Post by: Aaron40002 on March 29, 2007, 11:46:10 AM
Logfile of HijackThis v1.99.1
Scan saved at 11:23:00 AM, on 3/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\USBDeviceService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\hgt\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html (http://\"http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com (http://\"http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ (http://\"http://www.yahoo.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com (http://\"http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html (http://\"http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com (http://\"http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com\")
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com (http://\"http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com\")
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop\")
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\nfytthhh.dll",setvm
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZJxdm090LEUS (http://\"http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJxdm090LEUS\")
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab\")
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab\")
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab (http://\"http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15.cab\")
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab\")
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab (http://\"http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab\")
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab\")
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popc...aploader_v6.cab (http://\"http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v6.cab\")
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\USBDeviceService.exe
Post by: guestolo on March 29, 2007, 11:49:15 AM
supply an uninstall list from Hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents
AFTER you post that list
Can you also do the following
Navigate to Hijackthis.exe located here
C:\hgt\HijackThis.exe
RIGHT CLICK on HijackThis.exe and rename it to
Aaron.exe
Run a fresh scan and save logfile with Aaron.exe and post a fresh log please
Post by: Aaron40002 on March 29, 2007, 12:05:16 PM
Post by: guestolo on March 29, 2007, 12:15:00 PM
Also
Download and unzip to your desktop InstalledPrograms.zip (http://\"http://www.billsway.com/vbspage/vbsfiles/InstalledPrograms.zip\")
Double click on InstalledPrograms.vbs
Click OK at the IP prompt and click YES to view the results now
A text file will open, can you copy and paste back here the whole contents
ALLOW this script to run if prompted by your AntiVirus
Post by: Aaron40002 on March 29, 2007, 12:33:39 PM
Logfile of HijackThis v1.99.1
Scan saved at 12:27:46 PM, on 3/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\USBDeviceService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\hgt\Aaron.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html (http://\"http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com (http://\"http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ (http://\"http://www.yahoo.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com (http://\"http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html (http://\"http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com (http://\"http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com\")
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com (http://\"http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com\")
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop\")
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {035867B5-5F41-45B1-950F-0850FCE3E20B} - C:\WINDOWS\system32\awvtt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - C:\WINDOWS\system32\qvgeyagq.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\nfytthhh.dll",setvm
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZJxdm090LEUS (http://\"http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJxdm090LEUS\")
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab\")
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab\")
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab (http://\"http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15.cab\")
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab\")
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab (http://\"http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab\")
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab\")
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popc...aploader_v6.cab (http://\"http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v6.cab\")
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: awvtt - C:\WINDOWS\system32\awvtt.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: ssqrrrr - C:\WINDOWS\SYSTEM32\ssqrrrr.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: xxyvutq - C:\WINDOWS\SYSTEM32\xxyvutq.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\USBDeviceService.exe
and heres the other one
INSTALLED SOFTWARE (267) - TAMARARLEVIEN - 3/29/2007 12:30:47 PM
2570 Ver: 50.0.214.000 Installed: 7/15/2006
2570_Help Ver: 50.0.214.000 Installed: 7/15/2006
2570Trb Ver: 50.0.214.000 Installed: 7/15/2006
Ad-Aware SE Personal Ver: 1.0.6 Installed: 3/23/2007
Adobe Bridge 1.0 Ver: 001.000.004 Installed: 8/23/2006
Adobe Common File Installer Ver: 1.00.0000 Installed: 8/23/2006
Adobe Flash Player 9 ActiveX Ver: 9
Adobe Help Center 1.0 Ver: 001.000.000 Installed: 8/23/2006
Adobe Photoshop CS2 Ver: 9.0
Adobe Photoshop CS2 Ver: 9.0 Installed: 8/23/2006
Adobe Reader 8 Ver: 8.0.0 Installed: 1/22/2007
Adobe Stock Photos 1.0 Ver: 1.0.7 Installed: 8/23/2006
AiO_Scan_CDA Ver: 50.0.214.000 Installed: 7/15/2006
AiOSoftwareNPI Ver: 50.0.214.000 Installed: 7/15/2006
Audible Download Manager Ver: 5.0.0.32
AudibleManager Ver: 2089884134.2089884196.2090320000.2089884154
Avanquest update Ver: 1.09 Installed: 3/11/2007
Best Buy Rhapsody
BitLord 1.1 Ver: 1.1
BufferChm Ver: 60.0.155.000 Installed: 12/28/2005
C++ AIO For Dummies
ccCommon Ver: 104.0.1.17 Installed: 8/3/2006
Comcast Rhapsody
Conexant HD Audio
CP_AtenaShokunin1Config Ver: 60.0.155.000 Installed: 12/28/2005
CP_CalendarTemplates1 Ver: 60.0.155.000 Installed: 12/28/2005
cp_LightScribeConfig Ver: 60.0.155.000 Installed: 12/28/2005
cp_OnlineProjectsConfig Ver: 60.0.155.000 Installed: 12/28/2005
CP_Package_Basic1 Ver: 60.0.155.000 Installed: 12/28/2005
CP_Package_Variety1 Ver: 60.0.155.000 Installed: 12/28/2005
CP_Package_Variety2 Ver: 60.0.155.000 Installed: 12/28/2005
CP_Package_Variety3 Ver: 60.0.155.000 Installed: 12/28/2005
CP_Panorama1Config Ver: 60.0.155.000 Installed: 12/28/2005
cp_PosterPrintConfig Ver: 60.0.155.000 Installed: 12/28/2005
cp_UpdateProjectsConfig Ver: 60.0.155.000 Installed: 12/28/2005
CueTour Ver: 60.0.155.000 Installed: 12/28/2005
Customer Experience Enhancement Ver: Customer Experience Enhancement -1.0.0.1680 Installed: 12/28/2005
Customer Experience Enhancement Ver: Customer Experience Enhancement -1.0.0.1680 Installed: 12/28/2005
Destinations Ver: 60.0.155.000 Installed: 12/28/2005
DeviceFunctionQFolder Ver: 1.00.0000 Installed: 7/15/2006
DocProc Ver: 5.2.0.0 Installed: 7/15/2006
DocumentViewer Ver: 53.0.13.000 Installed: 7/15/2006
DocumentViewerQFolder Ver: 1.00.0000 Installed: 7/15/2006
eSupportQFolder Ver: 1.00.0000 Installed: 7/15/2006
Fax_CDA Ver: 50.0.214.000 Installed: 7/15/2006
Google Earth Ver: 3.0.0762 Installed: 7/15/2006
HDAUDIO Soft Data Fax Modem with SmartCP
HijackThis 1.99.1 Ver: 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399) Installed: 3/14/2007
Hotfix for Windows XP (KB896256) Ver: 3 Installed: 12/28/2005
Hotfix for Windows XP (KB914440) Ver: 12 Installed: 12/16/2006
Hotfix for Windows XP (KB915865) Ver: 10 Installed: 12/16/2006
Hotfix for Windows XP (KB926239) Ver: 2 Installed: 12/23/2006
HP Document Viewer 5.3 Ver: 5.3
HP Help and Support Ver: 4.2.0006 Installed: 12/28/2005
HP Imaging Device Functions 6.0 Ver: 6.0
HP Photosmart Premier Software 6.0 Ver: 6.0
HP PSC & OfficeJet 5.3.A
HP QuickPlay 2.0
HP Software Update Ver: 3.0.7.006 Installed: 12/28/2005
HP Solution Center & Imaging Support Tools 5.3 Ver: 5.3
HP User Guides 0009 Ver: 1.07.0001 Installed: 12/28/2005
HP User Guides--System Recovery Ver: 1.00.0001 Installed: 12/28/2005
HP Wireless Assistant 2.00 B3 Ver: 2.00 B3
HPProductAssistant Ver: 53.0.13.000 Installed: 7/15/2006
HpSdpAppCoreApp Ver: 3.00.0000 Installed: 12/28/2005
InstantShareDevices Ver: 60.0.155.000 Installed: 12/28/2005
Intel® Graphics Media Accelerator Driver Ver: 6.14.10.4421
Intel® PRO Network Connections Drivers
Internet Worm Protection Ver: 12.0.0 Installed: 8/3/2006
J2SE Runtime Environment 5.0 Update 10 Ver: 1.5.0.100 Installed: 1/17/2007
J2SE Runtime Environment 5.0 Update 6 Ver: 1.5.0.60 Installed: 12/28/2005
LightScribe 1.4.52.1 Ver: 1.4.52.1 Installed: 12/28/2005
LimeWire 4.12.11 Ver: 4.12.11
LiveUpdate 3.0 (Symantec Corporation) Ver: 3.0.0.171
Magic ISO Maker v5.3 (build 0229)
MagicDisc 2.5.74
Microsoft .NET Framework 1.1 Ver: 1.1.4322 Installed: 12/28/2005
Microsoft Compression Client Pack 1.0 for Windows XP Ver: 1 Installed: 12/23/2006
Microsoft Internationalized Domain Names Mitigation APIs Installed: 12/16/2006
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Installed: 3/14/2007
Microsoft Money 2006 Ver: 15
Microsoft National Language Support Downlevel APIs Installed: 12/16/2006
Microsoft Office Publisher 2003 Ver: 11.0.5614.0 Installed: 6/11/2006
Microsoft Office Standard Edition 2003 Ver: 11.0.5614.0 Installed: 6/11/2006
Microsoft User-Mode Driver Framework Feature Pack 1.0 Installed: 12/23/2006
Microsoft Works Ver: 08.04.0623 Installed: 12/28/2005
MID Converter 4.2 Ver: 4.2
mIRC Ver: 6.21
Motorola Driver Installation Ver: 2.6.2 Installed: 3/13/2007
Motorola Phone Tools Ver: 4.0.3b 11-5-2005 Installed: 3/11/2007
Motorola PST Ver: PST 7.2.3 General
Motorola Service Software version 3.5.8 Full Edition Prerelease
MSXML 4.0 SP2 (KB927978) Ver: 4.20.9841.0 Installed: 11/15/2006
muvee autoProducer 4.5 Ver: 4.50.050
My Web Search (Zwinky)
Myst IV - Revelation Ver: 1
NAVShortcut Ver: 11.5.0 Installed: 8/3/2006
Nero 6 Demo
NewCopy_CDA Ver: 50.0.214.000 Installed: 7/15/2006
Norton AntiVirus 2006 Ver: 12.0.0.94 Installed: 8/3/2006
Norton AntiVirus 2006 (Symantec Corporation) Ver: 12.0.0.94
Norton AntiVirus Help Ver: 11.00.00 Installed: 8/3/2006
Norton AntiVirus Parent MSI Ver: 11.5.0 Installed: 8/3/2006
Norton AntiVirus SYMLT MSI Ver: 12.0.0 Installed: 8/3/2006
Norton Protection Center Ver: 1.0.107 Installed: 8/3/2006
Norton WMI Update Ver: 2005.1.2.20 Installed: 8/3/2006
Office 2003 Trial Assistant Ver: 1.0.0 Installed: 12/28/2005
OptionalContentQFolder Ver: 1.00.0000 Installed: 12/28/2005
PanoStandAlone Ver: 53.0.13.000 Installed: 7/15/2006
PhotoGallery Ver: 60.0.155.000 Installed: 12/28/2005
ProductContextNPI Ver: 50.0.214.000 Installed: 7/15/2006
Quick Launch Buttons 5.20 F2 Ver: 5.20 F2
QuickTime Ver: 7.1 Installed: 8/3/2006
QuickTime Ver: 7.1 Installed: 8/3/2006
R4 Controller Ver: 1.5
RandMap Ver: 60.0.155.000 Installed: 12/28/2005
Readme Ver: 50.0.214.000 Installed: 7/15/2006
Rhapsody Player Engine Ver: 1.0.604 Installed: 2/24/2007
Scan Ver: 5.2.0.0 Installed: 7/15/2006
ScannerCopy Ver: 5.2.0.0 Installed: 7/15/2006
Security Update for Step By Step Interactive Training (KB898458) Ver: 20050502.101010 Installed: 6/12/2006
Security Update for Step By Step Interactive Training (KB923723) Ver: 20050502.101010 Installed: 2/17/2007
Security Update for Windows Internet Explorer 7 (KB928090) Ver: 20070117.120000 Installed: 2/17/2007
Security Update for Windows Internet Explorer 7 (KB929969) Ver: 20061222.120000 Installed: 1/10/2007
Security Update for Windows Media Player (KB911564) Installed: 6/12/2006
Security Update for Windows Media Player 10 (KB911565) Installed: 6/12/2006
Security Update for Windows Media Player 10 (KB917734) Installed: 6/16/2006
Security Update for Windows Media Player 6.4 (KB925398) Installed: 12/17/2006
Security Update for Windows XP (KB890046) Ver: 1 Installed: 6/12/2006
Security Update for Windows XP (KB893066) Ver: 2 Installed: 12/28/2005
Security Update for Windows XP (KB893756) Ver: 1 Installed: 6/12/2006
Security Update for Windows XP (KB896358) Ver: 1 Installed: 12/28/2005
Security Update for Windows XP (KB896422) Ver: 1 Installed: 12/28/2005
Security Update for Windows XP (KB896423) Ver: 1 Installed: 12/28/2005
Security Update for Windows XP (KB896424) Ver: 1 Installed: 6/12/2006
Security Update for Windows XP (KB896428) Ver: 1 Installed: 6/12/2006
Security Update for Windows XP (KB899587) Ver: 1 Installed: 6/12/2006
Security Update for Windows XP (KB899591) Ver: 1 Installed: 6/12/2006
Security Update for Windows XP (KB900725) Ver: 1 Installed: 6/12/2006
Security Update for Windows XP (KB901017) Ver: 1 Installed: 6/12/2006
Security Update for Windows XP (KB901190) Ver: 1 Installed: 2/26/2007
Security Update for Windows XP (KB901214) Ver: 1 Installed: 12/28/2005
Security Update for Windows XP (KB902400) Ver: 1 Installed: 6/12/2006
Security Update for Windows XP (KB903235) Ver: 1 Installed: 12/28/2005
Security Update for Windows XP (KB904706) Ver: 2 Installed: 6/12/2006
Security Update for Windows XP (KB905414) Ver: 1 Installed: 6/12/2006
Security Update for Windows XP (KB905749) Ver: 1 Installed: 6/12/2006
Security Update for Windows XP (KB908519) Ver: 1 Installed: 6/12/2006
Security Update for Windows XP (KB911280) Ver: 1 Installed: 6/16/2006
Security Update for Windows XP (KB911562) Ver: 1 Installed: 6/12/2006
Security Update for Windows XP (KB911567) Ver: 1 Installed: 6/12/2006
Security Update for Windows XP (KB911927) Ver: 1 Installed: 6/12/2006
Security Update for Windows XP (KB912812) Ver: 1 Installed: 6/12/2006
Security Update for Windows XP (KB912919) Ver: 1 Installed: 6/12/2006
Security Update for Windows XP (KB913446) Ver: 1 Installed: 6/12/2006
Security Update for Windows XP (KB913580) Ver: 1 Installed: 6/12/2006
Security Update for Windows XP (KB914388) Ver: 1 Installed: 7/12/2006
Security Update for Windows XP (KB914389) Ver: 1 Installed: 6/16/2006
Security Update for Windows XP (KB916281) Ver: 1 Installed: 6/16/2006
Security Update for Windows XP (KB917159) Ver: 1 Installed: 7/12/2006
Security Update for Windows XP (KB917344) Ver: 1 Installed: 6/16/2006
Security Update for Windows XP (KB917422) Ver: 1 Installed: 8/14/2006
Security Update for Windows XP (KB917953) Ver: 1 Installed: 6/16/2006
Security Update for Windows XP (KB918118) Ver: 1 Installed: 2/17/2007
Security Update for Windows XP (KB918439) Ver: 1 Installed: 6/16/2006
Security Update for Windows XP (KB918899) Ver: 1 Installed: 8/14/2006
Security Update for Windows XP (KB919007) Ver: 1 Installed: 1/14/2006
Security Update for Windows XP (KB920213) Ver: 1 Installed: 12/16/2006
Security Update for Windows XP (KB920214) Ver: 1 Installed: 8/14/2006
Security Update for Windows XP (KB920670) Ver: 1 Installed: 8/14/2006
Security Update for Windows XP (KB920683) Ver: 1 Installed: 8/14/2006
Security Update for Windows XP (KB920685) Ver: 1 Installed: 1/14/2006
Security Update for Windows XP (KB921398) Ver: 1 Installed: 8/14/2006
Security Update for Windows XP (KB921883) Ver: 1 Installed: 8/10/2006
Security Update for Windows XP (KB922616) Ver: 1 Installed: 8/14/2006
Security Update for Windows XP (KB922760) Ver: 1 Installed: 11/16/2006
Security Update for Windows XP (KB922819) Ver: 1 Installed: 10/12/2006
Security Update for Windows XP (KB923191) Ver: 1 Installed: 10/12/2006
Security Update for Windows XP (KB923414) Ver: 1 Installed: 10/12/2006
Security Update for Windows XP (KB923689) Installed: 12/17/2006
Security Update for Windows XP (KB923694) Ver: 1 Installed: 12/17/2006
Security Update for Windows XP (KB923980) Ver: 1 Installed: 11/16/2006
Security Update for Windows XP (KB924191) Ver: 1 Installed: 10/12/2006
Security Update for Windows XP (KB924270) Ver: 1 Installed: 11/16/2006
Security Update for Windows XP (KB924496) Ver: 1 Installed: 10/12/2006
Security Update for Windows XP (KB924667) Ver: 1 Installed: 2/17/2007
Security Update for Windows XP (KB925486) Ver: 1 Installed: 9/27/2006
Security Update for Windows XP (KB926255) Ver: 1 Installed: 12/17/2006
Security Update for Windows XP (KB926436) Ver: 1 Installed: 2/17/2007
Security Update for Windows XP (KB927779) Ver: 1 Installed: 2/17/2007
Security Update for Windows XP (KB927802) Ver: 1 Installed: 2/17/2007
Security Update for Windows XP (KB928255) Ver: 1 Installed: 2/17/2007
Security Update for Windows XP (KB928843) Ver: 1 Installed: 2/17/2007
SkinsHP1 Ver: 60.0.155.000 Installed: 12/28/2005
SmartAudio Ver: 1.3.5 Installed: 12/28/2005
SolutionCenter Ver: 50.0.152.000 Installed: 7/15/2006
Sonic Audio Module Ver: 2.0.4 Installed: 12/28/2005
Sonic Copy Module Ver: 2.0.4 Installed: 12/28/2005
Sonic Data Module Ver: 2.0.4 Installed: 12/28/2005
Sonic Express Labeler Ver: 2.0.0 Installed: 12/28/2005
Sonic MyDVD Plus Ver: 6.2.0 Installed: 12/28/2005
Sonic Update Manager Ver: 3.0.0 Installed: 12/28/2005
Sonic_PrimoSDK Ver: 60.0.155.000 Installed: 12/28/2005
SPBBC Ver: 2.0.0.73 Installed: 8/3/2006
Status Ver: 53.0.13.000 Installed: 7/15/2006
Symantec Ver: 11.5.0 Installed: 8/3/2006
SymNet Ver: 6.0.4.402 Installed: 1/20/2006
Synaptics Pointing Device Driver Ver: 8.2.4.0
TourSetup Ver: 1.0.0 Installed: 12/28/2005
TrayApp Ver: 53.0.13.000 Installed: 7/15/2006
TurboTax ItsDeductible 2006 Ver: 10.00.0000 Installed: 1/26/2007
Unload Ver: 6.0.0 Installed: 12/28/2005
Update for Windows XP (KB894391) Ver: 1 Installed: 12/28/2005
Update for Windows XP (KB896727) Ver: 1 Installed: 12/28/2005
Update for Windows XP (KB898461) Ver: 1 Installed: 6/11/2006
Update for Windows XP (KB900485) Ver: 2 Installed: 6/12/2006
Update for Windows XP (KB904942) Ver: 2 Installed: 12/16/2006
Update for Windows XP (KB908531) Ver: 2 Installed: 6/12/2006
Update for Windows XP (KB910437) Ver: 1 Installed: 6/12/2006
Update for Windows XP (KB916595) Ver: 1 Installed: 7/12/2006
Update for Windows XP (KB920872) Ver: 1 Installed: 1/14/2006
Update for Windows XP (KB922582) Ver: 1 Installed: 1/14/2006
Update for Windows XP (KB929338) Ver: 1 Installed: 3/14/2007
Update for Windows XP (KB931836) Ver: 1 Installed: 2/17/2007
URGE Ver: 1.1.8115.0 Installed: 12/23/2006
Ventrilo Client Ver: 2.3.0 Installed: 1/20/2007
WebFldrs XP Ver: 9.50.7523 Installed: 8/7/2004
WebReg Ver: 53.0.13.000 Installed: 7/15/2006
WIBU-KEY Setup (WIBU-KEY Remove) Ver: Version 3.10a of 2001-Nov-28 (Setup) Installed: 3/7/2015
WildTangent Web Driver
Windows Driver Package - MicroVision (Mvc25U870_VID_1262&PID_25FD) Image (11/30/2005 1.0.1.1) Ver: 11/30/2005 1.0.1.1
Windows Genuine Advantage Notifications (KB905474) Ver: 1.5.0540.0 Installed: 1/21/2006
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7 Ver: 20061107.210142 Installed: 12/16/2006
Windows Live Messenger Ver: 8.0.0812.00 Installed: 9/7/2006
Windows Live Sign-in Assistant Ver: 4.000.248.1 Installed: 6/23/2006
Windows Media Format 11 runtime
Windows Media Format 11 runtime Installed: 12/23/2006
Windows Media Player 11
Windows Media Player 11 Installed: 12/23/2006
Windows XP Hotfix - KB873333 Ver: 20050114.005213
Windows XP Hotfix - KB873339 Ver: 20041117.092459
Windows XP Hotfix - KB883667 Ver: 20040812.104354
Windows XP Hotfix - KB884575 Ver: 20040827.145237
Windows XP Hotfix - KB885250 Ver: 20050118.202711
Windows XP Hotfix - KB885464 Ver: 20040927.152742
Windows XP Hotfix - KB885835 Ver: 20041027.181713
Windows XP Hotfix - KB885836 Ver: 20041028.173203
Windows XP Hotfix - KB885855 Ver: 20040930.104104
Windows XP Hotfix - KB885884 Ver: 20040924.025457
Windows XP Hotfix - KB886185 Ver: 20041021.090540
Windows XP Hotfix - KB887472 Ver: 20041014.162858
Windows XP Hotfix - KB887742 Ver: 20041103.095002
Windows XP Hotfix - KB888113 Ver: 20041116.131036
Windows XP Hotfix - KB888239 Ver: 20041124.162528
Windows XP Hotfix - KB888302 Ver: 20041207.111426
Windows XP Hotfix - KB888402 Ver: 20041117.151732
Windows XP Hotfix - KB889673 Ver: 20041116.085848
Windows XP Hotfix - KB890859 Ver: 1 Installed: 6/12/2006
Windows XP Hotfix - KB891781 Ver: 20050110.165439
Windows XP Hotfix - KB892559 Ver: 2 Installed: 12/28/2005
WinRAR archiver
Wireless Home Network Setup Ver: 1.1.19.0 Installed: 12/28/2005
Yahoo! Messenger
Yahoo! Toolbar
Yahoo! Toolbar
Post by: guestolo on March 29, 2007, 12:45:48 PM
[color=\"blue\"]Updating Java:[/color]
- Download the latest version of Java(tm) SE Runtime Environment 6 Update 1 (http://\"http://java.sun.com/javase/downloads/index.jsp\").
- Scroll down to where it says "Java Runtime Environment (JRE) 6u1, The Java SE Runtime Environment (JRE) allows end-users to run Java applications".
- Click the "Download" button to the right.
- Check the box that says: "Accept License Agreement[/i]".
- The page will refresh.
- Click on the link to download Windows Offline Installation, Multi-language and save it to your desktop (12.6 MB).
- Close any programs you may have running - especially any web browsers.
- Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
- Check any item with Java Runtime Environment (JRE or J2SE) in the name.
- Click the Remove or Change/Remove button.
- Repeat as many times as necessary to remove each Java versions.
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 6
Don't install the new version yet
Instead, keep all browser windows closed
Optionally, but I suggest that you also uninstall from Add/remove programs
My Web Search (Zwinky)
WildTangent Web Driver
Afterwards, Download [color=\"blue\"]VundoFix.exe[/color] (http://\"http://www.atribune.org/ccount/click.php?id=4\")
to your desktop.
- Double-click VundoFix.exe to run it.
- Click the Scan for Vundo button.
- Once it's done scanning, click the Remove Vundo button.
- You will receive a prompt asking if you want to remove the files, click YES
- Once you click yes, your desktop will go blank as it starts removing Vundo.
- When completed, it will prompt that it will reboot your computer, click OK.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the Scan for Vundo button."
Go ahead and install the latest version of Java from the installer on desktop
Post back the following please
1. Run Hijackthis.exe again (Aaron.exe) and post a fresh log
2. Post the report from Vundofix>>C:\Vundofix.txt
Post by: Aaron40002 on March 29, 2007, 01:18:32 PM
Logfile of HijackThis v1.99.1
Scan saved at 1:13:32 PM, on 3/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\USBDeviceService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\hgt\Aaron.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html (http://\"http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com (http://\"http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ (http://\"http://www.yahoo.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com (http://\"http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html (http://\"http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com (http://\"http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com\")
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com (http://\"http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com\")
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop\")
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {035867B5-5F41-45B1-950F-0850FCE3E20B} - C:\WINDOWS\system32\awvtt.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - C:\WINDOWS\system32\qvgeyagq.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\nfytthhh.dll",setvm
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab\")
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab\")
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab (http://\"http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15.cab\")
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab\")
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab (http://\"http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab\")
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab\")
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popc...aploader_v6.cab (http://\"http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v6.cab\")
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\USBDeviceService.exe
and the vunvo log
VundoFix V6.3.18
Checking Java version...
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Scan started at 12:55:42 PM 3/29/2007
Listing files found while scanning....
VundoFix V6.3.18
Checking Java version...
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Scan started at 12:58:37 PM 3/29/2007
Listing files found while scanning....
C:\WINDOWS\system32\awvtt.dll
C:\WINDOWS\system32\byxusrr.dll
C:\WINDOWS\system32\hhhttyfn.ini
C:\WINDOWS\system32\hhhttyfn.ini2
C:\WINDOWS\system32\hhhttyfn.tmp
C:\WINDOWS\system32\iifddbc.dll
C:\WINDOWS\system32\khfghhe.dll
C:\WINDOWS\system32\nfytthhh.dll
C:\WINDOWS\system32\qvgeyagq.dll
C:\WINDOWS\system32\ssqrrrr.dll
C:\WINDOWS\system32\ttvwa.bak1
C:\WINDOWS\system32\ttvwa.bak2
C:\WINDOWS\system32\ttvwa.ini
C:\WINDOWS\system32\ttvwa.ini2
C:\WINDOWS\system32\ttvwa.tmp
C:\WINDOWS\system32\xxyvutq.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\awvtt.dll
C:\WINDOWS\system32\awvtt.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\byxusrr.dll
C:\WINDOWS\system32\byxusrr.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\hhhttyfn.ini
C:\WINDOWS\system32\hhhttyfn.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\hhhttyfn.ini2
C:\WINDOWS\system32\hhhttyfn.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\hhhttyfn.tmp
C:\WINDOWS\system32\hhhttyfn.tmp Has been deleted!
Attempting to delete C:\WINDOWS\system32\iifddbc.dll
C:\WINDOWS\system32\iifddbc.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\khfghhe.dll
C:\WINDOWS\system32\khfghhe.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\nfytthhh.dll
C:\WINDOWS\system32\nfytthhh.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\qvgeyagq.dll
C:\WINDOWS\system32\qvgeyagq.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ssqrrrr.dll
C:\WINDOWS\system32\ssqrrrr.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ttvwa.bak1
C:\WINDOWS\system32\ttvwa.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\ttvwa.bak2
C:\WINDOWS\system32\ttvwa.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\ttvwa.ini
C:\WINDOWS\system32\ttvwa.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\ttvwa.ini2
C:\WINDOWS\system32\ttvwa.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\ttvwa.tmp
C:\WINDOWS\system32\ttvwa.tmp Has been deleted!
Attempting to delete C:\WINDOWS\system32\xxyvutq.dll
C:\WINDOWS\system32\xxyvutq.dll Could not be deleted.
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\iifddbc.dll
C:\WINDOWS\system32\iifddbc.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\xxyvutq.dll
C:\WINDOWS\system32\xxyvutq.dll Has been deleted!
Performing Repairs to the registry.
Done!
and thx for the fast repsones very helpful
Post by: guestolo on March 29, 2007, 01:49:56 PM
Do so now please
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 6
Do a "System scan only" with Hijackthis and put a check next to these entries:
O2 - BHO: (no name) - {035867B5-5F41-45B1-950F-0850FCE3E20B} - C:\WINDOWS\system32\awvtt.dll (file missing)
O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - C:\WINDOWS\system32\qvgeyagq.dll (file missing)
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\nfytthhh.dll",setvm
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab (http://\"http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab\")
Optionally, i would tick the next one too
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
It doesn't need to run on startup, you can manually start it when needed
After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Reboot your computer
Back in Windows
Everything looks good
I would suggest that you may still want to do the following
I see you have Ad-Aware SE Personal installed as a spyware scanner
That's great
Another good tool you may want to add
Download and Install Spybot 1.4 from
HERE (http://\"http://fileforum.betanews.com/detail/Spybot_Search_and_Destroy/1043809773/1\")
Install with default settings
After installation--Click the UPDATE button on the left
SEARCH FOR UPDATES on the right
Check, and then download all updates (or right click and Select All)
Ensure all updates are successful, a GREEN check will indicate this
If you have an error updating, search for updates again and retry the download until all updates are successfully installed
After update is complete
Click the "Search & Destroy" button on the left
"Check for Problems"---When the Scan is complete
FIX all selected promblems in RED
RESTART the computer to finish any cleaning process
Back in Windows
Utilize the Immunization feature to help with protection
Open Spybot>>Click Immunization>>OK>>Immunization at the top Green cross
Another great tool to help prevent malware
Install
SpywareBlaster 3.5.1 by JavaCool (http://\"http://www.javacoolsoftware.com/spywareblaster.html\")
- *Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer
After updating, select "Protection" on the Left
Then select "Enable all Protection"
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"
After doing all the above, if you feel everything is running smooth, I suggest that you also do the following
Go to START>>All Programs>>Accessories>>System Tools>>System Restore
Create a New restore point
Give it a name and click Create
When that's done
Go to START>>RUN>>type the following
cleanmgr
Hit OK
Let if finish calculating
Select the More Options tab
and click Cleanup.. under 'System Restore'
This will clear all later restore points except for the one you just made
Give this time to clear and then click OK
This ensures you have a clean restore point and no chance of reinfecting from an older one
Hope that helps
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />