When a dialog box appears asking you if you would like to download and install the ewido anti-spyware online scanner please click Yes to allow the download.
Click on Start Scan.
after the scan completes it will produce a log for you, copy and paste the results of that scan as a reply to this thread
If any infections are found, (After you save the logfile), Click on Remove Infections.
Name: TrackingCookie.247realmedia Path: C:\Documents and Settings\Chris\Cookies\chris@247realmedia[1].txt Risk: Medium
Name: TrackingCookie.2o7 Path: C:\Documents and Settings\Chris\Cookies\chris@2o7[1].txt Risk: Medium
Name: TrackingCookie.Yieldmanager Path: C:\Documents and Settings\Chris\Cookies\chris@ad.yieldmanager[2].txt Risk: Medium
Name: TrackingCookie.Euroclick Path: C:\Documents and Settings\Chris\Cookies\chris@adopt.euroclick[1].txt Risk: Medium
Name: TrackingCookie.Adrevolver Path: C:\Documents and Settings\Chris\Cookies\chris@adrevolver[2].txt Risk: Medium
Name: TrackingCookie.Bridgetrack Path: C:\Documents and Settings\Chris\Cookies\chris@ads.bridgetrack[1].txt Risk: Medium
Name: TrackingCookie.Pointroll Path: C:\Documents and Settings\Chris\Cookies\chris@ads.pointroll[2].txt Risk: Medium
Name: TrackingCookie.2o7 Path: C:\Documents and Settings\Chris\Cookies\chris@buycom.122.2o7[1].txt Risk: Medium
Name: TrackingCookie.Casalemedia Path: C:\Documents and Settings\Chris\Cookies\chris@casalemedia[1].txt Risk: Medium
Name: TrackingCookie.Clickbank Path: C:\Documents and Settings\Chris\Cookies\chris@clickbank[1].txt Risk: Medium
Name: TrackingCookie.Dealtime Path: C:\Documents and Settings\Chris\Cookies\chris@dealtime[2].txt Risk: Medium
Name: TrackingCookie.2o7 Path: C:\Documents and Settings\Chris\Cookies\chris@entrepreneur.122.2o7[1].txt Risk: Medium
Name: TrackingCookie.Findwhat Path: C:\Documents and Settings\Chris\Cookies\chris@findwhat[1].txt Risk: Medium
Name: TrackingCookie.2o7 Path: C:\Documents and Settings\Chris\Cookies\chris@heavycom.122.2o7[1].txt Risk: Medium
Name: TrackingCookie.Intelli-direct Path: C:\Documents and Settings\Chris\Cookies\chris@intelli-direct[1].txt Risk: Medium
Name: TrackingCookie.Tracking101 Path: C:\Documents and Settings\Chris\Cookies\chris@login.tracking101[2].txt Risk: Medium
Name: TrackingCookie.2o7 Path: C:\Documents and Settings\Chris\Cookies\chris@marketlive.122.2o7[1].txt Risk: Medium
Name: TrackingCookie.Adrevolver Path: C:\Documents and Settings\Chris\Cookies\chris@media.adrevolver[2].txt Risk: Medium
Name: TrackingCookie.2o7 Path: C:\Documents and Settings\Chris\Cookies\chris@microsoftwledu.112.2o7[1].txt Risk: Medium
Name: TrackingCookie.2o7 Path: C:\Documents and Settings\Chris\Cookies\chris@navistarinternational.112.2o7[1].txt Risk: Medium
Name: TrackingCookie.Overture Path: C:\Documents and Settings\Chris\Cookies\chris@overture[1].txt Risk: Medium
Name: TrackingCookie.Overture Path: C:\Documents and Settings\Chris\Cookies\chris@perf.overture[1].txt Risk: Medium
Name: TrackingCookie.Pro-market Path: C:\Documents and Settings\Chris\Cookies\chris@pro-market[2].txt Risk: Medium
Name: TrackingCookie.Questionmarket Path: C:\Documents and Settings\Chris\Cookies\chris@questionmarket[2].txt Risk: Medium
Name: TrackingCookie.Realmedia Path: C:\Documents and Settings\Chris\Cookies\chris@realmedia[2].txt Risk: Medium
Name: TrackingCookie.Revenue Path: C:\Documents and Settings\Chris\Cookies\chris@revenue[1].txt Risk: Medium
Name: TrackingCookie.Revsci Path: C:\Documents and Settings\Chris\Cookies\chris@revsci[2].txt Risk: Medium
Name: TrackingCookie.Liveperson Path: C:\Documents and Settings\Chris\Cookies\chris@server.iad.liveperson[2].txt Risk: Medium
Name: TrackingCookie.2o7 Path: C:\Documents and Settings\Chris\Cookies\chris@shopping.112.2o7[1].txt Risk: Medium
Name: TrackingCookie.Netflame Path: C:\Documents and Settings\Chris\Cookies\chris@ssl-hints.netflame[2].txt Risk: Medium
Name: TrackingCookie.Dealtime Path: C:\Documents and Settings\Chris\Cookies\chris@stat.dealtime[1].txt Risk: Medium
Name: TrackingCookie.Statcounter Path: C:\Documents and Settings\Chris\Cookies\chris@statcounter[1].txt Risk: Medium
Name: TrackingCookie.Tribalfusion Path: C:\Documents and Settings\Chris\Cookies\chris@tribalfusion[2].txt Risk: Medium
Name: TrackingCookie.Abcsearch Path: C:\Documents and Settings\Chris\Cookies\chris@www.abcsearch[1].txt Risk: Medium
Name: TrackingCookie.Zedo Path: C:\Documents and Settings\Chris\Cookies\chris@zedo[2].txt Risk: Medium
Name: Adware.Generic Path: HKLM\SOFTWARE\Classes\CLSID\{7FD44536-9DF0-4034-939F-5BD4D98E3187} Risk: Medium
Name: Adware.Generic Path: HKLM\SOFTWARE\Classes\CLSID\{F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} Risk: Medium
Name: Adware.Generic Path: HKU\S-1-5-21-3541402752-1975135528-3090448254-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FD44536-9DF0-4034-939F-5BD4D98E3187} Risk: Medium
Name: Adware.Starware Path: HKU\S-1-5-21-3541402752-1975135528-3090448254-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA356D79-679B-4B4C-8E49-5AF97014F4C1} Risk: Medium
Name: Adware.Generic Path: HKU\S-1-5-21-3541402752-1975135528-3090448254-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F5DE8ADB-4A69-4E56-96AB-823171C8E9D8} Risk: Medium
Name: Hijacker.Agent.wd Path: C:\!KillBox\cj.v2.dll Risk: High
Name: Downloader.Small.ivo Path: C:\!KillBox\tmp89468.exe Risk: High
Name: Dropper.Agent.eya Path: C:\Documents and Settings\Chris\Local Settings\Temp\L19Qpt9l.exe Risk: High
Name: Downloader.Small.ivo Path: C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\Content.IE5\8EH71N1Z\1207572197[2].exe Risk: High
Name: Downloader.Small.ivo Path: C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\Content.IE5\AGE4EH2B\1207133754[1].exe Risk: High
Name: Downloader.Small.ivo Path: C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\Content.IE5\P66AK7AY\1207133736[1].exe Risk: High
Name: Downloader.Small.ivo Path: C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\Content.IE5\P66AK7AY\1207481595[1].exe Risk: High
Name: TrackingCookie.247realmedia Path: C:\Documents and Settings\Shannon\Cookies\shannon@247realmedia[2].txt Risk: Medium
Name: TrackingCookie.2o7 Path: C:\Documents and Settings\Shannon\Cookies\shannon@2o7[1].txt Risk: Medium
Name: TrackingCookie.7search Path: C:\Documents and Settings\Shannon\Cookies\shannon@7search[1].txt Risk: Medium
