View Full Version : Virtumonde, help pls
rozybear1
2007-05-25, 05:25
As-Adaware SE found 2 Virtumonde, here is the log.
ArchiveData(auto-quarantine- 2007-05-24 19-50-38.bckp)
Referencefile : SE1R170 14.05.2007
======================================================
MRU LIST
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[0]=MRU FileReference : C:\Documents and Settings\Rozanne\recent\13hp3.gif.lnk
obj[1]=MRU FileReference : C:\Documents and Settings\Rozanne\recent\Activescan.txt.lnk
obj[2]=MRU FileReference : C:\Documents and Settings\Rozanne\recent\BladesEdgeMountainsbig.jpg.lnk
obj[3]=MRU FileReference : C:\Documents and Settings\Rozanne\recent\Christ.gif.lnk
obj[4]=MRU FileReference : C:\Documents and Settings\Rozanne\recent\Error messages 2.bmp.lnk
obj[5]=MRU FileReference : C:\Documents and Settings\Rozanne\recent\Error messages 3.bmp.lnk
obj[6]=MRU FileReference : C:\Documents and Settings\Rozanne\recent\GoAlfie.jpg.lnk
obj[7]=MRU FileReference : C:\Documents and Settings\Rozanne\recent\JaniandSporebatpet.jpg.lnk
obj[8]=MRU FileReference : C:\Documents and Settings\Rozanne\recent\John.jpg.lnk
obj[9]=MRU FileReference : C:\Documents and Settings\Rozanne\recent\My Pictures.lnk
obj[10]=MRU FileReference : C:\Documents and Settings\Rozanne\recent\Nagrand.JPG.lnk
obj[11]=MRU FileReference : C:\Documents and Settings\Rozanne\recent\realmlist.wtf.lnk
obj[12]=MRU RegReference : S-1-5-21-128101014-3577859892-2456663316-1007\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\*
obj[13]=MRU RegReference : S-1-5-21-128101014-3577859892-2456663316-1007\software\microsoft\windows\currentversion\explorer\recentdocs\.bmp
obj[14]=MRU RegReference : S-1-5-21-128101014-3577859892-2456663316-1007\software\microsoft\windows\currentversion\explorer\recentdocs\.gif
obj[15]=MRU RegReference : S-1-5-21-128101014-3577859892-2456663316-1007\software\microsoft\windows\currentversion\explorer\recentdocs\.jpg
obj[16]=MRU RegReference : S-1-5-21-128101014-3577859892-2456663316-1007\software\microsoft\windows\currentversion\explorer\recentdocs\.txt
obj[17]=MRU RegReference : S-1-5-21-128101014-3577859892-2456663316-1007\software\microsoft\windows\currentversion\explorer\recentdocs\.wtf
obj[18]=MRU RegReference : S-1-5-21-128101014-3577859892-2456663316-1007\software\microsoft\windows\currentversion\explorer\recentdocs\Folder
obj[19]=MRU RegReference : S-1-5-21-128101014-3577859892-2456663316-1007\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\jpg
obj[21]=MRU RegReference : S-1-5-21-128101014-3577859892-2456663316-1007\software\microsoft\direct3d\mostrecentapplication name
obj[22]=MRU RegReference : software\microsoft\direct3d\mostrecentapplication name
obj[23]=MRU RegReference : S-1-5-21-128101014-3577859892-2456663316-1007\software\microsoft\direct3d\mostrecentapplication name
obj[24]=MRU RegReference : software\microsoft\direct3d\mostrecentapplication name
obj[25]=MRU RegReference : software\microsoft\directdraw\mostrecentapplication name
obj[26]=MRU RegReference : S-1-5-21-128101014-3577859892-2456663316-1007\software\microsoft\directinput\mostrecentapplication name
obj[27]=MRU RegReference : S-1-5-21-128101014-3577859892-2456663316-1007\software\microsoft\directinput\mostrecentapplication id
obj[28]=MRU RegReference : S-1-5-21-128101014-3577859892-2456663316-1007\software\microsoft\internet explorer download directory
obj[29]=MRU RegReference : S-1-5-21-128101014-3577859892-2456663316-1007\software\microsoft\internet explorer\typedurls
obj[30]=MRU RegReference : S-1-5-21-128101014-3577859892-2456663316-1007\software\microsoft\windows\currentversion\applets\paint\recent file list
obj[31]=MRU RegReference : S-1-5-21-128101014-3577859892-2456663316-1007\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
obj[20]=MRU RegReference : S-1-5-21-128101014-3577859892-2456663316-1007\software\microsoft\windows media\wmsdk\general computername
TRACKING COOKIE
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[15]=IECache Entry : Cookie:rozanne@2o7.net/
obj[16]=IECache Entry : Cookie:rozanne@statcounter.com/
obj[17]=IECache Entry : Cookie:rozanne@247realmedia.com/
obj[18]=IECache Entry : Cookie:rozanne@partypoker.com/
obj[19]=IECache Entry : Cookie:rozanne@estat.com/
obj[20]=IECache Entry : Cookie:rozanne@server.iad.liveperson.net/hc/32849030
obj[21]=IECache Entry : Cookie:rozanne@ehg-veohnetworksinc.hitbox.com/
obj[22]=IECache Entry : Cookie:rozanne@live365.com/
obj[23]=IECache Entry : Cookie:rozanne@overture.com/
obj[24]=IECache Entry : Cookie:rozanne@msnportal.112.2o7.net/
obj[25]=IECache Entry : Cookie:rozanne@hitbox.com/
