help

Advertise at AfterDawn.com

Link to us!

Private messages

Compose a private message

List of all updated threads

Threads without replies

Search messages

Wednesday 3.9.2025 / 11:25

Search AfterDawn Forums:

afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > help

Browse by topic

Forums

Start a new thread

help

Jump to:

Posted

Message

dap1680

Suspended due to non-functional email address

25. May 2007 @ 04:43

Link to this message

i need some help my computer keeps freezing, i cant download music, and half of the music files that i currently have will not play. here is a copy of my hijack scan log

Logfile of HijackThis v1.99.1
Scan saved at 8:41:22 AM, on 5/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Documents and Settings\HP_Administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3...lion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3...lion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3...lion&pf=desktop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1179682269890
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1179682263312
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

[ + quote]

Baabiouz

Member

25. May 2007 @ 13:14

Link to this message

Hi!

Your log is ok.

#1
Looking over your log, it seems you don't have any evidence of a third party firewall.

As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:

1) ZoneAlarm
2) Agnitum
3) Sunbelt/Kerio
4) Comodo

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

#2
Panda ActiveScan

- Once you are on the Panda site, click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Do NOT lose it!

Please, send the Panda activescan report and a new HjT log.

[ + quote]

dap1680

Suspended due to non-functional email address

26. May 2007 @ 07:48

Link to this message

new hijack log and panda log

Logfile of HijackThis v1.99.1
Scan saved at 11:45:20 AM, on 5/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Documents and Settings\HP_Administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3...lion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3...lion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3...lion&pf=desktop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1179682269890
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1179682263312
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Incident Status Location

Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\CeCe\Cookies\cece@atwola[1].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\CeCe\Cookies\cece@azjmp[1].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\CeCe\Cookies\cece@did-it[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\CeCe\Cookies\cece@go[1].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\CeCe\Cookies\cece@i.screensavers[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-10.txt[.go.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-11.txt[.go.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-12.txt[.go.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-13.txt[.go.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-15.txt[.go.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-2.txt[.go.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-248.txt[.go.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-249.txt[.go.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-252.txt[.go.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-253.txt[.go.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-254.txt[.go.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-255.txt[.go.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-256.txt[.go.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-257.txt[.go.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-258.txt[.go.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-262.txt[.go.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-263.txt[.go.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-264.txt[.go.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-265.txt[.go.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-266.txt[.go.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-267.txt[.go.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-271.txt[.go.com/]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-272.txt[landing.domainsponsor.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-272.txt[.go.com/]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-273.txt[landing.domainsponsor.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-273.txt[.go.com/]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-274.txt[landing.domainsponsor.com/]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-275.txt[landing.domainsponsor.com/]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-276.txt[landing.domainsponsor.com/]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-277.txt[landing.domainsponsor.com/]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-278.txt[landing.domainsponsor.com/]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-279.txt[landing.domainsponsor.com/]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-280.txt[landing.domainsponsor.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-283.txt[.go.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-284.txt[.go.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-285.txt[.go.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-287.txt[.go.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-288.txt[.go.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-289.txt[.go.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-34.txt[.go.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-35.txt[.go.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-36.txt[.go.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-37.txt[.go.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-38.txt[.go.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-39.txt[.go.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-40.txt[.go.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-41.txt[.go.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-42.txt[.go.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-43.txt[.go.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-44.txt[.go.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-45.txt[.go.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-46.txt[.go.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-47.txt[.go.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-48.txt[.go.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-49.txt[.go.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-50.txt[.go.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-51.txt[.go.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-52.txt[.go.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-53.txt[.go.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-54.txt[.go.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-55.txt[.go.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-56.txt[.go.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-57.txt[.go.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-6.txt[.go.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-60.txt[.go.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-61.txt[.go.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-62.txt[.go.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-63.txt[.go.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-64.txt[.go.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-66.txt[.go.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-68.txt[.go.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-7.txt[.go.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-8.txt[.go.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Chanel\Cookies\chanel@atwola[2].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Chanel\Cookies\chanel@azjmp[2].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Chanel\Cookies\chanel@banner[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Chanel\Cookies\chanel@belnk[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Chanel\Cookies\chanel@dist.belnk[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Cookies\chanel@go[1].txt
Adware:Adware/Comet Not disinfected C:\Documents and Settings\Chanel\Local Settings\Temporary Internet Files\Content.IE5\MWC2EJCQ\jokes[1].exe[jokester.dll]
Adware:Adware/Comet Not disinfected C:\Documents and Settings\Chanel\Local Settings\Temporary Internet Files\Content.IE5\MWC2EJCQ\jokes[1].exe["Starware.dll"]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Guest\Cookies\guest@atwola[1].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Guest\Cookies\guest@azjmp[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Guest\Cookies\guest@go[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\HP_Administrator\Desktop\smitRem\Process.exe
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.000\Application Data\Mozilla\Firefox\Profiles\p1ok8isg.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.000\Application Data\Mozilla\Firefox\Profiles\p1ok8isg.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.000\Application Data\Mozilla\Firefox\Profiles\p1ok8isg.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.000\Application Data\Mozilla\Firefox\Profiles\p1ok8isg.default\cookies.txt[.yadro.ru/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@2o7[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@ad.yieldmanager[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@adrevolver[3].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@ads.pointroll[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@atdmt[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@atwola[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@bluestreak[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@bs.serving-sys[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@burstnet[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@casalemedia[2].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@clickbank[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@counter2.sextracker[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@counter3.sextracker[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@counter7.sextracker[1].txt
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@cs.sexcounter[2].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@did-it[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@fastclick[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@hitbox[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@mediaplex[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@overture[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@perf.overture[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@questionmarket[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@realmedia[2].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@server.iad.liveperson[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@serving-sys[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@sextracker[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@statcounter[1].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@statse.webtrendslive[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@trafficmp[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@tribalfusion[2].txt
Spyware:Cookie/XXXCounter Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@xxxcounter[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@zedo[2].txt
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Program Files\Mozilla Firefox\SmitfraudFix\Process.exe
Virus:Trj/Shutdown.Z Disinfected C:\Program Files\Mozilla Firefox\SmitfraudFix\restart.exe
Adware:Adware/VideoActiveXObject Not disinfected C:\Program Files\Video ActiveX Access\imsmain.exe
Adware:Adware/VideoActiveXObject Not disinfected C:\Program Files\Video ActiveX Access\imsmn.exe
Adware:Adware/VideoActiveXObject Not disinfected C:\Program Files\Video ActiveX Access\imsunst.exe
Adware:Adware/SpySheriff Not disinfected C:\RECYCLER\S-1-5-21-1458236410-1814202200-2984807634-1008\Dc1209.tmp
Spyware:Cookie/QuestionMarket Not disinfected C:\RECYCLER\S-1-5-21-1458236410-1814202200-2984807634-1008\Dc2438.txt
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\S-1-5-21-1458236410-1814202200-2984807634-1008\Dc2561.txt
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\S-1-5-21-1458236410-1814202200-2984807634-1008\Dc2585.txt
Spyware:Cookie/Doubleclick Not disinfected C:\RECYCLER\S-1-5-21-1458236410-1814202200-2984807634-1008\Dc2586.txt

[ + quote]

dap1680

Suspended due to non-functional email address

26. May 2007 @ 07:49

Link to this message

[ + quote]

Baabiouz

Member

26. May 2007 @ 12:56

Link to this message

Hi!

Please download SmitfraudFix

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

[ + quote]

dap1680

Suspended due to non-functional email address

27. May 2007 @ 05:19

Link to this message

SmitFraudFix v2.188

Scan done at 9:17:45.53, Sun 05/27/2007
Run from C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\WildTangent\Apps\GameChannel.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\HP_ADM~1.001\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\Video ActiveX Access\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL"
"LoadAppInit_DLLs"=dword:00000001

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32-xpdt

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 192.168.0.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{8A3E40BC-24C7-4B51-9D9D-45E768C6A921}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{8A3E40BC-24C7-4B51-9D9D-45E768C6A921}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{8A3E40BC-24C7-4B51-9D9D-45E768C6A921}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

[ + quote]

Baabiouz

Member

28. May 2007 @ 03:29

Link to this message

You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please reboot your computer in Safe Mode by doing the following :
* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, a menu with options should appear;
* Select the first option, to run Windows in Safe Mode, then press "Enter".
* Choose your usual account.
[/list]Once in Safe Mode, double-click SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new HijackThis log.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.

[ + quote]

dap1680

Suspended due to non-functional email address

30. May 2007 @ 17:25

Link to this message

SmitFraudFix v2.188

Scan done at 18:15:40.67, Wed 05/30/2007
Run from C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\Program Files\Video ActiveX Access\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{8A3E40BC-24C7-4B51-9D9D-45E768C6A921}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{8A3E40BC-24C7-4B51-9D9D-45E768C6A921}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{8A3E40BC-24C7-4B51-9D9D-45E768C6A921}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

Logfile of HijackThis v1.99.1
Scan saved at 6:24:54 PM, on 5/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\WildTangent\Apps\GameChannel.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\HP_Administrator\Desktop\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1179682269890
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1179682263312
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

[ + quote]

Baabiouz

Member

31. May 2007 @ 02:27

Link to this message

Please do the following...

1. Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.
This program is for XP and Windows 2000 only!

Double-click ATF Cleaner.exe to open it.

Under Main select the following:

[*]Windows Temp
[*]Current User Temp
[*]All Users Temp
[*]Temporary Internet Files
[*]Prefetch
[*]Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

Click Exit on the Main menu to close the program.

After that, do you have problems?

[ + quote]

Start a new thread

afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > help


		User name	Password

		Not registered yet? Register here. Lost your password? Click here.