Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Trojan(s)


  • This topic is locked This topic is locked
17 replies to this topic

#1 kayscarpetta

kayscarpetta

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:52 PM

Posted 16 March 2007 - 03:31 PM

Today I have run the programs bleepingcomputer has recommended including:adaware,spybot,stinger,etc.
Anyone with any suggestions or info TIA. I'm at a loss of what to do-I cannot get into my myspace account (it says invalid password) and my yahoo signin page keeps "blinking" continuously. I can't type enuf to even try to sign in. I've been afraid to go anywhere else--I do my bills online. My computer makes that "scratching or rattling" sound like it's working on something when I try to do anything. I would have tried to reload a while back, but found out that HP doesn't include an OS disk (dumb me took that for granted and didn't make one). I'm running XP. I've been using Firefox as a browser for the past couple of years and very rarely ever open up IE. I've also had a problem with ads just opening up at weird moments in IE when I'm working on Firefox. I can't think of anything else to tell. I hope someone can help me.


Bit Defender's scanner came back with the following info:
Virus Detected
Trojan.Virtumod.DG
Trojan.Agent.ACL
Win32.Worm.VB.Ymeak.A
Application.Adware.NewDotNet.B.Dropper
Application.Adware.NewDotNet.A
MemScan:Trojan.Spy.Agent.NU
BehavesLike:Trojan.Downloader
Trojan.Downloader.Bagle.H

This below is what came from the Hijack scan:

Logfile of HijackThis v1.99.1
Scan saved at 4:05:59 PM, on 3/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\ps2.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\ePrompter\ePrompter.exe
C:\Program Files\EverNote\EverNote\EverNote.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\YTBSDK.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?.home=ytie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {093CFC35-52F5-4A3F-A439-F3A9853C825C} - C:\WINDOWS\system32\mljjg.dll (file missing)
O2 - BHO: (no name) - {35F0DA24-18C2-48EF-8C8E-76827FFD6DD4} - C:\WINDOWS\system32\geedb.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: (no name) - {768318D5-06A3-4987-81FC-8ECA2E068210} - C:\WINDOWS\system32\wvutstr.dll (file missing)
O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\PROGRA~1\IWINGA~1\IWINGA~1.DLL
O2 - BHO: (no name) - {991E9733-7ACC-4DEF-92BE-632E5D063EA9} - C:\WINDOWS\system32\awtss.dll (file missing)
O2 - BHO: (no name) - {D38439EC-4A7F-42b4-90C2-D810D7778FDD} - C:\WINDOWS\system32\dgiupstt.dll (file missing)
O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\lftoelcd.dll (file missing)
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\oejuhbps.dll",setvm
O4 - Startup: ePrompter.lnk = C:\Program Files\ePrompter\ePrompter.exe
O4 - Startup: EverNote.lnk = C:\Program Files\EverNote\EverNote\EverNote.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\sslaunch.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: Add to EverNote - res://C:\Program Files\EverNote\EverNote\enbar.dll/2000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll
O9 - Extra 'Tools' menuitem: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab53083.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://us-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab53083.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab53083.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1174077809031
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/...loadcontrol.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab55579.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab42858.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab53852.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://zone.msn.com/bingame/dash/default/D...sh.1.0.0.89.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: bw+0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: mljjg - C:\WINDOWS\system32\mljjg.dll (file missing)
O20 - Winlogon Notify: wvutstr - wvutstr.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


I'm sure that things have gotten messed up due to my reckless surfing of the net and I did have Limewire until last week. I do like to download things from the internet to try out. I also have RealArcade with a couple of games I paid for. I have Trillian to IM and use Thunderbird for email (which I generally just check with Eprompter).
Thanx again to anyone who can help.

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:52 PM

Posted 16 March 2007 - 03:39 PM

Welcome to the BleepingComputer HijackThis forum kayscarpetta :thumbsup:

Download ATF Cleaner by Atribune:
http://www.atribune.org/ccount/click.php?id=1

Double-click ATF-Cleaner.exe to run the program.
Click 'Select All' found at the bottom of the list.
Click the 'Empty Selected' button.

If you use Firefox browser, do this also:
Click Firefox at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

If you use Opera browser,do this also:
Click Opera at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

Click 'Exit' on the Main menu to close the program.

*******************************

Download SmitfraudFix (by S!Ri), to your desktop.
Double click on Smitfraudfix.cmd
Select option #1 Search, by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

*******************************

Please download VundoFix.exe to your desktop.
Double-click VundoFix.exe to run it.
When VundoFix re-opens,click the "Scan for Vundo" button.
Once it's done scanning,click the "Remove Vundo" button.
You will receive a prompt asking if you want to remove the files, click "YES".
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed,it will prompt that it will reboot your computer,click "OK".
Please post the contents of C:\vundofix.txt into your next reply,along with a new Hijackthis log.

Note:
It is possible that VundoFix encountered a file it could not remove.
In this case,VundoFix will run on reboot,simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

Restart your pc when you've done please.
Post the Smitfraudfix report,the C:\vundofix.txt,and a new Hijackthis log into your next reply.
Posted Image
Posted Image

#3 kayscarpetta

kayscarpetta
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:52 PM

Posted 16 March 2007 - 04:58 PM

I couldn't find the first run of this and ran it again.

SmitFraudFix v2.148

Scan done at 17:42:52.07, Fri 03/16/2007
Run from C:\Documents and Settings\HP_Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

hosts


C:\


C:\WINDOWS


C:\WINDOWS\system


C:\WINDOWS\Web


C:\WINDOWS\system32


C:\Documents and Settings\HP_Owner


C:\Documents and Settings\HP_Owner\Application Data


Start Menu


C:\DOCUME~1\HP_Owner\FAVORI~1


Desktop


C:\Program Files


Corrupted keys


Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


pe386-msguard-lzx32-huy32


Scanning wininet.dll infection


End





VundoFix V6.3.16

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.

Scan started at 5:21:41 PM 3/16/2007

Listing files found while scanning....

C:\WINDOWS\system32\dgiupstt.dll
C:\WINDOWS\system32\gjjlm.bak2
C:\WINDOWS\system32\gjjlm.ini
C:\WINDOWS\system32\lftoelcd.dll
C:\WINDOWS\system32\mljjg.dll
C:\WINDOWS\system32\wvutstr.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\gjjlm.bak2
C:\WINDOWS\system32\gjjlm.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\gjjlm.ini
C:\WINDOWS\system32\gjjlm.ini Has been deleted!

Performing Repairs to the registry.
Done!


Logfile of HijackThis v1.99.1
Scan saved at 5:54:13 PM, on 3/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\ps2.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\ePrompter\ePrompter.exe
C:\Program Files\EverNote\EverNote\EverNote.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\YTBSDK.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?.home=ytie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {093CFC35-52F5-4A3F-A439-F3A9853C825C} - C:\WINDOWS\system32\mljjg.dll (file missing)
O2 - BHO: (no name) - {35F0DA24-18C2-48EF-8C8E-76827FFD6DD4} - C:\WINDOWS\system32\geedb.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\PROGRA~1\IWINGA~1\IWINGA~1.DLL
O2 - BHO: (no name) - {991E9733-7ACC-4DEF-92BE-632E5D063EA9} - C:\WINDOWS\system32\awtss.dll (file missing)
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\oejuhbps.dll",setvm
O4 - Startup: ePrompter.lnk = C:\Program Files\ePrompter\ePrompter.exe
O4 - Startup: EverNote.lnk = C:\Program Files\EverNote\EverNote\EverNote.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\sslaunch.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: Add to EverNote - res://C:\Program Files\EverNote\EverNote\enbar.dll/2000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll
O9 - Extra 'Tools' menuitem: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab53083.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://us-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab53083.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab53083.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1174077809031
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/...loadcontrol.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab55579.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab42858.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab53852.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://zone.msn.com/bingame/dash/default/D...sh.1.0.0.89.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: bw+0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: mljjg - C:\WINDOWS\system32\mljjg.dll (file missing)
O20 - Winlogon Notify: wvutstr - wvutstr.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Thanx for the quick reply.

