SmitFraudFix v2.134 Scan done at 12:02:58.43, Wed 01/24/2007 Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 C:\WINDOWS\system32\axlet.dll FOUND ! C:\WINDOWS\system32\ot.ico FOUND ! C:\WINDOWS\system32\1024\ FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data C:\Documents and Settings\Owner\Application Data\Install.dat FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files C:\Program Files\AntiVerminser\ FOUND ! C:\Program Files\eMedia Codec\ FOUND ! C:\Program Files\Video ActiveX Object\ FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{D1A2E7CD-F5C1-21A8-CA2C-13D0AC72D19D}"="Wheel Mouse Optical Driver" [HKEY_CLASSES_ROOT\CLSID\{D1A2E7CD-F5C1-21A8-CA2C-13D0AC72D19D}\InProcServer32] @="C:\WINDOWS\system32\dxmpp.dll" [HKEY_CURRENT_USER\Software\Classes\CLSID\{D1A2E7CD-F5C1-21A8-CA2C-13D0AC72D19D}\InProcServer32] @="C:\WINDOWS\system32\dxmpp.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{8670ee50-01f9-47da-ac1e-cf8549e9e521}"="eupeptic" [HKEY_CLASSES_ROOT\CLSID\{8670ee50-01f9-47da-ac1e-cf8549e9e521}\InProcServer32] @="C:\WINDOWS\system32\axlet.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8670ee50-01f9-47da-ac1e-cf8549e9e521}\InProcServer32] @="C:\WINDOWS\system32\axlet.dll" »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32 »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End and Logfile of HijackThis v1.99.1 Scan saved at 12:06:37 PM, on 1/24/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Video ActiveX Object\pmsngr.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Digital Media Reader\shwiconem.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\zHotkey.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\hphmon05.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\Program Files\BigFix\BigFix.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\NOTEPAD.EXE C:\HjT\HijackThis_v1.99.1.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.piczo.com/?cr=3&rfm=y O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - (no file) O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - C:\Program Files\Video ActiveX Object\isaddon.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Seekmo Toolbar - {53E0B6E8-A51D-448B-B692-40B67B285543} - C:\Program Files\Seekmo Programs\Seekmo Toolbar\SeekmoTB.dll O3 - Toolbar: Protection Bar - {0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} - C:\Program Files\Video ActiveX Object\iesplugin.dll (file missing) O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [CHotkey] zHotkey.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [Workflow] E:\Install\Workflow.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [WinAntiSpyware 2006] "c:\program files\winantispyware 2006 scanner\was6.exe" /min O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [NewsUpd] C:\Program Files\Creative\News\NewsUpd.EXE /q O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\Owner\Local Settings\Temp\{3D4DD508-2430-44AC-85F1-6F5B3235C0DA}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://sarahl64.spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/uploader/ssiPictureUploader.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by102fd.bay102.hotmail.msn.com/activex/HMAtchmt.ocx O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: eupeptic - {8670ee50-01f9-47da-ac1e-cf8549e9e521} - C:\WINDOWS\system32\axlet.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
Please check off the following in HijackThis: O2 - BHO: (no name) - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - (no file) O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - C:\Program Files\Video ActiveX Object\isaddon.dll O3 - Toolbar: Seekmo Toolbar - {53E0B6E8-A51D-448B-B692-40B67B285543} - C:\Program Files\Seekmo Programs\Seekmo Toolbar\SeekmoTB.dll O3 - Toolbar: Protection Bar - {0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} - C:\Program Files\Video ActiveX Object\iesplugin.dll (file missing) Delete the following file/folder from C:\Program Files\Video ActiveX Object isaddon.dll Seekmo Toolbar iesplugin.dll
Credit goes to Niobis: Go here and download KillBox. Open Killbox.exe. Check "Standard File Kill". In the "Full Path of File to Delete" box, copy/paste each of the following lines below one at a time. Then, click the red button with a white X after you enter each file. You will be prompted to confirm, click "Yes". C:\Program Files\Video ActiveX Object\isaddon.dll C:\Program Files\Seekmo Programs\Seekmo Toolbar\ C:\Program Files\Video ActiveX Object\iesplugin.dll Open up HijackThis, go to Open Misc Tool section, go to open Process Manager, and click on C:\Program Files\Video ActiveX Object\pmsngr.exe, click on Kill Process. Then open up KillBox and kill this file: C:\Program Files\Video ActiveX Object\pmsngr.exe
Killbox claims that these files don't exist: C:\Program Files\Video ActiveX Object\isaddon.dll C:\Program Files\Seekmo Programs\Seekmo Toolbar\ C:\Program Files\Video ActiveX Object\iesplugin.dll But I deleted "C:\Program Files\Video ActiveX Object\pmsngr.exe". Also, there is another popup saying that I have NetWorm-i.Virus@fp (Next time, I'm buying a Mac...)
Sarah, Please download Ad-aware here. Update the program and do a system scan. Delete all the objects. Please post the log file. Also download Spybot here. Download the latest update. Run and check for problems. Delete all the objects. Please post the Spybot log file. And run Hjt and post that log file.
