Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivermins


  • Please log in to reply
10 replies to this topic

#1 Heathr6913

Heathr6913

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:17 PM

Posted 31 January 2007 - 01:54 AM

I tried the removal instructions for the antivermins on this website but it didn't work! I'm still getting that annoying System alert popping up every minute . Please help! thank you!!!



Logfile of HijackThis v1.99.1
Scan saved at 1:51:31 AM, on 1/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Video ActiveX Object\pmsngr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\Twain_32\DigiCam\DigiSrv.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Video ActiveX Object\pmmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Plaxo\2.11.1.5\PlaxoHelper.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\YPOPs\ypops.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\AIM\aim.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\ALCWZRD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\HP_Owner\Desktop\HijackThis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - C:\Program Files\Video ActiveX Object\isaddon.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Protection Bar - {84938242-5C5B-4A55-B6B9-A1507543B418} - C:\Program Files\Video ActiveX Object\iesplugin.dll (file missing)
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DigiSrv] C:\WINDOWS\Twain_32\DigiCam\DigiSrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.11.1.5\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Startup: HP Organize.lnk = ?
O4 - Startup: YPOPs.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Inquisit by Millisecond Software - file://C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\IXP000.TMP\InquisitAx.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/...loadcontrol.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: hirtellous - {fa19bd7e-50bc-4203-80ac-c4edc81ca9a3} - C:\WINDOWS\system32\nbbrhbd.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

BC AdBot (Login to Remove)

 


#2 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:06:17 PM

Posted 31 January 2007 - 10:49 PM

Please download SmitfraudFix (by S!Ri) to the Desktop.
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Extract the files to the Desktop

~~~~
Start the computer in Safe Mode :
-When the machine first starts again, tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
-Select the option for Safe Mode using the arrow keys.
-Press Enter to boot into Safe Mode.

~~~~
Open SmitfraudFix
Double-click smitfraudfix.cmd
Select Option 2 - Clean by typing 2 and press Enter (Deletes infected files)
You are prompted: Do you want to clean the registry? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.

The tool also checks if a relevant file, wininet.dll, is infected.
You may be prompted to replace the infected file (if found).
Replace infected file? Answer Y (yes) and hit Enter to restore a clean file.

~~~~
Restart the computer to complete the removal process.

~~~~
Next, download SuperAntiSpyware Home Edition Free Version
http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE
Install the program

Run SuperAntiSpyware and click: Check for updates
Once the update is finished, on the main screen, click: Scan your computer
Check: Perform Complete Scan
Click Next to start the scan.

Superantispyware scans the computer, and when finished, lists all the infections found.
Make sure everything found has a check next to it, and press: Next
Click Finish

