Solve : Suspicious "comment" on my Opera blog?

1.	Solve : Suspicious "comment" on my Opera blog?
Answer» As i have mentioned her i prefer the Opera browser and joined the Opera community which has a nice homepage of sorts when you join their group lus they are very helpful and supportive if you have problems and or questions. ( a lot like here ) i started my first ever blog and got a "comment" the very next day. The comment was a link ( the person who sent it also is a member of Opera but his homepage is nothing more than a shell. His link lead me to a page that was all in arabic except for a graphic in the middle of the page saying that the person who's blog i was now on had approved my entering by providing me with a password which was all: ****** filled in. i did not take the bate. i closed the page and shortly there after i went to shut off my computer when an "END PROGRAM NOW" window poped up. It caught me off guard but i did notice an unfamilar symbol for the name of the program. i hit the END NOW button and it functions like all END NOW programs work and the computer shut off. But i turned it back on and ran spybot, adware SE, AVG, Avira, and Trendmicro remote. Nothing was found. A different person from the Opera community advised me to tell the community which i did. i asked her about Hijack this since she seemed to know a few things about computers and programs ( she is not a fan of Zone Alarm and recommened another program { for another POST } ) She never heard of hijack this except that there is a program that might be similarly named that actually takes over your computer. Be that as it may i told her about this forum and that you guys recommend it and actually analyze the results. What's your thoughts on using hijack this to see if i have something hidding somewhere? i will tell you that after doing a disk clean up and defrag my computer started with a scan disk blue screne which i have never seen before on XP. i also ran into problems trying to use standby and hibernate with an MS NET Frame update error which i seemed to have fixed. Any suggestions?>No harm can be done in posting a HijackThis log. I recommend you post one and someone will analyze and diagnose your situation ASAP.You should also do a scan with your anti-virus program, you do have an anti-virus program installed right? If not you haven't been paying close enough attention on this forum. Also did all these problems start after you visited that website? You haven't installed or done anything else?Kryptonite, I got your PM and although I don't know if that site is related to your recent problems or not, it certainly does sound suspicious. First of all, I will say that HijackThis is perfectly safe if used properly. If you don't know what you're doing, you may remove something vital, but I guarantee that I wouldn't tell anyone to remove something unless I absolutely knew what the file was and that removing it would be safe. Typically, I only instruct the removal of things that are known to be harmful and unwanted. I'm surprised that someone who supposedly knows a lot about computers would have never heard of HijackThis... I wonder how much this girl actually knows. I'm not insulting her by any means; it just strikes me as odd. Anyway, with that said...it's been a few weeks since you last posted a HijackThis log, so I would suggest posting a new log here. You should also update your protection and scan with it in Safe Mode. Then head on over to Panda ActiveScan and scan your computer with that and then post the results here.Hey Matt, i have the hijack scan which i will post ( BTW this is a different computer than the last post ) Panda only found one cookie from: atowla which is set by aol.com if i'm not mistaking. The other problems that i mentioned may just be coincidence. But check the scan data and see if anything is obviously weird. So far none of the programs or tests found anything. You recomended a couple programs once before and they are now on my other computer. One is called SuperBug or something like that....i have to find that post and download those programs. Here's the first part of the hijack scan: Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 9:27:44 AM, on 7/20/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Digital Media Reader\shwicon2k.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\taskswitch.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Windows NT\Accessories\wordpad.exe C:\Program Files\Opera\Opera.exe C:\dOWNLOADS\Hyjack\HiJackThis_v2.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX7120 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX7120 R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SunKist] C:\Program Files\Digital Media Reader\shwicon2k.exe O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user') O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228 O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: SUN Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155063375250 O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} (LycosMail Upload Control) - http://mail.lycos.com/hanmail-ax/AttachMail.cab O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 7804 bytes Well, I'm not seeing anything malicious in your log. Did you try the Panda ActiveScan? The program you're thinking of might be SUPERAntiSpyware, which you should also try. Also...this computer has both AntiVir and AVG. If you want two anti-virus programs, that's fine, but you should make sure one of them is disabled so there aren't any conflicts.Quote from: CBMatt on July 20, 2007, 01:51:02 PM Well, I'm not seeing anything malicious in your log. Did you try the Panda ActiveScan? The program you're thinking of might be SUPERAntiSpyware, which you should also try. Also...this computer has both AntiVir and AVG. If you want two anti-virus programs, that's fine, but you should make sure one of them is disabled so there aren't any conflicts. Panda found the atwola cookie but that's all. i went to that folder and there were 48 other cookie there so i deleted them all. Usually i only run the one antivirus as you had once before advised. Today i ran scans with both of them and left them running when i used hijack. Yes, SuperAntiSpyware is the program. i'm going to do a search for that post when your recommended it the first time so i can see the other programs you mentioned. Thanks MattNot all cookies need to be deleted. Most cookies just tell a site your login information quickly so that you can be automatically logged in. Tracking cookies, that record your browsing (even if not for malicious purposes) are usually picked up by AV or AS. When you say you usually only run the one, do you mean they're both open and you only 'scan' with one at a time? I suspect not but if you do then don't, because its the 'active' part thats conflicting, not so much the scan.Quote from: Kryptonite on July 20, 2007, 02:29:12 PM Panda found the atwola cookie but that's all. i went to that folder and there were 48 other cookie there so i deleted them all. Right, I missed that part in your previous post. DeltaSlaya is right. Cookies generally aren't something you need to be concerned about. HOWEVER, it would be a good idea to get SpywareBlaster, which will prevent many malicious sites from downloading cookies onto your computer. Scanning with two programs at once can cause a lot of complications. The same goes for having two active anti-virus programs. The below entries show that both programs are set to load on startup... O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min Although you claim to not use both programs at the same time, they are still active and on alert. It sounds like you have twice as much defense, but it can actually lower your security.

Answer»

As i have mentioned her i prefer the Opera browser and joined the Opera community which has a nice homepage of sorts when you join their group lus they are very helpful and supportive if you have problems and or questions. ( a lot like here )

i started my first ever blog and got a "comment" the very next day. The comment was a link ( the person who sent it also is a member of Opera but his homepage is nothing more than a shell. His link lead me to a page that was all in arabic except for a graphic in the middle of the page saying that the person who's blog i was now on had approved my entering by providing me with a password which was all: ****** filled in. i did not take the bate. i closed the page and shortly there after i went to shut off my computer when an "END PROGRAM NOW" window poped up. It caught me off guard but i did notice an unfamilar symbol for the name of the program. i hit the END NOW button and it functions like all END NOW programs work and the computer shut off. But i turned it back on and ran spybot, adware SE, AVG, Avira, and Trendmicro remote. Nothing was found.

A different person from the Opera community advised me to tell the community which i did. i asked her about Hijack this since she seemed to know a few things about computers and programs ( she is not a fan of Zone Alarm and recommened another program { for another POST } ) She never heard of hijack this except that there is a program that might be similarly named that actually takes over your computer. Be that as it may i told her about this forum and that you guys recommend it and actually analyze the results.

What's your thoughts on using hijack this to see if i have something hidding somewhere? i will tell you that after doing a disk clean up and defrag my computer started with a scan disk blue screne which i have never seen before on XP. i also ran into problems trying to use standby and hibernate with an MS NET Frame update error which i seemed to have fixed.

Any suggestions?>No harm can be done in posting a HijackThis log. I recommend you post one and someone will analyze and diagnose your situation ASAP.You should also do a scan with your anti-virus program, you do have an anti-virus program installed right? If not you haven't been paying close enough attention on this forum.

Also did all these problems start after you visited that website? You haven't installed or done anything else?Kryptonite, I got your PM and although I don't know if that site is related to your recent problems or not, it certainly does sound suspicious. First of all, I will say that HijackThis is perfectly safe if used properly. If you don't know what you're doing, you may remove something vital, but I guarantee that I wouldn't tell anyone to remove something unless I absolutely knew what the file was and that removing it would be safe. Typically, I only instruct the removal of things that are known to be harmful and unwanted. I'm surprised that someone who supposedly knows a lot about computers would have never heard of HijackThis... I wonder how much this girl actually knows. I'm not insulting her by any means; it just strikes me as odd.

Anyway, with that said...it's been a few weeks since you last posted a HijackThis log, so I would suggest posting a new log here. You should also update your protection and scan with it in Safe Mode. Then head on over to Panda ActiveScan and scan your computer with that and then post the results here.Hey Matt,

i have the hijack scan which i will post ( BTW this is a different computer than the last post ) Panda only found one cookie from: atowla which is set by aol.com if i'm not mistaking. The other problems that i mentioned may just be coincidence. But check the scan data and see if anything is obviously weird.
So far none of the programs or tests found anything.

You recomended a couple programs once before and they are now on my other computer. One is called SuperBug or something like that....i have to find that post and download those programs.

Here's the first part of the hijack scan:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 9:27:44 AM, on 7/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Digital Media Reader\shwicon2k.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Program Files\Opera\Opera.exe
C:\dOWNLOADS\Hyjack\HiJackThis_v2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX7120
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX7120
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunKist] C:\Program Files\Digital Media Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: SUN Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155063375250
O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} (LycosMail Upload Control) - http://mail.lycos.com/hanmail-ax/AttachMail.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7804 bytes
Well, I'm not seeing anything malicious in your log. Did you try the Panda ActiveScan? The program you're thinking of might be SUPERAntiSpyware, which you should also try. Also...this computer has both AntiVir and AVG. If you want two anti-virus programs, that's fine, but you should make sure one of them is disabled so there aren't any conflicts.Quote from: CBMatt on July 20, 2007, 01:51:02 PM

Well, I'm not seeing anything malicious in your log. Did you try the Panda ActiveScan? The program you're thinking of might be SUPERAntiSpyware, which you should also try. Also...this computer has both AntiVir and AVG. If you want two anti-virus programs, that's fine, but you should make sure one of them is disabled so there aren't any conflicts.

Panda found the atwola cookie but that's all. i went to that folder and there were 48 other cookie there so i deleted them all.

Usually i only run the one antivirus as you had once before advised. Today i ran scans with both of them and left them running when i used hijack.

Yes, SuperAntiSpyware is the program. i'm going to do a search for that post when your recommended it the first time so i can see the other programs you mentioned.

Thanks MattNot all cookies need to be deleted. Most cookies just tell a site your login information quickly so that you can be automatically logged in. Tracking cookies, that record your browsing (even if not for malicious purposes) are usually picked up by AV or AS.

When you say you usually only run the one, do you mean they're both open and you only 'scan' with one at a time? I suspect not but if you do then don't, because its the 'active' part thats conflicting, not so much the scan.Quote from: Kryptonite on July 20, 2007, 02:29:12 PM

Panda found the atwola cookie but that's all. i went to that folder and there were 48 other cookie there so i deleted them all.

Right, I missed that part in your previous post.

DeltaSlaya is right. Cookies generally aren't something you need to be concerned about. HOWEVER, it would be a good idea to get SpywareBlaster, which will prevent many malicious sites from downloading cookies onto your computer.

Scanning with two programs at once can cause a lot of complications. The same goes for having two active anti-virus programs. The below entries show that both programs are set to load on startup...

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

Although you claim to not use both programs at the same time, they are still active and on alert. It sounds like you have twice as much defense, but it can actually lower your security.

Solve : Suspicious "comment" on my Opera blog?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment