i need some help my computer keeps freezing, i cant download music, and half of the music files that i currently have will not play. here is a copy of my hijack scan log Logfile of HijackThis v1.99.1 Scan saved at 8:41:22 AM, on 5/25/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe C:\Program Files\Windows Defender\MSASCui.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\HP\KBD\KBD.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\hphmon06.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCMTR.EXE C:\WINDOWS\ALCWZRD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\AGRSMMSG.exe C:\Documents and Settings\HP_Administrator\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1179682269890 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1179682263312 O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Hi! Your log is ok. #1 Looking over your log, it seems you don't have any evidence of a third party firewall. As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors: 1) ZoneAlarm 2) Agnitum 3) Sunbelt/Kerio 4) Comodo If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time. #2 Panda ActiveScan - Once you are on the Panda site, click the Scan your PC button - A new window will open...click the Check Now button - Enter your Country - Enter your State/Province - Enter your e-mail address and click send - Select either Home User or Company - Click the big Scan Now button - If it wants to install an ActiveX component allow it - It will start downloading the files it requires for the scan (Note: It may take a couple of minutes) - When download is complete, click on Local Disks to start the scan - When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Do NOT lose it! Please, send the Panda activescan report and a new HjT log.
new hijack log and panda log Logfile of HijackThis v1.99.1 Scan saved at 11:45:20 AM, on 5/26/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Windows Defender\MSASCui.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\HP\KBD\KBD.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\hphmon06.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\ALCMTR.EXE C:\WINDOWS\ALCWZRD.EXE C:\WINDOWS\AGRSMMSG.exe c:\windows\system\hpsysdrv.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Documents and Settings\HP_Administrator\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1179682269890 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1179682263312 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Incident Status Location Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\CeCe\Cookies\cece@atwola[1].txt Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\CeCe\Cookies\cece@azjmp[1].txt Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\CeCe\Cookies\cece@did-it[2].txt Spyware:Cookie/Go Not disinfected C:\Documents and Settings\CeCe\Cookies\cece@go[1].txt Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\CeCe\Cookies\cece@i.screensavers[1].txt Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-10.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-11.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-12.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-13.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-15.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-2.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-248.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-249.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-252.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-253.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-254.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-255.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-256.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-257.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-258.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-262.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-263.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-264.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-265.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-266.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-267.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-271.txt[.go.com/] Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-272.txt[landing.domainsponsor.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-272.txt[.go.com/] Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-273.txt[landing.domainsponsor.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-273.txt[.go.com/] Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-274.txt[landing.domainsponsor.com/] Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-275.txt[landing.domainsponsor.com/] Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-276.txt[landing.domainsponsor.com/] Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-277.txt[landing.domainsponsor.com/] Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-278.txt[landing.domainsponsor.com/] Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-279.txt[landing.domainsponsor.com/] Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-280.txt[landing.domainsponsor.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-283.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-284.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-285.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-287.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-288.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-289.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-34.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-35.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-36.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-37.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-38.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-39.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-40.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-41.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-42.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-43.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-44.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-45.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-46.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-47.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-48.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-49.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-50.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-51.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-52.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-53.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-54.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-55.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-56.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-57.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-6.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-60.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-61.