smitfraud c help, help, cant get rid if it [Archive]

View Full Version : smitfraud c help, help, cant get rid if it

lovinglizard

2007-11-14, 10:37

got smitfraud c and cant get rid of it. having problems downloading files, and internet slow. i barly downloaded Kaspersky Online Scanner but had problems during install.

i rebooted in safe mode ran avg spyware and smitfraud fix as advised for someone else. and this seemed to work until i rebooted into normal mode now smitfraud is back.

please help, iam at the end of my rope and would like to avoid reformating... thanks

her are the reports i have :

SmitFraudFix v2.252

Scan done at 21:35:28.32, Mon 11/13/2006
Run from C:\Documents and Settings\Aaron Cromer\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{75A5378C-A945-4582-B362-53286A58CFA3}: DhcpNameServer=68.105.28.12 68.105.29.12 68.105.28.11
HKLM\SYSTEM\CS1\Services\Tcpip\..\{75A5378C-A945-4582-B362-53286A58CFA3}: DhcpNameServer=68.105.28.12 68.105.29.12 68.105.28.11
HKLM\SYSTEM\CS2\Services\Tcpip\..\{75A5378C-A945-4582-B362-53286A58CFA3}: DhcpNameServer=68.105.28.12 68.105.29.12 68.105.28.11
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.105.28.12 68.105.29.12 68.105.28.11
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=68.105.28.12 68.105.29.12 68.105.28.11
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=68.105.28.12 68.105.29.12 68.105.28.11

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:42:39 PM 11/13/2006

+ Scan result:

C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP339\A0085177.exe -> Adware.Agent : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WR -> Adware.Generic : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP337\A0078083.exe -> Downloader.Agent.emo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP337\A0080086.exe -> Downloader.Agent.emo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP339\A0084135.exe -> Downloader.Agent.emo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP339\A0085137.exe -> Downloader.Agent.emo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP342\A0086756.exe -> Downloader.Agent.emo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP342\A0086757.exe -> Downloader.Agent.emo : Cleaned with backup (quarantined).
C:\WINDOWS\system32\Mz18r\Mz18r2328.exe -> Downloader.VB.bkw : Cleaned with backup (quarantined).
C:\Program Files\music_now\inetchk.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\Program Files\DIGStream\digstream.exe -> Not-A-Virus.Downloader.Win32.DigStream : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP340\A0086577.sys -> Rootkit.Agent.eq : Cleaned with backup (quarantined).
:mozilla.75:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.76:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.77:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.618:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Adengage : Cleaned.
:mozilla.619:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Adengage : Cleaned.
:mozilla.617:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.181:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.182:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.183:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.184:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.208:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.209:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.210:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.211:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.212:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.213:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.214:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.215:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.216:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.217:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.218:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.219:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.220:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.221:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.222:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.252:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Fortunecity : Cleaned.
:mozilla.253:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Fortunecity : Cleaned.
:mozilla.729:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.730:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.731:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.732:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.733:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.734:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.735:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.736:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.737:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.738:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.739:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.740:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.741:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.742:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.298:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.299:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.677:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.678:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.679:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.653:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.7:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.8:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.456:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.457:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.458:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.459:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.460:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.461:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.462:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.463:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.28:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.29:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.30:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.31:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.32:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.33:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.34:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.35:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.36:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.37:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.38:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.277:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.278:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.687:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.530:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.531:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.532:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.533:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.627:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.628:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.656:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.612:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.613:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.614:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.615:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.616:C:\Documents and Settings\Aaron Cromer\Application Data\Mozilla\Firefox\Profiles\9hvo65ry.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

::Report end

lovinglizard

2007-11-14, 16:25

i got the kaspersky report but its very long it would be 26 post do you want me to do that?

1. The text that you have entered is too long (519285 characters). Please shorten it to 20000 characters long.

lovinglizard

2007-11-14, 16:27

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:24:22 PM, on 11/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\Fonts\svchost.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\LClock\lclock.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\gfhufjrn.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\ieiofjcv.dll
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [VisualTooltip] C:\Program Files\visual-tooltip-crystalxp.net-en-197\VisualToolTip.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [090e30c6] rundll32.exe "C:\WINDOWS\system32\rbyswuds.dll",b
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [UberIcon] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1164435924656
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (file missing)
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\gfhufjrn.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 10308 bytes