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:52 PM

Posted 16 March 2007 - 05:22 PM

Please make sure all hidden files are showing:

* Click 'Start'.
* Open 'My Computer'.
* Select the 'Tools' menu and click 'Folder Options'.
* Select the 'View' tab.
* Under the 'Hidden files and folders' heading select 'Show hidden files and folders'.
* Uncheck the 'Hide file extensions for known types' option.
* Uncheck the 'Hide protected operating system files (recommended)' option.
* Click Yes to confirm.
* Click OK.

*******************************

Download/install AVG Anti-Spyware 7.5.

Please follow these instructions very carefully.

Launch/start up AVG Anti-Spyware.
On the main page click the 'Update' tab,and then 'Start Update'.
Note:
If you have any problems running the update process prior to running the scan,download/install the 'Full Database' from here:
http://download.ewido.net/avgas-signatures-full-current.exe

Once the updates have been installed,do the following:
Select the 'Scanner' icon at the top of the screen, then select the 'Settings' tab.
Once in the 'Settings' screen,under 'How to act?',then under 'Set default action for detected malware to:', click on 'Recommended actions',then click on 'Quarantine'.
Under 'Reports' select 'Automatically generate report after every scan' and unselect 'Only if threats were found'.
Exit AVG Anti-Spyware,don't run the scan just yet.

You might want to print/copy the following as you need to be in Safe Mode from here on.

Reboot your computer into SAFE MODE using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Have Hijack This fix the following [If still present], by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:

O2 - BHO: (no name) - {093CFC35-52F5-4A3F-A439-F3A9853C825C} - C:\WINDOWS\system32\mljjg.dll (file missing)
O2 - BHO: (no name) - {35F0DA24-18C2-48EF-8C8E-76827FFD6DD4} - C:\WINDOWS\system32\geedb.dll (file missing)
O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\PROGRA~1\IWINGA~1\IWINGA~1.DLL
O2 - BHO: (no name) - {991E9733-7ACC-4DEF-92BE-632E5D063EA9} - C:\WINDOWS\system32\awtss.dll (file missing)
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\oejuhbps.dll",setvm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/...loadcontrol.cab
O20 - Winlogon Notify: mljjg - C:\WINDOWS\system32\mljjg.dll (file missing)
O20 - Winlogon Notify: wvutstr - wvutstr.dll (file missing)


Find and delete if present:
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\oejuhbps.dll

Still in Safe Mode launch AVG Anti-Spyware.
Click the 'Scanner' icon at the top.
To start the scan click on 'Complete System Scan'.
Please be patient,it takes a while for the scan to finish.

Once the scan is complete,do the following.
If AVG Anti-Spyware detected any infected objects:,click on 'Apply All Actions'.

Next click on 'Save Report'.
Copy and paste that report into your next reply.
The report can be found under the 'Reports' tab at the top.
Close AVG Anti-Spyware when you've done.
Reboot normally.

Post the AVG Anti Spyware report and a new Hijackthis log into your next reply.
Let me know how your pc is running now please.
Posted Image
Posted Image

#5 kayscarpetta

kayscarpetta
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:52 PM

Posted 16 March 2007 - 08:37 PM

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:24:13 PM 3/16/2007

+ Scan result:



C:\Documents and Settings\HP_Owner\My Documents\Real Arcade Serials.exe -> Adware.Agent : Cleaned.
C:\Documents and Settings\HP_Owner\Shared\Real Arcade Serials.zip/Real Arcade Serials.exe -> Adware.Agent : Cleaned.
C:\Program Files\HijackThis\backups\backup-20070316-192209-462.dll -> Adware.BHO : Cleaned.
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP151\A0045078.dll -> Adware.BHO : Cleaned.
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP135\A0039903.ocx -> Adware.Coupons : Cleaned.
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP133\A0039411.exe -> Adware.IconAds : Cleaned.
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP135\A0039902.dll -> Adware.Softomate : Cleaned.
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\Cache(2)\6C17DCFEd01 -> Adware.Trymedia : Cleaned.
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\Cache(2)\A718149Cd01 -> Adware.Trymedia : Cleaned.
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\Cache(3)\A718149Cd01 -> Adware.Trymedia : Cleaned.
C:\Program Files\FamilyFeudSetup-dm.exe -> Adware.Trymedia : Cleaned.
C:\Program Files\HidExpTitanicSetup-dm.exe -> Adware.Trymedia : Cleaned.
C:\Program Files\TrivialSASetup-dm.exe -> Adware.Trymedia : Cleaned.
:mozilla.52:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.53:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.54:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.95:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.96:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.97:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.291:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.292:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.233:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.234:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.235:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.236:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.237:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.238:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.26:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqAF.tmp -> TrackingCookie.Atdmt : Cleaned.
:mozilla.582:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.583:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.344:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.555:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.331:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.332:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.333:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.730:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Co : Cleaned.
:mozilla.541:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Com : Cleaned.
:mozilla.542:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Com : Cleaned.
:mozilla.543:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Com : Cleaned.
:mozilla.544:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Com : Cleaned.
:mozilla.545:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Com : Cleaned.
:mozilla.713:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Com : Cleaned.
:mozilla.448:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Commission-junction : Cleaned.
:mozilla.449:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Commission-junction : Cleaned.
:mozilla.580:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Directnetadvertising : Cleaned.
:mozilla.581:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Directnetadvertising : Cleaned.
:mozilla.15:C:\Documents and Settings\HP_Owner\Application Data\Thunderbird\Profiles\0auk0ul2.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.166:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.782:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB0.tmp -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.431:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.432:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.433:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.434:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.103:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.104:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.105:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.106:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.58:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.61:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.62:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.63:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.64:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.65:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.66:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.67:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.68:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Fastclick : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB3.tmp -> TrackingCookie.Fastclick : Cleaned.
:mozilla.549:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.645:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.646:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB4.tmp -> TrackingCookie.Hitbox : Cleaned.
:mozilla.355:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Linksynergy : Cleaned.
:mozilla.356:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Linksynergy : Cleaned.
:mozilla.440:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.441:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.231:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.232:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4C.tmp -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.311:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.312:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.600:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.225:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.226:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.227:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.228:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.229:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.295:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.296:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.297:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.579:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Real : Cleaned.
:mozilla.38:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.39:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.40:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.41:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.42:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.43:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.44:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Realmedia : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB6.tmp -> TrackingCookie.Realmedia : Cleaned.
:mozilla.309:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.310:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.313:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.314:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.315:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.316:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB1.tmp -> TrackingCookie.Ru4 : Cleaned.
:mozilla.478:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.479:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.480:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.481:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.482:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.48:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.558:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.559:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.284:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.336:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.337:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.338:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.339:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.340:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.341:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.342:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.343:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.305:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB7.tmp -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.285:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.286:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.287:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqAE.tmp -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.241:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.245:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.246:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.247:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.248:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h3yawpgv.default\cookies-1.txt -> TrackingCookie.Zedo : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB8.tmp -> TrackingCookie.Zedo : Cleaned.


::Report end


Logfile of HijackThis v1.99.1
Scan saved at 9:30:10 PM, on 3/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\ePrompter\ePrompter.exe
C:\Program Files\EverNote\EverNote\EverNote.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?.home=ytie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - Startup: ePrompter.lnk = C:\Program Files\ePrompter\ePrompter.exe
O4 - Startup: EverNote.lnk = C:\Program Files\EverNote\EverNote\EverNote.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\sslaunch.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: Add to EverNote - res://C:\Program Files\EverNote\EverNote\enbar.dll/2000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll
O9 - Extra 'Tools' menuitem: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab53083.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://us-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab53083.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab53083.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1174077809031
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab55579.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab42858.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab53852.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://zone.msn.com/bingame/dash/default/D...sh.1.0.0.89.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: bw+0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {E9CEAFB7-B61F-47D4-A355-B74E3D97A7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#6 kayscarpetta

kayscarpetta
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:52 PM

Posted 16 March 2007 - 08:39 PM

my computer is still "rattling" as it works. it takes a bit to bring up a browser or program. they don't just pop right up--it sounds like it's going thru everything to get going

#7 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:52 PM

Posted 16 March 2007 - 08:57 PM

Please download Combofix and save to the desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window whilst it's running.
That may cause the program to freeze/hang.

Posted Image
Posted Image

#8 kayscarpetta

kayscarpetta
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:52 PM

Posted 16 March 2007 - 09:13 PM

"HP_Owner" - 07-03-16 22:04:33 Service Pack 2
ComboFix 07-03-15.2 - Running from: "C:\Documents and Settings\HP_Owner\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.89
C:\Program Files\Common Files\{2C69F~1


((((((((((((((((((((((((((((((( Files Created from 2007-02-16 to 2007-03-16 ))))))))))))))))))))))))))))))))))


2007-03-16 19:03 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-03-16 17:39 79,360 --a------ C:\WINDOWS\system32\swxcacls.exe
2007-03-16 17:39 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-03-16 17:39 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-03-16 17:39 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2007-03-16 17:39 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-03-16 17:39 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2007-03-16 17:21 <DIR> d-------- C:\VundoFix Backups
2007-03-16 17:20 3,236 --a------ C:\WINDOWS\system32\tmp.reg
2007-03-16 15:47 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-03-16 15:44 18,200 --a------ C:\WINDOWS\system32\wups2.dll
2007-03-16 15:44 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-03-16 12:21 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-03-16 12:14 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-03-16 10:58 <DIR> d-------- C:\DOCUME~1\HP_Owner\.housecall6.6
2007-03-08 00:30 75,384 --a------ C:\WINDOWS\TrueInstall.exe
2007-03-06 12:46 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\BlogDesk
2007-03-06 09:53 7,943,248 --a------ C:\Program Files\CFP_Setup_English_2.4.18.184.exe
2007-03-04 13:36 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\Flock
2007-03-04 13:35 <DIR> d-------- C:\Program Files\Flock
2007-03-04 13:34 9,495,472 --a------ C:\Program Files\Flock_Setup_0_7_11_.exe
2007-03-04 13:24 3,793,672 --a------ C:\Program Files\blogdesk-26-300-en.exe
2007-03-04 10:46 1,193,058 --ahs---- C:\WINDOWS\system32\sstwa.bak1
2007-03-03 09:15 <DIR> d--hs---- C:\DOCUME~1\LOCALS~1\UserData


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-03-16 21:58 -------- d-------- C:\Program Files\eprompter
2007-03-16 19:22 -------- d-------- C:\Program Files\iwin games
2007-03-08 09:59 -------- d-------- C:\Program Files\iwin.com
2007-03-08 09:58 -------- d-------- C:\Program Files\filezilla
2007-03-08 00:24 -------- d-------- C:\Program Files\opera
2007-03-08 00:23 -------- d-------- C:\Program Files\myspace
2007-03-08 00:16 -------- d-------- C:\Program Files\popcap games
2007-03-06 11:18 -------- d-------- C:\Program Files\mozilla thunderbird
2007-03-04 11:10 4212 --ah----- C:\WINDOWS\system32\zllictbl.dat
2007-03-04 10:59 -------- d-------- C:\Program Files\yahoo!
2007-03-03 09:07 -------- d-------- C:\Program Files\quicktime
2007-03-02 12:04 11212 --a--c--- C:\WINDOWS\mozver.dat
2007-02-17 08:44 -------- d-------- C:\Program Files\trueswitch
2007-02-17 08:42 -------- d-------- C:\Program Files\trillian
2007-02-14 19:27 -------- d-------- C:\Program Files\picasa2
2007-02-06 13:53 -------- d-------- C:\Program Files\idailydiary
2007-02-05 18:14 -------- d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\myspace
2007-02-04 20:29 -------- d-------- C:\Program Files\real
2007-01-24 21:11 -------- d-------- C:\Program Files\trymedia
2007-01-24 21:04 -------- d-------- C:\Program Files\iwin.com games
2007-01-22 18:33 415784 --a------ C:\Program Files\msgr8us.exe
2007-01-18 00:27 18844 --a------ C:\Program Files\ventilator.zip
2007-01-18 00:26 138997 --a------ C:\Program Files\icumath.zip
2007-01-18 00:07 253464 --a------ C:\Program Files\mnemonics-pda-unabridged.zip
2007-01-15 12:34 75384 --a------ C:\Program Files\trueinstallsuddenlink.exe
2007-01-01 12:23 112897 --a------ C:\WINDOWS\hpoins07.dat
2006-12-25 18:09 1700299 --a------ C:\Program Files\xtsetup.exe
2006-12-25 17:56 9163 --a------ C:\Program Files\palmekg.zip
2006-12-25 17:50 761856 --a------ C:\Program Files\isilo432palmossetup.exe
2006-12-24 07:58 2424840 --a------ C:\Program Files\airoboform.exe
2006-12-10 18:14 2512256 --a------ C:\Program Files\epocrates2palmw.exe
2006-12-08 22:30 2437248 --a------ C:\Program Files\yahoo_antispy_01.14.00_us_setup_.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SunJavaUpdateSched"="C:\\Program Files\\Java\\j2re1.4.2_03\\bin\\jusched.exe"
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"SSC_UserPrompt"="c:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe"
"PS2"="C:\\WINDOWS\\system32\\ps2.exe"
"LSBWatcher"="c:\\hp\\drivers\\hplsbwatcher\\lsburnwatcher.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\HotSync Manager.lnk"
"backup"="C:\\WINDOWS\\pss\\HotSync Manager.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\Palm\\Hotsync.exe -logon"
"item"="HotSync Manager"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\HP Digital Imaging Monitor.lnk"
"backup"="C:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqtra08.exe "
"item"="HP Digital Imaging Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Logitech Desktop Messenger.lnk"
"backup"="C:\\WINDOWS\\pss\\Logitech Desktop Messenger.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Logitech\\DESKTO~1\\8876480\\Program\\LDMConf.exe /start"
"item"="Logitech Desktop Messenger"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^Calendar 2000.lnk]
"path"="C:\\Documents and Settings\\HP_Owner\\Start Menu\\Programs\\Startup\\Calendar 2000.lnk"
"backup"="C:\\WINDOWS\\pss\\Calendar 2000.lnkStartup"
"location"="Startup"
"command"="C:\\Program Files\\AdvancedSearchbar\\Calendar.exe "
"item"="Calendar 2000"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^EverNote.lnk]
"path"="C:\\Documents and Settings\\HP_Owner\\Start Menu\\Programs\\Startup\\EverNote.lnk"
"backup"="C:\\WINDOWS\\pss\\EverNote.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\EverNote\\EverNote\\EverNote.exe /hide"
"item"="EverNote"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iDailyDiary]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iDD"
"hkey"="HKCU"
"command"="\"C:\\PROGRA~1\\IDAILY~1\\iDD.exe\" /LOGMIN"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="C:\\Program Files\\iTunes\\iTunesHelper.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LogitechDesktopMessenger"
"hkey"="HKCU"
"command"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Logi_MwX"
"hkey"="HKLM"
"command"="Logi_MwX.Exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ManifestEngine"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ISStart"
"hkey"="HKLM"
"command"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LogiTray"
"hkey"="HKLM"
"command"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LVCOMSX"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PicasaMediaDetector"
"hkey"="HKLM"
"command"="C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe"
"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{FA010552-4A27-4cb1-A1BB-3E2D697F1639}"="SpySubtract Shell Extension"
"{768318D5-06A3-4987-81FC-8ECA2E068210}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{946850c5-1e27-11d9-baf0-806d6172696f}]
Shell\AutoRun\command D:\setup.exe


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
C:\WINDOWS\tasks\Symantec NetDetect.job


********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-03-16 22:09:08

#9 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:52 PM

Posted 16 March 2007 - 09:32 PM

Please find and delete:
C:\WINDOWS\system32\sstwa.bak1

**********************

Your log is clean :thumbsup:
If all's ok,please do the following:

* Click 'Start'.
* Open 'My Computer'.
* Select the 'Tools' menu and click 'Folder Options'.
* Select the 'View' tab.
* Under the 'Hidden files and folders' heading unselect 'Show hidden files and folders'.
* Re-check the 'Hide file extensions for known types' option.
* Re-check the 'Hide protected operating system files (recommended)' option.
* Click Yes to confirm.
* Click OK.

Clear your 'System Restore' points by doing the following:
Right-click on 'My Computer' and select 'Properties'.
Select 'System Restore'.
Select 'Turn Off System Restore On All Drives'.
Select 'Apply'.
You will then get the following warning:
"You have chosen to turn off System Restore.
If you continue,all existing restore points will be deleted,and you will not be able to track or undo changes to your computer.
Do you want to turn off System Restore?".
Then select 'Yes',your 'System Restore' directories will be purged.

Turn 'System Restore' back on:
Right click on 'My Computer' and select 'Properties'.
Select 'System Restore'.
Unselect 'Turn Off System Restore On All Drives'.
Select 'Apply',then click 'Ok'.

Create a new 'System Restore' point:
Click on Start/All Programs/Accessories/System Tools/System Restore.
In the 'System Restore' window,click 'Create a Restore Point' button,then click 'Next'.
In the window that appears,enter a description,then click on 'Create',then click 'Close'.
The date and time is created automatically.

Read through the information found here,to help you prevent any possible future infections.
Simple and easy ways to keep your computer safe and secure on the Internet:
http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Please Note:
Your version of Sun Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older versions of Sun Java,and then update.
1. Download the latest version of Java Runtime Environment (JRE)
2. Scroll down to where it says 'Java Runtime Environment (JRE) 6.0'.
3. Click the "Download" button to the right.
4. Check the box that says: "Accept License Agreement".
5. The page will refresh.
6. Click on the link to download 'Windows Offline Installation, Multi-language' and save to your desktop.
7. Close any programs you may have running - especially your web browser.
8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.
10. Click the Change/Remove button.
11. Repeat as many times as necessary to remove each Java versions.
12. Reboot your computer once all Java components are removed.
13. Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.
Posted Image
Posted Image

#10 kayscarpetta

kayscarpetta
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:52 PM

Posted 16 March 2007 - 10:37 PM

i could not find the C:\WINDOWS\system32\sstwa.bak1 file
but deleted and reinstalled java runtime

#11 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:52 PM

Posted 17 March 2007 - 04:48 AM

Download Avenger from the link below:
http://swandog46.geekstogo.com/avenger.zip
Unzip/extract it to your desktop.

Start up Avenger.
Check the 'Input script manually' option.
Click the Magnifying Glass icon.
In the box that opens,copy and paste ALL the following bold blue text in the Quote box below:

Files to delete:
C:\WINDOWS\system32\sstwa.bak1

Then click on 'Done'.
Click the Traffic Light icon to start the program.
Then press OK at the prompts to reboot your PC.

Post the Avenger output.txt, which you can find at C:\Avenger\.txt into your next reply.

Let me know how your pc is running now please.
Posted Image
Posted Image

#12 kayscarpetta

kayscarpetta
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:52 PM

Posted 17 March 2007 - 08:24 AM

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\qfdvjjgr

*******************

Script file located at: \??\C:\WINDOWS\fbctlblo.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\sstwa.bak1 deleted successfully.

Completed script processing.

*******************

Finished! Terminate.





When I rebooted a warning window came up that said:

Windows No Disk
there is no disk in the drive. Please insert a disk into drive.

There were Cancel Try Again and Continue buttons. None of them worked, so I x'ed out of it.



A couple of times my browser screen (in IE) resized to smaller during this. During this whole thing I have been using Internet Explorer (which I normally don't) since during the bleepingcomputer downloads before I started talking with you recommended it (stating some things wouldn't download in Firefox).
Out of curiosity, I just brought FF up (it took a minute) and tried to get into Yahoo. It was still doing that blinking thing where I couldn't get words in the boxes to sign in and I also tried myspace-still no go. So then I came back to IE and tried to get into Yahoo and got in easily. Then I went to myspace---put in the same id and the same password I just tried in FF and got into my account easily.


#13 kayscarpetta

kayscarpetta
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:52 PM

Posted 17 March 2007 - 08:31 AM

I just went back to FF... that was bugging me. I was looking at the top bars --- I installed this button a week or so ago called Stealther. I hadn't tried it out yet. I clicked on it and left it clicked evidentally. I just clicked it off and tried getting into yahoo and myspace and I could (in FF).

#14 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:52 PM

Posted 17 March 2007 - 09:42 AM

What problems if any are you still experiencing please.
Posted Image
Posted Image

#15 kayscarpetta

kayscarpetta
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:52 PM

Posted 17 March 2007 - 09:47 AM

right now, I'm surfing around the internet on IE and am not having any problems that I can tell.
i just opened firefox and it actually opened quickly to my usual homepage. do you think everything is ok?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users