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-62.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-63.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-64.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-66.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-68.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-7.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-8.txt[.go.com/] Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Chanel\Cookies\chanel@atwola[2].txt Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Chanel\Cookies\chanel@azjmp[2].txt Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Chanel\Cookies\chanel@banner[1].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Chanel\Cookies\chanel@belnk[1].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Chanel\Cookies\chanel@dist.belnk[2].txt Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Cookies\chanel@go[1].txt Adware:Adware/Comet Not disinfected C:\Documents and Settings\Chanel\Local Settings\Temporary Internet Files\Content.IE5\MWC2EJCQ\jokes[1].exe[jokester.dll] Adware:Adware/Comet Not disinfected C:\Documents and Settings\Chanel\Local Settings\Temporary Internet Files\Content.IE5\MWC2EJCQ\jokes[1].exe["Starware.dll"] Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Guest\Cookies\guest@atwola[1].txt Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Guest\Cookies\guest@azjmp[2].txt Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Guest\Cookies\guest@go[1].txt Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\HP_Administrator\Desktop\smitRem\Process.exe Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.000\Application Data\Mozilla\Firefox\Profiles\p1ok8isg.default\cookies.txt[.adultfriendfinder.com/] Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.000\Application Data\Mozilla\Firefox\Profiles\p1ok8isg.default\cookies.txt[.cs.sexcounter.com/] Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.000\Application Data\Mozilla\Firefox\Profiles\p1ok8isg.default\cookies.txt[.tribalfusion.com/] Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.000\Application Data\Mozilla\Firefox\Profiles\p1ok8isg.default\cookies.txt[.yadro.ru/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@2o7[1].txt Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@ad.yieldmanager[1].txt Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@adrevolver[1].txt Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@adrevolver[3].txt Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@ads.pointroll[2].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@advertising[1].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@atdmt[1].txt Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@atwola[1].txt Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@bluestreak[2].txt Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@bs.serving-sys[1].txt Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@burstnet[2].txt Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@casalemedia[2].txt Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@clickbank[1].txt Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@counter2.sextracker[1].txt Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@counter3.sextracker[1].txt Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@counter7.sextracker[1].txt Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@cs.sexcounter[2].txt Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@did-it[1].txt Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@fastclick[2].txt Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@hitbox[2].txt Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@mediaplex[1].txt Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@overture[1].txt Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@perf.overture[1].txt Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@questionmarket[1].txt Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@realmedia[2].txt Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@server.iad.liveperson[1].txt Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@serving-sys[1].txt Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@sextracker[1].txt Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@statcounter[1].txt Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@statse.webtrendslive[2].txt Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@trafficmp[2].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@tribalfusion[2].txt Spyware:Cookie/XXXCounter Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@xxxcounter[1].txt Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@zedo[2].txt Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe Potentially unwanted tool:Application/Processor Not disinfected C:\Program Files\Mozilla Firefox\SmitfraudFix\Process.exe Virus:Trj/Shutdown.Z Disinfected C:\Program Files\Mozilla Firefox\SmitfraudFix\restart.exe Adware:Adware/VideoActiveXObject Not disinfected C:\Program Files\Video ActiveX Access\imsmain.exe Adware:Adware/VideoActiveXObject Not disinfected C:\Program Files\Video ActiveX Access\imsmn.exe Adware:Adware/VideoActiveXObject Not disinfected C:\Program Files\Video ActiveX Access\imsunst.exe Adware:Adware/SpySheriff Not disinfected C:\RECYCLER\S-1-5-21-1458236410-1814202200-2984807634-1008\Dc1209.tmp Spyware:Cookie/QuestionMarket Not disinfected C:\RECYCLER\S-1-5-21-1458236410-1814202200-2984807634-1008\Dc2438.txt Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\S-1-5-21-1458236410-1814202200-2984807634-1008\Dc2561.txt Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\S-1-5-21-1458236410-1814202200-2984807634-1008\Dc2585.txt Spyware:Cookie/Doubleclick Not disinfected C:\RECYCLER\S-1-5-21-1458236410-1814202200-2984807634-1008\Dc2586.txt
new hijack log and panda log Logfile of HijackThis v1.99.1 Scan saved at 11:45:20 AM, on 5/26/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Windows Defender\MSASCui.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\HP\KBD\KBD.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\hphmon06.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\ALCMTR.EXE C:\WINDOWS\ALCWZRD.EXE C:\WINDOWS\AGRSMMSG.exe c:\windows\system\hpsysdrv.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Documents and Settings\HP_Administrator\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1179682269890 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1179682263312 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Incident Status Location Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\CeCe\Cookies\cece@atwola[1].txt Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\CeCe\Cookies\cece@azjmp[1].txt Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\CeCe\Cookies\cece@did-it[2].txt Spyware:Cookie/Go Not disinfected C:\Documents and Settings\CeCe\Cookies\cece@go[1].txt Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\CeCe\Cookies\cece@i.screensavers[1].txt Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-10.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-11.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-12.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-13.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-15.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-2.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-248.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-249.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-252.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-253.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-254.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-255.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-256.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-257.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-258.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-262.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-263.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-264.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-265.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-266.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-267.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-271.txt[.go.com/] Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-272.txt[landing.domainsponsor.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-272.txt[.go.com/] Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-273.txt[landing.domainsponsor.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-273.txt[.go.com/] Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-274.txt[landing.domainsponsor.com/] Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-275.txt[landing.domainsponsor.com/] Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-276.txt[landing.domainsponsor.com/] Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-277.txt[landing.domainsponsor.com/] Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-278.txt[landing.domainsponsor.com/] Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-279.txt[landing.domainsponsor.com/] Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-280.txt[landing.domainsponsor.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-283.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-284.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-285.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-287.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-288.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-289.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-34.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-35.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-36.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-37.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-38.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-39.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-40.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-41.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-42.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-43.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-44.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-45.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-46.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-47.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-48.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-49.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-50.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-51.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-52.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-53.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-54.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-55.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-56.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-57.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-6.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-60.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-61.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-62.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-63.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-64.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-66.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-68.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-7.txt[.go.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Application Data\Mozilla\Firefox\Profiles\6nm14bsp.default\cookies-8.txt[.go.com/] Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Chanel\Cookies\chanel@atwola[2].txt Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Chanel\Cookies\chanel@azjmp[2].txt Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Chanel\Cookies\chanel@banner[1].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Chanel\Cookies\chanel@belnk[1].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Chanel\Cookies\chanel@dist.belnk[2].txt Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chanel\Cookies\chanel@go[1].txt Adware:Adware/Comet Not disinfected C:\Documents and Settings\Chanel\Local Settings\Temporary Internet Files\Content.IE5\MWC2EJCQ\jokes[1].exe[jokester.dll] Adware:Adware/Comet Not disinfected C:\Documents and Settings\Chanel\Local Settings\Temporary Internet Files\Content.IE5\MWC2EJCQ\jokes[1].exe["Starware.dll"] Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Guest\Cookies\guest@atwola[1].txt Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Guest\Cookies\guest@azjmp[2].txt Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Guest\Cookies\guest@go[1].txt Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\HP_Administrator\Desktop\smitRem\Process.exe Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.000\Application Data\Mozilla\Firefox\Profiles\p1ok8isg.default\cookies.txt[.adultfriendfinder.com/] Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.000\Application Data\Mozilla\Firefox\Profiles\p1ok8isg.default\cookies.txt[.cs.sexcounter.com/] Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.000\Application Data\Mozilla\Firefox\Profiles\p1ok8isg.default\cookies.txt[.tribalfusion.com/] Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.000\Application Data\Mozilla\Firefox\Profiles\p1ok8isg.default\cookies.txt[.yadro.ru/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@2o7[1].txt Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@ad.yieldmanager[1].txt Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@adrevolver[1].txt Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@adrevolver[3].txt Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@ads.pointroll[2].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@advertising[1].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@atdmt[1].txt Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@atwola[1].txt Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@bluestreak[2].txt Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@bs.serving-sys[1].txt Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@burstnet[2].txt Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@casalemedia[2].txt Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@clickbank[1].txt Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@counter2.sextracker[1].txt Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@counter3.sextracker[1].txt Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@counter7.sextracker[1].txt Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@cs.sexcounter[2].txt Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@did-it[1].txt Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@fastclick[2].txt Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@hitbox[2].txt Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@mediaplex[1].txt Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@overture[1].txt Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@perf.overture[1].txt Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@questionmarket[1].txt Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@realmedia[2].txt Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@server.iad.liveperson[1].txt Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@serving-sys[1].txt Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@sextracker[1].txt Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@statcounter[1].txt Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@statse.webtrendslive[2].txt Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@trafficmp[2].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@tribalfusion[2].txt Spyware:Cookie/XXXCounter Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@xxxcounter[1].txt Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Cookies\hp_administrator@zedo[2].txt Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe Potentially unwanted tool:Application/Processor Not disinfected C:\Program Files\Mozilla Firefox\SmitfraudFix\Process.exe Virus:Trj/Shutdown.Z Disinfected C:\Program Files\Mozilla Firefox\SmitfraudFix\restart.exe Adware:Adware/VideoActiveXObject Not disinfected C:\Program Files\Video ActiveX Access\imsmain.exe Adware:Adware/VideoActiveXObject Not disinfected C:\Program Files\Video ActiveX Access\imsmn.exe Adware:Adware/VideoActiveXObject Not disinfected C:\Program Files\Video ActiveX Access\imsunst.exe Adware:Adware/SpySheriff Not disinfected C:\RECYCLER\S-1-5-21-1458236410-1814202200-2984807634-1008\Dc1209.tmp Spyware:Cookie/QuestionMarket Not disinfected C:\RECYCLER\S-1-5-21-1458236410-1814202200-2984807634-1008\Dc2438.txt Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\S-1-5-21-1458236410-1814202200-2984807634-1008\Dc2561.txt Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\S-1-5-21-1458236410-1814202200-2984807634-1008\Dc2585.txt Spyware:Cookie/Doubleclick Not disinfected C:\RECYCLER\S-1-5-21-1458236410-1814202200-2984807634-1008\Dc2586.txt
Hi! Please download SmitfraudFix Double-click SmitfraudFix.exe Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present). Please copy/paste the content of that report into your next reply. Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. http://www.beyondlogic.org/consulting/proc...processutil.htm
SmitFraudFix v2.188 Scan done at 9:17:45.53, Sun 05/27/2007 Run from C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe C:\Program Files\Windows Defender\MSASCui.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\HP\KBD\KBD.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\hphmon06.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\WildTangent\Apps\GameChannel.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001 »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\HP_ADM~1.001\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files C:\Program Files\Video ActiveX Access\ FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL" "LoadAppInit_DLLs"=dword:00000001 »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32-xpdt »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Packet Scheduler Miniport DNS Server Search Order: 192.168.0.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{8A3E40BC-24C7-4B51-9D9D-45E768C6A921}: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{8A3E40BC-24C7-4B51-9D9D-45E768C6A921}: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS3\Services\Tcpip\..\{8A3E40BC-24C7-4B51-9D9D-45E768C6A921}: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End
You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site. Please reboot your computer in Safe Mode by doing the following : * Restart your computer * After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; * Instead of Windows loading as normal, a menu with options should appear; * Select the first option, to run Windows in Safe Mode, then press "Enter". * Choose your usual account. [/list]Once in Safe Mode, double-click SmitfraudFix.exe Select option #2 - Clean by typing 2 and press "Enter" to delete infected files. You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection. The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter". The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new HijackThis log. The report can also be found at the root of the system drive, usually at C:\rapport.txt Warning : running option #2 on a non infected computer will remove your Desktop background.
SmitFraudFix v2.188 Scan done at 18:15:40.67, Wed 05/30/2007 Run from C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2.001\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\Program Files\Video ActiveX Access\ Deleted »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{8A3E40BC-24C7-4B51-9D9D-45E768C6A921}: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{8A3E40BC-24C7-4B51-9D9D-45E768C6A921}: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS3\Services\Tcpip\..\{8A3E40BC-24C7-4B51-9D9D-45E768C6A921}: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End Logfile of HijackThis v1.99.1 Scan saved at 6:24:54 PM, on 5/30/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe C:\Program Files\Windows Defender\MSASCui.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\HP\KBD\KBD.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\hphmon06.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\WildTangent\Apps\GameChannel.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\HP_Administrator\Desktop\HijackThis.exe R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1179682269890 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1179682263312 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Please do the following... 1. Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop. This program is for XP and Windows 2000 only! Double-click ATF Cleaner.exe to open it. Under Main select the following: [*]Windows Temp [*]Current User Temp [*]All Users Temp [*]Temporary Internet Files [*]Prefetch [*]Java Cache *The other boxes are optional* Then click the Empty Selected button. Click Exit on the Main menu to close the program. After that, do you have problems?
