1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Multiple Issues

Discussion in 'Windows XP' started by hweiman, Sep 5, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. hweiman

    hweiman Thread Starter

    Joined:
    Sep 5, 2005
    Messages:
    13
    Recently uninstalled many software programs because laptop hard drive (with Windows XP Home) was too full to run defrag. Installed Ace Utilities to help identify unnecessary files and while doing so, discovered lienvandekelder. Removed and ran McAfee virus scan. (Also used Ace to clean registry.)

    Ever since, whenever I open files in software programs, the files are not arranged alphabetically --recently used files are listed last. This occurs in virtually every software program except Office. (Does not occur in Explorer/My computer either.) When opening file, right clicking to arrange files is only a temporary fix as they are not in alphabetical order the next time I go to open files.

    Also, in IE 6, visited links are no longer registering as visited.

    Tried system restore but these problems didn't self correct so undid restore.
    Any idea what these problems could be and how to fix them permanently? Thanks!
     
  2. D_Trojanator

    D_Trojanator

    Joined:
    May 13, 2005
    Messages:
    4,699
    I think we should check if you have anymore worms like lienvandekelder

    HijackThis

    David
     
  3. hweiman

    hweiman Thread Starter

    Joined:
    Sep 5, 2005
    Messages:
    13
    Logfile of HijackThis v1.99.1
    Scan saved at 4:30:26 AM, on 9/5/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\cisvc.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    c:\program files\mcafee.com\agent\mcagent.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\LTSMMSG.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
    C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
    C:\WINDOWS\System32\ezSP_Px.exe
    C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe
    C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
    C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
    C:\Program Files\Apoint2K\Apntex.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    C:\PROGRA~1\PESTPA~1\PPControl.exe
    C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
    C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\Owner\Desktop\FreeRAM XP Pro 1.40.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
    C:\Program Files\Nikon\NkView6\NkvMon.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Netscape\Netscape 7.2\Netscp.exe
    C:\Program Files\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fujitsupc.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.google.com/"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\4pb6qijg.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\4pb6qijg.slt\prefs.js)
    O1 - Hosts: 207.68.172.246 msn.com
    O1 - Hosts: 207.68.172.246 msn.com
    O1 - Hosts: 207.68.172.246 msn.com
    O1 - Hosts: 207.68.172.246 msn.com
    O1 - Hosts: 207.68.172.246 msn.com
    O1 - Hosts: 207.68.172.246 msn.com
    O1 - Hosts: 207.68.172.246 msn.com
    O1 - Hosts: 207.68.172.246 msn.com
    O1 - Hosts: 207.68.172.246 msn.com
    O1 - Hosts: 207.68.172.246 msn.com
    O1 - Hosts: 207.68.172.246 msn.com
    O1 - Hosts: 207.68.172.246 msn.com
    O1 - Hosts: 207.68.172.246 msn.com
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
    O2 - BHO: CCHelper Class - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper\CCHelper.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
    O3 - Toolbar: Pa&nicware Pop-Up Stopper - {7E82235C-F31E-46CB-AF9F-1ADD94C585FF} - C:\Program Files\Panicware\Pop-Up Stopper\pstopper.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
    O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
    O4 - HKLM\..\Run: [Drag'n Drop CD] C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe /StartUp
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
    O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
    O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\RunOnce: [ZipScan] C:\Program Files\ZipScan Evaluation\ZipScan.exe -install
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [FreeRAM XP] "C:\Documents and Settings\Owner\Desktop\FreeRAM XP Pro 1.40.exe" -win
    O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
    O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
    O8 - Extra context menu item: &Copy Location - C:\WINDOWS\WEB\graburl.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Open with &ZipScan - C:\PROGRA~1\ZIPSCA~1\zs_ie.htm
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
    O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
    O9 - Extra button: (no name) - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINDOWS\system32\webzone.dll
    O9 - Extra 'Tools' menuitem: Add to R&estricted Zone - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINDOWS\system32\webzone.dll
    O9 - Extra button: (no name) - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\WINDOWS\system32\webzone.dll
    O9 - Extra 'Tools' menuitem: Add to Tr&usted Zone - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\WINDOWS\system32\webzone.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Offline - {FC09D8A3-C85A-11d2-92D0-0000F87A4A55} - C:\WINDOWS\system32\oline.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.fujitsupc.com/
    O15 - Trusted Zone: http://*.altfarm.com
    O15 - Trusted Zone: http://*.auctionpayments.com
    O15 - Trusted Zone: http://*.hammertap.auctionstealer.com
    O15 - Trusted Zone: http://*.auctionstealer.com
    O15 - Trusted Zone: http://*.bravenet.com
    O15 - Trusted Zone: http://*.ebay.com
    O15 - Trusted Zone: http://*.eric.ed.gov
    O15 - Trusted Zone: http://*.edpsyc.com
    O15 - Trusted Zone: http://*.edpsyc.net
    O15 - Trusted Zone: http://*.edpsyc.org
    O15 - Trusted Zone: http://*.hammertap.com
    O15 - Trusted Zone: http://*.mediaplex.com
    O15 - Trusted Zone: http://*.nytimes.com
    O15 - Trusted Zone: http://*.rcn.com
    O15 - Trusted Zone: http://*.rubylane.com
    O15 - Trusted Zone: http://*.screensavers.com
    O15 - Trusted Zone: http://*.tvguide.com
    O15 - Trusted Zone: http://*.usps.com
    O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
    O16 - DPF: {0FC6BF2B-E16A-11CF-AB2E-0080AD08A326} (LiveUpdate Crescendo) - http://activex.liveupdate.com/controls/cres.cab
    O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120161230094
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125297075384
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
    O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
     
