|
Answer» Screensaver shows bugs eatign a retarded jpg file that the desktop pic was change into saying I (friends pc) had spyware. Which ironically is true lol..
KK here is HJT Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:22:51 AM, on 6/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {32341E7E-C319-46DE-91D0-E30BB1A3CABA} - C:\WINDOWS\system32\vtUolMEu.dll (file missing)
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJxdm128MGUS
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Haley\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - PLUGIN for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15-3.cab
O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} (StreamPlug Class) - http://www.streamplug.com/StreamPlug/SP.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} (SupportSoft EXTERNAL Control) - http://connect.comcast.com/dl/Comcast%20Activation%20Controls.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174761884390
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174763175624
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: vtUolMEu - vtUolMEu.dll (file missing)
O20 - Winlogon Notify: __c00845E6 - C:\WINDOWS\system32\__c00845E6.dat
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: PIXMA Extended SURVEY Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 9227 bytes
You are infected.
Prior to posting a HJT log, we ask that you please read and follow all instructions in the pinned topic titled Please read this before requesting malware removal help. Following the steps in the Guide will allow for us to quickly help you with specific fixes for what may remain on your system.
When you have completed those steps post the logs in the Computer Viruses and Spyware forum as outlined in the Please read this thread.
Thanks - CH Staff Currently runnin malwarebytes, Ran SuperAntiSpyware remover and got AVG running passively.Sounds good. Once the logs are posted we will go from there.SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 06/03/2008 at 10:09 AM
Application Version : 4.15.1000
Core Rules Database Version : 3473
Trace Rules Database Version: 1464
Scan type : Quick Scan
Total Scan Time : 00:26:23
Memory items scanned : 495
Memory threats detected : 3
Registry items scanned : 391
Registry threats detected : 185
File items scanned : 19615
File threats detected : 133
Adware.Vundo Variant/Resident
C:\WINDOWS\SYSTEM32\YAYVSJDT.DLL
C:\WINDOWS\SYSTEM32\YAYVSJDT.DLL
Trojan.Vundo-Variant/Small
C:\WINDOWS\SYSTEM32\BAYNWBLM.DLL
C:\WINDOWS\SYSTEM32\BAYNWBLM.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1A62B230-32EF-4483-AB2F-AE70143901CB}
HKCR\CLSID\{1A62B230-32EF-4483-AB2F-AE70143901CB}
HKCR\CLSID\{1A62B230-32EF-4483-AB2F-AE70143901CB}\InprocServer32
HKCR\CLSID\{1A62B230-32EF-4483-AB2F-AE70143901CB}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8799a095-949c-44fc-968a-a7b2ad5f826d}
HKCR\CLSID\{8799A095-949C-44FC-968A-A7B2AD5F826D}
HKCR\CLSID\{8799A095-949C-44FC-968A-A7B2AD5F826D}\InprocServer32
HKCR\CLSID\{8799A095-949C-44FC-968A-A7B2AD5F826D}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\GTYLGKRE.DLL
C:\WINDOWS\SYSTEM32\IIFGGGGE.DLL
C:\WINDOWS\SYSTEM32\OPNMJYPQ.DLL
C:\WINDOWS\SYSTEM32\WUSSAVON.DLL
C:\WINDOWS\SYSTEM32\YAYXYYAA.DLL
Trojan.Downloader-NewJuan/VM
C:\WINDOWS\SYSTEM32\ANINQJMM.DLL
C:\WINDOWS\SYSTEM32\ANINQJMM.DLL
Trojan.Unclassified/SysRest32
[sysrest32.exe] C:\WINDOWS\SYSTEM32\SYSREST32.EXE
C:\WINDOWS\SYSTEM32\SYSREST32.EXE
C:\WINDOWS\Prefetch\SYSREST32.EXE-2FA2622A.pf
Adware.Zango/ShoppingReport
HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}
HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}
HKCR\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}
HKCR\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\Implemented Categories
HKCR\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
HKCR\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\InprocServer32
HKCR\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\InprocServer32#ThreadingModel
HKCR\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\ProgID
HKCR\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\TypeLib
HKCR\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\VersionIndependentProgID
HKCR\ShoppingReport.HbAx
HKCR\ShoppingReport.HbAx\CLSID
HKCR\ShoppingReport.HbAx\CurVer
HKCR\ShoppingReport.HbAx.1
HKCR\ShoppingReport.HbAx.1\CLSID
HKCR\ShoppingReport.HbInfoBand
