After I have taken updates from S&D each scan says the number of bad items now covered after "Immunize". After taking the latest update this popped up as over 39000. This is not the number shown at the bottom of the screen whilst the scan is running and never has been. At the next scan the number of baddies reduced to 23000 appx; then 19000 appx. At the same time certain files from my McAfee Internet Security Suite have been somehow deleted - not by me - and McA say uninstall and reinstall, but McA still seems to be running OK and McA's own test confirms that. The S&D scan is also slower, now about 12 mins instead of 8 and PC is running slower generally.

Have run Kaspersky which lists a number of files that could not be scanned as they were locked; I took a report but Kasp did not find any baddies in the accesible files.

Leading on from this it seems that I could have been Hijacked so I ran 'Hijackthis' which reported as follows:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:30:29, on 19/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Windows Defender\MsMpEng.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Ahead\InCD\InCDsrv.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Common Files\LightScribe\LSSrvc.exe
e:\program files\mcafee.com\agent\mcdetect.exe
e:\PROGRA~1\mcafee.com\vso\mcshield.exe
e:\PROGRA~1\mcafee.com\agent\mctskshd.exe
E:\WINDOWS\Explorer.EXE
E:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
E:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
E:\Program Files\McAfee.com\VSO\mcvsshld.exe
E:\PROGRA~1\mcafee.com\agent\mcagent.exe
E:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
E:\PROGRA~1\mcafee.com\mps\mscifapp.exe
E:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
e:\progra~1\mcafee.com\vso\mcvsescn.exe
E:\Program Files\Analog Devices\SoundMAX\SMTray.exe
E:\Program Files\McAfee.com\VSO\oasclnt.exe
E:\Program Files\Windows Defender\MSASCui.exe
E:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
E:\Program Files\SiteAdvisor\6066\SiteAdv.exe
E:\Program Files\McAfee\McAfee QuickClean\PlgUni.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\SiteAdvisor\6066\SAService.exe
E:\WINDOWS\System32\snmp.exe
E:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
E:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
E:\WINDOWS\System32\alg.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www./
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Mandy's Legs
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - E:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - e:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - e:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - e:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - e:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - E:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O4 - HKLM\..\Run: [VSOCheckTask] "E:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] E:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] e:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MPFExe] E:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] e:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] E:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] E:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [Smapp] E:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [OASClnt] E:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [Windows Defender] "E:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [DVDTray] E:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
O4 - HKLM\..\Run: [SiteAdvisor] E:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [MCUpdateExe] e:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [McAfee QuickClean Imonitor] "E:\Program Files\McAfee\McAfee QuickClean\PlgUni.exe" /START
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "E:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - e:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - e:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1186588559890
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1186588528343
O16 - DPF: {71057C18-0507-4747-86BC-E11CE7512C5F} (mailhelper Class) - https://register.btinternet.com/templates/btmailcontrol013.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - https://register.btinternet.com/templates/btwebcontrol024.cab
O23 - Service: InCD Helper (InCDsrv) - Nero AG - E:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - E:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - e:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - e:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - e:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - E:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - E:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - E:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - E:\Program Files\SiteAdvisor\6066\SAService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - E:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 8299 bytes

So far as locked files are concerned, I do not know how to unlock them and therefore I have not tried, on the basis that if Kas can't open them then there is a pretty good chance that no one else can either, although this is pure, perhaps naive, supposition. As suggested I have done nothing other than take the Hijack report at this point.

Suggestions??? Or is S&D vulnerable in some way??

Thanks & Kind Regards

David

Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

Hello David, this is the malware forum, I see no malware in the HJT log. If your Kaspersky scan is showing no issues, chances are you are clean.

If you are having issues with Spybot S&D you can address these here:
http://forums.spybot.info/forumdisplay.php?f=4

You can use HJT to remove this junk if you wish. It IS NOT malware.

Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www./
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

Close all programs but HJT and all browser windows, then click on "Fix Checked"

Run Clean Managerhttp://spyware-free.us/tutorials/cleanmgr/

If I can help more, please let me know.

Thanks

Thanks PSKELLEY

I had read the notes before posting and felt that I had covered the 'basics' and was trying to avoid your need to state the obvious. On the question of 'locked files' that could not be scanned - is it possible for an outsider to dump something bad on my PC and then 'lock' that item; viz who can and does lock these files and is this relevant to security issues?

My worry stems from the fact that a McAfee file and a registry entry were deleted by someone else and my S&D immunized count kept changing and was running very slowly - i.e. some external force was acting. S&D sets out and achieves more than any of the other similar types and I would want to ensure that info was fed back to keep it that way.

Will take up the suggestion of the S&D forum.

Thanks again

David

I had read the notes before posting and felt that I had covered the 'basics' and was trying to avoid your need to state the obvious. On the question of 'locked files' that could not be scanned - is it possible for an outsider to dump something bad on my PC and then 'lock' that item; viz who can and does lock these files and is this relevant to security issues? Sorry, I post that for everyone, you would be astounded at how many folks never see the Pinned information. We use the Kaspersky scan because it is one of the very best, I use these instructions myself:
* The program will launch and then begin downloading the latest definition files:
* Once the files have been downloaded click on NEXT
* Now click on Scan Settings
* In the scan settings make that the following are selected:
* Scan using the following Anti-Virus database:
* Standard
* Scan Options:
* Scan Archives
* Scan Mail Bases
* Click OK
* Now under select a target to scan:
* Select My Computer
* This will program will start and scan your system.
* The scan will take a while so be patient and let it run.
* Once the scan is complete it will display if your system has been infected.
* Now click on the Save as Text button:
* Save the file to your desktop.

I have never had a problem, but I am no Kaspersky expert. I would suggest you ask those questions to there technical support or perhaps at this forum:
http://forum.kaspersky.com/index.php?showforum=4
http://usa.kaspersky.com/support/

http://ts.mcafeehelp.com/default.asp?siteID=1&cnrcheck=done&resolution=1024x768
Good luck, I have been using them for years and have yet to get any comprehensive help.

I also use Spybot S&D but I am far from being an expert, folks at the forum I directed you to will be able to assist with your questions.

Thanks

Dear PSKELLEY,

Thanks for those kind comments. I had run all of the things you suggested in Kaspersky and the only bone of contention left is the "locked files" which I will address to them.

I will go to the S&D forum to see if any of the other "brains" out there have any suggestions on why the "Immumize" level should keep on changing.

McAfee is probably the top end of nothing so far as security progs are concerned - they certainly do not have the 'friendly face' of S&D.

I note that you are nearly exactly 2 years older than I am, and it is great to see you up there with the best.

Thanks & Kind Regards

David

Hi David, I want you to know there are a lot of us still swinging a sword at our age:bigthumb: here is some information that might be handy in the future.

Here is some great information from experts in this field that will help you stay clean and safe online.
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

Thanks...Phil
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.

As the problem appears to be resolved this topic has been closed.

If you need it re-opened please send me or a forum staff member a private message (pm) and provide a link to the thread; this applies only to the original topic starter.

Anyone else with similar problems please start a new topic.

Thanks