  4. D_Trojanator

    D_Trojanator

    Joined:
    May 13, 2005
    Messages:
    4,699
    Hello

    Welcome to the forum. I am checking your log now and will return as soon as I have researched all the items.

    While we are working together, please ....
    • Reply to this thread. Do not start a new topic.
    • If you are unsure of what to do, stop and ask! Don't keep going on.
    • Be patient. HijackThis logs take some time to research.
    Please note the following:
    • I will be working on your Malware issues: This may or may not, solve other issues you may have with your machine.
    • The fixes are specific to your problem and should only be used for this issue on this machine.
    • Please continue to review my answers until I tell you your machine is clear. (Absence of symptoms does not mean that everything is clear.)
    • The process may take considerable time.

    David :)
     
  5. D_Trojanator

    D_Trojanator

    Joined:
    May 13, 2005
    Messages:
    4,699
    Please do one of the following before we start:

    1) Please print off these intructions - they will be needed later when internet access is not available.
    2) Save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.
    -------------

    Please download hoster from the link below.

    http://www.funkytoad.com/download/hoster.zip

    Unzip Hoster.zip
    Open Hoster.exe.

    Then click on "Restore Original Hosts"

    Close program when complete.

    Empty Recycle Bin

    Reboot and "copy/paste" a new log file into this thread.
    Also please describe how your computer behaves at the moment.
    ==================

    Please download ewido security suite (free), and install it.
    • When installing, under Additional Options uncheck both Install background guard and Install scan via context menu.
    • When you run Ewido for the first time, you could get a warning "Database could not be found!". Click Ok.
    • The program will prompt you to update. Click the Ok button.
    • The program will now go to the main screen.
    You will need to update Ewido to the latest definition files.
    • On the left-hand side of the main screen click the Update button.
    • Click on Start. The update will start and a progress bar will show the updates being installed.
    Once finished updating, close Ewido. Do NOT run it yet.

    (If you have problems updating, you can use this link to manually update Ewido.
    Make sure that Ewido is closed when installing the update.)

    DO NOT RUN IT YET!

    -------------------------------------------------------------

    CleanUp!

    *Download Cleanup from Here
    • A window will open and choose SAVE, then DESKTOP as the destination.
    • On your Desktop, click on Cleanup40.exe icon.
    • Then, click RUN and place a checkmark beside "I Agree"
    • Then click NEXT followed by START and OK.
    • A window will appear with many choices, keep all the defaults as set when the Slide Bar to the left is set to Standard Quality.
    • Click OK
    • DO NOT RUN IT YET!

    --------------

    *Click here for info on how to boot to safe mode if you don't already know how.
    ----------------

    * Click on My Computer. Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and "Hide extensions for known file types" . Now click "Apply to all folders"
    Click "Apply" then "OK"

    -------------

    * Please run HJt again and do another scan. Check the following entries:

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

    R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no
    file)

    O1 - Hosts: 207.68.172.246 msn.com

    O1 - Hosts: 207.68.172.246 msn.com

    O1 - Hosts: 207.68.172.246 msn.com

    O1 - Hosts: 207.68.172.246 msn.com

    O1 - Hosts: 207.68.172.246 msn.com

    O1 - Hosts: 207.68.172.246 msn.com

    O1 - Hosts: 207.68.172.246 msn.com

    O1 - Hosts: 207.68.172.246 msn.com

    O1 - Hosts: 207.68.172.246 msn.com

    O1 - Hosts: 207.68.172.246 msn.com

    O1 - Hosts: 207.68.172.246 msn.com

    O1 - Hosts: 207.68.172.246 msn.com

    O1 - Hosts: 207.68.172.246 msn.com

    O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)

    Did you add the following trusted zones on purpose, if not have HJT remove them:

    O15 - Trusted Zone: http://*.altfarm.com

    O15 - Trusted Zone: http://*.auctionpayments.com

    O15 - Trusted Zone: http://*.hammertap.auctionstealer.com

    O15 - Trusted Zone: http://*.auctionstealer.com

    O15 - Trusted Zone: http://*.bravenet.com

    O15 - Trusted Zone: http://*.ebay.com

    O15 - Trusted Zone: http://*.eric.ed.gov

    O15 - Trusted Zone: http://*.edpsyc.com

    O15 - Trusted Zone: http://*.edpsyc.net

    O15 - Trusted Zone: http://*.edpsyc.org

    O15 - Trusted Zone: http://*.hammertap.com

    O15 - Trusted Zone: http://*.mediaplex.com

    O15 - Trusted Zone: http://*.nytimes.com

    O15 - Trusted Zone: http://*.rcn.com

    O15 - Trusted Zone: http://*.rubylane.com

    O15 - Trusted Zone: http://*.screensavers.com

    O15 - Trusted Zone: http://*.tvguide.com

    O15 - Trusted Zone: http://*.usps.com


    Please close all browsers and open windows except HJT, then click the Fix Checked button. Close HJT.

    --------------

    * Restart your computer into safe mode now. Perform the following steps in safe mode:
    -----------

    Please close ALL open Windows, Programs and Folders, and run a full scan with Ewido.
    • Click on Scanner
    • Click on Settings
    • Under How to scan all boxes should be checked
    • Under Unwanted Software all boxes should be checked
    • Under What to scan select Scan every file
    • Click on Ok
    • Click on Complete System Scan to start the scan process.
    • Let the program scan the machine.
    If Ewido finds anything, it will pop up a notification. When it asks if you want to clean the first file, put a checkmark in the lower left corner of the box that says Perform action on all infections, then choose clean and click Ok.


    * Run Cleanup:
    • Click on the "Cleanup" button and let it run.
    • Once its done, close the program.
    =====================

    Download DelDomains.inf from here:

    http://www.mvps.org/winhelp2002/DelDomains.inf

    Rightclick DelDomains.inf and choose install.

    ---------------------

    Reboot to normal mode and post new log!
    David :)
     
  6. hweiman

    hweiman Thread Starter

    Joined:
    Sep 5, 2005
    Messages:
    13
    Okay, before I do this, I was wondering if you could tell me what kind of problem you suspect. I assume you must think it's related to having had that worm, since you're looking at the hosts file. After finding lienvandekelder, I did check my host file and clean it up. I'm not sure what the deal is with all those MSN entries, but I had added the others that you asked about. Also, could the problem that you suspect have any bearing on my problems regarding lack or alphabetical ordering of files and visited links not registering? Thanks!
     
  7. D_Trojanator

    D_Trojanator

    Joined:
    May 13, 2005
    Messages:
    4,699
    I'll see whats in the ewido log..........Resesting the hosts file may help, some viri tamper with that......

    Do not do this part, due to the fact you added those 015's:

    =====================

    Download DelDomains.inf from here:

    http://www.mvps.org/winhelp2002/DelDomains.inf

    Rightclick DelDomains.inf and choose install.
    ------------------

    Post back later with new HJt log and the ewido log, be sure to do the cleanup also
    David
     
  8. hweiman

    hweiman Thread Starter

    Joined:
    Sep 5, 2005
    Messages:
    13
    Sorry, can you clarify please? (Not sure which part I'm not supposed to do and what I should do.)
     
  9. D_Trojanator

    D_Trojanator

    Joined:
    May 13, 2005
    Messages:
    4,699
    sorry may not be clear. Don't do whats in red:

    Download DelDomains.inf from here:

    http://www.mvps.org/winhelp2002/DelDomains.inf

    Rightclick DelDomains.inf and choose install
    .