obj[26]=IECache Entry : Cookie:rozanne@realmedia.com/
obj[27]=IECache Entry : Cookie:rozanne@server.iad.liveperson.net/
obj[28]=IECache Entry : Cookie:rozanne@advertising.com/
VIRTUMONDE
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[29]=File : C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP4\A0004612.dll
obj[30]=File : C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP4\A0004613.dll
I read another post and the person was told to run VundoFix, so I ran VundoFix, but it did not find any infections.
Here is my HJT log.
Logfile of HijackThis v1.99.1
Scan saved at 8:04:52 PM, on 5/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Personal Vault\VaultClientSRV.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJK\HJK.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=1070120
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=1070120
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ca.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://ca.search.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=1070120
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [StandardInstall] iexplore.exe file://C:/WINDOWS/system32/ClientSyncLoader.en_US.htm?https;activation.sympatico.ca:443/wizlet/SympaticoWebflow/loadSyncPrepare.do;restart=true
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Dell Network Assistant.lnk = C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} (Talisma NetAgent Customer ActiveX Control version 3) - https://intuitcanada.ehosts.net/netagent/objects/custappx3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - http://fulfillment.puretracks.com/onager.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1169764040203
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.4.2/jinstall-1_4_2-windows-i586.cab
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://activation.sympatico.ca/wizlet/SympaticoWebflow/static/controls/BellCanadaActiveX.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Personal Vault Backup Service (VaultClientSRV) - Unknown owner - C:\Program Files\Personal Vault\VaultClientSRV.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
and while scanning with Kaspersky, my AVG popped a threat (Lop.BN)
And my log from Kaspersky Online scan.
Total number of scanned objects: 128880
Number of viruses found: 4
Number of infected objects: 13
Number of suspicious objects: 0
Duration of the scan process: 01:58:59
but it wont' give me the list of what is found or a log option... it says in the help menu that I can save a log... but no option to do so.
I'll tell you this, my son is getting a good talking too... I clean his computer, while I'm doing that, he infects mine...
pskelley
2007-05-27, 23:56
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information. "BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Negligible Objects: MRU LIST (Ad-Aware SE)
Objects shown here are not considered to be a threat. They consist of MRU (Most Recently Used items) lists. These can be removed if the user desires.
VIRTUMONDE:
Those two items are in System Restore...System Restore does not know the good files from the bad. In case bad stuff has gotten into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, reboot then turn it back on:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?Open&src=sec_doc_nam
TRACKING COOKIE
You should know how to delete cookies by now?
http://www.google.com/search?hl=en&q=how+to+delete+IE+cookies&btnG=Google+Search
I don't see any malware in the HJT log, if you want a check, run AVG Anti-Spyware 7.5 according to these directions:
http://forums.security-central.us/showthread.php?t=3165
Delete or quarantine anything it finds and save the scan report to post.
Restart the computer and post that scan report and a new HJT log.
Thanks
rozybear1
2007-05-28, 01:19
To tell you the truth, I always forget to delete cookies... but yes, I know how to do it. With the older version of IE, it was set to delete after 5 days, but I had not figured out until now how to do it with this newer version. Here are logs I wanted to post, but wanted to wait until I get a reply from someone as I did not want someone to think I already had someone helping me when in fact I didn't.
My computer would never install properly the updates for Windows. I have finally managed to install the latest updates, and now the computer runs better, but I am still having issues. To start with, it keeps closing my firewall, which is seriously pissing me off. Sometimes I can't even turn it back on cause it just won't let me.
I finally manage to start a new virus scan and save the log.
KASPERSKY ONLINE SCANNER REPORT
Saturday, May 26, 2007 1:31:51 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 26/05/2007
Kaspersky Anti-Virus database records: 330329
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
E:\
Scan Statistics
Total number of scanned objects 131747
Number of viruses found 5
Number of infected objects 15
Number of suspicious objects 0
Duration of the scan process 02:05:15
Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\SingleClick Systems\HomeNet Manager\Logs\hnm_svc.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Rozanne\.housecall6.6\Quarantine\dsbr.jar-51e543a5-54abca56.zip.bac_a01464/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.ao skipped
C:\Documents and Settings\Rozanne\.housecall6.6\Quarantine\dsbr.jar-51e543a5-54abca56.zip.bac_a01464 ZIP: infected - 1 skipped
C:\Documents and Settings\Rozanne\.housecall6.6\Quarantine\dsbr.jar-51e543a5-54abca56.zip.bac_a01464 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Rozanne\.housecall6.6\Quarantine\Setup.exe.bac_a01464 Infected: not-a-virus:AdWare.Win32.180Solutions.ax skipped
C:\Documents and Settings\Rozanne\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\AUPNP.log Object is locked skipped
C:\Documents and Settings\Rozanne\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
C:\Documents and Settings\Rozanne\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt_GTActions.log Object is locked skipped
C:\Documents and Settings\Rozanne\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\gdql_d_DSAgnt.log Object is locked skipped
C:\Documents and Settings\Rozanne\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\glog.log Object is locked skipped
C:\Documents and Settings\Rozanne\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Rozanne\Desktop\misc\Nero-7.8.5.0_eng_trial.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Documents and Settings\Rozanne\Desktop\misc\Nero-7.8.5.0_eng_trial.exe RAR: infected - 1 skipped
C:\Documents and Settings\Rozanne\Local Settings\Application Data\Microsoft\Messenger\rozybear1@hotmail.com\SharingMetadata\Logs\Dfsr.log Object is locked skipped
C:\Documents and Settings\Rozanne\Local Settings\Application Data\Microsoft\Messenger\rozybear1@hotmail.com\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\Rozanne\Local Settings\Application Data\Microsoft\Messenger\rozybear1@hotmail.com\SharingMetadata\Working\database_A30_4B67_304B_58B9\dfsr.db Object is locked skipped
C:\Documents and Settings\Rozanne\Local Settings\Application Data\Microsoft\Messenger\rozybear1@hotmail.com\SharingMetadata\Working\database_A30_4B67_304B_58B9\fsr.log Object is locked skipped
C:\Documents and Settings\Rozanne\Local Settings\Application Data\Microsoft\Messenger\rozybear1@hotmail.com\SharingMetadata\Working\database_A30_4B67_304B_58B9\fsrtmp.log Object is locked skipped
C:\Documents and Settings\Rozanne\Local Settings\Application Data\Microsoft\Messenger\rozybear1@hotmail.com\SharingMetadata\Working\database_A30_4B67_304B_58B9\tmp.edb Object is locked skipped
C:\Documents and Settings\Rozanne\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Rozanne\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Rozanne\Local Settings\Application Data\Microsoft\Windows Live Contacts\rozybear1@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\Rozanne\Local Settings\Application Data\Microsoft\Windows Live Contacts\rozybear1@hotmail.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Rozanne\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Rozanne\Local Settings\Temp\~DF1243.tmp Object is locked skipped
C:\Documents and Settings\Rozanne\Local Settings\Temp\~DF13A5.tmp Object is locked skipped
C:\Documents and Settings\Rozanne\Local Settings\Temp\~DF3EE6.tmp Object is locked skipped
C:\Documents and Settings\Rozanne\Local Settings\Temp\~DF3F27.tmp Object is locked skipped
C:\Documents and Settings\Rozanne\Local Settings\Temp\~DF6B29.tmp Object is locked skipped
C:\Documents and Settings\Rozanne\Local Settings\Temp\~DF72B.tmp Object is locked skipped
C:\Documents and Settings\Rozanne\Local Settings\Temp\~DFB2E9.tmp Object is locked skipped
C:\Documents and Settings\Rozanne\Local Settings\Temp\~DFB333.tmp Object is locked skipped
C:\Documents and Settings\Rozanne\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Rozanne\Local Settings\Temporary Internet Files\Content.IE5\5133WYXI\SmitfraudFix[1].exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Rozanne\Local Settings\Temporary Internet Files\Content.IE5\5133WYXI\SmitfraudFix[1].exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Rozanne\Local Settings\Temporary Internet Files\Content.IE5\5133WYXI\SmitfraudFix[1].exe RarSFX: infected - 2 skipped
C:\Documents and Settings\Rozanne\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Rozanne\Local Settings\Temporary Internet Files\Content.IE5\UAWKUBBT\bind[1].htm Object is locked skipped
C:\Documents and Settings\Rozanne\ntuser.dat Object is locked skipped
C:\Documents and Settings\Rozanne\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2007-05-26.10-09-45.log Object is locked skipped
C:\Program Files\Dell Network Assistant\Logs\ezi_hnm.log Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\master.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\mastlog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\model.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\modellog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\tempdb.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\templog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\LOG\ERRORLOG Object is locked skipped
C:\RECYCLER\S-1-5-21-128101014-3577859892-2456663316-1007\Dc12\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP5\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\asvciovr.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd9405.sys Object is locked skipped
C:\WINDOWS\system32\drivers\vaxscsi.sys Object is locked skipped
C:\WINDOWS\system32\dtpfjxpf.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\krbcykwc.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\WINDOWS\system32\lcxvxuqb.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\WINDOWS\system32\pycwmswh.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_348.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
Rest in next post
rozybear1
2007-05-28, 01:22
Continue from previous post
Logfile of HijackThis v1.99.1
Scan saved at 2:16:32 PM, on 5/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Personal Vault\VaultClientSRV.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Grisoft\AVG7\avgvv.exe
C:\Program Files\Corel\Corel Snapfire Plus\Corel Snapfire.exe
C:\HJK\HJK.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=1070120
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=1070120
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [StandardInstall] iexplore.exe file://C:/WINDOWS/system32/ClientSyncLoader.en_US.htm?https;activation.sympatico.ca:443/wizlet/SympaticoWebflow/loadSyncPrepare.do;restart=true
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Dell Network Assistant.lnk = C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} (Talisma NetAgent Customer ActiveX Control version 3) - https://intuitcanada.ehosts.net/netagent/objects/custappx3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - http://fulfillment.puretracks.com/onager.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1169764040203
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.4.2/jinstall-1_4_2-windows-i586.cab
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://activation.sympatico.ca/wizlet/SympaticoWebflow/static/controls/BellCanadaActiveX.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Personal Vault Backup Service (VaultClientSRV) - Unknown owner - C:\Program Files\Personal Vault\VaultClientSRV.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
Here is a fresh HJT log though after turning off system restore. I know you said that you did not see anything in my HJT log, but I still feel like it is not correct. I know that the Kaspersky found some infections, as to wheter or not I should worry, I don't know. My Ad-Aware keeps saying there is nothing found, and same with AVG... but I will run it again. I also looked up some of the infections Kaspersky found and they say no description found in their vault... so not sure what to make of it.
Logfile of HijackThis v1.99.1
Scan saved at 6:06:52 PM, on 5/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Personal Vault\VaultClientSRV.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\HJK\HJK.exe
C:\HJK\HJK.exe
C:\Program Files\Internet Explorer\iexplore.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=1070120
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=1070120
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [StandardInstall] iexplore.exe file://C:/WINDOWS/system32/ClientSyncLoader.en_US.htm?https;activation.sympatico.ca:443/wizlet/SympaticoWebflow/loadSyncPrepare.do;restart=true
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Dell Network Assistant.lnk = C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} (Talisma NetAgent Customer ActiveX Control version 3) - https://intuitcanada.ehosts.net/netagent/objects/custappx3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - http://fulfillment.puretracks.com/onager.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1169764040203
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.4.2/jinstall-1_4_2-windows-i586.cab
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://activation.sympatico.ca/wizlet/SympaticoWebflow/static/controls/BellCanadaActiveX.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Personal Vault Backup Service (VaultClientSRV) - Unknown owner - C:\Program Files\Personal Vault\VaultClientSRV.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
pskelley
2007-05-28, 01:43
You make it hard to help when you do everything except follow my directions which were:
I don't see any malware in the HJT log, if you want a check, run AVG Anti-Spyware 7.5 according to these directions:
http://forums.security-central.us/showthread.php?t=3165
Delete or quarantine anything it finds and save the scan report to post.
Restart the computer and post that scan report and a new HJT log.
If I asked for a Kaspersky scan I wonder what I would get?
I don't use Kaspersky much because it does not fix what it finds. Look at that log yourself, I think most of those items are:
C:\Documents and Settings\Rozanne\.housecall6.6\Quarantine\ <<< IN HOUSE CALL quarantine
I see a lot of this:
C:\Documents and Settings\Rozanne\Local Settings\Temp\~DF3F27.tmp Object is locked skipped
Clean out that TEMP folder, if you need a tool to do it for you, here is one:
http://forums.security-central.us/showthread.php?t=1925
I need to know more about the firewall issue. What are you running for a firewall? What message do you receive that indicates a problem, please post that and any other error messages you are getting word for word.
Please also post only what I request.
Thank you
rozybear1
2007-05-28, 03:07
Ya, it comes with the teritory of holding 3 jobs at once... a mom AND a dad of 2 teen boys along with being a woman trying to hold a steady job. Sorry... it's just that you said you didn't see anything, and I wanted to post what I had finally managed to find from online scan since I was still having trouble. I've tried to install AVG Anti-Spyware a few times in the past, but it would never worked. Everytime I would try to update, it would say that it could not connect.
This time though, I finally managed to do an update... not sure why it would not work before... I've followed these instructions before...
Anyhow, it looks like AVG AV and AVG AS keeps saying there is nothing, as the only thing it seemed to have found are normal tracking cookies... so I guess I'll say sorry for your time, and thx for your help, and I'll just keep dealing with a computer that won't keep my firewall on.
By the way, I don't have a paid firewall except for the one in my router and the one from Windows. I know the one from Windows is junk... but I had one with Sympatico (AV + AS + FW) which I had to uninstall because it kept telling me there was a problem with my licence, so I got AVG.
FYI, when I turn on my computer I get a Windows Security Alert, and when I open it and try to at least turn on the Windows Firewall, I get the following error message:
Windows Firewall settings cannot be displayed because the associated service is not running. Do you want to start the Windows Firewal/Internet Connection Sharing (ICS) services? yes no. I click yes, and then sometimes get another error message, and sometimes it just opens up the normal windows firewall page and I can turn it on no problem.
Anyhow, since u asked for the posts... here they are... and thx.
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 7:42:59 PM 5/27/2007
+ Scan result:
C:\Documents and Settings\Rozanne\Cookies\rozanne@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.54:C:\Documents and Settings\Rozanne\Application Data\Mozilla\Firefox\Profiles\8ohb3bvi.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.55:C:\Documents and Settings\Rozanne\Application Data\Mozilla\Firefox\Profiles\8ohb3bvi.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.56:C:\Documents and Settings\Rozanne\Application Data\Mozilla\Firefox\Profiles\8ohb3bvi.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.162:C:\Documents and Settings\Rozanne\Application Data\Mozilla\Firefox\Profiles\8ohb3bvi.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.163:C:\Documents and Settings\Rozanne\Application Data\Mozilla\Firefox\Profiles\8ohb3bvi.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.164:C:\Documents and Settings\Rozanne\Application Data\Mozilla\Firefox\Profiles\8ohb3bvi.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.165:C:\Documents and Settings\Rozanne\Application Data\Mozilla\Firefox\Profiles\8ohb3bvi.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.160:C:\Documents and Settings\Rozanne\Application Data\Mozilla\Firefox\Profiles\8ohb3bvi.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.112:C:\Documents and Settings\Rozanne\Application Data\Mozilla\Firefox\Profiles\8ohb3bvi.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.113:C:\Documents and Settings\Rozanne\Application Data\Mozilla\Firefox\Profiles\8ohb3bvi.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.114:C:\Documents and Settings\Rozanne\Application Data\Mozilla\Firefox\Profiles\8ohb3bvi.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.115:C:\Documents and Settings\Rozanne\Application Data\Mozilla\Firefox\Profiles\8ohb3bvi.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.146:C:\Documents and Settings\Rozanne\Application Data\Mozilla\Firefox\Profiles\8ohb3bvi.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.161:C:\Documents and Settings\Rozanne\Application Data\Mozilla\Firefox\Profiles\8ohb3bvi.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.143:C:\Documents and Settings\Rozanne\Application Data\Mozilla\Firefox\Profiles\8ohb3bvi.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.144:C:\Documents and Settings\Rozanne\Application Data\Mozilla\Firefox\Profiles\8ohb3bvi.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.103:C:\Documents and Settings\Rozanne\Application Data\Mozilla\Firefox\Profiles\8ohb3bvi.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.105:C:\Documents and Settings\Rozanne\Application Data\Mozilla\Firefox\Profiles\8ohb3bvi.default\cookies.txt -> TrackingCookie.Real : Cleaned.
:mozilla.108:C:\Documents and Settings\Rozanne\Application Data\Mozilla\Firefox\Profiles\8ohb3bvi.default\cookies.txt -> TrackingCookie.Real : Cleaned.
:mozilla.109:C:\Documents and Settings\Rozanne\Application Data\Mozilla\Firefox\Profiles\8ohb3bvi.default\cookies.txt -> TrackingCookie.Real : Cleaned.
:mozilla.136:C:\Documents and Settings\Rozanne\Application Data\Mozilla\Firefox\Profiles\8ohb3bvi.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.138:C:\Documents and Settings\Rozanne\Application Data\Mozilla\Firefox\Profiles\8ohb3bvi.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.61:C:\Documents and Settings\Rozanne\Application Data\Mozilla\Firefox\Profiles\8ohb3bvi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.166:C:\Documents and Settings\Rozanne\Application Data\Mozilla\Firefox\Profiles\8ohb3bvi.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.50:C:\Documents and Settings\Rozanne\Application Data\Mozilla\Firefox\Profiles\8ohb3bvi.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.51:C:\Documents and Settings\Rozanne\Application Data\Mozilla\Firefox\Profiles\8ohb3bvi.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.52:C:\Documents and Settings\Rozanne\Application Data\Mozilla\Firefox\Profiles\8ohb3bvi.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.53:C:\Documents and Settings\Rozanne\Application Data\Mozilla\Firefox\Profiles\8ohb3bvi.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
::Report end
Logfile of HijackThis v1.99.1
Scan saved at 8:03:42 PM, on 5/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Personal Vault\VaultClientSRV.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJK\HJK.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=1070120
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=1070120
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [StandardInstall] iexplore.exe file://C:/WINDOWS/system32/ClientSyncLoader.en_US.htm?https;activation.sympatico.ca:443/wizlet/SympaticoWebflow/loadSyncPrepare.do;restart=true
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Dell Network Assistant.lnk = C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} (Talisma NetAgent Customer ActiveX Control version 3) - https://intuitcanada.ehosts.net/netagent/objects/custappx3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - http://fulfillment.puretracks.com/onager.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1169764040203
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.4.2/jinstall-1_4_2-windows-i586.cab
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://activation.sympatico.ca/wizlet/SympaticoWebflow/static/controls/BellCanadaActiveX.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Personal Vault Backup Service (VaultClientSRV) - Unknown owner - C:\Program Files\Personal Vault\VaultClientSRV.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
pskelley
2007-05-28, 03:56
Thanks for the feedback, you said you have a hardware firewall in your router and you also use the Windows Firewall in the security center.
I would like to know if you were able to clean the housecall quarantine and that Temp folder?
Windows Firewall settings cannot be displayed because the associated service is not running
Please follow these instructions:
Start > Control Panel > Security Center. You have three items 1) Firewall 2) Automatic Updates 3) Virus Protection.
From what you tell me I believe 2 and 3 are on and have a Green light...correct.
and 1 (firewall is off and red light...correct.
Please click on Windows Firewall below and make sure the bullet is in the On (recommended) position, then click on OK to close that window.
Close the Security Center also.
Now click on Start > Run and in the Open: >>> box copy and paste
"services.msc" WITHOUT THE QUOTES and OK.
Services window will open, you are to go down the alphabetical list until you find: Windows Firewall/Internet Connection Sharing (ICS) Highlite it.
To the left click on Start the Service.
Now double click that Windows Firewall line and another Window will open. Near the center will be Startup Type and to the right of that a dropdown, set it to Automatic.
You may have to restart the computer for this to take effect, but then check in the Security Center to make sure all systems are a go. While I would normally not suggest this Windows Firewall, with the hardware firewall (make 100% sure it is running) in your router, it will be enough protection.
See if you can do this, if we can get one thing working (and I am still not sure exactly what your problem is except for this one) then we will tackle the next issue.
Just like Home Depot...you can do it and I can help:laugh:
Thank you.
I want to add this information about Firefox cookies, ATF-Cleaner will clean them, but you may want to stop acculating them:
Firefox Help: Firefox's Cookie Options
http://mozilla.gunnars.net/firefox_help_firefox_cookie_tutorial.html
http://privacy.getnetwise.org/browsing/tools/firefox1/ffdisablecookies
http://www.mozilla.org/projects/security/pki/psm/help_21/using_priv_help.html
Logfile of HijackThis v1.99.1 Scan saved at 8:03:42 PM, on 5/27/2007
I don't see any "malware" in the log, there may be room for some improvement but first things first.
rozybear1
2007-05-28, 04:27
Right now it's green because I turned it back on when I restarted my computer. When I say it's always turning off... it's when I restart, it is red, so I open the security centre and I click on the Windows Firewall link to turn it on, but I get the error message, after clicking yes on the error message, I get the window I should have gotten with the radio dial button on the "On (recommended)"
Well, I followed your instructions, and not sure why, but it was set to "Manually"... how could it have been changed from "automatic" to "manually"? Anyhow, maybe that is all the problem I had... maybe I did manage to get rid of the Virtumonde after all, and I just thought I still had it because of the firewall which kept being turned off.
I haven't used Firefox in months... I always thought Firefox blocked cookies... guess I was wrong. :red:
rozybear1
2007-05-28, 04:32
P.S. Yes, I did manage to clean the Housecall folder, but in the Temp folder, there was 4 I could not delete as it said they were being used by another user.
rozybear1
2007-05-28, 04:56
and P.P.S. I did clean out all of the Firefox Cookies...
pskelley
2007-05-28, 13:33
Good morning Canada (Rozanne?) let's start here:
but in the Temp folder, there was 4 I could not delete as it said they were being used by another user.Probably no problems with those, but understand there is NOTHING in that TEMP folder that can not be deleted, you may have to boot to safe mode. If they do not look like a problem, don't worry about them.
Were you able to download and run ATF-Cleaner? It is one nice tool.
I would also like you to run clean manager, it may find stuff ATF-Cleaner did not: run cleanmgr
http://spyware-free.us/tutorials/cleanmgr/
Alternate the two once a week or so, the exception being Prefetch:
http://www.windowsnetworking.com/articles_tutorials/Gaining-Speed-Empty-Prefetch-XP.html
ATF-Cleaner will clean Prefetch but read the article, I know hackers have used it to run their junk before since most folks don't know they have it. I would keep and eye on it to make sure it does not get too cluttered, but cleaning it will slow your computer for a bit while Windows repopulates the folder with files it needs to "Prefetch" for you.
Since you have not reported another issues, let's look for trouble. Please post your uninstall list and I will see what is there:
Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.
Review this information again also:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
Post that uninstall list and some feedback. I would also like to know if you own AVG Anti-Spyware? It is a good scanner but once the trial is past it give you no realtime protection and uses a load of resources.
Thanks...Phil
rozybear1
2007-05-29, 13:48
Hi Phil,
I ran ATF-Cleaner, and cleaned up both the main and the firefox temps.
For the cleanmgr, I do this on a regular basis already, so there was barely anything to clean from there. I do have a question regarding this one though... the only thing I NEVER clean and I saw in the post that it did not ask for it to be cleaned... it's the "compressed old files" (or something like that). I never dared delete those as I am not sure if they are needed or not... can you elaborate on what those are?
Now for the AV and AS. I do not "own" AVG or any other except for the one from Bell which I do not have on this laptop as I had a problem with my licence. 1 licence covers 3 computers, and mine covered my computer and both my kids' computers. when my youngest's computer (an old one) went caput... I purchased myself this laptop and kind of "gave him" my desktop... so when I tried to install it on here, it said that it was not the same computer and I had too many licences already.
I usually do a disk cleanup (cleanmgr) about once a month. I know you mentioned every other week (alternate the 2 once a week)...
I also try to do a defrag at the same time, so about once a month... if needed.
I do have some programs in my uninstall list that I don't know what they are... but I was never sure which one I should remove as I wasn't sure which ones my son uses... or which ones are needed (like Broadcom Management Programs for ex. I'm sure it has to do with my computer... but not sure). Also, to tell you the truth, I have been thinking of un-installing the Dell network Assistant, as I find THAT slows my computer... ijji and ijji - Gunz... I know last time you told me that they could potentially have spyware, but my son plays it alot... and loves it. As we go down the list... there are alot I have no clue what they are, especially after the Microsoft bunch...
Well, time to go to work, so here is the post (sorry, went to see the Sens VS Duck game at the Scotiabank Place in Ottawa last night... so only posting today).
A Tale in the Desert
Ad-Aware SE Personal
Adobe Flash Player ActiveX
Adobe Reader 7.0.9
Apple Software Update
AVG 7.5
AVG Anti-Spyware 7.5
Belle`s Beauty Boutique (remove only)
Beyond Good and Evil
Bots
Broadcom Management Programs
City of Heroes (remove only)
Conexant HDA D110 MDC V.92 Modem
Corel Snapfire Plus
Crazy Taxi
Dell Network Assistant
Dell Resource CD
Dell Support 3.2.1
DellConnect
Diablo
Download Manager 2.3.6
Edheria Online
Fable - The Lost Chapters
Form Fill (Windows Live Toolbar)
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Guild Wars
Gunbound Revolution
Hamachi 1.0.2.1
High Definition Audio Driver Package - KB835221
HijackThis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
ijji
ijji - Gunz
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless Software
iTunes
Java 2 Runtime Environment, SE v1.4.2
Java(TM) SE Development Kit 6 Update 1
Java(TM) SE Runtime Environment 6 Update 1
Kaspersky Online Scanner
mCore
MCU
mDriver
mDrWiFi
MediaDirect
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Outlook Connector
Microsoft Office Small Business Edition 2003
Microsoft Office XP Professional with FrontPage
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
mIWA
mLogView
mMHouse
Modem Helper
Mozilla Firefox (2.0.0.3)
mPfMgr
mPfWiz
mProSafe
MSN
mSSO
MSXML 4.0 SP2 (KB927978)
MTGO Online 3.0
mWlsSafe
mWMI
mXML
MySpaceIM
MythWar
mZConfig
Nanny Mania (remove only)
neroxml
NetWaiting
Nora R.O.S.E.
OutlookAddinSetup
Personal Vault Manager
Quicken 2005
QuickSet
QuickTime
RealArcade
RealPlayer
RM Converter 3.24
Rose Online Evolution
Sandlot Games Client Services
Sandlot Games Client Services 1.2.2
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Smart Menus (Windows Live Toolbar)
Sonic DLA
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
SpywareBlaster v3.5.1
SpywareGuard v2.2
Steam
Sympatico Security Advisor 1.4.10
Synaptics Pointing Device Driver
Tales of Pirates Online 1.33
TeamSpeak 2 RC2
Tiger Gaming
UniUploader
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
URL Assistant
Ventrilo Client
WebCyberCoach 3.2 Dell
WinAce Archiver 2.0
WinBolo
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
WinRAR archiver
WinZip
World of Warcraft
Yahoo! Extras
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar
Yu-Gi-Oh! ONLINE 2
Thx
pskelley
2007-05-29, 14:17
Thanks for the uninstall list, please your your Google: http://www.google.com/
It will answer most y of you questions for you: http://www.google.com/search?hl=en&q=compressed+old+files&btnG=Google+Search
Maintenance is important, as far as when and how often, those are decisions you have to make, I'll post a few links to help:
http://www.microsoft.com/atwork/getstarted/speed.mspx?wt_svl=20292a&mg_id=20292b
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
Google if you need more information.
I'll look over the uninstall list, but questions about Dell programs, while knowing what I do with them if I don't use them, I would prefer you ask Dell if you can safely remove them.
Games....My advice, and you get to follow it or not, is to either play them online (reputable sites only) or purchase the game at the computer store. I advise agains downloading any "free" games, they rarely are.
Uninstall list:
AVG Anti-Spyware 7.5
AVG Anti-Spyware is a good program but it does use some resources. Once the trial is over you can update and use the scanner for as long as you wish, but unless you purchase it you should turn it off completely so it does not run unless you start it manually.
Broadcom Management Programs <<< be careful with that one until you are sure you don't need it.
http://www.google.com/search?hl=en&q=Broadcom+Management+Programs&btnG=Search
Dell Network Assistant <<< ask Dell, if you are still warrantied, you may invalidate the warranty if you remove it. Once the warranty is over, it's your call.
http://www.google.com/search?hl=en&q=Dell+Network+Assistant&btnG=Search
Same applies to all Dell programs.
Download Manager 2.3.6
review of DL Managers
http://www.safer-networking.org/en/articles/download-managers.html
http://www.spywareinfo.com/downloads.php?cat=dlman
Java 2 Runtime Environment, SE v1.4.2 <<< very, very dangerous
http://forums.spybot.info/showpost.php?p=12880&postcount=2
That's all I see I can comment on, if there is stuff you don't know, Google it. Google will know it.
Thanks
pskelley
2007-06-08, 02:27
This topic is closed due to lack of a response.
If you need it re-opened please send me or a forum staff member a private message (pm) and provide a link to the thread; this applies only to the original topic starter.
Anyone else with similar problems please start a new topic.
Thanks