Bree26

August 9, 2006

Thanks but I finally got it after I switched to safe mode. One really nagging problem I'm having, though, is that no one's Buddy Icons and wallpapers are showing up, excpet mine. When my son is on his user account in XP, and using AIM, he can't see his own Buddy Icon or those of the people he's IM-ing. But I can see his on my user account when he sends me an IM. I don't understand it at all. Mine works absolutely fine but my son's and daughter's do not. Any ideas on this one?

August 8, 2006

OK...so we installed a new hard drive and I am in the process of trying to transfer my old files onto the new hard drive. The "old" hard drive is still there, called "F:", and I'm able to access everyone's documents and settings folders except my own. I get the message "access denied" and that the folder is not accessible. My account was password protected in Windows XP in the original drive, so I don't know if that makes a difference. I've read several posts with instructions to right-click the folder I want to take ownership of and go to the security tab, but none of those instructions work for me because there is no "security" tab when I go to Properties in the folder and therefore I have no way of changing ownership the way Microsoft instructs me. Nothing in the instructions matches anything that shows up on any of the tabs. So I'm at a total loss as to what to do to get my stuff back, and not really happy at this point. Please help!

August 7, 2006

A problem with what's displayed actually points to an incorrect or out-of-date display driver. Perhaps you had updated yours but now have the older, original one installed. Check the video manufacturer's website for an updated driver.

Thanks for the reply. Between my husband and I, we figured it out, and it's working fine now.

August 7, 2006

We had tons of computer problems because of malware, etc. and we installed a new hard drive. As I'm in the process of getting "old" settings, etc. on the computer, I noticed that my scrollbar is acting odd only when I'm online (Firefox or AOL). When I scroll down, the pages sort of ripple or wave; it's not a smooth scrolling appearance. I noticed when I checked the mouse properties (we are using a Logitech MX500 Optical Mouse) that the recognize mouse shows only as being a HID-compliant mouse; it doesn't specifically note it as being the Logitech. We don't have an installation CD. Any ideas where I should be looking to fix this?

July 19, 2006

<_<

I was advised to re-post in this forum by a moderator on the PC Support forum...and I have to say I'm a little unhappy with the complete lack of response. I posted back in May and only got partial assistance on that issue in the end because whomever was helping me disappeared due to unknown circumstances. So someone else stepped in but it didn't really address the problem I've been having with a slow computer and the inability to log off from one user to another, the Explorer error messages, etc. So when my situation seemed to cross over to a general PC/Windows problem, I posted there and that person seems to think I still have an infection of some kind and some corruption in the system. That's why I'm here; not to be a pest, not to be paranoid, but because someone from this website with more knowledge and experience on a comp than me suggested it. I guess I'll go elsewhere for help.

July 14, 2006

Posted a question on PC Support forum because I was having trouble downloading Windows Updates. I got that solved but I may still have some trouble:

http://www.besttechie.net/forums/index.php?showtopic=9158

Ran Kaspersky (Housecall wouldn't cooperate) but when I try to copy and paste it's *huge*, even though it found 4 viruses and 70 infected objects (none of which it deemed suspicious). I have the log if it's needed.

New HJT log:

Logfile of HijackThis v1.99.1

Scan saved at 4:07:24 PM, on 7/14/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Program Files\ewido anti-spyware 4.0\guard.exe

C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

C:\Program Files\Spyware Doctor\sdhelp.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe

C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe

C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe

C:\Program Files\Common Files\AOL\1125164243\ee\AOLSoftware.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Lexmark 5200 series\lxbtbmon.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Dell Support\DSAgnt.exe

C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe

c:\program files\common files\aol\1125164243\ee\services\antiSpywareApp\ver2_0_25_1\AOLSP Scheduler.exe

c:\program files\common files\aol\1125164243\ee\aolsoftware.exe

C:\Program Files\AIM\aim.exe

C:\WINDOWS\explorer.exe

C:\PROGRA~1\SPYWAR~2\swdoctor.exe

C:\Program Files\Grisoft\AVG Free\avgcc.exe

C:\Documents and Settings\Susan\My Documents\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll

O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe

O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe"

O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125164243\ee\AOLSoftware.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [spyware Doctor] C:\PROGRA~1\SPYWAR~2\swdoctor.exe /Q

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll

O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab

O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0,0,8...pdatePortal.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1152714197515

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://encarta.msn.com/encnet/external/MSSurVid.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe

O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

Any help is appreciated!

July 14, 2006

Run these;
http://www.kaspersky.com/virusscanner
http://housecall.trendmicro.com/
Post a new HijackThis log at the same section of the forum you previously did. Supply a link to this thread along with your HJT log. I still have a feeling that your registry is corrupted and that malware is still present on your computer.

July 14, 2006

Run these;
http://www.kaspersky.com/virusscanner
http://housecall.trendmicro.com/
Post a new HijackThis log at the same section of the forum you previously did. Supply a link to this thread along with your HJT log. I still have a feeling that your registry is corrupted and that malware is still present on your computer.

Tried to run Kaspersky and it seems to get hung up on one particular fle: Dell\Media\ONDRVMED.ZIP after scanning only 117 files. It ran for 6 minutes alone on that and didn't do anything beyond that. I ran it in IE, as i requested, which would no cooperate for the Housecall scan. Kaspersky did say it found an infected object, nearly right off the bat: Trojan-Downloader.Win32.Adload.bo and it rewrites HKLM\Software\Microsoft\DownloadManager. Which could possibly explain my difficulties the past two days?

The Housecall scan is verrrry sloooooow; telling me it will take 2 1/4 hrs., which is a world record for scanning my computer. We'll see what it has to say.

July 14, 2006

Great news, Bree and thanks for posting the fix, so others can benefit.
Have you installed SpywareBlaster? I LOVE that program, it keeps cooties from entering the computer, kind of like a firewall for spyware--all you have to do is watch the update section here and update it when needed. AND it is VERY easy to install!
Liz

No, I'm running Spyware Doctor, which seems to be pretty good so far.

July 14, 2006

I fixed the BITS problem and installed all new Windows updates. The fix was to go into Documents and Settings\All Users\Application Data\Microsoft\Network, where there are two folders, Connections and Downloader. I cut and pasted the Downloader folder onto the desktop, went back into Services to BITS, clicked "started" and it worked. I owe the fix to a lady on a Microsoft forum, who had gotten the same error message I did (the only other one I'd come across in my internet search the past two days).

As far as any infections, I've run SpyBot and nothing popped up on that. I'm not sure what to do on that point now.

July 13, 2006

I'll contact Dell support and hopefully get this resolved for once and for all.

Thank you.

July 13, 2006

You can try to post a new HJT log. I don't know if it's possible to repair your registry due to the corruption. I think your best bet is to reinstall WinXP and start fresh.

I will gladly do that if it means getting rid of this daily nuisance. I guess my question was if I needed to be sure I was clear of every and anything before I reinstall Windows XP. And, also, since we have a floppy drive, will reinstallation be less tricky (for lack of a better word)?

July 13, 2006

OK...our anti-spyware program (Spyware Doctor) found this during it's morning scan:

Backdoor.Redghost HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System##DisableRegistryTools

This was not on yesterday's scan.

And, we did purchase a floppy drive with the system. We also have AVG Free Edition running, which has been clear of viruses for about a week now. Should I post another HJT log on the malware forum before I continue trying to repair my registry, etc.? This is getting worse instead of better, at this point. It has been a ballooning problem since May.

July 13, 2006

It's a Dell Dimension 8400 running Windows XP SP2.

