WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

HELP :( Nothing will open correctly or run correctly

Started by SingingComputerUser , Mar 31 2006 10:59 PM

This topic is locked

23 replies to this topic

#1 SingingComputerUser

New Member

Authentic Member
14 posts

Posted 31 March 2006 - 10:59 PM

My computer has been hit with a worm VBS:MalWare "InstallerApplet.class"
For the past few days Avast! virus detection has popped up with messages saying strands were infected in the registry. Last night I did a scan with Avast again and thats when the javaapplet worm showed up and i then moved it to the virus chest.

My computer has been all messed up since yesterday.
My ZoneAlarm, the LAN adapter, and my active avast scanner won't open on startup.
Whenever I try to open any programs it brings the "Open With" window up so I have to then search manually for the program. Sometimes it's able to open the program, sometimes it's not.
AOL Instant Messenger won't open at all.
GAIM opens up but can't connect at all.
I was going to try doing a system restore since everything seems a bit batty. But I keep getting error messages when i try to open up programs or the System information in the Control Panel. The error message says "C:\WINDOWS\system32\rundll32.exe Application not found." I looked in the file folder for the dll file and it is present.

Logfile of HijackThis v1.99.1
Scan saved at 11:45:32 PM, on 3/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashserv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\.......\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: TChkBHO Class - {4E53A85F-79E7-4F99-91B9-4E6CD3799B4E} - C:\WINDOWS\system32\difjkr.dll (file missing)
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 20
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [Pinger] C:\toshiba\ivp\ism\pinger.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QAGENT] C:\quickenw\QAGENT.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - Global Startup: 22M WLAN Adapter.lnk = ?
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {50F65670-1729-11D2-A51F-0020AFE5D502} (ForumChat) - http://objects.compu...hat/RTCChat.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1128399800816
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashserv.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Edited by SingingComputerUser, 31 March 2006 - 11:26 PM.

Advertisements

Register to Remove

#2 SingingComputerUser

New Member

Authentic Member
14 posts

Posted 31 March 2006 - 11:21 PM

I ran a startup list and it looks like there might be some entries missing in my registry. Let me know if you would like me to post that as well.

Edited by SingingComputerUser, 31 March 2006 - 11:25 PM.

#3 SingingComputerUser

New Member

Authentic Member
14 posts

Posted 01 April 2006 - 12:00 AM

I closed everything then restarted and here is a fresh version of the HijackThis before I do anything on the computer.

Logfile of HijackThis v1.99.1
Scan saved at 12:49:03 AM, on 4/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashserv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Jennifer\Desktop\hijackthis\HijackThis.exe
C:\WINDOWS\system32\svchost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: TChkBHO Class - {4E53A85F-79E7-4F99-91B9-4E6CD3799B4E} - C:\WINDOWS\system32\difjkr.dll (file missing)
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 20
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [Pinger] C:\toshiba\ivp\ism\pinger.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QAGENT] C:\quickenw\QAGENT.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - Global Startup: 22M WLAN Adapter.lnk = ?
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {50F65670-1729-11D2-A51F-0020AFE5D502} (ForumChat) - http://objects.compu...hat/RTCChat.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1128399800816
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashserv.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#4 SingingComputerUser

New Member

Authentic Member
14 posts

Posted 01 April 2006 - 06:50 PM

I am still in the same position.

Logfile of HijackThis v1.99.1
Scan saved at 12:49:03 AM, on 4/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashserv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Jennifer\Desktop\hijackthis\HijackThis.exe
C:\WINDOWS\system32\svchost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: TChkBHO Class - {4E53A85F-79E7-4F99-91B9-4E6CD3799B4E} - C:\WINDOWS\system32\difjkr.dll (file missing)
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 20
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [Pinger] C:\toshiba\ivp\ism\pinger.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QAGENT] C:\quickenw\QAGENT.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - Global Startup: 22M WLAN Adapter.lnk = ?
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {50F65670-1729-11D2-A51F-0020AFE5D502} (ForumChat) - http://objects.compu...hat/RTCChat.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1128399800816
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashserv.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#5 little eagle

spyware hawk

Visiting Fellow
8,968 posts

Interests:spyware

Posted 07 April 2006 - 10:44 AM

Close all programs leaving only HijackThis running. Place a check against each of the following,
O2 - BHO: TChkBHO Class - {4E53A85F-79E7-4F99-91B9-4E6CD3799B4E} - C:\WINDOWS\system32\difjkr.dll (file missing)
Click on Fix Checked when finished and exit HijackThis.