Adware Log Ad-Aware SE Build 1.06r1 Logfile Created on:Thursday, January 25, 2007 5:45:00 PM Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R147 25.01.2007 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» AntiVermins(TAC index:3):17 total references MRU List(TAC index:0):34 total references Tracking Cookie(TAC index:3):34 total references Zango(TAC index:4):4 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 1-25-2007 5:45:00 PM - Scan started. (Smart mode) Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 508 ThreadCreationTime : 1-25-2007 9:30:13 PM BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 580 ThreadCreationTime : 1-25-2007 9:30:15 PM BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 616 ThreadCreationTime : 1-25-2007 9:30:19 PM BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 664 ThreadCreationTime : 1-25-2007 9:30:20 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Services and Controller app InternalName : services.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 676 ThreadCreationTime : 1-25-2007 9:30:20 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [ati2evxx.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 832 ThreadCreationTime : 1-25-2007 9:30:22 PM BasePriority : Normal FileVersion : 6.14.10.4114 ProductVersion : 6.14.10.4114 ProductName : ATI External Event Utility for WindowsNT and Windows9X CompanyName : ATI Technologies Inc. FileDescription : ATI External Event Utility EXE Module InternalName : ATI2EVXX.EXE LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc. OriginalFilename : ATI2EVXX.EXE #:7 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 852 ThreadCreationTime : 1-25-2007 9:30:22 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 912 ThreadCreationTime : 1-25-2007 9:30:22 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 980 ThreadCreationTime : 1-25-2007 9:30:22 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1020 ThreadCreationTime : 1-25-2007 9:30:22 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:11 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1068 ThreadCreationTime : 1-25-2007 9:30:23 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:12 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1332 ThreadCreationTime : 1-25-2007 9:30:24 PM BasePriority : Normal FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519) ProductVersion : 5.1.2600.2696 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:13 [ati2evxx.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1468 ThreadCreationTime : 1-25-2007 9:30:25 PM BasePriority : Normal FileVersion : 6.14.10.4114 ProductVersion : 6.14.10.4114 ProductName : ATI External Event Utility for WindowsNT and Windows9X CompanyName : ATI Technologies Inc. FileDescription : ATI External Event Utility EXE Module InternalName : ATI2EVXX.EXE LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc. OriginalFilename : ATI2EVXX.EXE #:14 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 1556 ThreadCreationTime : 1-25-2007 9:30:26 PM BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : EXPLORER.EXE #:15 [avgamsvr.exe] FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\ ProcessID : 1792 ThreadCreationTime : 1-25-2007 9:30:32 PM BasePriority : Normal FileVersion : 7,1,0,365 ProductVersion : 7.1.0.365 ProductName : AVG Anti-Virus System CompanyName : GRISOFT, s.r.o. FileDescription : AVG Alert Manager InternalName : avgamsvr LegalCopyright : Copyright © 2005, GRISOFT, s.r.o. OriginalFilename : avgamsvr.EXE #:16 [avgupsvc.exe] FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\ ProcessID : 1808 ThreadCreationTime : 1-25-2007 9:30:33 PM BasePriority : Normal FileVersion : 7,1,0,349 ProductVersion : 7.1.0.349 ProductName : AVG 7.0 Anti-Virus System CompanyName : GRISOFT, s.r.o. FileDescription : AVG Update Service InternalName : avgupsvc LegalCopyright : Copyright © 2005, GRISOFT, s.r.o. OriginalFilename : avgupdsvc.EXE #:17 [avgemc.exe] FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\ ProcessID : 1820 ThreadCreationTime : 1-25-2007 9:30:33 PM BasePriority : Normal FileVersion : 7,1,0,400 ProductVersion : 7.1.0.400 ProductName : AVG Anti-Virus System CompanyName : GRISOFT, s.r.o. FileDescription : AVG E-Mail Scanner InternalName : avgemc LegalCopyright : Copyright © 2006, GRISOFT, s.r.o. OriginalFilename : avgemc.exe #:18 [cmdagent.exe] FilePath : C:\Program Files\Comodo\Firewall\ ProcessID : 1860 ThreadCreationTime : 1-25-2007 9:30:33 PM BasePriority : Normal FileVersion : 2.4.0.19 ProductVersion : 2.4.0.0 ProductName : Comodo Firewall CompanyName : COMODO FileDescription : Comodo Agent Service InternalName : cmdagent LegalCopyright : Copyright © 2005-2006 COMODO ®. All rights reserved LegalTrademarks : Copyright © 2005-2006 COMODO ®. All rights reserved OriginalFilename : cmdagent.exe #:19 [ehrecvr.exe] FilePath : C:\WINDOWS\eHome\ ProcessID : 1884 ThreadCreationTime : 1-25-2007 9:30:33 PM BasePriority : Above Normal FileVersion : 5.1.2700.2230 built by: private/xpsp_mce_qfe(wmbla) ProductVersion : 5.1.2700.2230 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Media Center Receiver Service InternalName : ehRecvr LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : ehRecvr.exe #:20 [ehsched.exe] FilePath : C:\WINDOWS\eHome\ ProcessID : 1900 ThreadCreationTime : 1-25-2007 9:30:33 PM BasePriority : Normal FileVersion : 5.1.2700.2180 (private/xpsp_mce.040810-0205) ProductVersion : 5.1.2700.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Media Center Scheduler Service InternalName : ehSched LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : ehSched.exe #:21 [prismxl.sys] FilePath : C:\Program Files\Common Files\New Boundary\PrismXL\ ProcessID : 1992 ThreadCreationTime : 1-25-2007 9:30:34 PM BasePriority : Normal FileVersion : 6.0.1.22 ProductVersion : 6.0.1.22 ProductName : PrismXL Software Family CompanyName : New Boundary Technologies, Inc. FileDescription : PrismXL Service InternalName : PrismXL Service LegalCopyright : © 1997-2004 New Boundary Technologies OriginalFilename : PrismXL.sys #:22 [dllhost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 968 ThreadCreationTime : 1-25-2007 9:30:47 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : COM Surrogate InternalName : dllhost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : dllhost.exe #:23 [alg.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1392 ThreadCreationTime : 1-25-2007 9:30:48 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Application Layer Gateway Service InternalName : ALG.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : ALG.exe #:24 [ehtray.exe] FilePath : C:\WINDOWS\ehome\ ProcessID : 3388 ThreadCreationTime : 1-25-2007 9:37:56 PM BasePriority : Normal FileVersion : 5.1.2700.2180 (private/xpsp_mce.040810-0205) ProductVersion : 5.1.2700.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Media Center Tray Applet InternalName : ehtray LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : ehtray.exe #:25 [shwiconem.exe] FilePath : C:\Program Files\Digital Media Reader\ ProcessID : 3432 ThreadCreationTime : 1-25-2007 9:37:56 PM BasePriority : Idle FileVersion : 1, 4, 0, 8 ProductVersion : 1, 4, 0, 8 ProductName : Multimedia Card Reader CompanyName : Alcor Micro, Corp. LegalCopyright : Copyright c 2002 Comments : Alcor 9360 4/4.5 Slot XP #:26 [atiptaxx.exe] FilePath : C:\Program Files\ATI Technologies\ATI Control Panel\ ProcessID : 3452 ThreadCreationTime : 1-25-2007 9:37:56 PM BasePriority : Normal FileVersion : 6.14.10.5145 ProductVersion : 6.14.10.5145 ProductName : ATI Desktop Component CompanyName : ATI Technologies, Inc. FileDescription : ATI Desktop Control Panel InternalName : Atiptaxx.exe LegalCopyright : Copyright (C) 1998-2005 ATI Technologies Inc. OriginalFilename : Atiptaxx.exe #:27 [zhotkey.exe] FilePath : C:\WINDOWS\ ProcessID : 3492 ThreadCreationTime : 1-25-2007 9:37:56 PM BasePriority : Normal FileVersion : 3, 0, 0, 7 ProductVersion : 3, 0, 0, 0 ProductName : Multimedia Keyboard Driver FileDescription : Multimedia Keyboard Driver InternalName : Multimedia Hotkey Driver LegalCopyright : Copyright (c) 2005. OriginalFilename : mHotkey.res #:28 [soundman.exe] FilePath : C:\WINDOWS\ ProcessID : 3500 ThreadCreationTime : 1-25-2007 9:37:56 PM BasePriority : Normal FileVersion : 5.1.0.38 ProductVersion : 5.1.0.38 ProductName : Realtek Sound Manager CompanyName : Realtek Semiconductor Corp. FileDescription : Realtek Sound Manager InternalName : ALSMTray LegalCopyright : Copyright (c) 2001-2004 Realtek Semiconductor Corp. OriginalFilename : ALSMTray.exe Comments : Realtek AC97 Audio Sound Manager #:29 [pdvdserv.exe] FilePath : C:\Program Files\CyberLink\PowerDVD\ ProcessID : 3596 ThreadCreationTime : 1-25-2007 9:37:57 PM BasePriority : Normal FileVersion : 6.00.1027 ProductVersion : 6.00.1027 ProductName : PowerDVD CompanyName : Cyberlink Corp. FileDescription : PowerDVD RC Service InternalName : PowerDVD RC Service LegalCopyright : Copyright (c) CyberLink Corp. 1997-2004 OriginalFilename : PDVDSERV.EXE #:30 [hpcmpmgr.exe] FilePath : C:\Program Files\HP\hpcoretech\ ProcessID : 3624 ThreadCreationTime : 1-25-2007 9:37:57 PM BasePriority : Normal FileVersion : 1.80.0 ProductVersion : 1.80.0 ProductName : hp coretech (COmponent REuse TECHnology) CompanyName : Hewlett-Packard Company FileDescription : HP Framework Component Manager Service InternalName : HPComponentManagerService module LegalCopyright : Copyright (C) Hewlett-Packard. 2002-2003 OriginalFilename : HPCmpMgr.exe #:31 [hphmon05.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 3632 ThreadCreationTime : 1-25-2007 9:37:57 PM BasePriority : Normal FileVersion : 5,1,7 ProductVersion : 5,1,7 ProductName : HP Photosmart CompanyName : Hewlett-Packard FileDescription : HPHmon05 InternalName : HPHmon05 LegalCopyright : Copyright (C) 2003 OriginalFilename : HPHmon05.exe #:32 [hpztsb09.exe] FilePath : C:\WINDOWS\system32\spool\drivers\w32x86\3\ ProcessID : 3652 ThreadCreationTime : 1-25-2007 9:37:57 PM BasePriority : Normal FileVersion : 2.239.0.0 ProductVersion : 2.239.0.0 ProductName : HP DeskJet CompanyName : HP LegalCopyright : Copyright (c) Hewlett-Packard Company 1999-2003 #:33 [ehmsas.exe] FilePath : C:\WINDOWS\eHome\ ProcessID : 3748 ThreadCreationTime : 1-25-2007 9:37:58 PM BasePriority : Normal FileVersion : 5.1.2700.2180 (private/xpsp_mce.040810-0205) ProductVersion : 5.1.2700.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Media Center Media Status Aggregator Service InternalName : eHMSAS LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : ehMSAS.exe #:34 [realsched.exe] FilePath : C:\Program Files\Common Files\Real\Update_OB\ ProcessID : 3860 ThreadCreationTime : 1-25-2007 9:38:00 PM BasePriority : Normal FileVersion : 0.1.0.3492 ProductVersion : 0.1.0.3492 ProductName : RealPlayer (32-bit) CompanyName : RealNetworks, Inc. FileDescription : RealNetworks Scheduler InternalName : schedapp LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004 LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc. OriginalFilename : realsched.exe #:35 [avgcc.exe] FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\ ProcessID : 3960 ThreadCreationTime : 1-25-2007 9:38:01 PM BasePriority : Normal FileVersion : 7,1,0,406 ProductVersion : 7.1.0.406 ProductName : AVG Anti-Virus System CompanyName : GRISOFT, s.r.o. FileDescription : AVG Control Center InternalName : AvgCC LegalCopyright : Copyright © 2006, GRISOFT, s.r.o. OriginalFilename : AvgCC.EXE #:36 [hpwuschd2.exe] FilePath : C:\Program Files\Hewlett-Packard\HP Software Update\ ProcessID : 3968 ThreadCreationTime : 1-25-2007 9:38:01 PM BasePriority : Normal FileVersion : 50.0.146.000 ProductVersion : 050.000.146.000 ProductName : hp digital imaging - hp all-in-one series CompanyName : Hewlett-Packard Co. FileDescription : Hewlett-Packard Product Assistant InternalName : hpwuSchd2 LegalCopyright : Copyright (C) Hewlett-Packard Co. 1995-2004 OriginalFilename : hpwuSchd2.exe Comments : Hewlett-Packard Product Assistant #:37 [qttask.exe] FilePath : C:\Program Files\QuickTime\ ProcessID : 3988 ThreadCreationTime : 1-25-2007 9:38:02 PM BasePriority : Normal FileVersion : 7.1.3 ProductVersion : QuickTime 7.1.3 ProductName : QuickTime CompanyName : Apple Computer, Inc. FileDescription : QuickTime Task InternalName : QuickTime Task LegalCopyright : Copyright Apple Computer, Inc. 1989-2006 OriginalFilename : QTTask.exe #:38 [hpzipm12.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 4028 ThreadCreationTime : 1-25-2007 9:38:02 PM BasePriority : Normal FileVersion : 7, 0, 0, 0 ProductVersion : 7, 0, 0, 0 ProductName : HP PML CompanyName : HP FileDescription : PML Driver InternalName : PmlDrv LegalCopyright : Copyright © 1998, 1999 Hewlett-Packard Company OriginalFilename : PmlDrv.exe #:39 [ituneshelper.exe] FilePath : C:\Program Files\iTunes\ ProcessID : 4092 ThreadCreationTime : 1-25-2007 9:38:02 PM BasePriority : Normal FileVersion : 7.0.2.16 ProductVersion : 7.0.2.16 ProductName : iTunes CompanyName : Apple Computer, Inc. FileDescription : iTunesHelper Module InternalName : iTunesHelper LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved. OriginalFilename : iTunesHelper.exe #:40 [cpf.exe] FilePath : C:\Program Files\Comodo\Firewall\ ProcessID : 2004 ThreadCreationTime : 1-25-2007 9:38:03 PM BasePriority : Normal FileVersion : 2.4.0.57 ProductVersion : 2.4.0.0 ProductName : COMODO Firewall Pro CompanyName : COMODO FileDescription : COMODO Firewall Pro InternalName : cpf.exe LegalCopyright : Copyright © 2005-2006 COMODO ®. All rights reserved OriginalFilename : cpf.exe #:41 [msmsgs.exe] FilePath : C:\Program Files\Messenger\ ProcessID : 1944 ThreadCreationTime : 1-25-2007 9:38:03 PM BasePriority : Normal FileVersion : 4.7.3001 ProductVersion : Version 4.7.3001 ProductName : Messenger CompanyName : Microsoft Corporation FileDescription : Windows Messenger InternalName : msmsgs LegalCopyright : Copyright (c) Microsoft Corporation 2004 LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries. OriginalFilename : msmsgs.exe #:42 [msnmsgr.exe] FilePath : C:\Program Files\MSN Messenger\ ProcessID : 1980 ThreadCreationTime : 1-25-2007 9:38:03 PM BasePriority : Normal FileVersion : 7.5.0322 ProductVersion : 7.5.0322 ProductName : MSN Messenger CompanyName : Microsoft Corporation FileDescription : MSN Messenger InternalName : msnmsgr LegalCopyright : Copyright (c) Microsoft Corporation 1997-2004 LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries. OriginalFilename : msnmsgr.exe #:43 [bigfix.exe] FilePath : C:\Program Files\BigFix\ ProcessID : 1464 ThreadCreationTime : 1-25-2007 9:38:06 PM BasePriority : Normal FileVersion : 1, 7, 6, 0 ProductVersion : 1, 7, 6, 0 ProductName : BigFix CompanyName : BigFix Inc. FileDescription : BigFix Client Application InternalName : BigFix LegalCopyright : Copyright © 2002 OriginalFilename : BigFix.exe #:44 [ipodservice.exe] FilePath : C:\Program Files\iPod\bin\ ProcessID : 2056 ThreadCreationTime : 1-25-2007 9:38:08 PM BasePriority : Normal FileVersion : 7.0.2.16 ProductVersion : 7.0.2.16 ProductName : iTunes CompanyName : Apple Computer, Inc. FileDescription : iPodService Module InternalName : iPodService LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved. OriginalFilename : iPodService.exe #:45 [hijackthis_v1.99.1.exe] FilePath : C:\HjT\ ProcessID : 2608 ThreadCreationTime : 1-25-2007 9:39:17 PM BasePriority : Normal FileVersion : 1.99.0001 ProductVersion : 1.99.0001 ProductName : HijackThis CompanyName : Soeperman Enterprises Ltd. FileDescription : HijackThis InternalName : HijackThis LegalCopyright : Freeware OriginalFilename : HijackThis.exe Comments : Version history is in Help section #:46 [notepad.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1136 ThreadCreationTime : 1-25-2007 9:39:24 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Notepad InternalName : Notepad LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : NOTEPAD.EXE #:47 [firefox.exe] FilePath : C:\Program Files\Mozilla Firefox\ ProcessID : 2652 ThreadCreationTime : 1-25-2007 9:39:53 PM BasePriority : Normal #:48 [wkswp.exe] FilePath : C:\Program Files\Microsoft Works\ ProcessID : 2744 ThreadCreationTime : 1-25-2007 9:40:36 PM BasePriority : Normal FileVersion : 8.04.0623.0 ProductVersion : 8.04.0623.0 ProductName : Microsoft® Works 8 CompanyName : Microsoft® Corporation FileDescription : Microsoft® Works Word Processor InternalName : WKSWP LegalCopyright : Copyright © Microsoft Corporation. All rights reserved. OriginalFilename : WksWp.exe #:49 [wkdstore.exe] FilePath : C:\Program Files\Microsoft Works\ ProcessID : 2764 ThreadCreationTime : 1-25-2007 9:40:37 PM BasePriority : Normal FileVersion : 8.04.0623.0 ProductVersion : 8.04.0623.0 ProductName : Microsoft® Works 8 CompanyName : Microsoft® Corporation FileDescription : Microsoft® Works Data Store InternalName : WkDStore LegalCopyright : Copyright © Microsoft Corporation. All rights reserved. OriginalFilename : WkDStore.exe #:50 [wkgdcach.exe] FilePath : C:\Program Files\Microsoft Works\ ProcessID : 2804 ThreadCreationTime : 1-25-2007 9:40:37 PM BasePriority : Normal FileVersion : 8.04.0623.0 ProductVersion : 8.04.0623.0 ProductName : Microsoft® Works 8 CompanyName : Microsoft® Corporation FileDescription : Microsoft® Works Font Cache InternalName : GDICACHE LegalCopyright : Copyright © Microsoft Corporation. All rights reserved. OriginalFilename : WkgdCach.exe #:51 [ad-aware.exe] FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\ ProcessID : 3124 ThreadCreationTime : 1-25-2007 9:44:50 PM BasePriority : Normal FileVersion : 6.2.0.236 ProductVersion : SE 106 ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft AB Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» AntiVermins Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{118601e4-0bc8-4b98-aaec-723eba43ed33} AntiVermins Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{15548c74-5c8b-4911-ae88-739dd473e2ba} AntiVermins Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{468164cc-476e-47d5-9269-278d0db22a13} AntiVermins Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{478b7d17-f00a-4ab3-b802-46972cab1ae9} AntiVermins Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{4fcd9ab0-0765-4117-a612-db3b4fac1ee3} AntiVermins Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{5d89ba32-c9f8-48cc-b22a-18c808df6d83} AntiVermins Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{698664ff-f50e-4bdc-b9c0-c00f96a64b84} AntiVermins Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{89ae8b3e-3ee8-4068-8932-60ca9e6ac40b} AntiVermins Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{93362b42-9631-4bae-92ef-7726e5dd747d} AntiVermins Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{999e9507-216c-4a7a-b103-57d3ff617e49} AntiVermins Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{a5a2382e-6ea1-40c9-9eeb-fce758a7a3f1} AntiVermins Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{c20782a3-b65d-41ab-8d04-bbe3122363c2} AntiVermins Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{c54890b0-b9f8-4e58-9715-8c58b52a4d5d} AntiVermins Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{d037be5c-7e06-4d4d-8729-fd1ee7e59c89} AntiVermins Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{d108017b-1769-4bfb-8a4c-0e6202fdbd08} AntiVermins Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{decc44f4-e972-4e5c-8f5f-238295c5add5} AntiVermins Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{823b335c-00de-4886-be7a-fbdc0f69294e} Zango Object Recognized! Type : Regkey Data : TAC Rating : 4 Category : Adware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{f31a5d11-bf0b-4a4e-90af-274f2090aaa6} Zango Object Recognized! Type : Regkey Data : TAC Rating : 4 Category : Adware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{bdddf1a5-51a9-4f51-b38d-4cd0ad831b31} Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 19 Objects found so far: 19 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 19 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking Cookie Object Recognized! Type : IECache Entry Data : owner@cs.sexcounter[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:10 Value : Cookiewner@cs.sexcounter.com/ Expires : 5-12-2024 2:07:28 PM LastSync : Hits:10 UseCount : 0 Hits : 10 Tracking Cookie Object Recognized! Type : IECache Entry Data : owner@pacificpoker[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:5 Value : Cookiewner@pacificpoker.com/ Expires : 9-6-2008 3:46:00 PM LastSync : Hits:5 UseCount : 0 Hits : 5 Tracking Cookie Object Recognized! Type : IECache Entry Data : owner@tripod[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:6 Value : Cookiewner@tripod.com/ Expires : 1-10-2007 7:30:50 PM LastSync : Hits:6 UseCount : 0 Hits : 6 Tracking Cookie Object Recognized! Type : IECache Entry Data : owner@247realmedia[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:12 Value : Cookiewner@247realmedia.com/ Expires : 12-31-2010 8:00:00 PM LastSync : Hits:12 UseCount : 0 Hits : 12 Tracking Cookie Object Recognized! Type : IECache Entry Data : owner@server.iad.liveperson[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:10 Value : Cookiewner@server.iad.liveperson.net/ Expires : 1-24-2007 1:06:48 PM LastSync : Hits:10 UseCount : 0 Hits : 10 Tracking Cookie Object Recognized! Type : IECache Entry Data : owner@etype.adbureau[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:12 Value : Cookiewner@etype.adbureau.net/ Expires : 2-28-2007 8:00:00 PM LastSync : Hits:12 UseCount : 0 Hits : 12 Tracking Cookie Object Recognized! Type : IECache Entry Data : owner@microsofteup.112.2o7[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:1 Value : Cookiewner@microsofteup.112.2o7.net/ Expires : 2-6-2011 2:27:36 AM LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : owner@estat[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:1 Value : Cookiewner@estat.com/ Expires : 1-4-2016 9:00:42 PM LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : owner@paycounter[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:2 Value : Cookiewner@paycounter.com/ Expires : 12-30-2030 9:00:00 PM LastSync : Hits:2 UseCount : 0 Hits : 2 Tracking Cookie Object Recognized! Type : IECache Entry Data : owner@as1.falkag[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:4 Value : Cookiewner@as1.falkag.de/ Expires : 2-5-2006 9:11:14 PM LastSync : Hits:4 UseCount : 0 Hits : 4 Tracking Cookie Object Recognized! Type : IECache Entry Data : owner@realmedia[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:224 Value : Cookiewner@realmedia.com/ Expires : 12-31-2020 8:00:00 PM LastSync : Hits:224 UseCount : 0 Hits : 224 Tracking Cookie Object Recognized! Type : IECache Entry Data : owner@qksrv[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:3 Value : Cookiewner@qksrv.net/ Expires : 1-5-2011 9:02:16 PM LastSync : Hits:3 UseCount : 0 Hits : 3 Tracking Cookie Object Recognized! Type : IECache Entry Data : owner@adserver[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:1 Value : Cookiewner@ads.revsci.net/adserver Expires : 12-14-2038 1:21:36 PM LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : owner@tribalfusion[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:66 Value : Cookiewner@tribalfusion.com/ Expires : 12-31-2037 8:00:00 PM LastSync : Hits:66 UseCount : 0 Hits : 66 Tracking Cookie Object Recognized! Type : IECache Entry Data : owner@2o7[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:122 Value : Cookiewner@2o7.net/ Expires : 2-6-2011 2:54:40 AM LastSync : Hits:122 UseCount : 0 Hits : 122 Tracking Cookie Object Recognized! Type : IECache Entry Data : owner@xml.bravenetmedianetwork[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:8 Value : Cookiewner@xml.bravenetmedianetwork.com/ Expires : 8-27-2006 4:03:46 PM LastSync : Hits:8 UseCount : 0 Hits : 8 Tracking Cookie Object Recognized! Type : IECache Entry Data : owner@tickle[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:80 Value : Cookiewner@tickle.com/ Expires : 7-18-2008 11:06:32 PM LastSync : Hits:80 UseCount : 0 Hits : 80 Tracking Cookie Object Recognized! Type : IECache Entry Data : owner@adtech[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:4 Value : Cookiewner@adtech.de/ Expires : 1-4-2016 8:59:26 PM LastSync : Hits:4 UseCount : 0 Hits : 4 Tracking Cookie Object Recognized! Type : IECache Entry Data : owner@as-us.falkag[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:43 Value : Cookiewner@as-us.falkag.net/ Expires : 2-2-2007 11:30:44 PM LastSync : Hits:43 UseCount : 0 Hits : 43 Tracking Cookie Object Recognized! Type : IECache Entry Data : owner@maxserving[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:7 Value : Cookiewner@maxserving.com/ Expires : 1-4-2016 8:58:50 PM LastSync : Hits:7 UseCount : 0 Hits : 7 Tracking Cookie Object Recognized! Type : IECache Entry Data : owner@real[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:246 Value : Cookiewner@real.com/ Expires : 2-25-2036 9:23:38 AM LastSync : Hits:246 UseCount : 0 Hits : 246 Tracking Cookie Object Recognized! Type : IECache Entry Data : owner@gateway.122.2o7[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:10 Value : Cookiewner@gateway.122.2o7.net/ Expires : 1-5-2011 7:51:26 PM LastSync : Hits:10 UseCount : 0 Hits : 10 Tracking Cookie Object Recognized! Type : IECache Entry Data : owner@katu.adbureau[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:3 Value : Cookiewner@katu.adbureau.net/ Expires : 2-28-2007 8:00:00 PM LastSync : Hits:3 UseCount : 0 Hits : 3 Tracking Cookie Object Recognized! Type : IECache Entry Data : owner@weborama[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:2 Value : Cookiewner@weborama.fr/ Expires : 1-6-2008 9:00:42 PM LastSync : Hits:2 UseCount : 0 Hits : 2 Tracking Cookie Object Recognized! Type : IECache Entry Data : owner@cnn.122.2o7[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:1 Value : Cookiewner@cnn.122.2o7.net/ Expires : 1-18-2011 12:28:48 AM LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : owner@adopt.euroclick[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:106 Value : Cookiewner@adopt.euroclick.com/ Expires : 12-7-2016 6:41:56 PM LastSync : Hits:106 UseCount : 0 Hits : 106 Tracking Cookie Object Recognized! Type : IECache Entry Data : owner@trafficmp[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:21 Value : Cookiewner@trafficmp.com/ Expires : 1-6-2007 8:57:48 PM LastSync : Hits:21 UseCount : 0 Hits : 21 Tracking Cookie Object Recognized! Type : IECache Entry Data : owner@toteme[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:8 Value : Cookiewner@toteme.com/ Expires : 12-28-2006 3:11:28 PM LastSync : Hits:8 UseCount : 0 Hits : 8 Tracking Cookie Object Recognized! Type : IECache Entry Data : owner@www.ppctracking[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:4 Value : Cookiewner@www.ppctracking.net/ Expires : 8-29-2036 5:58:12 PM LastSync : Hits:4 UseCount : 0 Hits : 4 Tracking Cookie Object Recognized! Type : IECache Entry Data : owner@live365[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:19 Value : Cookiewner@live365.com/ Expires : 1-14-2011 5:21:46 PM LastSync : Hits:19 UseCount : 0 Hits : 19 Tracking Cookie Object Recognized! Type : IECache Entry Data : owner@perf.overture[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:8 Value : Cookiewner@perf.overture.com/ Expires : 2-6-2010 2:02:14 AM LastSync : Hits:8 UseCount : 0 Hits : 8 Tracking Cookie Object Recognized! Type : IECache Entry Data : owner@adserver.pollstar[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:1 Value : Cookiewner@adserver.pollstar.com/ Expires : 7-24-2006 11:23:04 AM LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : owner@date[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:5 Value : Cookiewner@date.ca/ Expires : 10-11-2007 11:31:40 PM LastSync : Hits:5 UseCount : 0 Hits : 5 Tracking Cookie Object Recognized! Type : IECache Entry Data : owner@revsci[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:8 Value : Cookiewner@revsci.net/ Expires : 12-30-2037 11:00:00 PM LastSync : Hits:8 UseCount : 0 Hits : 8 Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 34 Objects found so far: 53 Deep scanning and examining files... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 53 Disk Scan Result for C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 53 Disk Scan Result for C:\DOCUME~1\Owner\LOCALS~1\Temp\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 53 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 1 entries scanned. New critical objects:0 Objects found so far: 53 MRU List Object Recognized! Location: : C:\Documents and Settings\Owner\Application Data\microsoft\office\recent Description : list of recently opened documents using microsoft office MRU List Object Recognized! Location: : C:\Documents and Settings\Owner\recent Description : list of recently opened documents MRU List Object Recognized! Location: : S-1-5-21-1754373419-3450894586-818449183-1006\software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : S-1-5-21-1754373419-3450894586-818449183-1006\software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : software\microsoft\directdraw\mostrecentapplication Description : most recent application to use microsoft directdraw MRU List Object Recognized! Location: : S-1-5-21-1754373419-3450894586-818449183-1006\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-21-1754373419-3450894586-818449183-1006\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-21-1754373419-3450894586-818449183-1006\software\microsoft\internet explorer Description : last download directory used in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-1754373419-3450894586-818449183-1006\software\microsoft\internet explorer\typedurls Description : list of recently entered addresses in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-1754373419-3450894586-818449183-1006\software\microsoft\mediaplayer\medialibraryui Description : last selected node in the microsoft windows media player media library MRU List Object Recognized! Location: : S-1-5-21-1754373419-3450894586-818449183-1006\software\microsoft\mediaplayer\player\recentfilelist Description : list of recently used files in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-1754373419-3450894586-818449183-1006\software\microsoft\mediaplayer\player\settings Description : last save as directory used in jasc paint shop pro MRU List Object Recognized! Location: : S-1-5-21-1754373419-3450894586-818449183-1006\software\microsoft\mediaplayer\player\settings Description : last open directory used in jasc paint shop pro MRU List Object Recognized! Location: : S-1-5-21-1754373419-3450894586-818449183-1006\software\microsoft\mediaplayer\preferences Description : last playlist index loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-1754373419-3450894586-818449183-1006\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-1754373419-3450894586-818449183-1006\software\microsoft\mediaplayer\preferences Description : last search path used in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-1754373419-3450894586-818449183-1006\software\microsoft\microsoft management console\recent file list Description : list of recent snap-ins used in the microsoft management console MRU List Object Recognized! Location: : S-1-5-21-1754373419-3450894586-818449183-1006\software\microsoft\office\11.0\powerpoint\recent file list Description : list of recent files used by microsoft powerpoint MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\search assistant\acmru Description : list of recent search terms used with the search assistant MRU List Object Recognized! Location: : S-1-5-18\software\microsoft\search assistant\acmru Description : list of recent search terms used with the search assistant MRU List Object Recognized! Location: : S-1-5-21-1754373419-3450894586-818449183-1006\software\microsoft\search assistant\acmru Description : list of recent search terms used with the search assistant MRU List Object Recognized! Location: : S-1-5-21-1754373419-3450894586-818449183-1006\software\microsoft\windows\currentversion\applets\paint\recent file list Description : list of files recently opened using microsoft paint MRU List Object Recognized! Location: : S-1-5-21-1754373419-3450894586-818449183-1006\software\microsoft\windows\currentversion\applets\wordpad\recent file list Description : list of recent files opened using wordpad MRU List Object Recognized! Location: : S-1-5-21-1754373419-3450894586-818449183-1006\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru Description : list of recent programs opened MRU List Object Recognized! Location: : S-1-5-21-1754373419-3450894586-818449183-1006\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru Description : list of recently saved files, stored according to file extension MRU List Object Recognized! Location: : S-1-5-21-1754373419-3450894586-818449183-1006\software\microsoft\windows\currentversion\explorer\recentdocs Description : list of recent documents opened MRU List Object Recognized! Location: : S-1-5-21-1754373419-3450894586-818449183-1006\software\realnetworks\realplayer\6.0\preferences Description : list of recent skins in realplayer MRU List Object Recognized! Location: : S-1-5-21-1754373419-3450894586-818449183-1006\software\realnetworks\realplayer\6.0\preferences Description : list of recent clips in realplayer MRU List Object Recognized! Location: : S-1-5-21-1754373419-3450894586-818449183-1006\software\realnetworks\realplayer\6.0\preferences Description : last login time in realplayer MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-21-1754373419-3450894586-818449183-1006\software\microsoft\windows media\wmsdk\general Description : windows media sdk Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Zango Object Recognized! Type : Regkey Data : TAC Rating : 4 Category : Adware Comment : Rootkey : HKEY_CLASSES_ROOT Object : lmgr180.wmdrmax Zango Object Recognized! Type : Regkey Data : TAC Rating : 4 Category : Adware Comment : Rootkey : HKEY_CLASSES_ROOT Object : lmgr180.wmdrmax.1 Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 2 Objects found so far: 89 5:46:27 PM Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:01:27.219 Objects scanned:100335 Objects identified:55 Objects ignored:0 New critical objects:55 HjT Log Logfile of HijackThis v1.99.1 Scan saved at 7:23:08 PM, on 1/25/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Comodo\Firewall\cmdagent.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Digital Media Reader\shwiconem.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\zHotkey.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\hphmon05.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Comodo\Firewall\CPF.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\BigFix\BigFix.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\HPZipm12.exe C:\HjT\HijackThis_v1.99.1.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.piczo.com/?cr=3&rfm=y O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [CHotkey] zHotkey.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [Workflow] E:\Install\Workflow.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [WinAntiSpyware 2006] "c:\program files\winantispyware 2006 scanner\was6.exe" /min O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [NewsUpd] C:\Program Files\Creative\News\NewsUpd.EXE /q O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\Owner\Local Settings\Temp\{3D4DD508-2430-44AC-85F1-6F5B3235C0DA}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://sarahl64.spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/uploader/ssiPictureUploader.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by102fd.bay102.hotmail.msn.com/activex/HMAtchmt.ocx O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: eupeptic - {8670ee50-01f9-47da-ac1e-cf8549e9e521} - C:\WINDOWS\system32\axlet.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS Whoops, forgot to get the log for Spybot but I corrected what it recommended.
Yeah, Antivermins is one of them. I deleted it with Adware but it keeps coming back. Plus, I keep getting Windows messages about the computer having "virus activities".
Run your computer in Safe Mode (F8 when you are booting up) Run SmitFraudFix.cmd Select #2 and hit Enter Enter Y to clean the registry Reboot your computer to normal mode. Is it any better?
Hmm, Safe Mode doesn't seem to be working. I am able to select it, and then it brings up another screen with one option - to run Windows Media Center XP. After I hit enter, it brings up a screen with a list of files but won't go any farther. (This is frustrating!) I also tried to run Safe Mode with Command Prompt but it does the same thing.