Yeah, I know it was a real mess and I was nearly finished with diagnosing it...ran Rootkit Revealer as a last step and then never received a response to that log so I had no idea what any big problem might be. I figured some things in the system were messed up just by the way it has been running, even though scans show nothing malicious. I've also noticed failure audits here and there: Event ID 680, User:NT AUTHORITY\SYSTEM, Logon Attempt by: MICROSOFT-AUTHENTICATION-PACKAGE-V1-0 (on my logon account name), followed by: Event ID 529, Logon Failure: Unknown user name or bad password, User Name: (me), Domain: (our computer), Logon Type: 2, Logon Process: Advapi. Is someone trying to access our computer or am I misinterpreting this?

July 12, 2006

I'm not aware of turning off any services to save resources, but we did have an issue with malware/spyware that was supposedly resolved a couple of weeks ago. All that shows up on an ewid scan now are some tracking cookies. I guess I'm not sure what to do now, since I have these three services that aren't functioning properly. Is there somewhere else I should post?

July 12, 2006

RPC is fine but HID and BITS won't start and Messenger won't stay enabled. and since RPC seems to be dependent upon it, is that a problem?

July 12, 2006

I first checked to see that BITS is running as a Local System and it is. In checking other services, I noticed that Human Interface Device was disabled and it won't start, either. It's error message is : Error 126: specified module could not be found. Before I try to go any further with the BITS troubelshooting, is this HID something I should be concerned about? I am a computer novice, so I need things explained in layman's terms as much as possible. Thank you!

July 12, 2006

Windows Updates are failing to install on my computer (running Windows XP). Troubleshooting so far had determined that it has to do with Background Intelligent Transfer Service not starting. My Events Log tells me that "BITS service terminated with service-specific error 2147942405 (0x80070005)" but the Microsoft website then tells me that "Windows does not recognize the service's error code." Real helpful. <_<

So I know that BITS won't start but I don't know why or what to do about it. I had a problem with spyware recently that I thought was taken care of, but now I'm wondering if this is an after effect. Any ideas on any of this?

July 5, 2006

Thanks, everyone. We'll give it a shot today and see what happens. My daughter used it most of (late) last night and very early this morning and said it was fine. So...if we update everything and it still freaks out, then we'll take it back while it's still under warranty.

July 5, 2006

When you say update "everything," what exactly do you mean? *has a lot to learn*

July 5, 2006

Thanks! We'll give that a try. Doesn't seem to make much sense that they put an old driver in a new computer, but more time I spend on a computer, the less sense it seems to make!

July 5, 2006

We bought a Toshiba Satellite A105-S4021 for our daughter three days ago. It's been working fine until today when, out of the blue, the images on the monitor starting racing across the screen. It was as if it was on fast forward; I've never seen a computer do that before. She was on the internet (wireless), using only the battery (no adapter). So we tried it with the adapter and it wouldn't stop. Rebooted and it was OK. Tried watching a DVD later (on adapter) and it started again. We'll take it back tomorrow but I'm curious if anyone has any idea what might be happening. It's really bizarre.

July 3, 2006

OK. Thank you very much! I appreciate the fast response.

July 3, 2006

OK, I'll get rid of those. So the stuff in the Panda scan is OK?

July 2, 2006

Ewido Log:

---------------------------------------------------------

ewido anti-spyware - Scan Report

---------------------------------------------------------

+ Created at: 12:06:28 PM 7/2/2006

+ Scan result:

:mozilla.118:C:\Documents and Settings\Alexandra\Application Data\Mozilla\Firefox\Profiles\5dhqql5q.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).

:mozilla.119:C:\Documents and Settings\Alexandra\Application Data\Mozilla\Firefox\Profiles\5dhqql5q.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).

:mozilla.120:C:\Documents and Settings\Alexandra\Application Data\Mozilla\Firefox\Profiles\5dhqql5q.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).

:mozilla.121:C:\Documents and Settings\Alexandra\Application Data\Mozilla\Firefox\Profiles\5dhqql5q.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).

:mozilla.137:C:\Documents and Settings\Alexandra\Application Data\Mozilla\Firefox\Profiles\5dhqql5q.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).

:mozilla.147:C:\Documents and Settings\Alexandra\Application Data\Mozilla\Firefox\Profiles\5dhqql5q.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).

:mozilla.89:C:\Documents and Settings\Alexandra\Application Data\Mozilla\Firefox\Profiles\5dhqql5q.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).

:mozilla.162:C:\Documents and Settings\Alexandra\Application Data\Mozilla\Firefox\Profiles\5dhqql5q.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).

:mozilla.163:C:\Documents and Settings\Alexandra\Application Data\Mozilla\Firefox\Profiles\5dhqql5q.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).

C:\Documents and Settings\Alexandra\Cookies\[email protected][2].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).

::Report end

Panda Log:

Incident Status Location

Potentially unwanted tool:application/need2find Not disinfected c:\program files\Need2Find

Adware:Adware/NewAds Not disinfected C:\!KillBox\comhost.exe

Spyware:Spyware/Dluca Not disinfected C:\!KillBox\pumd.exe

Adware:Adware/NewAds Not disinfected C:\!KillBox\removefunc.ram

Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\txe72xm3.default\cookies.txt[.entrepreneur.com/]

Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\txe72xm3.default\cookies.txt[.azjmp.com/]

Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\txe72xm3.default\cookies.txt[.target.com/]

Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\txe72xm3.default\cookies.txt[searchportal.information.com/]

Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\txe72xm3.default\cookies.txt[.webpower.com/]

Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\txe72xm3.default\cookies.txt[rightmedia.net/]

Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\txe72xm3.default\cookies.txt[.rightmedia.net/]

Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\txe72xm3.default\cookies.txt[rightmedia.net/]

Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\txe72xm3.default\cookies.txt[.rightmedia.net/]

Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\txe72xm3.default\cookies.txt[rightmedia.net/]

Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\txe72xm3.default\cookies.txt[.toplist.cz/]

Virus:Trj/Sex&Destroy.A Disinfected C:\Documents and Settings\Alexandra\Local Settings\Temp\cfdata.txt.expanded

Virus:Trj/KillAV.EG Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0X6BKPI7\msninstaller2[1].zip[manager.exe]

Adware:Adware/NewAds Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0X6BKPI7\msninstaller2[1].zip[mc-110-12-0000488.exe]

Adware:Adware/NewAds Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4PANWHMV\4994comhost[1].zip

Adware:Adware/NewAds Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4PANWHMV\msdosmgr[2].exe[mc-110-12-0000487.exe]

Virus:Trj/KillAV.EG Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ODAJCD6Z\comhost[1].zip[manager.exe]

Adware:Adware/NewAds Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ODAJCD6Z\comhost[1].zip[mc-110-12-0000488.exe]

Adware:Adware/DollarRevenue Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ODAJCD6Z\comhost[1].zip[msnupdate.exe]

Adware:Adware/NewAds Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ODAJCD6Z\comhost[2].zip

Adware:Adware/NewAds Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ODAJCD6Z\party2[1].dci[mc-110-12-0000515.exe]

Adware:Adware/NewAds Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\W9QVGTUZ\4994comhost[1].zip

Adware:Adware/NewAds Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\W9QVGTUZ\comhost[1].exe

Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Susan\Application Data\Mozilla\Firefox\Profiles\z27sho74.default\cookies-1.txt[.atwola.com/]

Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Susan\Application Data\Mozilla\Firefox\Profiles\z27sho74.default\cookies-12.txt[.atwola.com/]

HJT Log:

Logfile of HijackThis v1.99.1

Scan saved at 1:12:29 PM, on 7/2/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Program Files\ewido anti-spyware 4.0\guard.exe

C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTserv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Spyware Doctor\sdhelp.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe

C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe

C:\Program Files\Lexmark 5200 series\lxbtbmon.exe

C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe

C:\Program Files\Common Files\AOL\1125164243\ee\AOLSoftware.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\ewido anti-spyware 4.0\ewido.exe

C:\Program Files\Dell Support\DSAgnt.exe

C:\Program Files\Spyware Doctor\swdoctor.exe