Name: TrackingCookie.Yieldmanager Path: C:\Documents and Settings\Shannon\Cookies\shannon@ad.yieldmanager[1].txt Risk: Medium
Name: TrackingCookie.Euroclick Path: C:\Documents and Settings\Shannon\Cookies\shannon@adopt.euroclick[1].txt Risk: Medium
Name: TrackingCookie.Adrevolver Path: C:\Documents and Settings\Shannon\Cookies\shannon@adrevolver[1].txt Risk: Medium
Name: TrackingCookie.Bridgetrack Path: C:\Documents and Settings\Shannon\Cookies\shannon@ads.bridgetrack[1].txt Risk: Medium
Name: TrackingCookie.Pointroll Path: C:\Documents and Settings\Shannon\Cookies\shannon@ads.pointroll[1].txt Risk: Medium
Name: TrackingCookie.Advertising Path: C:\Documents and Settings\Shannon\Cookies\shannon@advertising[2].txt Risk: Medium
Name: TrackingCookie.Adviva Path: C:\Documents and Settings\Shannon\Cookies\shannon@adviva[2].txt Risk: Medium
Name: TrackingCookie.Tacoda Path: C:\Documents and Settings\Shannon\Cookies\shannon@anad.tacoda[1].txt Risk: Medium
Name: TrackingCookie.Tacoda Path: C:\Documents and Settings\Shannon\Cookies\shannon@anat.tacoda[1].txt Risk: Medium
Name: TrackingCookie.Atdmt Path: C:\Documents and Settings\Shannon\Cookies\shannon@atdmt[2].txt Risk: Medium
Name: TrackingCookie.Bluestreak Path: C:\Documents and Settings\Shannon\Cookies\shannon@bluestreak[1].txt Risk: Medium
Name: TrackingCookie.Burstnet Path: C:\Documents and Settings\Shannon\Cookies\shannon@burstnet[1].txt Risk: Medium
Name: TrackingCookie.2o7 Path: C:\Documents and Settings\Shannon\Cookies\shannon@buycom.122.2o7[1].txt Risk: Medium
Name: TrackingCookie.Casalemedia Path: C:\Documents and Settings\Shannon\Cookies\shannon@casalemedia[2].txt Risk: Medium
Name: TrackingCookie.Clickbank Path: C:\Documents and Settings\Shannon\Cookies\shannon@clickbank[1].txt Risk: Medium
Name: TrackingCookie.2o7 Path: C:\Documents and Settings\Shannon\Cookies\shannon@comcast.112.2o7[1].txt Risk: Medium
Name: TrackingCookie.Hitslink Path: C:\Documents and Settings\Shannon\Cookies\shannon@counter.hitslink[1].txt Risk: Medium
Name: TrackingCookie.Hitslink Path: C:\Documents and Settings\Shannon\Cookies\shannon@counter2.hitslink[1].txt Risk: Medium
Name: TrackingCookie.Coremetrics Path: C:\Documents and Settings\Shannon\Cookies\shannon@data.coremetrics[1].txt Risk: Medium
Name: TrackingCookie.Dealtime Path: C:\Documents and Settings\Shannon\Cookies\shannon@dealtime[1].txt Risk: Medium
Name: TrackingCookie.Doubleclick Path: C:\Documents and Settings\Shannon\Cookies\shannon@doubleclick[2].txt Risk: Medium
Name: TrackingCookie.Esomniture Path: C:\Documents and Settings\Shannon\Cookies\shannon@e-2dj6wgk4qid5cdo.stats.esomniture[2].txt Risk: Medium
Name: TrackingCookie.Esomniture Path: C:\Documents and Settings\Shannon\Cookies\shannon@e-2dj6whk4gkdzobp.stats.esomniture[2].txt Risk: Medium
Name: TrackingCookie.Esomniture Path: C:\Documents and Settings\Shannon\Cookies\shannon@e-2dj6whligjdpicp.stats.esomniture[2].txt Risk: Medium
Name: TrackingCookie.Esomniture Path: C:\Documents and Settings\Shannon\Cookies\shannon@e-2dj6wjk4sgazibq.stats.esomniture[2].txt Risk: Medium
Name: TrackingCookie.Esomniture Path: C:\Documents and Settings\Shannon\Cookies\shannon@e-2dj6wjkyokdzelp.stats.esomniture[2].txt Risk: Medium
Name: TrackingCookie.Esomniture Path: C:\Documents and Settings\Shannon\Cookies\shannon@e-2dj6wjlowndjcdq.stats.esomniture[1].txt Risk: Medium
Name: TrackingCookie.Esomniture Path: C:\Documents and Settings\Shannon\Cookies\shannon@e-2dj6wjnyqmd5akq.stats.esomniture[2].txt Risk: Medium
Name: TrackingCookie.2o7 Path: C:\Documents and Settings\Shannon\Cookies\shannon@eharmony.112.2o7[1].txt Risk: Medium
Name: TrackingCookie.Hitbox Path: C:\Documents and Settings\Shannon\Cookies\shannon@ehg-bestbuy.hitbox[1].txt Risk: Medium
Name: TrackingCookie.Hitbox Path: C:\Documents and Settings\Shannon\Cookies\shannon@ehg-comcast.hitbox[2].txt Risk: Medium
Name: TrackingCookie.Hitbox Path: C:\Documents and Settings\Shannon\Cookies\shannon@ehg-dig.hitbox[2].txt Risk: Medium
Name: TrackingCookie.Hitbox Path: C:\Documents and Settings\Shannon\Cookies\shannon@ehg-findlaw.hitbox[2].txt Risk: Medium
Name: TrackingCookie.Hitbox Path: C:\Documents and Settings\Shannon\Cookies\shannon@ehg-foxsports.hitbox[2].txt Risk: Medium
Name: TrackingCookie.Hitbox Path: C:\Documents and Settings\Shannon\Cookies\shannon@ehg-pcsecurityshield.hitbox[1].txt Risk: Medium
Name: TrackingCookie.Hitbox Path: C:\Documents and Settings\Shannon\Cookies\shannon@ehg-ripedigitalentertainment.hitbox[1].txt Risk: Medium
Name: TrackingCookie.Hitbox Path: C:\Documents and Settings\Shannon\Cookies\shannon@ehg-space.hitbox[2].txt Risk: Medium
Name: TrackingCookie.2o7 Path: C:\Documents and Settings\Shannon\Cookies\shannon@ems.112.2o7[1].txt Risk: Medium
Name: TrackingCookie.Enhance Path: C:\Documents and Settings\Shannon\Cookies\shannon@enhance[1].txt Risk: Medium
Name: TrackingCookie.Fastclick Path: C:\Documents and Settings\Shannon\Cookies\shannon@fastclick[2].txt Risk: Medium
Name: TrackingCookie.Findwhat Path: C:\Documents and Settings\Shannon\Cookies\shannon@findwhat[1].txt Risk: Medium
Name: TrackingCookie.2o7 Path: C:\Documents and Settings\Shannon\Cookies\shannon@gemoneysuscarecredit.112.2o7[1].txt Risk: Medium
Name: TrackingCookie.Goclick Path: C:\Documents and Settings\Shannon\Cookies\shannon@goclick[1].txt Risk: Medium
Name: TrackingCookie.2o7 Path: C:\Documents and Settings\Shannon\Cookies\shannon@guthyrenker.112.2o7[1].txt Risk: Medium
Name: TrackingCookie.2o7 Path: C:\Documents and Settings\Shannon\Cookies\shannon@heavycom.122.2o7[1].txt Risk: Medium
Name: TrackingCookie.Hitbox Path: C:\Documents and Settings\Shannon\Cookies\shannon@hitbox[1].txt Risk: Medium
Name: TrackingCookie.2o7 Path: C:\Documents and Settings\Shannon\Cookies\shannon@homestore.122.2o7[1].txt Risk: Medium
Name: TrackingCookie.Info Path: C:\Documents and Settings\Shannon\Cookies\shannon@info[2].txt Risk: Medium
Name: TrackingCookie.Intelli-direct Path: C:\Documents and Settings\Shannon\Cookies\shannon@intelli-direct[1].txt Risk: Medium
Name: TrackingCookie.Adrevolver Path: C:\Documents and Settings\Shannon\Cookies\shannon@media.adrevolver[2].txt Risk: Medium
Name: TrackingCookie.Mediaplex Path: C:\Documents and Settings\Shannon\Cookies\shannon@mediaplex[2].txt Risk: Medium
Name: TrackingCookie.2o7 Path: C:\Documents and Settings\Shannon\Cookies\shannon@microsoftwledu.112.2o7[1].txt Risk: Medium
Name: TrackingCookie.2o7 Path: C:\Documents and Settings\Shannon\Cookies\shannon@msnportal.112.2o7[1].txt Risk: Medium
Name: TrackingCookie.2o7 Path: C:\Documents and Settings\Shannon\Cookies\shannon@nalicogroup.112.2o7[1].txt Risk: Medium
Name: TrackingCookie.2o7 Path: C:\Documents and Settings\Shannon\Cookies\shannon@onetoone.112.2o7[1].txt Risk: Medium
Name: TrackingCookie.Overture Path: C:\Documents and Settings\Shannon\Cookies\shannon@overture[1].txt Risk: Medium
Name: TrackingCookie.Overture Path: C:\Documents and Settings\Shannon\Cookies\shannon@overture[3].txt Risk: Medium
Name: TrackingCookie.2o7 Path: C:\Documents and Settings\Shannon\Cookies\shannon@paypal.112.2o7[1].txt Risk: Medium
Name: TrackingCookie.Overture Path: C:\Documents and Settings\Shannon\Cookies\shannon@perf.overture[1].txt Risk: Medium
Name: TrackingCookie.Hitbox Path: C:\Documents and Settings\Shannon\Cookies\shannon@phg.hitbox[2].txt Risk: Medium
Name: TrackingCookie.Pro-market Path: C:\Documents and Settings\Shannon\Cookies\shannon@pro-market[2].txt Risk: Medium
Name: TrackingCookie.Qksrv Path: C:\Documents and Settings\Shannon\Cookies\shannon@qksrv[2].txt Risk: Medium
Name: TrackingCookie.Questionmarket Path: C:\Documents and Settings\Shannon\Cookies\shannon@questionmarket[1].txt Risk: Medium
Name: TrackingCookie.Realmedia Path: C:\Documents and Settings\Shannon\Cookies\shannon@realmedia[1].txt Risk: Medium
Name: TrackingCookie.Real Path: C:\Documents and Settings\Shannon\Cookies\shannon@real[2].txt Risk: Medium
Name: TrackingCookie.Revenue Path: C:\Documents and Settings\Shannon\Cookies\shannon@revenue[1].txt Risk: Medium
Name: TrackingCookie.Revsci Path: C:\Documents and Settings\Shannon\Cookies\shannon@revsci[1].txt Risk: Medium
Name: TrackingCookie.Adjuggler Path: C:\Documents and Settings\Shannon\Cookies\shannon@rotator.adjuggler[1].txt Risk: Medium
Name: TrackingCookie.Liveperson Path: C:\Documents and Settings\Shannon\Cookies\shannon@sales.liveperson[3].txt Risk: Medium
Name: TrackingCookie.2o7 Path: C:\Documents and Settings\Shannon\Cookies\shannon@scottrade.112.2o7[1].txt Risk: Medium
Name: TrackingCookie.Information Path: C:\Documents and Settings\Shannon\Cookies\shannon@searchportal.information[1].txt Risk: Medium
Name: TrackingCookie.Liveperson Path: C:\Documents and Settings\Shannon\Cookies\shannon@server.iad.liveperson[2].txt Risk: Medium
Name: TrackingCookie.2o7 Path: C:\Documents and Settings\Shannon\Cookies\shannon@shopping.112.2o7[1].txt Risk: Medium
Name: TrackingCookie.Dealtime Path: C:\Documents and Settings\Shannon\Cookies\shannon@stat.dealtime[1].txt Risk: Medium
Name: TrackingCookie.Statcounter Path: C:\Documents and Settings\Shannon\Cookies\shannon@statcounter[2].txt Risk: Medium
Name: TrackingCookie.Webtrendslive Path: C:\Documents and Settings\Shannon\Cookies\shannon@statse.webtrendslive[2].txt Risk: Medium
Name: TrackingCookie.Tacoda Path: C:\Documents and Settings\Shannon\Cookies\shannon@tacoda[2].txt Risk: Medium
Name: TrackingCookie.Coremetrics Path: C:\Documents and Settings\Shannon\Cookies\shannon@test.coremetrics[1].txt Risk: Medium
Name: TrackingCookie.Trafficmp Path: C:\Documents and Settings\Shannon\Cookies\shannon@trafficmp[2].txt Risk: Medium
Name: TrackingCookie.Tribalfusion Path: C:\Documents and Settings\Shannon\Cookies\shannon@tribalfusion[2].txt Risk: Medium
Name: TrackingCookie.2o7 Path: C:\Documents and Settings\Shannon\Cookies\shannon@waterfrontmedia.112.2o7[1].txt Risk: Medium
Name: TrackingCookie.2o7 Path: C:\Documents and Settings\Shannon\Cookies\shannon@weaverenterprises.112.2o7[1].txt Risk: Medium
Name: TrackingCookie.Abcsearch Path: C:\Documents and Settings\Shannon\Cookies\shannon@www.abcsearch[1].txt Risk: Medium
Name: TrackingCookie.Burstbeacon Path: C:\Documents and Settings\Shannon\Cookies\shannon@www.burstbeacon[2].txt Risk: Medium
Name: TrackingCookie.Yadro Path: C:\Documents and Settings\Shannon\Cookies\shannon@yadro[2].txt Risk: Medium
Name: TrackingCookie.Zedo Path: C:\Documents and Settings\Shannon\Cookies\shannon@zedo[1].txt Risk: Medium
Name: Downloader.Small.ivo Path: C:\Documents and Settings\Shannon\Local Settings\Temporary Internet Files\Content.IE5\RD1U96XD\1207597960[1].exe Risk: High
Name: Dropper.Agent.ftv Path: C:\Program Files\1024518500.exe Risk: High
Name: Downloader.BHO.ea Path: C:\Program Files\1024525359.exe Risk: High
Name: Dropper.Agent.eya Path: C:\Program Files\198616906.exe Risk: High
Name: Dropper.Agent.eya Path: C:\Program Files\198616921.exe Risk: High
Name: Dropper.Agent.eya Path: C:\Program Files\198619250.exe Risk: High
Name: Dropper.Agent.eya Path: C:\Program Files\198620390.exe Risk: High
Name: Dropper.Agent.eya Path: C:\Program Files\198621828.exe Risk: High
Name: Dropper.Agent.eya Path: C:\Program Files\198628375.exe Risk: High
Name: Downloader.Small.ivo Path: C:\Program Files\809828250.exe Risk: High
Name: Adware.LookMe Path: C:\Program Files\Picasa\pinstall.dll Risk: Medium
Name: Downloader.Small.ivo Path: C:\Program Files\tmp114718.exe Risk: High
Name: Dropper.Agent.eya Path: C:\Program Files\tmp198631546.exe Risk: High
Name: Downloader.Small.ivo Path: C:\Program Files\tmp32887953.exe Risk: High
Name: Downloader.Small.ivo Path: C:\Program Files\tmp32893890.exe Risk: High
Name: Downloader.Small.ivo Path: C:\Program Files\tmp5648343.exe Risk: High
Name: Downloader.Agent.mox Path: C:\Program Files\Trend Micro\HijackThis\backups\backup-20080408-170731-457.dll Risk: High
Name: Dropper.Agent.ftv Path: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1493\A0155078.exe Risk: High
Name: Downloader.Small.ivo Path: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1519\A0158422.exe Risk: High
Name: Hijacker.Agent.wd Path: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1519\A0158423.dll Risk: High
Right now this user side is running nicely. I do not even get "Cannot find windows shell" type of message when it boots up, (Been wondering what that meant). There are also no more prompts telling me I need to install this and that. I haven't done much since I started on this thread....but it already seems to respond much faster. It is such a relief to have it running normally again. How do I prevent this from happening again? What program should I have running on this computer (and not have running?)? Lots of questions I'm wondering about...want to learn more about all this, somehow.
Thank you, Shannon
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:46:27 AM, on 4/10/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:17:35 AM, on 4/10/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal
Good. Glad to hear it. I will give some protection suggestions in closing.
Now that we have this user taken care of, log in under the other user and run and post a Hijackthis log under that user logon. (As a reply to this thread)
O.k. All of the instructions and fixes are to be run under this users logon. (Just want to be sure we are on the same page)
1. Rerun Hijackthis (scan only) and place checks beside the following entries
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\Zango\bin\10.1.181.0\Weather.exe" -auto O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
Close all other open windows except Hijackthis and Select " Fix checked"
Close Hijackthis ->> Reboot your PC 2. Then run Wormfix I have included the instructions again in this post in case the Wormfix tool doesn't appear under this logon.
Restart your PC, and after it starts, but before you see the Windows Splash screen Begin tapping the F8 key twice a second untill you reach another menu screen (black background with white menu choices) Use your arrow keys and select Safe Mode and then Enter
3. Close all Internet Explorer Windows and Run WormFix
Double click the WormFix.Zip file to unzip it. Open the WormFix Folder Double Click WormFix.vbe to run the program Then Select O.K. at the prompt Allow the program to run (Your desktop will disappear, then re-appear. This is normal) When it is finished it wil produce a log C:\WormFix.txt Copy and paste the results of that log in your reply
4. Then reboot your PC into Normal Windows Mode->> Rerun Hijackthis and post a fresh Hiajckthis log. As well as the C:\WormFix.txt log
I did the Hijack This part, then went into Safe mode. What shows on the screen as Users is: Administrator, and Chris.....there is no Shan. So I logged onto Chris, tried to switch users, nothing happended. Next, I went into Control Panel and clicked onto User Accounts. It came up with Chris, Shan, and Guest. When I clicked on Shan, I get a screen asking what I would like to change(name, password, etc), but no way to sign onto the user. So I rebooted into Safe Mode again, and logged onto Administrator, once again tried to change accounts, and nothing happened. So then I went to click on Control Panel but found that it is missing from that account. Both Shan and Chris are Administrator accounts, and I wasn't even aware until the other day that there was an Administrative User account.
Am I doing something wrong, missing something or need to try something else?
Here is WormFix. I'm about to reboot and rerun HijackThis and send you the log.
Shannon
======================================== WormFix
Version 1.0.7
By bamajim @ CastleCops.com
========================================
C:\WINDOWS\Installer\{e261c543-e198-4dbb-8ebb-3ac12db36523}\zip.dll Found C:\WINDOWS\Installer\{f9c024ce-abd9-43c8-beeb-7923c1078c46}\zip.dll Found C:\WINDOWS\Installer\{fe33d818-1c70-40ec-a0df-6f18c2688914}\zip.dll Found ======================================== WormFix
Version 1.0.7
By bamajim @ CastleCops.com
========================================
C:\WINDOWS\Installer\{e261c543-e198-4dbb-8ebb-3ac12db36523}\zip.dll Found C:\WINDOWS\Installer\{f9c024ce-abd9-43c8-beeb-7923c1078c46}\zip.dll Found C:\WINDOWS\Installer\{fe33d818-1c70-40ec-a0df-6f18c2688914}\zip.dll Found ======================================== WormFix
Version 1.0.7
By bamajim @ CastleCops.com
========================================
C:\WINDOWS\Installer\{e261c543-e198-4dbb-8ebb-3ac12db36523}\zip.dll Found C:\WINDOWS\Installer\{f9c024ce-abd9-43c8-beeb-7923c1078c46}\zip.dll Found C:\WINDOWS\Installer\{fe33d818-1c70-40ec-a0df-6f18c2688914}\zip.dll Found ======================================== WormFix
Version 1.0.7
By bamajim @ CastleCops.com
========================================
C:\WINDOWS\Installer\{e261c543-e198-4dbb-8ebb-3ac12db36523}\zip.dll Found C:\WINDOWS\Installer\{f9c024ce-abd9-43c8-beeb-7923c1078c46}\zip.dll Found C:\WINDOWS\Installer\{fe33d818-1c70-40ec-a0df-6f18c2688914}\zip.dll Found ======================================== WormFix
Version 1.0.7
By bamajim @ CastleCops.com
========================================
C:\WINDOWS\Installer\{e261c543-e198-4dbb-8ebb-3ac12db36523}\zip.dll Found C:\WINDOWS\Installer\{f9c024ce-abd9-43c8-beeb-7923c1078c46}\zip.dll Found C:\WINDOWS\Installer\{fe33d818-1c70-40ec-a0df-6f18c2688914}\zip.dll Found ======================================== WormFix
Version 1.0.7
By bamajim @ CastleCops.com
========================================
C:\WINDOWS\Installer\{e261c543-e198-4dbb-8ebb-3ac12db36523}\zip.dll Found C:\WINDOWS\Installer\{f9c024ce-abd9-43c8-beeb-7923c1078c46}\zip.dll Found C:\WINDOWS\Installer\{fe33d818-1c70-40ec-a0df-6f18c2688914}\zip.dll Found ======================================== WormFix
Version 1.0.9
By bamajim @ CastleCops.com
========================================
C:\WINDOWS\Installer\{0c6ef981-5b44-404f-a044-f693f0526eb8}\CheckRam.dll Found C:\WINDOWS\Installer\{e261c543-e198-4dbb-8ebb-3ac12db36523}\zip.dll Found C:\WINDOWS\Installer\{f9c024ce-abd9-43c8-beeb-7923c1078c46}\zip.dll Found C:\WINDOWS\Installer\{fe33d818-1c70-40ec-a0df-6f18c2688914}\zip.dll Found ======================================== WormFix
Version 1.0.9
By bamajim @ CastleCops.com
========================================
C:\WINDOWS\Installer\{0c6ef981-5b44-404f-a044-f693f0526eb8}\CheckRam.dll Found C:\WINDOWS\Installer\{e261c543-e198-4dbb-8ebb-3ac12db36523}\zip.dll Found C:\WINDOWS\Installer\{f9c024ce-abd9-43c8-beeb-7923c1078c46}\zip.dll Found C:\WINDOWS\Installer\{fe33d818-1c70-40ec-a0df-6f18c2688914}\zip.dll Found ======================================== WormFix
Version 1.0.9
By bamajim @ CastleCops.com
========================================
C:\WINDOWS\Installer\{0c6ef981-5b44-404f-a044-f693f0526eb8}\CheckRam.dll Found C:\WINDOWS\Installer\{e261c543-e198-4dbb-8ebb-3ac12db36523}\zip.dll Found C:\WINDOWS\Installer\{f9c024ce-abd9-43c8-beeb-7923c1078c46}\zip.dll Found C:\WINDOWS\Installer\{fe33d818-1c70-40ec-a0df-6f18c2688914}\zip.dll Found
Here is HijackThis....I did remember to reboot before running it after running Wormfix.
Thanks, Shannon
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:22:54 PM, on 4/10/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal
bamajim
10.4K Posts
0
April 9th, 2008 13:00
Calm down. It is possible to have infections on different user logon's.
Let's finish with the current user, then we will address the other user.
Let's use a different online scan
Please perform an Ewido Online Malware Scan
"The world is what you make of it"
Topojo
22 Posts
0
April 9th, 2008 19:00
Hi,
Thank you for your patience. I had visions of having complicated things. I guess I have to put this on two separate posts.
Shannon__________________________________________________
ewido anti-spyware online scanner
http://www.ewido.net
__________________________________________________
Name: TrackingCookie.247realmedia
Path: C:\Documents and Settings\Chris\Cookies\chris@247realmedia[1].txt
Risk: Medium
Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Chris\Cookies\chris@2o7[1].txt
Risk: Medium
Name: TrackingCookie.Yieldmanager
Path: C:\Documents and Settings\Chris\Cookies\chris@ad.yieldmanager[2].txt
Risk: Medium
Name: TrackingCookie.Euroclick
Path: C:\Documents and Settings\Chris\Cookies\chris@adopt.euroclick[1].txt
Risk: Medium
Name: TrackingCookie.Adrevolver
Path: C:\Documents and Settings\Chris\Cookies\chris@adrevolver[2].txt
Risk: Medium
Name: TrackingCookie.Bridgetrack
Path: C:\Documents and Settings\Chris\Cookies\chris@ads.bridgetrack[1].txt
Risk: Medium
Name: TrackingCookie.Pointroll
Path: C:\Documents and Settings\Chris\Cookies\chris@ads.pointroll[2].txt
Risk: Medium
Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Chris\Cookies\chris@buycom.122.2o7[1].txt
Risk: Medium
Name: TrackingCookie.Casalemedia
Path: C:\Documents and Settings\Chris\Cookies\chris@casalemedia[1].txt
Risk: Medium
Name: TrackingCookie.Clickbank
Path: C:\Documents and Settings\Chris\Cookies\chris@clickbank[1].txt
Risk: Medium
Name: TrackingCookie.Dealtime
Path: C:\Documents and Settings\Chris\Cookies\chris@dealtime[2].txt
Risk: Medium
Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Chris\Cookies\chris@entrepreneur.122.2o7[1].txt
Risk: Medium
Name: TrackingCookie.Findwhat
Path: C:\Documents and Settings\Chris\Cookies\chris@findwhat[1].txt
Risk: Medium
Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Chris\Cookies\chris@heavycom.122.2o7[1].txt
Risk: Medium
Name: TrackingCookie.Intelli-direct
Path: C:\Documents and Settings\Chris\Cookies\chris@intelli-direct[1].txt
Risk: Medium
Name: TrackingCookie.Tracking101
Path: C:\Documents and Settings\Chris\Cookies\chris@login.tracking101[2].txt
Risk: Medium
Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Chris\Cookies\chris@marketlive.122.2o7[1].txt
Risk: Medium
Name: TrackingCookie.Adrevolver
Path: C:\Documents and Settings\Chris\Cookies\chris@media.adrevolver[2].txt
Risk: Medium
Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Chris\Cookies\chris@microsoftwledu.112.2o7[1].txt
Risk: Medium
Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Chris\Cookies\chris@navistarinternational.112.2o7[1].txt
Risk: Medium
Name: TrackingCookie.Overture
Path: C:\Documents and Settings\Chris\Cookies\chris@overture[1].txt
Risk: Medium
Name: TrackingCookie.Overture
Path: C:\Documents and Settings\Chris\Cookies\chris@perf.overture[1].txt
Risk: Medium
Name: TrackingCookie.Pro-market
Path: C:\Documents and Settings\Chris\Cookies\chris@pro-market[2].txt
Risk: Medium
Name: TrackingCookie.Questionmarket
Path: C:\Documents and Settings\Chris\Cookies\chris@questionmarket[2].txt
Risk: Medium
Name: TrackingCookie.Realmedia
Path: C:\Documents and Settings\Chris\Cookies\chris@realmedia[2].txt
Risk: Medium
Name: TrackingCookie.Revenue
Path: C:\Documents and Settings\Chris\Cookies\chris@revenue[1].txt
Risk: Medium
Name: TrackingCookie.Revsci
Path: C:\Documents and Settings\Chris\Cookies\chris@revsci[2].txt
Risk: Medium
Name: TrackingCookie.Liveperson
Path: C:\Documents and Settings\Chris\Cookies\chris@server.iad.liveperson[2].txt
Risk: Medium
Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Chris\Cookies\chris@shopping.112.2o7[1].txt
Risk: Medium
Name: TrackingCookie.Netflame
Path: C:\Documents and Settings\Chris\Cookies\chris@ssl-hints.netflame[2].txt
Risk: Medium
Name: TrackingCookie.Dealtime
Path: C:\Documents and Settings\Chris\Cookies\chris@stat.dealtime[1].txt
Risk: Medium
Name: TrackingCookie.Statcounter
Path: C:\Documents and Settings\Chris\Cookies\chris@statcounter[1].txt
Risk: Medium
Name: TrackingCookie.Tribalfusion
Path: C:\Documents and Settings\Chris\Cookies\chris@tribalfusion[2].txt
Risk: Medium
Name: TrackingCookie.Abcsearch
Path: C:\Documents and Settings\Chris\Cookies\chris@www.abcsearch[1].txt
Risk: Medium
Name: TrackingCookie.Zedo
Path: C:\Documents and Settings\Chris\Cookies\chris@zedo[2].txt
Risk: Medium
Name: Adware.Generic
Path: HKLM\SOFTWARE\Classes\CLSID\{7FD44536-9DF0-4034-939F-5BD4D98E3187}
Risk: Medium
Name: Adware.Generic
Path: HKLM\SOFTWARE\Classes\CLSID\{F5DE8ADB-4A69-4e56-96AB-823171C8E9D8}
Risk: Medium
Name: Adware.Generic
Path: HKU\S-1-5-21-3541402752-1975135528-3090448254-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FD44536-9DF0-4034-939F-5BD4D98E3187}
Risk: Medium
Name: Adware.Starware
Path: HKU\S-1-5-21-3541402752-1975135528-3090448254-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA356D79-679B-4B4C-8E49-5AF97014F4C1}
Risk: Medium
Name: Adware.Generic
Path: HKU\S-1-5-21-3541402752-1975135528-3090448254-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F5DE8ADB-4A69-4E56-96AB-823171C8E9D8}
Risk: Medium
Name: Hijacker.Agent.wd
Path: C:\!KillBox\cj.v2.dll
Risk: High
Name: Downloader.Small.ivo
Path: C:\!KillBox\tmp89468.exe
Risk: High
Name: Dropper.Agent.eya
Path: C:\Documents and Settings\Chris\Local Settings\Temp\L19Qpt9l.exe
Risk: High
Name: Downloader.Small.ivo
Path: C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\Content.IE5\8EH71N1Z\1207572197[2].exe
Risk: High
Name: Downloader.Small.ivo
Path: C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\Content.IE5\AGE4EH2B\1207133754[1].exe
Risk: High
Name: Downloader.Small.ivo
Path: C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\Content.IE5\P66AK7AY\1207133736[1].exe
Risk: High
Name: Downloader.Small.ivo
Path: C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\Content.IE5\P66AK7AY\1207481595[1].exe
Risk: High
Name: TrackingCookie.247realmedia
Path: C:\Documents and Settings\Shannon\Cookies\shannon@247realmedia[2].txt
Risk: Medium
Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Shannon\Cookies\shannon@2o7[1].txt
Risk: Medium
Name: TrackingCookie.7search
Path: C:\Documents and Settings\Shannon\Cookies\shannon@7search[1].txt
Risk: Medium
Name: TrackingCookie.Yieldmanager
Path: C:\Documents and Settings\Shannon\Cookies\shannon@ad.yieldmanager[1].txt
Risk: Medium
Name: TrackingCookie.Euroclick
Path: C:\Documents and Settings\Shannon\Cookies\shannon@adopt.euroclick[1].txt
Risk: Medium
Name: TrackingCookie.Adrevolver
Path: C:\Documents and Settings\Shannon\Cookies\shannon@adrevolver[1].txt
Risk: Medium
Name: TrackingCookie.Bridgetrack
Path: C:\Documents and Settings\Shannon\Cookies\shannon@ads.bridgetrack[1].txt
Risk: Medium
Name: TrackingCookie.Pointroll
Path: C:\Documents and Settings\Shannon\Cookies\shannon@ads.pointroll[1].txt
Risk: Medium
Name: TrackingCookie.Advertising
Path: C:\Documents and Settings\Shannon\Cookies\shannon@advertising[2].txt
Risk: Medium
Name: TrackingCookie.Adviva
Path: C:\Documents and Settings\Shannon\Cookies\shannon@adviva[2].txt
Risk: Medium
Name: TrackingCookie.Tacoda
Path: C:\Documents and Settings\Shannon\Cookies\shannon@anad.tacoda[1].txt
Risk: Medium
Name: TrackingCookie.Tacoda
Path: C:\Documents and Settings\Shannon\Cookies\shannon@anat.tacoda[1].txt
Risk: Medium
Name: TrackingCookie.Atdmt
Path: C:\Documents and Settings\Shannon\Cookies\shannon@atdmt[2].txt
Risk: Medium
Name: TrackingCookie.Bluestreak
Path: C:\Documents and Settings\Shannon\Cookies\shannon@bluestreak[1].txt
Risk: Medium
Name: TrackingCookie.Burstnet
Path: C:\Documents and Settings\Shannon\Cookies\shannon@burstnet[1].txt
Risk: Medium
Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Shannon\Cookies\shannon@buycom.122.2o7[1].txt
Risk: Medium
Name: TrackingCookie.Casalemedia
Path: C:\Documents and Settings\Shannon\Cookies\shannon@casalemedia[2].txt
Risk: Medium
Name: TrackingCookie.Clickbank
Path: C:\Documents and Settings\Shannon\Cookies\shannon@clickbank[1].txt
Risk: Medium
Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Shannon\Cookies\shannon@comcast.112.2o7[1].txt
Risk: Medium
Name: TrackingCookie.Hitslink
Path: C:\Documents and Settings\Shannon\Cookies\shannon@counter.hitslink[1].txt
Risk: Medium
Name: TrackingCookie.Hitslink
Path: C:\Documents and Settings\Shannon\Cookies\shannon@counter2.hitslink[1].txt
Risk: Medium
Name: TrackingCookie.Coremetrics
Path: C:\Documents and Settings\Shannon\Cookies\shannon@data.coremetrics[1].txt
Risk: Medium
Name: TrackingCookie.Dealtime
Path: C:\Documents and Settings\Shannon\Cookies\shannon@dealtime[1].txt
Risk: Medium
Name: TrackingCookie.Doubleclick
Path: C:\Documents and Settings\Shannon\Cookies\shannon@doubleclick[2].txt
Risk: Medium
Name: TrackingCookie.Esomniture
Path: C:\Documents and Settings\Shannon\Cookies\shannon@e-2dj6wgk4qid5cdo.stats.esomniture[2].txt
Risk: Medium
Name: TrackingCookie.Esomniture
Path: C:\Documents and Settings\Shannon\Cookies\shannon@e-2dj6whk4gkdzobp.stats.esomniture[2].txt
Risk: Medium
Name: TrackingCookie.Esomniture
Path: C:\Documents and Settings\Shannon\Cookies\shannon@e-2dj6whligjdpicp.stats.esomniture[2].txt
Risk: Medium
Name: TrackingCookie.Esomniture
Path: C:\Documents and Settings\Shannon\Cookies\shannon@e-2dj6wjk4sgazibq.stats.esomniture[2].txt
Risk: Medium
Name: TrackingCookie.Esomniture
Path: C:\Documents and Settings\Shannon\Cookies\shannon@e-2dj6wjkyokdzelp.stats.esomniture[2].txt
Risk: Medium
Name: TrackingCookie.Esomniture
Path: C:\Documents and Settings\Shannon\Cookies\shannon@e-2dj6wjlowndjcdq.stats.esomniture[1].txt
Risk: Medium
Name: TrackingCookie.Esomniture
Path: C:\Documents and Settings\Shannon\Cookies\shannon@e-2dj6wjnyqmd5akq.stats.esomniture[2].txt
Risk: Medium
Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Shannon\Cookies\shannon@eharmony.112.2o7[1].txt
Risk: Medium
Topojo
22 Posts
0
April 9th, 2008 19:00
Hi,
Here's the other half. Removing infections now..
Thanks, Shannon
Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\Shannon\Cookies\shannon@ehg-bestbuy.hitbox[1].txt
Risk: Medium
Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\Shannon\Cookies\shannon@ehg-comcast.hitbox[2].txt
Risk: Medium
Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\Shannon\Cookies\shannon@ehg-dig.hitbox[2].txt
Risk: Medium
Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\Shannon\Cookies\shannon@ehg-findlaw.hitbox[2].txt
Risk: Medium
Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\Shannon\Cookies\shannon@ehg-foxsports.hitbox[2].txt
Risk: Medium
Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\Shannon\Cookies\shannon@ehg-pcsecurityshield.hitbox[1].txt
Risk: Medium
Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\Shannon\Cookies\shannon@ehg-ripedigitalentertainment.hitbox[1].txt
Risk: Medium
Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\Shannon\Cookies\shannon@ehg-space.hitbox[2].txt
Risk: Medium
Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Shannon\Cookies\shannon@ems.112.2o7[1].txt
Risk: Medium
Name: TrackingCookie.Enhance
Path: C:\Documents and Settings\Shannon\Cookies\shannon@enhance[1].txt
Risk: Medium
Name: TrackingCookie.Fastclick
Path: C:\Documents and Settings\Shannon\Cookies\shannon@fastclick[2].txt
Risk: Medium
Name: TrackingCookie.Findwhat
Path: C:\Documents and Settings\Shannon\Cookies\shannon@findwhat[1].txt
Risk: Medium
Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Shannon\Cookies\shannon@gemoneysuscarecredit.112.2o7[1].txt
Risk: Medium
Name: TrackingCookie.Goclick
Path: C:\Documents and Settings\Shannon\Cookies\shannon@goclick[1].txt
Risk: Medium
Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Shannon\Cookies\shannon@guthyrenker.112.2o7[1].txt
Risk: Medium
Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Shannon\Cookies\shannon@heavycom.122.2o7[1].txt
Risk: Medium
Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\Shannon\Cookies\shannon@hitbox[1].txt
Risk: Medium
Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Shannon\Cookies\shannon@homestore.122.2o7[1].txt
Risk: Medium
Name: TrackingCookie.Info
Path: C:\Documents and Settings\Shannon\Cookies\shannon@info[2].txt
Risk: Medium
Name: TrackingCookie.Intelli-direct
Path: C:\Documents and Settings\Shannon\Cookies\shannon@intelli-direct[1].txt
Risk: Medium
Name: TrackingCookie.Adrevolver
Path: C:\Documents and Settings\Shannon\Cookies\shannon@media.adrevolver[2].txt
Risk: Medium
Name: TrackingCookie.Mediaplex
Path: C:\Documents and Settings\Shannon\Cookies\shannon@mediaplex[2].txt
Risk: Medium
Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Shannon\Cookies\shannon@microsoftwledu.112.2o7[1].txt
Risk: Medium
Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Shannon\Cookies\shannon@msnportal.112.2o7[1].txt
Risk: Medium
Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Shannon\Cookies\shannon@nalicogroup.112.2o7[1].txt
Risk: Medium
Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Shannon\Cookies\shannon@onetoone.112.2o7[1].txt
Risk: Medium
Name: TrackingCookie.Overture
Path: C:\Documents and Settings\Shannon\Cookies\shannon@overture[1].txt
Risk: Medium
Name: TrackingCookie.Overture
Path: C:\Documents and Settings\Shannon\Cookies\shannon@overture[3].txt
Risk: Medium
Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Shannon\Cookies\shannon@paypal.112.2o7[1].txt
Risk: Medium
Name: TrackingCookie.Overture
Path: C:\Documents and Settings\Shannon\Cookies\shannon@perf.overture[1].txt
Risk: Medium
Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\Shannon\Cookies\shannon@phg.hitbox[2].txt
Risk: Medium
Name: TrackingCookie.Pro-market
Path: C:\Documents and Settings\Shannon\Cookies\shannon@pro-market[2].txt
Risk: Medium
Name: TrackingCookie.Qksrv
Path: C:\Documents and Settings\Shannon\Cookies\shannon@qksrv[2].txt
Risk: Medium
Name: TrackingCookie.Questionmarket
Path: C:\Documents and Settings\Shannon\Cookies\shannon@questionmarket[1].txt
Risk: Medium
Name: TrackingCookie.Realmedia
Path: C:\Documents and Settings\Shannon\Cookies\shannon@realmedia[1].txt
Risk: Medium
Name: TrackingCookie.Real
Path: C:\Documents and Settings\Shannon\Cookies\shannon@real[2].txt
Risk: Medium
Name: TrackingCookie.Revenue
Path: C:\Documents and Settings\Shannon\Cookies\shannon@revenue[1].txt
Risk: Medium
Name: TrackingCookie.Revsci
Path: C:\Documents and Settings\Shannon\Cookies\shannon@revsci[1].txt
Risk: Medium
Name: TrackingCookie.Adjuggler
Path: C:\Documents and Settings\Shannon\Cookies\shannon@rotator.adjuggler[1].txt
Risk: Medium
Name: TrackingCookie.Liveperson
Path: C:\Documents and Settings\Shannon\Cookies\shannon@sales.liveperson[3].txt
Risk: Medium
Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Shannon\Cookies\shannon@scottrade.112.2o7[1].txt
Risk: Medium
Name: TrackingCookie.Information
Path: C:\Documents and Settings\Shannon\Cookies\shannon@searchportal.information[1].txt
Risk: Medium
Name: TrackingCookie.Liveperson
Path: C:\Documents and Settings\Shannon\Cookies\shannon@server.iad.liveperson[2].txt
Risk: Medium
Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Shannon\Cookies\shannon@shopping.112.2o7[1].txt
Risk: Medium
Name: TrackingCookie.Dealtime
Path: C:\Documents and Settings\Shannon\Cookies\shannon@stat.dealtime[1].txt
Risk: Medium
Name: TrackingCookie.Statcounter
Path: C:\Documents and Settings\Shannon\Cookies\shannon@statcounter[2].txt
Risk: Medium
Name: TrackingCookie.Webtrendslive
Path: C:\Documents and Settings\Shannon\Cookies\shannon@statse.webtrendslive[2].txt
Risk: Medium
Name: TrackingCookie.Tacoda
Path: C:\Documents and Settings\Shannon\Cookies\shannon@tacoda[2].txt
Risk: Medium
Name: TrackingCookie.Coremetrics
Path: C:\Documents and Settings\Shannon\Cookies\shannon@test.coremetrics[1].txt
Risk: Medium
Name: TrackingCookie.Trafficmp
Path: C:\Documents and Settings\Shannon\Cookies\shannon@trafficmp[2].txt
Risk: Medium
Name: TrackingCookie.Tribalfusion
Path: C:\Documents and Settings\Shannon\Cookies\shannon@tribalfusion[2].txt
Risk: Medium
Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Shannon\Cookies\shannon@waterfrontmedia.112.2o7[1].txt
Risk: Medium
Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Shannon\Cookies\shannon@weaverenterprises.112.2o7[1].txt
Risk: Medium
Name: TrackingCookie.Abcsearch
Path: C:\Documents and Settings\Shannon\Cookies\shannon@www.abcsearch[1].txt
Risk: Medium
Name: TrackingCookie.Burstbeacon
Path: C:\Documents and Settings\Shannon\Cookies\shannon@www.burstbeacon[2].txt
Risk: Medium
Name: TrackingCookie.Yadro
Path: C:\Documents and Settings\Shannon\Cookies\shannon@yadro[2].txt
Risk: Medium
Name: TrackingCookie.Zedo
Path: C:\Documents and Settings\Shannon\Cookies\shannon@zedo[1].txt
Risk: Medium
Name: Downloader.Small.ivo
Path: C:\Documents and Settings\Shannon\Local Settings\Temporary Internet Files\Content.IE5\RD1U96XD\1207597960[1].exe
Risk: High
Name: Dropper.Agent.ftv
Path: C:\Program Files\1024518500.exe
Risk: High
Name: Downloader.BHO.ea
Path: C:\Program Files\1024525359.exe
Risk: High
Name: Dropper.Agent.eya
Path: C:\Program Files\198616906.exe
Risk: High
Name: Dropper.Agent.eya
Path: C:\Program Files\198616921.exe
Risk: High
Name: Dropper.Agent.eya
Path: C:\Program Files\198619250.exe
Risk: High
Name: Dropper.Agent.eya
Path: C:\Program Files\198620390.exe
Risk: High
Name: Dropper.Agent.eya
Path: C:\Program Files\198621828.exe
Risk: High
Name: Dropper.Agent.eya
Path: C:\Program Files\198628375.exe
Risk: High
Name: Downloader.Small.ivo
Path: C:\Program Files\809828250.exe
Risk: High
Name: Adware.LookMe
Path: C:\Program Files\Picasa\pinstall.dll
Risk: Medium
Name: Downloader.Small.ivo
Path: C:\Program Files\tmp114718.exe
Risk: High
Name: Dropper.Agent.eya
Path: C:\Program Files\tmp198631546.exe
Risk: High
Name: Downloader.Small.ivo
Path: C:\Program Files\tmp32887953.exe
Risk: High
Name: Downloader.Small.ivo
Path: C:\Program Files\tmp32893890.exe
Risk: High
Name: Downloader.Small.ivo
Path: C:\Program Files\tmp5648343.exe
Risk: High
Name: Downloader.Agent.mox
Path: C:\Program Files\Trend Micro\HijackThis\backups\backup-20080408-170731-457.dll
Risk: High
Name: Dropper.Agent.ftv
Path: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1493\A0155078.exe
Risk: High
Name: Downloader.Small.ivo
Path: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1519\A0158422.exe
Risk: High
Name: Hijacker.Agent.wd
Path: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1519\A0158423.dll
Risk: High
Name: Not-A-Virus.Adware.HotBar
Path: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1519\A0158957.dll
Risk: Low
Name: Downloader.Agent.mox
Path: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1519\A0158967.cpl
Risk: High
Name: Trojan.Qhost.nl
Path: C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
Risk: High
bamajim
10.4K Posts
0
April 10th, 2008 11:00
topojo
Good work. Now post a fresh Hijackthis log.
And in your reply tell me how the pc is running under the logon we have been working on
"The world is what you make of it"
Topojo
22 Posts
0
April 10th, 2008 11:00
Hi,
Right now this user side is running nicely. I do not even get "Cannot find windows shell" type of message when it boots up, (Been wondering what that meant). There are also no more prompts telling me I need to install this and that. I haven't done much since I started on this thread....but it already seems to respond much faster. It is such a relief to have it running normally again. How do I prevent this from happening again? What program should I have running on this computer (and not have running?)? Lots of questions I'm wondering about...want to learn more about all this, somehow.
Thank you, Shannon
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:46:27 AM, on 4/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\TrueAssistant\TrueAssistant.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = actsvr.comcastonline.com:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = cdn
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WCNetMon Class - {3BE313C3-DAD6-4da6-801D-75860118A0B5} - C:\Program Files\blcorp\WCCSC\WCPStop\wcpstop.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O24 - Desktop Component 0: (no name) - http://www.decoratetoday.com/imageserver_wallpaper/images/gallery/015025/007025/pat/AQ41251B.JPG
--
End of file - 8272 bytes
Topojo
22 Posts
0
April 10th, 2008 12:00
Hi,
Here's the other user's log.
Thanks, Shannon
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:17:35 AM, on 4/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\TrueAssistant\TrueAssistant.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WCNetMon Class - {3BE313C3-DAD6-4da6-801D-75860118A0B5} - C:\Program Files\blcorp\WCCSC\WCPStop\wcpstop.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe
O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\Zango\bin\10.1.181.0\Weather.exe" -auto
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 8479 bytes
bamajim
10.4K Posts
0
April 10th, 2008 12:00
topojo
Good. Glad to hear it. I will give some protection suggestions in closing.