    --------------

    DO whats in blue:

    Post back later with new HJt log and the ewido log, be sure to do the cleanup also


    David
     
  10. hweiman

    hweiman Thread Starter

    Joined:
    Sep 5, 2005
    Messages:
    13
    Okay, mistakenly installed DelDomains.inf. Did not Restore Original Hosts (should I?) Visited links are now working, but still no alphabetical ordering of files. Ewido did not clean --it quaranteened-- 84 files. Shouldn't these be deleted instead? Also, Cleanup did not work --during 4 attempts, it caused an error each time and closed.

    Here are the reports.

    Logfile of HijackThis v1.99.1
    Scan saved at 10:08:20 PM, on 9/9/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\cisvc.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    c:\program files\mcafee.com\agent\mcagent.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\LTSMMSG.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
    C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
    C:\WINDOWS\System32\ezSP_Px.exe
    C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe
    C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
    C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    C:\PROGRA~1\PESTPA~1\PPControl.exe
    C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
    C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\Owner\Desktop\FreeRAM XP Pro 1.40.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
    C:\Program Files\Nikon\NkView6\NkvMon.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fujitsupc.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.google.com/"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\4pb6qijg.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\4pb6qijg.slt\prefs.js)
    O1 - Hosts: 207.68.172.246 msn.com
    O1 - Hosts: 207.68.172.246 msn.com
    O1 - Hosts: 207.68.172.246 msn.com
    O1 - Hosts: 207.68.172.246 msn.com
    O1 - Hosts: 207.68.172.246 msn.com
    O1 - Hosts: 207.68.172.246 msn.com
    O1 - Hosts: 207.68.172.246 msn.com
    O1 - Hosts: 207.68.172.246 msn.com
    O1 - Hosts: 207.68.172.246 msn.com
    O1 - Hosts: 207.68.172.246 msn.com
    O1 - Hosts: 207.68.172.246 msn.com
    O1 - Hosts: 207.68.172.246 msn.com
    O1 - Hosts: 207.68.172.246 msn.com
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
    O2 - BHO: CCHelper Class - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper\CCHelper.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
    O3 - Toolbar: Pa&nicware Pop-Up Stopper - {7E82235C-F31E-46CB-AF9F-1ADD94C585FF} - C:\Program Files\Panicware\Pop-Up Stopper\pstopper.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
    O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
    O4 - HKLM\..\Run: [Drag'n Drop CD] C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe /StartUp
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
    O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
    O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [FreeRAM XP] "C:\Documents and Settings\Owner\Desktop\FreeRAM XP Pro 1.40.exe" -win
    O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
    O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
    O8 - Extra context menu item: &Copy Location - C:\WINDOWS\WEB\graburl.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Open with &ZipScan - C:\PROGRA~1\ZIPSCA~1\zs_ie.htm
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
    O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
    O9 - Extra button: (no name) - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINDOWS\system32\webzone.dll
    O9 - Extra 'Tools' menuitem: Add to R&estricted Zone - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINDOWS\system32\webzone.dll
    O9 - Extra button: (no name) - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\WINDOWS\system32\webzone.dll
    O9 - Extra 'Tools' menuitem: Add to Tr&usted Zone - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\WINDOWS\system32\webzone.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Offline - {FC09D8A3-C85A-11d2-92D0-0000F87A4A55} - C:\WINDOWS\system32\oline.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.fujitsupc.com/
    O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
    O16 - DPF: {0FC6BF2B-E16A-11CF-AB2E-0080AD08A326} (LiveUpdate Crescendo) - http://activex.liveupdate.com/controls/cres.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120161230094
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125297075384
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
    O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe


    ---------------------------------------------------------
    ewido security suite - Scan report
    ---------------------------------------------------------

    + Created on: 11:53:25 PM, 9/9/2005
    + Report-Checksum: 42A79E9

    + Scan result:

    HKLM\SOFTWARE\Classes\AppID\adm.EXE -> Spyware.Altnet : Cleaned with backup
    HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE -> Spyware.Altnet : Cleaned with backup
    HKLM\SOFTWARE\SearchUpgrader -> Spyware.KeenValue : Cleaned with backup
    HKLM\SOFTWARE\SearchUpgrader\{7EE60CF1-2DFF-41B5-91C9-9C1C518053FC} -> Spyware.KeenValue : Cleaned with backup
    C:\Documents and Settings\LocalService\Cookies\[email protected]-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\LocalService\Cookies\[email protected]-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\LocalService\Cookies\[email protected]-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
    C:\Documents and Settings\LocalService\Cookies\[email protected]-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\LocalService\Cookies\[email protected]-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\LocalService\Cookies\[email protected]-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\LocalService\Cookies\[email protected]-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    :mozilla.6:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\4pb6qijg.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.12:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\4pb6qijg.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.13:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\4pb6qijg.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.14:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\4pb6qijg.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.15:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\4pb6qijg.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.16:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\4pb6qijg.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.17:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\4pb6qijg.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.18:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\4pb6qijg.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.19:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\4pb6qijg.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.20:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\4pb6qijg.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.21:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\4pb6qijg.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.22:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\4pb6qijg.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.24:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\4pb6qijg.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
    :mozilla.25:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\4pb6qijg.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.26:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\4pb6qijg.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.27:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\4pb6qijg.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.30:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\4pb6qijg.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.31:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\4pb6qijg.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.32:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\4pb6qijg.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.33:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\4pb6qijg.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.34:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\4pb6qijg.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.36:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\4pb6qijg.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    :mozilla.37:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\4pb6qijg.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    :mozilla.38:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\4pb6qijg.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.39:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\4pb6qijg.slt\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
    :mozilla.40:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\4pb6qijg.slt\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
    :mozilla.41:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\4pb6qijg.slt\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
    :mozilla.62:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\4pb6qijg.slt\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
    :mozilla.63:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\4pb6qijg.slt\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
    :mozilla.64:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\4pb6qijg.slt\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
    :mozilla.85:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\4pb6qijg.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
    :mozilla.86:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\4pb6qijg.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
    :mozilla.87:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\4pb6qijg.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
    :mozilla.90:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\4pb6qijg.slt\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
    :mozilla.91:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\4pb6qijg.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
    :mozilla.92:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\4pb6qijg.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
    :mozilla.124:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\4pb6qijg.slt\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
    :mozilla.131:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\4pb6qijg.slt\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.132:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\4pb6qijg.slt\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
    :mozilla.135:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\4pb6qijg.slt\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
    :mozilla.136:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\4pb6qijg.slt\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
    :mozilla.150:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\4pb6qijg.slt\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    :mozilla.151:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\4pb6qijg.slt\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    :mozilla.152:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\4pb6qijg.slt\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    :mozilla.157:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\4pb6qijg.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.158:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\4pb6qijg.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.159:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\4pb6qijg.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.161:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\4pb6qijg.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.172:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\4pb6qijg.slt\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
    :mozilla.173:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\4pb6qijg.slt\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
    :mozilla.184:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\4pb6qijg.slt\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
    :mozilla.185:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\4pb6qijg.slt\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
    :mozilla.196:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\4pb6qijg.slt\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
    :mozilla.199:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\4pb6qijg.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.220:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\4pb6qijg.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
    :mozilla.221:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\4pb6qijg.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
    :mozilla.222:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\4pb6qijg.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
    :mozilla.223:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\4pb6qijg.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
    :mozilla.225:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\4pb6qijg.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
    :mozilla.229:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\4pb6qijg.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    :mozilla.240:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\4pb6qijg.slt\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
    :mozilla.241:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\4pb6qijg.slt\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
    :mozilla.256:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\4pb6qijg.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
    :mozilla.257:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\4pb6qijg.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
    :mozilla.258:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\4pb6qijg.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.269:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\4pb6qijg.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
    :mozilla.270:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\4pb6qijg.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    C:\Program Files\PestPatrol\Quarantine\20041109184233326.zip/WINDOWS/system32/p2p networking/p2p networking.exe -> Spyware.P2PNetworking : Cleaned with backup
    C:\Program Files\PestPatrol\Quarantine\20041109184233326.zip/WINDOWS/system32/p2p networking/MARSHAL.DLL -> Spyware.P2PNetworking : Cleaned with backup
    C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll -> TrojanDownloader.WebP2PInstaller : Cleaned with backup


    ::Report End
     
  11. D_Trojanator

    D_Trojanator

    Joined:
    May 13, 2005
    Messages:
    4,699
    Please complete this step once more before we try a different approach:

    Please download hoster from the link below.

    http://www.funkytoad.com/download/hoster.zip

    Unzip Hoster.zip
    Open Hoster.exe.

    Then click on "Restore Original Hosts"

    Close program when complete.

    Empty Recycle Bin

    Reboot and "copy/paste" a new log file into this thread.
    Also please describe how your computer behaves at the moment.

    DAvid
     
  12. hweiman

    hweiman Thread Starter

    Joined:
    Sep 5, 2005
    Messages:
    13
    Visited links continue to work fine, but still no alphabetical ordering of files.