It is possible that the program asks to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
Click: Preferences
Click the Statistics/Logs tab
Under Scanner Logs, double-click SuperAntiSpyware Scan Log
It opens in your default text editor (such as Notepad)

~~~~
Please post the SmitFraudFix report located at C:\rapport.txt , the SuperAntiSpyware log , and a new HijackThis log.

Old duck...


#3 Heathr6913

Heathr6913
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:17 PM

Posted 01 February 2007 - 01:10 PM

okay here it is.. thanks so much for your help.

SmitFraudFix v2.124

Scan done at 12:39:10.09, Thu 02/01/2007
Run from C:\Documents and Settings\HP_Owner\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{fa19bd7e-50bc-4203-80ac-c4edc81ca9a3}"="hirtellous"

[HKEY_CLASSES_ROOT\CLSID\{fa19bd7e-50bc-4203-80ac-c4edc81ca9a3}\InProcServer32]
@="C:\WINDOWS\system32\nbbrhbd.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{fa19bd7e-50bc-4203-80ac-c4edc81ca9a3}\InProcServer32]
@="C:\WINDOWS\system32\nbbrhbd.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{fa19bd7e-50bc-4203-80ac-c4edc81ca9a3}"="hirtellous"

[HKEY_CLASSES_ROOT\CLSID\{fa19bd7e-50bc-4203-80ac-c4edc81ca9a3}\InProcServer32]
@="C:\WINDOWS\system32\nbbrhbd.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{fa19bd7e-50bc-4203-80ac-c4edc81ca9a3}\InProcServer32]
@="C:\WINDOWS\system32\nbbrhbd.dll"



»»»»»»»»»»»»»»»»»»»»»»»» End





SUPERAntiSpyware Scan Log
Generated 02/01/2007 at 01:01 PM

Application Version : 3.5.1016

Core Rules Database Version : 3175
Trace Rules Database Version: 1185

Scan type : Quick Scan
Total Scan Time : 00:14:32

Memory items scanned : 497
Memory threats detected : 2
Registry items scanned : 727
Registry threats detected : 130
File items scanned : 19422
File threats detected : 57

Trojan.Media-Codec
C:\PROGRAM FILES\VIDEO ACTIVEX OBJECT\PMSNGR.EXE
C:\PROGRAM FILES\VIDEO ACTIVEX OBJECT\PMSNGR.EXE
C:\PROGRAM FILES\VIDEO ACTIVEX OBJECT\PMMON.EXE
C:\PROGRAM FILES\VIDEO ACTIVEX OBJECT\PMMON.EXE
HKCR\CLSID\{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D}
HKCR\CLSID\{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D}\InprocServer32
HKCR\CLSID\{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D}\InprocServer32#ThreadingModel
HKCR\CLSID\{84938242-5C5B-4A55-B6B9-A1507543B418}
HKCR\CLSID\{84938242-5C5B-4A55-B6B9-A1507543B418}\Implemented Categories
HKCR\CLSID\{84938242-5C5B-4A55-B6B9-A1507543B418}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
HKCR\CLSID\{84938242-5C5B-4A55-B6B9-A1507543B418}\InprocServer32
HKCR\CLSID\{84938242-5C5B-4A55-B6B9-A1507543B418}\InprocServer32#ThreadingModel
HKU\S-1-5-21-2489370422-3516906585-4259451192-1009\Software\Internet Security
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video ActiveX Object
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video ActiveX Object#ProductionEnvironment
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video ActiveX Object#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video ActiveX Object#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video ActiveX Object#DisplayIcon
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video ActiveX Object#DisplayVersion
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video ActiveX Object#URLInfoAbout
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video ActiveX Object#Publisher
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Alert Popup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Alert Popup#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Alert Popup#UninstallString
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D}
C:\Program Files\VIDEO ACTIVEX OBJECT\isamini.exe
C:\Program Files\VIDEO ACTIVEX OBJECT\isamonitor.exe
C:\Program Files\VIDEO ACTIVEX OBJECT\isauninst.exe
C:\Program Files\VIDEO ACTIVEX OBJECT\ot.ico
C:\Program Files\VIDEO ACTIVEX OBJECT\pmuninst.exe
C:\Program Files\VIDEO ACTIVEX OBJECT\ts.ico
C:\Program Files\VIDEO ACTIVEX OBJECT\uninst.exe
C:\Program Files\VIDEO ACTIVEX OBJECT
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#none [ C:\Program Files\Video ActiveX Object\pmsngr.exe ]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{fa19bd7e-50bc-4203-80ac-c4edc81ca9a3} [ hirtellous ]
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{84938242-5C5B-4A55-B6B9-A1507543B418}
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad#hirtellous [ {fa19bd7e-50bc-4203-80ac-c4edc81ca9a3} ]
C:\WINDOWS\Prefetch\PMMON.EXE-001BC1A5.pf
C:\WINDOWS\Prefetch\PMSNGR.EXE-2EF3E9E4.pf

Adware.Tracking Cookie
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@go.drivecleaner[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@malwarewiped[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@mediaplex[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@realmedia[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@statcounter[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@questionmarket[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@nextag[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@www.antivermins[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@stats1.reliablestats[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ad[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@atwola[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@2o7[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@revsci[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ads.addynamix[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@www.winantivirus[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@advertising[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@c2[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@edge.ru4[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ads.pointroll[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@drivecleaner[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@trafficmp[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@www.pestcapture[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@c1[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@cpvfeed[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@true-babesxxx[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@www.winantispyware[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@winantispyware[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@www.drivecleaner[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ex=1_[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@stats.drivecleaner[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@stats2.reliablestats[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@go.winantivirus[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ad.yieldmanager[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@winantivirus[1].txt
C:\Documents and Settings\2nd Account\Cookies\2nd account@advertising[1].txt
C:\Documents and Settings\2nd Account\Cookies\2nd account@atdmt[2].txt
C:\Documents and Settings\2nd Account\Cookies\2nd account@atwola[1].txt
C:\Documents and Settings\2nd Account\Cookies\2nd account@doubleclick[1].txt

Trojan.Zlob Variant
HKCR\CLSID\{FA19BD7E-50BC-4203-80AC-C4EDC81CA9A3}
HKCR\CLSID\{FA19BD7E-50BC-4203-80AC-C4EDC81CA9A3}\InProcServer32
HKCR\CLSID\{FA19BD7E-50BC-4203-80AC-C4EDC81CA9A3}\InProcServer32#ThreadingModel

Malware.AntiVermins
HKCR\CLSID\{01775F16-B10C-B483-63E3-AFCED5DCDEF2}
HKCR\CLSID\{01775F16-B10C-B483-63E3-AFCED5DCDEF2}\chNaTpwoirf
HKCR\CLSID\{01775F16-B10C-B483-63E3-AFCED5DCDEF2}\cuhcaePo
HKCR\CLSID\{01775F16-B10C-B483-63E3-AFCED5DCDEF2}\Implemented Categories
HKCR\CLSID\{01775F16-B10C-B483-63E3-AFCED5DCDEF2}\Implemented Categories\{292CAC1C-30E7-4E35-81B1-312A74DABE86}
HKCR\CLSID\{01775F16-B10C-B483-63E3-AFCED5DCDEF2}\InprocServer32
HKCR\CLSID\{01775F16-B10C-B483-63E3-AFCED5DCDEF2}\InprocServer32#InprocServer32
HKCR\CLSID\{01775F16-B10C-B483-63E3-AFCED5DCDEF2}\InprocServer32#ThreadingModel
HKCR\CLSID\{01775F16-B10C-B483-63E3-AFCED5DCDEF2}\kcylcweM
HKCR\CLSID\{01775F16-B10C-B483-63E3-AFCED5DCDEF2}\Ltub
HKCR\CLSID\{01775F16-B10C-B483-63E3-AFCED5DCDEF2}\ProgID
HKCR\CLSID\{01775F16-B10C-B483-63E3-AFCED5DCDEF2}\Programmable
HKCR\CLSID\{01775F16-B10C-B483-63E3-AFCED5DCDEF2}\rHeNfVkbj
HKCR\CLSID\{01775F16-B10C-B483-63E3-AFCED5DCDEF2}\TypeLib
HKCR\CLSID\{01775F16-B10C-B483-63E3-AFCED5DCDEF2}\VersionIndependentProgID
HKCR\CLSID\{01775F16-B10C-B483-63E3-AFCED5DCDEF2}\yafvtb
HKCR\TypeLib\{823B335C-00DE-4886-BE7A-FBDC0F69294E}
HKCR\TypeLib\{823B335C-00DE-4886-BE7A-FBDC0F69294E}\1.0
HKCR\TypeLib\{823B335C-00DE-4886-BE7A-FBDC0F69294E}\1.0\0
HKCR\TypeLib\{823B335C-00DE-4886-BE7A-FBDC0F69294E}\1.0\0\win32
HKCR\TypeLib\{823B335C-00DE-4886-BE7A-FBDC0F69294E}\1.0\FLAGS
HKCR\TypeLib\{823B335C-00DE-4886-BE7A-FBDC0F69294E}\1.0\HELPDIR
HKCR\Interface\{118601E4-0BC8-4B98-AAEC-723EBA43ED33}
HKCR\Interface\{118601E4-0BC8-4B98-AAEC-723EBA43ED33}\ProxyStubClsid
HKCR\Interface\{118601E4-0BC8-4B98-AAEC-723EBA43ED33}\ProxyStubClsid32
HKCR\Interface\{118601E4-0BC8-4B98-AAEC-723EBA43ED33}\TypeLib
HKCR\Interface\{118601E4-0BC8-4B98-AAEC-723EBA43ED33}\TypeLib#Version
HKCR\Interface\{15548C74-5C8B-4911-AE88-739DD473E2BA}
HKCR\Interface\{15548C74-5C8B-4911-AE88-739DD473E2BA}\ProxyStubClsid
HKCR\Interface\{15548C74-5C8B-4911-AE88-739DD473E2BA}\ProxyStubClsid32
HKCR\Interface\{15548C74-5C8B-4911-AE88-739DD473E2BA}\TypeLib
HKCR\Interface\{15548C74-5C8B-4911-AE88-739DD473E2BA}\TypeLib#Version
HKCR\Interface\{468164CC-476E-47D5-9269-278D0DB22A13}
HKCR\Interface\{468164CC-476E-47D5-9269-278D0DB22A13}\ProxyStubClsid
HKCR\Interface\{468164CC-476E-47D5-9269-278D0DB22A13}\ProxyStubClsid32
HKCR\Interface\{468164CC-476E-47D5-9269-278D0DB22A13}\TypeLib
HKCR\Interface\{468164CC-476E-47D5-9269-278D0DB22A13}\TypeLib#Version
HKCR\Interface\{478B7D17-F00A-4AB3-B802-46972CAB1AE9}
HKCR\Interface\{478B7D17-F00A-4AB3-B802-46972CAB1AE9}\ProxyStubClsid
HKCR\Interface\{478B7D17-F00A-4AB3-B802-46972CAB1AE9}\ProxyStubClsid32
HKCR\Interface\{478B7D17-F00A-4AB3-B802-46972CAB1AE9}\TypeLib
HKCR\Interface\{478B7D17-F00A-4AB3-B802-46972CAB1AE9}\TypeLib#Version
HKCR\Interface\{4FCD9AB0-0765-4117-A612-DB3B4FAC1EE3}
HKCR\Interface\{4FCD9AB0-0765-4117-A612-DB3B4FAC1EE3}\ProxyStubClsid
HKCR\Interface\{4FCD9AB0-0765-4117-A612-DB3B4FAC1EE3}\ProxyStubClsid32
HKCR\Interface\{4FCD9AB0-0765-4117-A612-DB3B4FAC1EE3}\TypeLib
HKCR\Interface\{4FCD9AB0-0765-4117-A612-DB3B4FAC1EE3}\TypeLib#Version
HKCR\Interface\{5D89BA32-C9F8-48CC-B22A-18C808DF6D83}
HKCR\Interface\{5D89BA32-C9F8-48CC-B22A-18C808DF6D83}\ProxyStubClsid
HKCR\Interface\{5D89BA32-C9F8-48CC-B22A-18C808DF6D83}\ProxyStubClsid32
HKCR\Interface\{5D89BA32-C9F8-48CC-B22A-18C808DF6D83}\TypeLib
HKCR\Interface\{5D89BA32-C9F8-48CC-B22A-18C808DF6D83}\TypeLib#Version
HKCR\Interface\{698664FF-F50E-4BDC-B9C0-C00F96A64B84}
HKCR\Interface\{698664FF-F50E-4BDC-B9C0-C00F96A64B84}\ProxyStubClsid
HKCR\Interface\{698664FF-F50E-4BDC-B9C0-C00F96A64B84}\ProxyStubClsid32
HKCR\Interface\{698664FF-F50E-4BDC-B9C0-C00F96A64B84}\TypeLib
HKCR\Interface\{698664FF-F50E-4BDC-B9C0-C00F96A64B84}\TypeLib#Version
HKCR\Interface\{89AE8B3E-3EE8-4068-8932-60CA9E6AC40B}
HKCR\Interface\{89AE8B3E-3EE8-4068-8932-60CA9E6AC40B}\ProxyStubClsid
HKCR\Interface\{89AE8B3E-3EE8-4068-8932-60CA9E6AC40B}\ProxyStubClsid32
HKCR\Interface\{89AE8B3E-3EE8-4068-8932-60CA9E6AC40B}\TypeLib
HKCR\Interface\{89AE8B3E-3EE8-4068-8932-60CA9E6AC40B}\TypeLib#Version
HKCR\Interface\{93362B42-9631-4BAE-92EF-7726E5DD747D}
HKCR\Interface\{93362B42-9631-4BAE-92EF-7726E5DD747D}\ProxyStubClsid
HKCR\Interface\{93362B42-9631-4BAE-92EF-7726E5DD747D}\ProxyStubClsid32
HKCR\Interface\{93362B42-9631-4BAE-92EF-7726E5DD747D}\TypeLib
HKCR\Interface\{93362B42-9631-4BAE-92EF-7726E5DD747D}\TypeLib#Version
HKCR\Interface\{999E9507-216C-4A7A-B103-57D3FF617E49}
HKCR\Interface\{999E9507-216C-4A7A-B103-57D3FF617E49}\ProxyStubClsid
HKCR\Interface\{999E9507-216C-4A7A-B103-57D3FF617E49}\ProxyStubClsid32
HKCR\Interface\{999E9507-216C-4A7A-B103-57D3FF617E49}\TypeLib
HKCR\Interface\{999E9507-216C-4A7A-B103-57D3FF617E49}\TypeLib#Version
HKCR\Interface\{A5A2382E-6EA1-40C9-9EEB-FCE758A7A3F1}
HKCR\Interface\{A5A2382E-6EA1-40C9-9EEB-FCE758A7A3F1}\ProxyStubClsid
HKCR\Interface\{A5A2382E-6EA1-40C9-9EEB-FCE758A7A3F1}\ProxyStubClsid32
HKCR\Interface\{A5A2382E-6EA1-40C9-9EEB-FCE758A7A3F1}\TypeLib
HKCR\Interface\{A5A2382E-6EA1-40C9-9EEB-FCE758A7A3F1}\TypeLib#Version
HKCR\Interface\{C20782A3-B65D-41AB-8D04-BBE3122363C2}
HKCR\Interface\{C20782A3-B65D-41AB-8D04-BBE3122363C2}\ProxyStubClsid
HKCR\Interface\{C20782A3-B65D-41AB-8D04-BBE3122363C2}\ProxyStubClsid32
HKCR\Interface\{C20782A3-B65D-41AB-8D04-BBE3122363C2}\TypeLib
HKCR\Interface\{C20782A3-B65D-41AB-8D04-BBE3122363C2}\TypeLib#Version
HKCR\Interface\{C54890B0-B9F8-4E58-9715-8C58B52A4D5D}
HKCR\Interface\{C54890B0-B9F8-4E58-9715-8C58B52A4D5D}\ProxyStubClsid
HKCR\Interface\{C54890B0-B9F8-4E58-9715-8C58B52A4D5D}\ProxyStubClsid32
HKCR\Interface\{C54890B0-B9F8-4E58-9715-8C58B52A4D5D}\TypeLib
HKCR\Interface\{C54890B0-B9F8-4E58-9715-8C58B52A4D5D}\TypeLib#Version
HKCR\Interface\{D037BE5C-7E06-4D4D-8729-FD1EE7E59C89}
HKCR\Interface\{D037BE5C-7E06-4D4D-8729-FD1EE7E59C89}\ProxyStubClsid
HKCR\Interface\{D037BE5C-7E06-4D4D-8729-FD1EE7E59C89}\ProxyStubClsid32
HKCR\Interface\{D037BE5C-7E06-4D4D-8729-FD1EE7E59C89}\TypeLib
HKCR\Interface\{D037BE5C-7E06-4D4D-8729-FD1EE7E59C89}\TypeLib#Version
HKCR\Interface\{D108017B-1769-4BFB-8A4C-0E6202FDBD08}
HKCR\Interface\{D108017B-1769-4BFB-8A4C-0E6202FDBD08}\ProxyStubClsid
HKCR\Interface\{D108017B-1769-4BFB-8A4C-0E6202FDBD08}\ProxyStubClsid32
HKCR\Interface\{D108017B-1769-4BFB-8A4C-0E6202FDBD08}\TypeLib
HKCR\Interface\{D108017B-1769-4BFB-8A4C-0E6202FDBD08}\TypeLib#Version
HKCR\Interface\{DECC44F4-E972-4E5C-8F5F-238295C5ADD5}
HKCR\Interface\{DECC44F4-E972-4E5C-8F5F-238295C5ADD5}\ProxyStubClsid
HKCR\Interface\{DECC44F4-E972-4E5C-8F5F-238295C5ADD5}\ProxyStubClsid32
HKCR\Interface\{DECC44F4-E972-4E5C-8F5F-238295C5ADD5}\TypeLib
HKCR\Interface\{DECC44F4-E972-4E5C-8F5F-238295C5ADD5}\TypeLib#Version
C:\Program Files\AntiVerminser\AntiVerminser.exe
C:\Program Files\AntiVerminser\av.ini
C:\Program Files\AntiVerminser\ignored.lst
C:\Program Files\AntiVerminser

Browser Hijacker.Favorites
C:\DOCUMENTS AND SETTINGS\HP_OWNER\FAVORITES\ONLINE SECURITY TEST.URL
C:\RECYCLER\S-1-5-21-2489370422-3516906585-4259451192-1009\DC16.URL
C:\RECYCLER\S-1-5-21-2489370422-3516906585-4259451192-1009\DC17.URL


Logfile of HijackThis v1.99.1
Scan saved at 1:06:37 PM, on 2/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\Twain_32\DigiCam\DigiSrv.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Plaxo\2.11.1.5\PlaxoHelper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\YPOPs\ypops.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HP\KBD\KBD.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Documents and Settings\HP_Owner\Desktop\HijackThis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DigiSrv] C:\WINDOWS\Twain_32\DigiCam\DigiSrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.11.1.5\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Startup: HP Organize.lnk = ?
O4 - Startup: YPOPs.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Inquisit by Millisecond Software - file://C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\IXP000.TMP\InquisitAx.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/...loadcontrol.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#4 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:06:17 PM

Posted 01 February 2007 - 10:50 PM

Are you still getting the annoying System alert?
The HijackThis log is not showing the malware.

Please open the SmitfraudFix folder and double-click smitfraudfix.cmd
This time select option #1 - Search by typing 1 and press Enter
This program scans large amounts of files on your computer, so please be patient while it works.
When it is done, a log named rapport.txt is created, listing infected files (if present).

Please post C:\rapport.txt in your reply. Let’s see if there is anything left.

Old duck...


#5 Heathr6913

Heathr6913
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:17 PM

Posted 02 February 2007 - 12:22 AM

no, it's looking good now! no more pop ups. here's the thing you told me to do.

SmitFraudFix v2.124

Scan done at 0:20:22.10, Fri 02/02/2007
Run from C:\Documents and Settings\HP_Owner\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Owner


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Owner\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\HP_Owner\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End



thanks so much!

#6 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:06:17 PM

Posted 02 February 2007 - 05:48 PM

Good! :thumbsup:

Please search for and remove the following file:

C:\WINDOWS\ALCMTR.EXE

Then, post a new HijackThis log to make sure you are good to go.

Old duck...


#7 Heathr6913

Heathr6913
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:17 PM

Posted 02 February 2007 - 11:28 PM

it wouldnt let me remove it...it said access denied.

#8 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:06:17 PM

Posted 03 February 2007 - 09:33 PM

Please make sure all windows and browsers are closed before proceeding to run HijackThis.
Access its Process Manager option as follows:
-Click on Config
-Click on Misc Tools
-Click on Open Process Manager
(This window lists all open processes running on the machine)
-Click once on the process below to select it:

C:\WINDOWS\ALCMTR.exe

-Click: Kill Process to end the process

Exit HijackThis.

~~~~
Reboot to Safe Mode :
-Restart your computer.
-When the machine first starts again, tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
-Select the option for Safe Mode using the arrow keys.
-Press Enter to boot into Safe Mode.

~~~~
Try removing the file in Safe Mode.

~~~~
When done, please post a new HijackThis log.

Old duck...


#9 Heathr6913

Heathr6913
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:17 PM

Posted 06 February 2007 - 07:47 PM

okay I think I got it deleted. Sorry it took so long to reply. I haven't been online.
Here it is


Logfile of HijackThis v1.99.1
Scan saved at 7:43:58 PM, on 2/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\Twain_32\DigiCam\DigiSrv.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Plaxo\2.11.1.5\PlaxoHelper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\YPOPs\ypops.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\HP_Owner\Desktop\HijackThis\HijackThis.exe
C:\WINDOWS\SoftwareDistribution\Download\Install\IE7-WindowsXP-x86-enu.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DigiSrv] C:\WINDOWS\Twain_32\DigiCam\DigiSrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.11.1.5\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Startup: HP Organize.lnk = ?
O4 - Startup: YPOPs.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Inquisit by Millisecond Software - file://C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\IXP000.TMP\InquisitAx.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/...loadcontrol.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#10 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:06:17 PM

Posted 16 February 2007 - 09:45 PM

My apololgy for the delay. I missed your reply!!

The log looks fine.

Are you still having malware pproblems?

Old duck...


#11 Heathr6913

Heathr6913
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:17 PM

Posted 18 February 2007 - 10:11 PM

everything seems fine. thanks so much for the help!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users