Now that we have this user taken care of, log in under the other user and run and post a Hijackthis log under that user logon. (As a reply to this thread)
"The world is what you make of it"
bamajim
10.4K Posts
0
April 10th, 2008 12:00
O.k. All of the instructions and fixes are to be run under this users logon. (Just want to be sure we are on the same page)
1. Rerun Hijackthis (scan only) and place checks beside the following entries
O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\Zango\bin\10.1.181.0\Weather.exe" -auto
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
Close all other open windows except Hijackthis and Select " Fix checked"
Close Hijackthis ->> Reboot your PC
2. Then run Wormfix I have included the instructions again in this post in case the Wormfix tool doesn't appear under this logon.
1. Go HERE and download WormFix
Save it to your Desktop. But do not run it yet.
2. Reboot into Safe Mode
This can be done by
Begin tapping the F8 key twice a second untill you reach another menu screen (black background with white menu choices)
Use your arrow keys and select Safe Mode and then Enter
3. Close all Internet Explorer Windows and Run WormFix
Open the WormFix Folder
Double Click WormFix.vbe to run the program
Then Select O.K. at the prompt
Allow the program to run (Your desktop will disappear, then re-appear. This is normal)
When it is finished it wil produce a log C:\WormFix.txt
Copy and paste the results of that log in your reply
4. Then reboot your PC into Normal Windows Mode->> Rerun Hijackthis and post a fresh Hiajckthis log.
As well as the C:\WormFix.txt log
"The world is what you make of it"
Topojo
22 Posts
0
April 10th, 2008 14:00
Hi,
I did the Hijack This part, then went into Safe mode. What shows on the screen as Users is: Administrator, and Chris.....there is no Shan. So I logged onto Chris, tried to switch users, nothing happended. Next, I went into Control Panel and clicked onto User Accounts. It came up with Chris, Shan, and Guest. When I clicked on Shan, I get a screen asking what I would like to change(name, password, etc), but no way to sign onto the user. So I rebooted into Safe Mode again, and logged onto Administrator, once again tried to change accounts, and nothing happened. So then I went to click on Control Panel but found that it is missing from that account. Both Shan and Chris are Administrator accounts, and I wasn't even aware until the other day that there was an Administrative User account.
Am I doing something wrong, missing something or need to try something else?
Thanks, Shannon
bamajim
10.4K Posts
0
April 10th, 2008 14:00
topojo
Log in under the problem account normal windows mode. And if you have Wormfix on the desktop, run it in Normal Windows mode. Reply with the results
"The world is what you make of it"
Topojo
22 Posts
0
April 10th, 2008 15:00
Hi,
Here is WormFix. I'm about to reboot and rerun HijackThis and send you the log.
Shannon
========================================
WormFix
Version 1.0.7
By bamajim @ CastleCops.com
========================================
C:\WINDOWS\Installer\{e261c543-e198-4dbb-8ebb-3ac12db36523}\zip.dll Found
C:\WINDOWS\Installer\{f9c024ce-abd9-43c8-beeb-7923c1078c46}\zip.dll Found
C:\WINDOWS\Installer\{fe33d818-1c70-40ec-a0df-6f18c2688914}\zip.dll Found
========================================
WormFix
Version 1.0.7
By bamajim @ CastleCops.com
========================================
C:\WINDOWS\Installer\{e261c543-e198-4dbb-8ebb-3ac12db36523}\zip.dll Found
C:\WINDOWS\Installer\{f9c024ce-abd9-43c8-beeb-7923c1078c46}\zip.dll Found
C:\WINDOWS\Installer\{fe33d818-1c70-40ec-a0df-6f18c2688914}\zip.dll Found
========================================
WormFix
Version 1.0.7
By bamajim @ CastleCops.com
========================================
C:\WINDOWS\Installer\{e261c543-e198-4dbb-8ebb-3ac12db36523}\zip.dll Found
C:\WINDOWS\Installer\{f9c024ce-abd9-43c8-beeb-7923c1078c46}\zip.dll Found
C:\WINDOWS\Installer\{fe33d818-1c70-40ec-a0df-6f18c2688914}\zip.dll Found
========================================
WormFix
Version 1.0.7
By bamajim @ CastleCops.com
========================================
C:\WINDOWS\Installer\{e261c543-e198-4dbb-8ebb-3ac12db36523}\zip.dll Found
C:\WINDOWS\Installer\{f9c024ce-abd9-43c8-beeb-7923c1078c46}\zip.dll Found
C:\WINDOWS\Installer\{fe33d818-1c70-40ec-a0df-6f18c2688914}\zip.dll Found
========================================
WormFix
Version 1.0.7
By bamajim @ CastleCops.com
========================================
C:\WINDOWS\Installer\{e261c543-e198-4dbb-8ebb-3ac12db36523}\zip.dll Found
C:\WINDOWS\Installer\{f9c024ce-abd9-43c8-beeb-7923c1078c46}\zip.dll Found
C:\WINDOWS\Installer\{fe33d818-1c70-40ec-a0df-6f18c2688914}\zip.dll Found
========================================
WormFix
Version 1.0.7
By bamajim @ CastleCops.com
========================================
C:\WINDOWS\Installer\{e261c543-e198-4dbb-8ebb-3ac12db36523}\zip.dll Found
C:\WINDOWS\Installer\{f9c024ce-abd9-43c8-beeb-7923c1078c46}\zip.dll Found
C:\WINDOWS\Installer\{fe33d818-1c70-40ec-a0df-6f18c2688914}\zip.dll Found
========================================
WormFix
Version 1.0.9
By bamajim @ CastleCops.com
========================================
C:\WINDOWS\Installer\{0c6ef981-5b44-404f-a044-f693f0526eb8}\CheckRam.dll Found
C:\WINDOWS\Installer\{e261c543-e198-4dbb-8ebb-3ac12db36523}\zip.dll Found
C:\WINDOWS\Installer\{f9c024ce-abd9-43c8-beeb-7923c1078c46}\zip.dll Found
C:\WINDOWS\Installer\{fe33d818-1c70-40ec-a0df-6f18c2688914}\zip.dll Found
========================================
WormFix
Version 1.0.9
By bamajim @ CastleCops.com
========================================
C:\WINDOWS\Installer\{0c6ef981-5b44-404f-a044-f693f0526eb8}\CheckRam.dll Found
C:\WINDOWS\Installer\{e261c543-e198-4dbb-8ebb-3ac12db36523}\zip.dll Found
C:\WINDOWS\Installer\{f9c024ce-abd9-43c8-beeb-7923c1078c46}\zip.dll Found
C:\WINDOWS\Installer\{fe33d818-1c70-40ec-a0df-6f18c2688914}\zip.dll Found
========================================
WormFix
Version 1.0.9
By bamajim @ CastleCops.com
========================================
C:\WINDOWS\Installer\{0c6ef981-5b44-404f-a044-f693f0526eb8}\CheckRam.dll Found
C:\WINDOWS\Installer\{e261c543-e198-4dbb-8ebb-3ac12db36523}\zip.dll Found
C:\WINDOWS\Installer\{f9c024ce-abd9-43c8-beeb-7923c1078c46}\zip.dll Found
C:\WINDOWS\Installer\{fe33d818-1c70-40ec-a0df-6f18c2688914}\zip.dll Found
bamajim
10.4K Posts
0
April 10th, 2008 15:00
topojo
Can you now access control panel under this logon?
"The world is what you make of it"
Topojo
22 Posts
0
April 10th, 2008 15:00
Hi again,
Here is HijackThis....I did remember to reboot before running it after running Wormfix.
Thanks, Shannon
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:22:54 PM, on 4/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\TrueAssistant\TrueAssistant.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WCNetMon Class - {3BE313C3-DAD6-4da6-801D-75860118A0B5} - C:\Program Files\blcorp\WCCSC\WCPStop\wcpstop.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 8103 bytes
Topojo
22 Posts
0
April 10th, 2008 21:00
Hi,
Yes, I can access Control Panel....once again, it is nice to see it!!
Thanks,
Shannon
bamajim
10.4K Posts
0
April 11th, 2008 11:00
Topojo
So is the PC running o.k. under both logons now?
"The world is what you make of it"