    Logfile of HijackThis v1.99.1
    Scan saved at 12:38:08 PM, on 9/10/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\cisvc.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    c:\program files\mcafee.com\agent\mcagent.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\LTSMMSG.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
    C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
    C:\WINDOWS\System32\ezSP_Px.exe
    C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe
    C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
    C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\PROGRA~1\PESTPA~1\PPControl.exe
    C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
    C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\Owner\Desktop\FreeRAM XP Pro 1.40.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Nikon\NkView6\NkvMon.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

    http://g.msn.com/0SEENUS/SAOS01
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

    http://www.fujitsupc.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.google.com/");

    (C:\Documents and Settings\Owner\Application

    Data\Mozilla\Profiles\default\4pb6qijg.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine",

    "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src")

    ; (C:\Documents and Settings\Owner\Application

    Data\Mozilla\Profiles\default\4pb6qijg.slt\prefs.js)
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program

    Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
    O2 - BHO: CCHelper Class - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program

    Files\Panicware\Pop-Up Stopper\CCHelper.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN

    Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN

    Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} -

    c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN

    Toolbar\01.02.3000.1001\en-us\msntb.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program

    Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program

    Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
    O3 - Toolbar: Pa&nicware Pop-Up Stopper - {7E82235C-F31E-46CB-AF9F-1ADD94C585FF} -

    C:\Program Files\Panicware\Pop-Up Stopper\pstopper.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application

    Panel\QuickTouch.exe
    O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
    O4 - HKLM\..\Run: [Drag'n Drop CD] C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe

    /StartUp
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey

    Utility\IndicatorUty.exe
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
    O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
    O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"

    -osboot
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [FreeRAM XP] "C:\Documents and Settings\Owner\Desktop\FreeRAM XP Pro

    1.40.exe" -win
    O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop

    Search\GoogleDesktop.exe" /startup
    O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
    O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
    O8 - Extra context menu item: &Copy Location - C:\WINDOWS\WEB\graburl.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel -

    res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Open with &ZipScan - C:\PROGRA~1\ZIPSCA~1\zs_ie.htm
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} -

    C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program

    Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... -

    {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program

    Files\Free Surfer\FS20.exe
    O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} -

    C:\Program Files\Free Surfer\FS20.exe
    O9 - Extra button: (no name) - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} -

    C:\WINDOWS\system32\webzone.dll
    O9 - Extra 'Tools' menuitem: Add to R&estricted Zone -

    {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINDOWS\system32\webzone.dll
    O9 - Extra button: (no name) - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} -

    C:\WINDOWS\system32\webzone.dll
    O9 - Extra 'Tools' menuitem: Add to Tr&usted Zone - {BF80219A-CCDD-11d2-92D3-0000F87A4A55}

    - C:\WINDOWS\system32\webzone.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

    C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

    Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

    C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Offline - {FC09D8A3-C85A-11d2-92D0-0000F87A4A55} -

    C:\WINDOWS\system32\oline.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.fujitsupc.com/
    O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) -

    http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
    O16 - DPF: {0FC6BF2B-E16A-11CF-AB2E-0080AD08A326} (LiveUpdate Crescendo) -

    http://activex.liveupdate.com/controls/cres.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation

    Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} -

    http://download.ebay.com/turbo_lister/US/install.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) -

    http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) -

    http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

    http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?112016

    1230094
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

    http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125

    297075384
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) -

    http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
    O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) -

    http://www.gamespot.com/KDX22/download/kdx.cab
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: ewido security suite control - ewido networks - C:\Program

    Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program

    files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. -

    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc -

    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc -

    C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
     
  13. D_Trojanator

    D_Trojanator

    Joined:
    May 13, 2005
    Messages:
    4,699
    Notepad Word Wrap

    1. Click the "Format" menu and select "Word Wrap".

    2. The scroll bar at the bottom of the Notepad window will disappear. A check will appear next to the "Word Wrap" option on the Format menu.

    3. Word Wrap wraps the text in your text document so it doesn't scroll across the entire screen.
     
  14. hweiman

    hweiman Thread Starter

    Joined:
    Sep 5, 2005
    Messages:
    13
    Not sure what this is about --just looked at my Notepad program and Word Wrap was already checked.
     
  15. D_Trojanator

    D_Trojanator

    Joined:
    May 13, 2005
    Messages:
    4,699
    Try and post again
    David
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/396448

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice