Scan 4 each user in XPpro?

[fiveskiers]

I did a scan and fixed under my login. When my daughter logged on right after, and we rescanned, there were many issues. Normal? Did I miss something in the scan setup, or are you supposed to scan each user?
Thanks

[md usa spybot fan]

Fiveskiers:

I assume that you are running under a Windows operating system that allows multiple such as Windows XP. If you run a Spybot scan under any "Computer administrator" account, the entire system is scanned for most malware, however, due to restrictions in the Microsoft APIs (Application Program Interfaces) used by Spybot, the scan from one account does not include the Internet cache, cookies and some other user specific entries of other accounts.

Since a scan from a second "Computer administrator" account normally only picks up problems such as "Tracking cookies" (which are minor problems), it would be helpful if you detailed what problems ("issues") were detected when "… we rescanned, there were many issues". To do that:

• Run another scan.
• When the scan completes, right click on the results list, select "Copy results to clipboard".
• Then paste (Ctrl+V) those results to a new post in this thread.

[fiveskiers]

This is a copy of the scan for one user. I will fix, scan second user and post it soon. ThanksDoubleClick:

Tracking cookie (Internet Explorer: Andrew Hochkammer) (Cookie, nothing done)


Avenue A, Inc.: Tracking cookie (Internet Explorer: Andrew Hochkammer) (Cookie, nothing done)


Log: Activity: SchedLgU.Txt (Backup file, nothing done)
C:\WINDOWS\SchedLgU.Txt

Log: Activity: imsins.log (Backup file, nothing done)
C:\WINDOWS\imsins.log

Log: Install: comsetup.log (Backup file, nothing done)
C:\WINDOWS\comsetup.log

Log: Install: ocgen.log (Backup file, nothing done)
C:\WINDOWS\ocgen.log

Log: Install: setupapi.log (Backup file, nothing done)
C:\WINDOWS\setupapi.log

Log: Shutdown: System32\wbem\logs\wbemcore.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemcore.log

Log: Shutdown: System32\wbem\logs\wbemess.lo_ (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.lo_

Log: Shutdown: System32\wbem\logs\wbemess.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.log

Log: Shutdown: System32\wbem\logs\wbemprox.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemprox.log

Log: Shutdown: System32\wbem\logs\wmiprov.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wmiprov.log

Cookie: Cookie (15) (Cookie, nothing done)


Cache: Cache (688) (Cache, nothing done)



--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2007-05-03 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-04-18 advcheck.dll (1.5.1.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-01-02 Tools.dll (2.0.1.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-05-02 Includes\Cookies.sbi
2006-12-08 Includes\Dialer.sbi
2007-05-02 Includes\DialerC.sbi
2007-04-04 Includes\Hijackers.sbi
2007-05-02 Includes\HijackersC.sbi
2006-10-27 Includes\Keyloggers.sbi
2007-05-02 Includes\KeyloggersC.sbi
2007-03-21 Includes\Malware.sbi
2007-05-02 Includes\MalwareC.sbi
2007-03-21 Includes\PUPS.sbi
2007-05-02 Includes\PUPSC.sbi
2007-05-02 Includes\Revision.sbi
2006-12-08 Includes\Security.sbi
2007-05-02 Includes\SecurityC.sbi
2007-03-21 Includes\Spybots.sbi
2007-05-02 Includes\SpybotsC.sbi
2005-02-17 Includes\Tracks.uti
2007-05-02 Includes\Trojans.sbi
2007-05-02 Includes\TrojansC.sbi

[fiveskiers]

Here is the scan for the the second user. Just to let you know, I scanned and fixed each user 2 days ago. Still get tons of popups. Also, McAfee pops up often saying it removed the trojan Vundo.dll Thanks Again

BlackCore: Tracking cookie (Internet Explorer: Amanda Hochkammer) (Cookie, nothing done)


AdRevolver: Tracking cookie (Internet Explorer: Amanda Hochkammer) (Cookie, nothing done)


FastClick: Tracking cookie (Internet Explorer: Amanda Hochkammer) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Internet Explorer: Amanda Hochkammer) (Cookie, nothing done)


Zedo: Tracking cookie (Internet Explorer: Amanda Hochkammer) (Cookie, nothing done)


DoubleClick: Tracking cookie (Internet Explorer: Amanda Hochkammer) (Cookie, nothing done)


Statcounter: Tracking cookie (Internet Explorer: Amanda Hochkammer) (Cookie, nothing done)


TargetNet: Tracking cookie (Internet Explorer: Amanda Hochkammer) (Cookie, nothing done)


Avenue A, Inc.: Tracking cookie (Internet Explorer: Amanda Hochkammer) (Cookie, nothing done)


MediaPlex: Tracking cookie (Internet Explorer: Amanda Hochkammer) (Cookie, nothing done)


Advertising.com: Tracking cookie (Internet Explorer: Amanda Hochkammer) (Cookie, nothing done)


WebTrends live: Tracking cookie (Internet Explorer: Amanda Hochkammer) (Cookie, nothing done)


TagASaurus: Tracking cookie (Internet Explorer: Amanda Hochkammer) (Cookie, nothing done)


AdRevolver: Tracking cookie (Internet Explorer: Amanda Hochkammer) (Cookie, nothing done)


FastClick: Tracking cookie (Internet Explorer: Amanda Hochkammer) (Cookie, nothing done)


MalwareAlarm: Tracking cookie (Internet Explorer: Amanda Hochkammer) (Cookie, nothing done)


Smitfraud-C.Toolbar888: Tracking cookie (Internet Explorer: Amanda Hochkammer) (Cookie, nothing done)


Common Dialogs: History (12 files) (Registry key, nothing done)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU

Log: Activity: SchedLgU.Txt (Backup file, nothing done)
C:\WINDOWS\SchedLgU.Txt

Log: Activity: imsins.log (Backup file, nothing done)
C:\WINDOWS\imsins.log

Log: Install: comsetup.log (Backup file, nothing done)
C:\WINDOWS\comsetup.log

Log: Install: ocgen.log (Backup file, nothing done)
C:\WINDOWS\ocgen.log

Log: Install: setupapi.log (Backup file, nothing done)
C:\WINDOWS\setupapi.log

Log: Shutdown: System32\wbem\logs\wbemcore.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemcore.log

Log: Shutdown: System32\wbem\logs\wbemess.lo_ (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.lo_

Log: Shutdown: System32\wbem\logs\wbemess.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.log

Log: Shutdown: System32\wbem\logs\wbemprox.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemprox.log

Log: Shutdown: System32\wbem\logs\wmiprov.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wmiprov.log

Cookie: Cookie (109) (Cookie, nothing done)


Cache: Cache (1956) (Cache, nothing done)



--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2007-05-03 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-04-18 advcheck.dll (1.5.1.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-01-02 Tools.dll (2.0.1.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-05-02 Includes\Cookies.sbi
2006-12-08 Includes\Dialer.sbi
2007-05-02 Includes\DialerC.sbi
2007-04-04 Includes\Hijackers.sbi
2007-05-02 Includes\HijackersC.sbi
2006-10-27 Includes\Keyloggers.sbi
2007-05-02 Includes\KeyloggersC.sbi
2007-03-21 Includes\Malware.sbi
2007-05-02 Includes\MalwareC.sbi
2007-03-21 Includes\PUPS.sbi
2007-05-02 Includes\PUPSC.sbi
2007-05-02 Includes\Revision.sbi
2006-12-08 Includes\Security.sbi
2007-05-02 Includes\SecurityC.sbi
2007-03-21 Includes\Spybots.sbi
2007-05-02 Includes\SpybotsC.sbi
2005-02-17 Includes\Tracks.uti
2007-05-02 Includes\Trojans.sbi
2007-05-02 Includes\TrojansC.sbi

[md usa spybot fan]

Besides usage tracks the only problems listed are Tracking Cookies.

In Internet Explorer you can block the same Tracking Cookies that Spybot detects by enabling Spybot's Browser Helper Object (BHO). To do this go into Spybot-S&D > Immunize. Look in the last section labeled "Permanently running bad download blocker for Internet Explorer". Check the following:

• Enable permanent blocking of bad addresses in Internet Explorer

There is another way to prevent the storing of Tracking Cookies in Internet Explorer (even those not blocked by Spybot's resident BHO) as well as the storing of Tracking Cookies in other WEB browsers. See:

• Why do other anti-spyware applications detect so many more tracking cookies?
  http://www.safer-networking.org/inde...=faq&detail=37

[fiveskiers]

Thanks for looking. Is it possible then that spybot is not seeing the problem. Because I'm getting massive popups (malwarealarm, winpro...?, and some others), super slow and browser redirects.
Thanks

[md usa spybot fan]

The only thing that I can suggest is that you consider posting in the Malware Removal forum and having someone take a look at your system. Follow the instructions here:

• "BEFORE you POST" Mandatory Steps Before Requesting Assistance.
  http://forums.spybot.info/showthread.php?t=288

After completing those steps, start a new thread (topic) in the following forum (making sure to include the HijackThis log and online scan logs produced from the instructions above):

• Malware Removal
  http://forums.spybot.info/forumdisplay.php?f=22

[fiveskiers]

Thanks for your help. If anyone wants to follow, heres the new title in Malware Removal.

very slow, popups, winantivirus pro, malware alarm, vundo

[md usa spybot fan]

The link to the thread is:

• very slow, popups, winantivirus pro, malware alarm, vundo