Download Ewido Security Suite it is a trial version of the program.

Install ewido security suite
Launch ewido, there should be an icon on your desktop double-click it.
The program will now go to the main screen

You will need to update ewido to the latest definition files.

On the left hand side of the main screen click update
Then click on Start Update

The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update Ewido.
Ewido manual updates

Once the updates are installed do the following:

Click on scanner
Click on Complete System Scan and the scan will begin.
During some scans with ewido it is finding cases of false positives.
You will need to step through the process of cleaning files one-by-one.
If ewido detects a file you KNOW to be legitimate, select none as the action.
DO NOT select "Perform action on all infections"
If you are unsure of any entry found select none for now.

Once the scan has completed, there will be a button located on the bottom of the screen named Save report
Click Save report.
Save the report .txt file to your desktop.
Now close ewido security suite and post the results here.
With a new hijackthis log.

My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#6 SingingComputerUser

New Member

Authentic Member
14 posts

Posted 07 April 2006 - 12:19 PM

I ran Hijackthis and selected the BHO line you suggested and then clicked Fix This.
Then closed Hijackthis.
Then downloaded Ewido Anti-malware 5.3.
Installed it.
Then tried to update it but it would not connect.

I then ran the scan. It found a few things. Heres the results of the Ewido full system scan, and after a system restart I ran a new Hijackthis report.
I am still having the same problems though. And even with the Hijackthis report saying it is starting up with all of those programs, not all of them (well, most of them) are not running.

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 1:54:29 PM, 4/7/2006
+ Report-Checksum: F8097980

+ Scan result:

:mozilla.38:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\do9u01gd.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned without backup
:mozilla.39:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\do9u01gd.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned without backup
:mozilla.40:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\do9u01gd.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned without backup
:mozilla.41:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\do9u01gd.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned without backup
:mozilla.42:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\do9u01gd.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned without backup
:mozilla.43:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\do9u01gd.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned without backup
:mozilla.44:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\do9u01gd.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\do9u01gd.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\do9u01gd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\do9u01gd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\do9u01gd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\do9u01gd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\do9u01gd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\do9u01gd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\do9u01gd.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\do9u01gd.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\do9u01gd.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\do9u01gd.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\do9u01gd.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\do9u01gd.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.183:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\do9u01gd.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.184:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\do9u01gd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Jennifer\Cookies\jennifer@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Jennifer\Cookies\jennifer@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Jennifer\Cookies\jennifer@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Jennifer\Cookies\jennifer@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Jennifer\Cookies\jennifer@ehg-salonmedia.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Jennifer\Cookies\jennifer@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Jennifer\Cookies\jennifer@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Jennifer\Cookies\jennifer@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Jennifer\Cookies\jennifer@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Jennifer\Local Settings\Temp\Cookies\jennifer@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\WINDOWS\NDNuninstall4_34.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall4_80.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall4_88.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\system32\httppost.exe -> Adware.Specofer : Cleaned with backup
C:\WINDOWS\system32\Xcite.exe -> Adware.F1Organizer : Cleaned with backup

::Report End

Logfile of HijackThis v1.99.1
Scan saved at 2:05:23 PM, on 4/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashserv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Jennifer\Desktop\hijackthis\HijackThis.exe
C:\WINDOWS\system32\svchost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 20
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [Pinger] C:\toshiba\ivp\ism\pinger.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QAGENT] C:\quickenw\QAGENT.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - Global Startup: 22M WLAN Adapter.lnk = ?
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {50F65670-1729-11D2-A51F-0020AFE5D502} (ForumChat) - http://objects.compu...hat/RTCChat.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1128399800816
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashserv.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#7 little eagle

spyware hawk

Visiting Fellow
8,968 posts

Interests:spyware

Posted 07 April 2006 - 02:00 PM

Can you run ewido again. The post the results here.

My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#8 SingingComputerUser

New Member

Authentic Member
14 posts

Posted 07 April 2006 - 02:05 PM

Ok, I will run it again right now. First time I ran it took slightly less than an hour so hopefully it will be quicker this time.

#9 SingingComputerUser

New Member

Authentic Member
14 posts

Posted 07 April 2006 - 06:51 PM

Was able to download the update. This is the results from the next scan. --------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 8:41:42 PM, 4/7/2006 + Report-Checksum: D1E5F8D2 + Scan result: :mozilla.12:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\do9u01gd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.13:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\do9u01gd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.14:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\do9u01gd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.15:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\do9u01gd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.16:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\do9u01gd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.38:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\do9u01gd.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.39:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\do9u01gd.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.40:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\do9u01gd.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.41:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\do9u01gd.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.43:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\do9u01gd.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.44:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\do9u01gd.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.45:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\do9u01gd.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.46:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\do9u01gd.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup :mozilla.47:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\do9u01gd.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup :mozilla.48:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\do9u01gd.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup :mozilla.49:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\do9u01gd.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup :mozilla.50:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\do9u01gd.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup C:\Documents and Settings\Jennifer\Cookies\jennifer@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Jennifer\Cookies\jennifer@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned with backup ::Report End

#10 little eagle

spyware hawk

Visiting Fellow
8,968 posts

Interests:spyware

Posted 07 April 2006 - 07:25 PM

Can you post another log from hijackthis and let me know how the PC is running.

My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

Advertisements

Register to Remove

#11 SingingComputerUser

New Member

Authentic Member
14 posts

Posted 07 April 2006 - 08:22 PM

Did another scan. Still found a few things. --------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 10:09:57 PM, 4/7/2006 + Report-Checksum: 99FE87C0 + Scan result: :mozilla.11:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\do9u01gd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.13:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\do9u01gd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.14:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\do9u01gd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.15:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\do9u01gd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.35:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\do9u01gd.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.36:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\do9u01gd.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.37:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\do9u01gd.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.38:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\do9u01gd.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.39:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\do9u01gd.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup ::Report End

#12 SingingComputerUser

New Member

Authentic Member
14 posts

Posted 07 April 2006 - 09:35 PM

Computer is still acting the same way. Although the scan with elwido the last time I did it went quicker.
I'm still getting the Open With windows, and not having access to the system files, and programs running but me not being able to see them, and some program refusing to open up at all.

Here's the latest hijackthis log.

Logfile of HijackThis v1.99.1
Scan saved at 11:22:15 PM, on 4/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashserv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Messenger\yupdater.exe
C:\Documents and Settings\Jennifer\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 20
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [Pinger] C:\toshiba\ivp\ism\pinger.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QAGENT] C:\quickenw\QAGENT.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - Global Startup: 22M WLAN Adapter.lnk = ?
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {50F65670-1729-11D2-A51F-0020AFE5D502} (ForumChat) - http://objects.compu...hat/RTCChat.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1128399800816
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashserv.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#13 little eagle

spyware hawk

Visiting Fellow
8,968 posts

Interests:spyware

Posted 07 April 2006 - 09:37 PM

Click start > control panel > user accounts > change the way users log on or off > uncheck fast user switching > restart you computor.

Download, unzip and run 'RootkitRevealer' from Sysinternals:
http://www.sysintern...itRevealer.html
Once the program has started, press Scan and let it run.
When the scan is done, use 'File > Save' to place the logfile in a convenient location (such as the desktop). The default filename will be 'RootkitReveal.txt'.

Save your Log File
Copy/Paste the contecnts of that logfile into your next reply

NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

That way you should have a much simpler and clearer log file in which to peruse and evaluate.

My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#14 SingingComputerUser

New Member

Authentic Member
14 posts

Posted 07 April 2006 - 09:47 PM

I downloaded the rootkit detection thing you put. But when I tried clicking on User Accounts in the Control Panel, it just pops up with the following error message... "C:\WINDOWS\system32\rundll32.exe" "Application not found" underneath that it just gives me the option to click "OK".

#15 little eagle

spyware hawk

Visiting Fellow
8,968 posts

Interests:spyware

Posted 07 April 2006 - 10:28 PM

I downloaded the rootkit detection thing you put.

Try to run it.

My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

Body Background

skin color theme