "fix checked". It is OK if some of these items are no longer listed. O23 - Service: distributed.net client (dnetc) - Unknown owner - C:\WINDOWS\system32\iosdt\iosdt.exe (file missing) Next... Boot into Safe Mode. Restart your computer, start tapping F8 when your computer first starts booting, there will be a menu displayed > select Safe Mode. Make sure your computer is configured to show all files and folders. Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden Files and Folders heading select Show Hidden Files and Folders. Uncheck hide extensions for known file types. Uncheck the Hide Protected Operating System Files option. Click Yes to confirm. Click OK. Search for and delete the following folder: C:\WINDOWS\system32\iosdt < delete the entire iosdt folder Reboot normally. Next... I'd like you to do a couple of trojan scans. Install and perform a full system scan with each of these trial programs: Please download Trojan Hunter http://www.misec.net/trojanhunter/ Perform a full system scan. Please write down any files found and include this information in your next post. Delete any files that come up as a positive identification. Next... Please download DiamondCS TDS-3 http://tds.diamondcs.com.au/ Install the program, but do not scan with it yet! Update the Radius definitions file. Right click this link and select "Save as". Save it to the directory where you installed TDS3 and let it replace the old Radius file. http://www.diamondcs.com.au/tds/radius.td3 Start TDS3 > at the top of the program click System Testing > Full system scan > after scanning right-click the report, save as scandump.txt > submit the scandump.txt file into your next post. Finally, right click the items in the list that come up a a Positive Identification and select delete. Along with the information from the two scans above, please post a fresh HijackThis log. Tom
__________________
HijackThis Ad-aware Spybot Search & Destroy SpywareBlaster SpywareGuard Housecall Online A/V Scan Please read the stickys at the top of the forum before posting! Last edited by Tom Myboy : May 19th, 2005 at 02:05 PM.
|
|
#5
May 19th, 2005, 05:43 PM
|
||||
|
||||
|
Ok, so I;ve followed your instuctions Tom, but I don't think it's
changed anything...  I tried to delete the NT service using HJT, but it just gave a pop up error saying '... was not found in the registry'. I then ran the scan again, and checked the box next to it and click on Fix, and it didn't seem to do anything. ... Then I ran the TrojanHunter app, and it gave the following results: Code:
Registry scan No suspicious entries found Inifile scan No suspicious entries found Port scan No suspicious open ports found Memory scan No trojans found in memory File scan Error: Directory not found: C:\WINDOWS\system32\?³ No trojan files found ... Then I ran the DiamondVS thingy, and that didn't find anything. Scandump.txt is as follows: Code:
Scan Control Dumped @ 23:22:53 19-05-05 Suspicious Filename: Dual extensions File: d:\work\cab\jdbenefitstcaseworker14.11.04-.doc Suspicious Filename: Dual extensions File: y:\firefox setup 1.0.3.exe Suspicious Filename: Dual extensions File: y:\firefox setup 1.0.4.exe ... And finally I ran HJT again. Results as follows: Logfile of HijackThis v1.99.1 Scan saved at 11:41:40 PM, on 5/19/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Funk Software\Odyssey Client\odClientService.exe C:\WINDOWS\system32\spoolsv.exe C:\wamp\Apache Group\Apache2\bin\Apache.exe C:\WINDOWS\system32\crypserv.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\mysql\bin\mysqld-max-nt.exe C:\wamp\Apache Group\Apache2\bin\Apache.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\tlntsvr.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\System32\alg.exe C:\Program Files\BELKIN USB Wireless Monitor\WLService.exe C:\Program Files\BELKIN USB Wireless Monitor\WLanCfgG.exe C:\Program Files\WindowBlinds\wbload.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\BCMSMMSG.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Messenger Plus! 3\MsgPlus.exe C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\BELKIN USB Wireless Monitor\InfoMyCa.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Apoint\Apntex.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\I8kfanGUI\I8kfanGUI.exe C:\PROGRA~1\WHATPU~1\WHATPU~1.EXE C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Logitech\SetPoint\kem.exe C:\wamp\Apache Group\Apache2\bin\ApacheMonitor.exe C:\Program Files\Folding@Home\winFAH.exe C:\PROGRAM FILES\LOGITECH\SETPOINT\KHALMNPR.EXE C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\Folding@Home\FahCore_65.exe C:\Program Files\Mozilla Firefox\firefox.exe D:\Downloads\hijackthis\HijackThis.exe
|
|
#6
May 19th, 2005, 05:44 PM
|
||||
|
||||
|
...continued...
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = N4 - Mozilla: user_pref("browser.startup.homepage", "http://www.google.co.uk/"); (C:\Documents and Settings\Jon\Application Data\Mozilla\Profiles\default\49msmx8g.slt\prefs.js) N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CNetscape_UK.src"); (C:\Documents and Settings\Jon\Application Data\Mozilla\Profiles\default\49msmx8g.slt\prefs.js) O1 - Hosts: 64.91.255.87 www.dcsresearch.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [Getca] C:\Program Files\BELKIN USB Wireless Monitor\InfoMyCa.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe /startup O4 - HKCU\..\Run: [WhatPulse] C:\PROGRA~1\WHATPU~1\WHATPU~1.EXE O4 - HKCU\..\Run: [feedreader.exe] C:\Program Files\FeedReader\feedreader.exe O4 - Startup: Folding@Home 5.03.lnk = ? O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Logitech SetPoint.lnk = ? O4 - Global Startup: Monitor Apache Servers.lnk = C:\wamp\Apache Group\Apache2\bin\ApacheMonitor.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O15 - Trusted Zone: http://*.osiris O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1096235913850 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = springfield.local O17 - HKLM\Software\..\Telephony: DomainName = springfield.local O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = springfield.local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = springfield.local O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = springfield.local O20 - Winlogon Notify: LBTServ - C:\Program Files\Common Files\Logitech\Bluetooth\lbtserv.dll O20 - Winlogon Notify: OdysseyClient - C:\WINDOWS\SYSTEM32\odyEvent.dll O20 - Winlogon Notify: WB - C:\PROGRA~1\WINDOW~3\fastload.dll O23 - Service: Apache2 - Unknown owner - C:\wamp\Apache Group\Apache2\bin\Apache.exe" -k runservice (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Belkin 54Mbps Wireless USB Network Service (Belkin 54Mbps Wireless USB) - Unknown owner - C:\Program Files\BELKIN USB Wireless Monitor\WLService.exe O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe O23 - Service: distributed.net client (dnetc) - Unknown owner - C:\WINDOWS\system32\iosdt\iosdt.exe (file missing) O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe (file missing) O23 - Service: MySQL - Unknown owner - C:\mysql\bin\mysqld-max-nt.exe O23 - Service: Odyssey Client (odClientService) - Funk Software, Inc. - C:\Program Files\Funk Software\Odyssey Client\odClientService.exe
|
|
#7
May 20th, 2005, 12:23 PM
|
|||
|
|||
|
Did you perform this step?
Quote:
Also, did you add this to your Trusted Zone (in IE) yourself? O15 - Trusted Zone: http://*.osiris Tom
|
|
#8
May 20th, 2005, 12:38 PM
|
||||
|
||||
|
Quote:
Quote:
Yeah, i did that so that I could test stuff properly on my local dev server...
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