HKCR\ShoppingReport.HbInfoBand\CLSID
HKCR\ShoppingReport.HbInfoBand\CurVer
HKCR\ShoppingReport.HbInfoBand.1
HKCR\ShoppingReport.HbInfoBand.1\CLSID
HKCR\ShoppingReport.IEButton
HKCR\ShoppingReport.IEButton\CLSID
HKCR\ShoppingReport.IEButton\CurVer
HKCR\ShoppingReport.IEButton.1
HKCR\ShoppingReport.IEButton.1\CLSID
HKCR\ShoppingReport.IEButtonA
HKCR\ShoppingReport.IEButtonA\CLSID
HKCR\ShoppingReport.IEButtonA\CurVer
HKCR\ShoppingReport.IEButtonA.1
HKCR\ShoppingReport.IEButtonA.1\CLSID
HKCR\ShoppingReport.RprtCtrl
HKCR\ShoppingReport.RprtCtrl\CLSID
HKCR\ShoppingReport.RprtCtrl\CurVer
HKCR\ShoppingReport.RprtCtrl.1
HKCR\ShoppingReport.RprtCtrl.1\CLSID
HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}
HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\Control
HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\Implemented Categories
HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\InprocServer32
HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\InprocServer32#ThreadingModel
HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\ProgID
HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\Programmable
HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\ToolboxBitmap32
HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\TypeLib
HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\Version
HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\VersionIndependentProgID
HKCR\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}
HKCR\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}\InprocServer32
HKCR\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}\InprocServer32#ThreadingModel
HKCR\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}\ProgID
HKCR\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}\Programmable
HKCR\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}\TypeLib
HKCR\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}\VersionIndependentProgID
HKCR\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}
HKCR\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}\InprocServer32
HKCR\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}\InprocServer32#ThreadingModel
HKCR\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}\ProgID
HKCR\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}\Programmable
HKCR\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}\TypeLib
HKCR\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}\VersionIndependentProgID
HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}
HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0
HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\0
HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\0\win32
HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\FLAGS
HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\HELPDIR
HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}
HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0
HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\0
HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\0\win32
HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\FLAGS
HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\HELPDIR
HKCR\TypeLib\{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}
HKCR\TypeLib\{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}\1.0
HKCR\TypeLib\{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}\1.0\0
HKCR\TypeLib\{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}\1.0\0\win32
HKCR\TypeLib\{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}\1.0\FLAGS
HKCR\TypeLib\{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}\1.0\HELPDIR
HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}
HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}\ProxyStubClsid
HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}\ProxyStubClsid32
HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}\TypeLib
HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}\TypeLib#Version
HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}
HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\ProxyStubClsid
HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\ProxyStubClsid32
HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\TypeLib
HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\TypeLib#Version
HKCR\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}
HKCR\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}\ProxyStubClsid
HKCR\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}\ProxyStubClsid32
HKCR\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}\TypeLib
HKCR\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}\TypeLib#Version
HKU\S-1-5-21-1645522239-162531612-725345543-1004\Software\ShoppingReport
HKLM\Software\ShoppingReport
HKLM\Software\ShoppingReport#affid
HKLM\Software\ShoppingReport#Version
HKLM\Software\ShoppingReport#ProductName
HKLM\Software\ShoppingReport#requestor
HKLM\Software\ShoppingReport#SG_Not_Set
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport#DisplayIcon
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport#DisplayVersion
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport#URLInfoAbout
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport#Publisher
HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}#Default Visible
HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}#ButtonText
HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}#HotIcon
HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}#Icon
HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}#CLSID
HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}#ClsidExtension
HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}#Default Visible
HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}#ButtonText
HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}#HotIcon
HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}#Icon
HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}#CLSID
HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}#ClsidExtension
C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
C:\Program Files\ShoppingReport\Bin\2.5.0
C:\Program Files\ShoppingReport\Bin
C:\Program Files\ShoppingReport\Uninst.exe
C:\Program Files\ShoppingReport
C:\Documents and Settings\shandaros\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\shandaros\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\shandaros\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\shandaros\Application Data\ShoppingReport\cs\db
C:\Documents and Settings\shandaros\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\shandaros\Application Data\ShoppingReport\cs\dwld
C:\Documents and Settings\shandaros\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\shandaros\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\shandaros\Application Data\ShoppingReport\cs\report
C:\Documents and Settings\shandaros\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
C:\Documents and Settings\shandaros\Application Data\ShoppingReport\cs\res1
C:\Documents and Settings\shandaros\Application Data\ShoppingReport\cs
C:\Documents and Settings\shandaros\Application Data\ShoppingReportAdware.Tracking Cookie
C:\Documents and Settings\shandaros\Cookies\[emailprotected][2].txt
C:\Documents and Settings\shandaros\Cookies\[emailprotected][2].txt
C:\Documents and Settings\shandaros\Cookies\[emailprotected][1].txt
C:\Documents and Settings\shandaros\Cookies\[emailprotected][1].txt
C:\Documents and Settings\shandaros\Cookies\[emailprotected][2].txt
C:\Documents and Settings\shandaros\Cookies\[emailprotected][2].txt
C:\Documents and Settings\shandaros\Cookies\[emailprotected][2].txt
C:\Documents and Settings\shandaros\Cookies\[emailprotected][2].txt
C:\Documents and Settings\shandaros\Cookies\[emailprotected][2].txt
C:\Documents and Settings\shandaros\Cookies\[emailprotected][1].txt
C:\Documents and Settings\shandaros\Cookies\[emailprotected][1].txt
C:\Documents and Settings\shandaros\Cookies\[emailprotected][1].txt
C:\Documents and Settings\shandaros\Cookies\[emailprotected][1].txt
C:\Documents and Settings\shandaros\Cookies\[emailprotected][1].txt
C:\Documents and Settings\shandaros\Cookies\[emailprotected][1].txt
C:\Documents and Settings\shandaros\Cookies\[emailprotected][1].txt
C:\Documents and Settings\shandaros\Cookies\[emailprotected][2].txt
C:\Documents and Settings\shandaros\Cookies\[emailprotected][1].txt
C:\Documents and Settings\shandaros\Cookies\[emailprotected][1].txt
C:\Documents and Settings\shandaros\Cookies\[emailprotected][2].txt
C:\Documents and Settings\shandaros\Cookies\[emailprotected][1].txt
C:\Documents and Settings\shandaros\Cookies\[emailprotected][1].txt
C:\Documents and Settings\shandaros\Cookies\[emailprotected][1].txt
C:\Documents and Settings\shandaros\Cookies\[emailprotected][1].txt
C:\Documents and Settings\shandaros\Cookies\[emailprotected][2].txt
C:\Documents and Settings\shandaros\Cookies\[emailprotected][1].txt
C:\Documents and Settings\shandaros\Cookies\[emailprotected][2].txt
C:\Documents and Settings\shandaros\Cookies\[emailprotected][1].txt
C:\Documents and Settings\shandaros\Cookies\[emailprotected][2].txt
C:\Documents and Settings\shandaros\Cookies\[emailprotected][2].txt
C:\Documents and Settings\shandaros\Cookies\[emailprotected][2].txt
C:\Documents and Settings\shandaros\Cookies\[emailprotected][2].txt
C:\Documents and Settings\shandaros\Cookies\[emailprotected][1].txt
C:\Documents and Settings\shandaros\Cookies\[emailprotected][2].txt
C:\Documents and Settings\shandaros\Cookies\[emailprotected][1].txt
C:\Documents and Settings\shandaros\Cookies\[emailprotected][1].txt
C:\Documents and Settings\shandaros\Cookies\[emailprotected][1].txt
C:\Documents and Settings\shandaros\Cookies\[emailprotected][2].txt
C:\Documents and Settings\shandaros\Cookies\[emailprotected][2].txt
C:\Documents and Settings\shandaros\Cookies\[emailprotected][1].txt
C:\Documents and Settings\shandaros\Cookies\[emailprotected][1].txt
C:\Documents and Settings\shandaros\Cookies\[emailprotected][1].txt
C:\Documents and Settings\shandaros\Cookies\[emailprotected][2].txt
C:\Documents and Settings\shandaros\Cookies\[emailprotected][1].txt
C:\Documents and Settings\shandaros\Cookies\[emailprotected][1].txt
C:\Documents and Settings\shandaros\Cookies\[emailprotected][2].txt
C:\Documents and Settings\shandaros\Cookies\[emailprotected][2].txt
C:\Documents and Settings\shandaros\Cookies\[emailprotected][2].txt
C:\Documents and Settings\shandaros\Cookies\[emailprotected][1].txt
C:\Documents and Settings\shandaros\Cookies\[emailprotected][1].txt
C:\Documents and Settings\shandaros\Cookies\[emailprotected][1].txt
C:\Documents and Settings\shandaros\Cookies\[emailprotected][1].txt
C:\Documents and Settings\shandaros\Cookies\[emailprotected][1].txt
C:\Documents and Settings\shandaros\Cookies\[emailprotected][1].txt
C:\Documents and Settings\shandaros\Cookies\[emailprotected][3].txt
C:\Documents and Settings\shandaros\Cookies\[emailprotected][2].txt
C:\Documents and Settings\shandaros\Cookies\[emailprotected][1].txt
C:\Documents and Settings\shandaros\Cookies\[emailprotected][2].txt
C:\Documents and Settings\shandaros\Cookies\[emailprotected][1].txt
C:\Documents and Settings\shandaros\Cookies\[emailprotected][3].txt
C:\Documents and Settings\shandaros\Cookies\[emailprotected][1].txt
C:\Documents and Settings\shandaros\Cookies\[emailprotected][1].txt
C:\Documents and Settings\shandaros\Cookies\[emailprotected][1].txt
C:\Documents and Settings\shandaros\Cookies\[emailprotected][2].txt
C:\Documents and Settings\shandaros\Cookies\[emailprotected][2].txt
C:\Documents and Settings\shandaros\Cookies\[emailprotected][1].txt
C:\Documents and Settings\shandaros\Cookies\[emailprotected][2].txt
C:\Documents and Settings\shandaros\Cookies\[emailprotected][1].txt
C:\Documents and Settings\shandaros\Cookies\[emailprotected][2].txt
C:\Documents and Settings\shandaros\Cookies\[emailprotected][1].txt
C:\Documents and Settings\shandaros\Cookies\[emailprotected][1].txt
C:\Documents and Settings\shandaros\Cookies\[emailprotected][2].txt
C:\Documents and Settings\shandaros\Cookies\[emailprotected][2].txt
C:\Documents and Settings\shandaros\Cookies\[emailprotected][1].txt
C:\Documents and Settings\shandaros\Cookies\[emailprotected][2].txt
C:\Documents and Settings\shandaros\Cookies\[emailprotected][2].txt
C:\Documents and Settings\shandaros\Cookies\[emailprotected][2].txt
C:\Documents and Settings\shandaros\Cookies\[emailprotected][5].txt
Rogue.AdvancedXPDefender
HKLM\Software\AXPDefender
HKLM\Software\AXPDefender#MGuid
HKLM\Software\AXPDefender\AXPDefender
HKLM\Software\AXPDefender\AXPDefender#RegistrationUrl
HKLM\Software\AXPDefender\AXPDefender#RegistrationDiscUrl
HKLM\Software\AXPDefender\AXPDefender#ADVid
HKLM\Software\AXPDefender\AXPDefender#InstallDir
HKLM\Software\AXPDefender\AXPDefender#domain
HKLM\Software\AXPDefender\AXPDefender#SoftID
HKLM\Software\AXPDefender\AXPDefender#DatabaseVersion
HKLM\Software\AXPDefender\AXPDefender#ProgramVersion
HKLM\Software\AXPDefender\AXPDefender#EngineVersion
HKLM\Software\AXPDefender\AXPDefender#GuiVersion
HKLM\Software\AXPDefender\AXPDefender#ProxyName
HKLM\Software\AXPDefender\AXPDefender#ProxyPort
HKLM\Software\AXPDefender\AXPDefender#ScanPriority
HKLM\Software\AXPDefender\AXPDefender#DaysInterval
HKLM\Software\AXPDefender\AXPDefender#ScanDepth
HKLM\Software\AXPDefender\AXPDefender#ScanSystemOnStartup
HKLM\Software\AXPDefender\AXPDefender#AutomaticallyUpdates
HKLM\Software\AXPDefender\AXPDefender#MinimizeOnStart
HKLM\Software\AXPDefender\AXPDefender#BackgroundScan
HKLM\Software\AXPDefender\AXPDefender#BackgroundScanTimeout
HKLM\Software\AXPDefender\AXPDefender#InstallationID
HKLM\Software\AXPDefender\AXPDefender#LastTimeStamp
HKLM\Software\AXPDefender\AXPDefender#LastUpdateDate
C:\Documents and Settings\shandaros\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\HKCU\RunOnce
C:\Documents and Settings\shandaros\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\HKCU
C:\Documents and Settings\shandaros\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\HKLM\RunOnce
C:\Documents and Settings\shandaros\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\HKLM
C:\Documents and Settings\shandaros\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\StartMenuAllUsers
C:\Documents and Settings\shandaros\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\StartMenuCurrentUser
C:\Documents and Settings\shandaros\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun
C:\Documents and Settings\shandaros\Application Data\AXPDefender\AXPDefender\Quarantine\BrowserObjects
C:\Documents and Settings\shandaros\Application Data\AXPDefender\AXPDefender\Quarantine\Packages
C:\Documents and Settings\shandaros\Application Data\AXPDefender\AXPDefender\Quarantine
C:\Documents and Settings\shandaros\Application Data\AXPDefender\AXPDefender
C:\Documents and Settings\shandaros\Application Data\AXPDefender
Rogue.AdvancedXPFixer
HKLM\Software\AXPFixer
HKLM\Software\AXPFixer#MGuid
HKLM\Software\AXPFixer\AXPFixer
HKLM\Software\AXPFixer\AXPFixer#RegistrationUrl
HKLM\Software\AXPFixer\AXPFixer#RegistrationDiscUrl
HKLM\Software\AXPFixer\AXPFixer#ADVid
HKLM\Software\AXPFixer\AXPFixer#InstallDir
HKLM\Software\AXPFixer\AXPFixer#domain
HKLM\Software\AXPFixer\AXPFixer#SoftID
HKLM\Software\AXPFixer\AXPFixer#DatabaseVersion
HKLM\Software\AXPFixer\AXPFixer#ProgramVersion
HKLM\Software\AXPFixer\AXPFixer#EngineVersion
HKLM\Software\AXPFixer\AXPFixer#GuiVersion
HKLM\Software\AXPFixer\AXPFixer#ProxyName
HKLM\Software\AXPFixer\AXPFixer#ProxyPort
HKLM\Software\AXPFixer\AXPFixer#ScanPriority
HKLM\Software\AXPFixer\AXPFixer#DaysInterval
HKLM\Software\AXPFixer\AXPFixer#ScanDepth
HKLM\Software\AXPFixer\AXPFixer#ScanSystemOnStartup
HKLM\Software\AXPFixer\AXPFixer#AutomaticallyUpdates
HKLM\Software\AXPFixer\AXPFixer#MinimizeOnStart
HKLM\Software\AXPFixer\AXPFixer#BackgroundScan
HKLM\Software\AXPFixer\AXPFixer#BackgroundScanTimeout
HKLM\Software\AXPFixer\AXPFixer#InstallationID
HKLM\Software\AXPFixer\AXPFixer#LastTimeStamp
HKLM\Software\AXPFixer\AXPFixer#LastUpdateDate
C:\Documents and Settings\shandaros\Application Data\AXPFixer\AXPFixer\Quarantine\Autorun\HKCU\RunOnce
C:\Documents and Settings\shandaros\Application Data\AXPFixer\AXPFixer\Quarantine\Autorun\HKCU
C:\Documents and Settings\shandaros\Application Data\AXPFixer\AXPFixer\Quarantine\Autorun\HKLM\RunOnce
C:\Documents and Settings\shandaros\Application Data\AXPFixer\AXPFixer\Quarantine\Autorun\HKLM
C:\Documents and Settings\shandaros\Application Data\AXPFixer\AXPFixer\Quarantine\Autorun\StartMenuAllUsers
C:\Documents and Settings\shandaros\Application Data\AXPFixer\AXPFixer\Quarantine\Autorun\StartMenuCurrentUser
C:\Documents and Settings\shandaros\Application Data\AXPFixer\AXPFixer\Quarantine\Autorun
C:\Documents and Settings\shandaros\Application Data\AXPFixer\AXPFixer\Quarantine\BrowserObjects
C:\Documents and Settings\shandaros\Application Data\AXPFixer\AXPFixer\Quarantine\Packages
C:\Documents and Settings\shandaros\Application Data\AXPFixer\AXPFixer\Quarantine
C:\Documents and Settings\shandaros\Application Data\AXPFixer\AXPFixer
C:\Documents and Settings\shandaros\Application Data\AXPFixer
Adware.Vundo Variant/Rel
HKLM\SOFTWARE\Microsoft\aoprndtws
HKLM\SOFTWARE\Microsoft\FCOVM
HKLM\SOFTWARE\Microsoft\RemoveRP
HKU\S-1-5-21-1645522239-162531612-725345543-1004\Software\Microsoft\rdfa
Trojan.Unclassified/WinBx
C:\DOCUMENTS AND SETTINGS\NEAL CHAPMAN\LOCAL SETTINGS\TEMP\SETUP_J22Q5.EXE
Trojan.Unknown Origin
C:\WINDOWS\SYSTEM32\CTFMONB.BMP
Trojan.Downloader-Gen/Multi
C:\WINDOWS\SYSTEM32\~.EXE
Malware Scan sure is time consuming, only 30gb used on this HD and its taken over an hour. Glad this is MY PC lol.
160,000 files
1.5hours and counting, pc is only 1300ghz single core, kinda got some age on it.Malware log, after reboot I ran HJT and posting log again now. All Attached
[recovering space - attachment deleted by admin]Looks good so far.
You have Viewpoint installed.
Viewpoint Media Player/Manager/Toolbar is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". See Viewpoint to Plunge Into Adware
It is suggested to remove the program now.
Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present. - Viewpoint
- Viewpoint Manager
- Viewpoint Media Player
- Viewpoint Toolbar
- Viewpoint Experience Technology
If you have trouble removing Viewpoint, I suggest that you use ViewpointKiller
Once you have downloaded ViewpointKiller, unzip it to a convenient location such as your desktop.
Run ViewpointKiller, and select File > Do All Killings
Follow the prompts, selecting Yes or No, depending on which selection you are most comfortable with.
----------
Open Hijackthis and select Do a system scan only.
Place a check mark next to the following entries: (if there)
- O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
- 020 - Winlogon Notify: vtUolMEu - vtUolMEu.dll (file missing)
Important: Close all windows except for Hijackthis and then click Fix checked.
Exit Hijackthis.
----------
Run CCleaner.
How is everything now?Will be back at pc (belongs to a friend) and will continue with your last advice in about 24hours from this post. <3 thx for everything up til nowAm using a different login user this time. here is a HJT log after I removed the 2 files you advised, and am about to run Superanti again for a quick search on this alt user.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:16:25 PM, on 6/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\Zango\bin\10.3.36.0\Weather.exe" -auto
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJxdm128MGUS
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Haley\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} (StreamPlug Class) - http://www.streamplug.com/StreamPlug/SP.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} (SupportSoft External Control) - http://connect.comcast.com/dl/Comcast%20Activation%20Controls.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174761884390
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174763175624
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
--
End of file - 9309 bytes
Open Hijackthis and select Do a system scan only.
Place a check mark next to the following entries: (if there)
- R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
- O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\Zango\bin\10.3.36.0\Weather.exe" -auto
- O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJxdm128MGUS
Important: Close all windows except for Hijackthis and then click Fix checked.
Exit Hijackthis.
----------
Create An Uninstall List- Start HijackThis
- Click on the Open the Misc Tools section
- Click on the Open Uninstall Manager button.
- Click on the Save list button and specify where you would like to save this file and click Save.
- When you press Save button a notepad will open with the contents of that file.
- Copy and paste that list in your reply.
kk thx again man, count not find the HKCU-weather.exe one, but removed the other 2 plus one for ctmond? or w/e thatw as changing the backdrop + one for aol toolbar, which this pc shouldn't EVEN have.
NEW HJT LOG
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:55:37 PM, on 6/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1645522239-162531612-725345543-1010\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Haley')
O4 - HKUS\S-1-5-21-1645522239-162531612-725345543-1010\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User 'Haley')
O4 - HKUS\S-1-5-21-1645522239-162531612-725345543-1010\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (User 'Haley')
O4 - HKUS\S-1-5-21-1645522239-162531612-725345543-1010\..\Run: [A00F5467D96.exe] C:\DOCUME~1\Haley\LOCALS~1\Temp\_A00F5467D96.exe (User 'Haley')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - S-1-5-21-1645522239-162531612-725345543-1010 Startup: IMVU.lnk = C:\Documents and Settings\Haley\My Documents\IMVU\IMVUClient.exe (User 'Haley')
O4 - S-1-5-21-1645522239-162531612-725345543-1010 User Startup: IMVU.lnk = C:\Documents and Settings\Haley\My Documents\IMVU\IMVUClient.exe (User 'Haley')
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Haley\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} (StreamPlug Class) - http://www.streamplug.com/StreamPlug/SP.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} (SupportSoft External Control) - http://connect.comcast.com/dl/Comcast%20Activation%20Controls.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174761884390
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174763175624
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
--
End of file - 9737 bytes
I was needing an uninstall list.
Create An Uninstall List- Start HijackThis
- Click on the Open the Misc Tools section
- Click on the Open Uninstall Manager button.
- Click on the Save list button and specify where you would like to save this file and click Save.
- When you press Save button a notepad will open with the contents of that file.
- Copy and paste that list in your reply.
|
