Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Originally Smitfraudfix Said Dns Hijack. But Not Now.


  • Please log in to reply
10 replies to this topic

#1 gungebucket

gungebucket

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:02 AM

Posted 17 December 2007 - 05:29 PM

Hi folks,

I've delayed and delayed as I know you guys are busy. So I've done all I can to get to this stage.

Virgin Media had an outage fairly recently accross the south coast of the UK. Fair enough, nobody had internet for a while. I'm phoning the status number twice or more daily, and eventually they say 'We are not aware of any problems in your area."
I can see that my PC is online, Network Connections says 'Connected at 100bps'
But all web pages slowed down and servers timed out.
I thought maybe it's my fault. But nothing made a difference. Eventually, after them getting me to 'ping' their server and doing packet response tests, the tech guys (25p per minute) are telling me I have some king of trojan or hijack thingy.
But I used AVG Antispy. Nothing
Zonealarm never said there was a problem.
AVG anti virus finds 'shell32.dll' Change but no virus
All were fully updated at the time.

I've bought a secondhand PC to get online and it's fine. I've downloading Hijackthis and Adaware and transfering them to the sick PC I ran Adaware which found 58 problems so I let it remove them. I can't get Spybot S&D to transfer as it seems want to use the net to load files.

The PC currently just runs the network connection app unendingly, and never finds my IP address.

Here's hoping some one can point me in the right direction, as my best PC has been useless for around a month so far. :thumbsup:

Please let me know if I've missed anything out.

AVG still finds the 'shell32.dll' change.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:14:20, on 17/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\cidaemon.exe
C:\HJT\HijackThis.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: (no name) - {77DDD430-B7AD-D855-E90B-F07D89AFC6AB} - Preliminary.dll (file missing)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {04079851-5845-4dea-848C-3ECD647AA554} - (no file)
O2 - BHO: (no name) - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [Microsoft Update] msconfg.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZN
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: PackageHtmlCab -
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} -
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Diskeeper - Unknown owner - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

--
End of file - 5378 bytes





Thanking you in advance people.

Pete.
AMD Athlon 64x2 Dual Core Processor 45600+. 300gig H/D. 2 gig DDr RAM. Vista Home fully updated. Firefox. AVG Free. Zonealarm.
Look, I'm quite capable of fouling up my computer without your help. Thank you very much! :-D

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:02 AM

Posted 17 December 2007 - 05:54 PM

Hello gungebucket,

Welcome to Bleeping Computer :thumbsup:

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 gungebucket

gungebucket
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:02 AM

Posted 17 December 2007 - 06:44 PM

Wow!! Thanks for the quick reply Tea. :blink:
I'll get on to that tomorrow night, (early early start in the mornin, yawn! :thumbsup: )
Though I have to mention that I've been unable to get the machine into safe mode recently, it hangs up. But that's a Windows issue. And also that I have to save and transfer all these apps via memory stick as the problemss are on another PC, but hopefully it'll work. Spybot wouldn't.

I have a feeling that I'll end up buying a replacement XP disk and formatting the HD before too long. Will that overcome my hijack issue as well? Just a thought.

Thanks.

Pete.
AMD Athlon 64x2 Dual Core Processor 45600+. 300gig H/D. 2 gig DDr RAM. Vista Home fully updated. Firefox. AVG Free. Zonealarm.
Look, I'm quite capable of fouling up my computer without your help. Thank you very much! :-D

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:02 AM

Posted 17 December 2007 - 07:00 PM

Hello Pete,

You're welcome. :thumbsup:

We can rebuild Safe Mode once we know the malware is gone, if you like. Just let me know if you have trouble with SDFix and we'll try something different. More than one way to eradicate the bad guys. :blink:

I'll look for you tomorrow then.

Regards,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 gungebucket

gungebucket
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:02 AM

Posted 20 December 2007 - 06:14 AM

Sorry if you took tike to check for my reply Tea, I presonally have a virus too, and could not really focus on the screen for long.
Feeling better today, so I'll give it a go.
LOL any idead on a download for my cold??!! :thumbsup:
AMD Athlon 64x2 Dual Core Processor 45600+. 300gig H/D. 2 gig DDr RAM. Vista Home fully updated. Firefox. AVG Free. Zonealarm.
Look, I'm quite capable of fouling up my computer without your help. Thank you very much! :-D

#6 gungebucket

gungebucket
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:02 AM

Posted 20 December 2007 - 07:29 AM

Okys.
I've got SDfix onto my main PC.
Made it boot into safe mode by using msconfig and checking the safeboot box in the boot.ini tab.
Had to use Windows Explorer to find the app on the main HD, but don't see a RunThis.bat , the only thing close is RunThis.cmd
I won't click on anything else till I hear back.
All my files from this drive are copied onto a second HD on the same machine, so I'm guessing they'll be ok if I wreck this one. :thumbsup:

Screen 1

Posted Image


the apps folder vvvv

Screen 2

Posted Image


Thanx in advance for any further assistance. :blink:

Pete.

Ooo! Have to go shopping now, it's the last day for mailing xmas cards!!!

Edited by gungebucket, 20 December 2007 - 07:32 AM.

AMD Athlon 64x2 Dual Core Processor 45600+. 300gig H/D. 2 gig DDr RAM. Vista Home fully updated. Firefox. AVG Free. Zonealarm.
Look, I'm quite capable of fouling up my computer without your help. Thank you very much! :-D

#7 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:02 AM

Posted 20 December 2007 - 01:45 PM

Hello,

Use RunThis.cmd :thumbsup:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#8 gungebucket

gungebucket
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:02 AM

Posted 20 December 2007 - 02:36 PM

Okys
AMD Athlon 64x2 Dual Core Processor 45600+. 300gig H/D. 2 gig DDr RAM. Vista Home fully updated. Firefox. AVG Free. Zonealarm.
Look, I'm quite capable of fouling up my computer without your help. Thank you very much! :-D

#9 gungebucket

gungebucket
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:02 AM

Posted 20 December 2007 - 03:13 PM

Result

--------------------------



SDFix: Version 1.119

Run by pete on 20/12/2007 at 19:39

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\wfsvqpit.exe.tmp - Deleted




Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1333.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-20 19:53:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"
"C:\\Program Files\\Softros Systems\\Softros Messenger\\Messenger.exe"="C:\\Program Files\\Softros Systems\\Softros Messenger\\Messenger.exe:*:Enabled:Messenger"
"C:\\Program Files\\Trust\\305KS WIRELESS OPTICAL DESKSET\\KbdAp32A.exe"="C:\\Program Files\\Trust\\305KS WIRELESS OPTICAL DESKSET\\KbdAp32A.exe:*:Enabled:305KS Keyboard 1.2"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Fri 23 Apr 1999 93,890 ..SH. --- "C:\COMMAND.COM"
Fri 23 Apr 1999 53,248 A..H. --- "C:\Program Files\Accessories\mspcx32.dll"
Sat 5 Aug 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 31 May 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv03.tmp"
Tue 11 Sep 2007 19,456 ...H. --- "C:\Documents and Settings\pete\Application Data\Microsoft\Word\~WRL0003.tmp"

Finished!



And the new Hijack this log

---------------------------


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:09:40, on 20/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: (no name) - {77DDD430-B7AD-D855-E90B-F07D89AFC6AB} - Preliminary.dll (file missing)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {04079851-5845-4dea-848C-3ECD647AA554} - (no file)
O2 - BHO: (no name) - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [Microsoft Update] msconfg.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZN
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: PackageHtmlCab -
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} -
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Diskeeper - Unknown owner - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

--
End of file - 5207 bytes



-----------------


I'll have to go off line and reconnect the other machine if I'm going to test it, if you think we've succeeded. :thumbsup:

See what you think Tea.
AMD Athlon 64x2 Dual Core Processor 45600+. 300gig H/D. 2 gig DDr RAM. Vista Home fully updated. Firefox. AVG Free. Zonealarm.
Look, I'm quite capable of fouling up my computer without your help. Thank you very much! :-D

#10 gungebucket

gungebucket
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:02 AM

Posted 20 December 2007 - 03:58 PM

Well, in spite of the good clean out, I still cannot go online with my main PC. It appears to be connected, but hangs forever finding the IP address
AMD Athlon 64x2 Dual Core Processor 45600+. 300gig H/D. 2 gig DDr RAM. Vista Home fully updated. Firefox. AVG Free. Zonealarm.
Look, I'm quite capable of fouling up my computer without your help. Thank you very much! :-D

#11 gungebucket

gungebucket
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:02 AM

Posted 31 January 2008 - 05:34 AM

Oops, nearly for got about this thread.

I'm running UBNUTU Linux on two PCs now and loving it!

3.50 for a complete operating system on CD! :thumbsup: And, you can run it fron the CD to try it out!

How can you go wrong with that??

Thanx for your help up to that point Tea, it was appreciated. Problem solved, just not in the Windows way. :blink:


Pete.
AMD Athlon 64x2 Dual Core Processor 45600+. 300gig H/D. 2 gig DDr RAM. Vista Home fully updated. Firefox. AVG Free. Zonealarm.
Look, I'm quite capable of fouling up my computer without your help. Thank you very much! :-D




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users