Jump to content

mb129

Members
  • Posts

    14
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I haven't deleted AVG yet, waiting for you to advise me to do so. So here is the checkup.txt: Results of screen317's Security Check version 0.99.89 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! AVG AntiVirus Free Edition 2015 Ad-Aware Antivirus Antivirus out of date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` JavaFX 2.1.1 Java 7 Update 67 Adobe Flash Player 15.0.0.152 Adobe Reader XI Mozilla Firefox 30.0 Firefox out of Date! Google Chrome 38.0.2125.104 Google Chrome 38.0.2125.111 Google Chrome Plugins... ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe AVG avgwdsvc.exe Lavasoft Ad-Aware Antivirus Ad-Aware Antivirus 11.4.6792.0\AdAwareService.exe Lavasoft Ad-Aware Antivirus Ad-Aware Antivirus 11.4.6792.0\AdAwareTray.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 2% ````````````````````End of Log``````````````````````
  2. Thank you. All logs attached, looks pretty clean to me. I did not uncheck anything on ADW. I think I may remove AVG what are your thoughts? FYI i'm from your area - grew up in Marlboro/went to Rutgers. fond memories of 3AM at the South Plainfield (I think) White Castle during college!!! Malwarebytes log clean.txt AdwCleanerS1.txt AdwCleanerR1.txt Fixlog.txt
  3. I do. To print coupons on some websites they track how many of each one you print. Are they Ok?
  4. OK, I re-ran them, here you go. Thanks in advance. Addition.txt FRST.txt
  5. Sorry, one of the files did not attach, here it is. Fixlog.txt
  6. Thank you for your help. Here are the log files from the two procedures. Things seem to be improving but I haven't rebooted yet. combofixlog.txt
  7. Hello, We were experiencing slow internet and PC, downloaded malwarebytes which cleaned out some freeware, but these two keep popping up persistently. Please help! Thanks, Matt Addition.txt FRST.txt
  8. Thanks -- will do. Pleasure working with you as well. AVG is running much faster than I remember it. I went for the 30 day trial of their upgraded version that has rootkit protection, do you think it's worth $35- per year or is the free version good enough?
  9. Thanks. Norton is now uninstalled, but I still can't scan with the Microsoft tool. It gives me the same error if I try a quick or full scan. Then if I try to get updates, I get the following: Virus & spyware definitions update failed Microsoft Security Essentials wasn't able to check for virus & spyware definition updates. Make sure your computer is connected to the Internet and try again. Error code: 0x80080005 Error desc: MSE wasn't able to access the updates on the server because the authentication failed or the authentication method isn't supported. Though, looking at http://www.microsoft.com/security/portal/D...s/HowToMSE.aspx I do have the latest installed (v 1.75.168.0) Can't I just uninstall and run AVG at this point? Here's the current hijackthis log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:15:27 PM, on 1/30/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: G:\WINDOWS\System32\smss.exe G:\WINDOWS\system32\winlogon.exe G:\WINDOWS\system32\services.exe G:\WINDOWS\system32\lsass.exe G:\WINDOWS\system32\svchost.exe G:\Program Files\Microsoft Security Essentials\MsMpEng.exe G:\WINDOWS\System32\svchost.exe G:\WINDOWS\system32\svchost.exe G:\Program Files\Lavasoft\Ad-Aware\aawservice.exe G:\WINDOWS\Explorer.EXE G:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe G:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe G:\Program Files\BroadJump\Client Foundation\CFD.exe G:\Program Files\Google\Gmail Notifier\gnotify.exe G:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe G:\Program Files\Seagate\SystemTray\StxMenuMgr.exe G:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe G:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe G:\WINDOWS\system32\spoolsv.exe G:\WINDOWS\system32\devldr32.exe G:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe G:\Program Files\Java\jre6\bin\jqs.exe G:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe G:\Program Files\Common Files\Motive\McciCMService.exe G:\WINDOWS\System32\svchost.exe G:\Program Files\Common Files\Java\Java Update\jusched.exe G:\Program Files\Microsoft Security Essentials\msseces.exe G:\Program Files\Messenger\msmsgs.exe G:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE G:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe G:\Documents and Settings\Matt and Tra\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe G:\Program Files\Windows Live\Messenger\msnmsgr.exe G:\WINDOWS\system32\ctfmon.exe G:\Program Files\Olympus\DeviceDetector\DevDtct2.exe G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe G:\Program Files\Microsoft Broadband Networking\MSBNTray.exe G:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe G:\Program Files\CASIO\Photo Loader\Plauto.exe G:\Program Files\Seagate\AutoBackup\MemeoBackup.exe G:\Program Files\Mozilla Firefox\firefox.exe G:\Documents and Settings\Matt and Tra\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: CitiUS Shared Browser Helper Object - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - G:\WINDOWS\System32\BhoCitUS.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - G:\Program Files\AVG\AVG8\avgssie.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - G:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - G:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - G:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - G:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - G:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - G:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O4 - HKLM\..\Run: [ViewMgr] G:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] G:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [bJCFD] G:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] G:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [CitiVAN] G:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe /dontopenmycards O4 - HKLM\..\Run: [stxTrayMenu] "G:\Program Files\Seagate\SystemTray\StxMenuMgr.exe" O4 - HKLM\..\Run: [Monitor] "G:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "G:\Program Files\Malwarebytes' Anti-Malware\VLdxejhQ8.exe" /runcleanupscript O4 - HKLM\..\Run: [sunJavaUpdateSched] "G:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "G:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [MSSE] "G:\Program Files\Microsoft Security Essentials\msseces.exe" -hide O4 - HKCU\..\Run: [MSMSGS] "G:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "G:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [DW6] "G:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" O4 - HKCU\..\Run: [sansaDispatch] G:\Documents and Settings\Matt and Tra\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe O4 - HKCU\..\Run: [msnmsgr] "G:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Startup: AutoBackup Launcher.lnk = G:\Program Files\Seagate\AutoBackup\MemeoLauncher.exe O4 - Global Startup: APC UPS Status.lnk = ? O4 - Global Startup: Device Detector 3.lnk = G:\Program Files\Olympus\DeviceDetector\DevDtct2.exe O4 - Global Startup: hp psc 2000 Series.lnk = G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: Microsoft Broadband Networking.lnk = ? O4 - Global Startup: Microsoft Office.lnk = G:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: officejet 6100.lnk = ? O4 - Global Startup: Photo Loader supervisory.lnk = G:\Program Files\CASIO\Photo Loader\Plauto.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://G:\WINDOWS\system32\GPhotos.scr/200 O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - G:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - G:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - G:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: Citi - {4C730913-3961-439b-83D5-F4E445520422} - G:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - G:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - G:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Support - {0AA59B53-7423-49E0-92F6-305ACA23F347} - http://www.comcastsupport.com (file missing) (HKCU) O9 - Extra button: Help - {4CEDCF7B-21B1-4285-A85E-D09B3A211292} - http://www.comcast.net/memberservices/ (file missing) (HKCU) O9 - Extra button: ComcastHSI - {5F09D1D1-A173-4664-92E0-0346B00D97B5} - http://www.comcast.net (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/oas/ActiveX/MSDcode.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://64.124.45.181/downloads/ccpm_0237.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - G:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.gocyberlink.com/winxp/CheckDVD.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/programs/OnlineScanner.cab O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1173709244937 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.winkflash.com/photo/loaders/ImageUploader4.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - http://game02.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {C915801D-6F00-49CD-8A9A-8DE5C11ADDC1} (Pixami Drag/Drop Upload UI Control) - http://www.photoworks.com/pixami/DragDropUploader.cab O16 - DPF: {CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shock...ash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.disneyphotopass.com/software/ImageUploader4.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.com/resources/neutral/co....cab?10,0,910,0 O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - G:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: APC UPS Service - American Power Conversion Corporation - G:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe O23 - Service: Apple Mobile Device - Apple, Inc. - G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Google Updater Service (gusvc) - Google - G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - G:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - G:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - G:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - G:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe O23 - Service: McciCMService - Motive Communications, Inc. - G:\Program Files\Common Files\Motive\McciCMService.exe O23 - Service: Pml Driver HPZ12 - HP - G:\WINDOWS\System32\HPZipm12.exe O24 - Desktop Component 1: (no name) - G:\Documents and Settings\Matt and Tra\Desktop\Traci\baby_desktop.html -- End of file - 14610 bytes
  10. OK ... now we're running into some trouble. First, I am not sure what to do with the Norton Removal tool. It wants to know what version I have, but I haven't got any version. So I don't know which instruction to follow. Second, Microsoft Security Essentials won't run a quick scan. I get the following error: Microsoft Security Essentials couldn't scan your computer. An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support. Clck Help for more infomration about this problem. Error code: 0x8050800c So I click help, and it takes me here http://www.microsoft.com/security_essentia...amp;hr=8050800c which to me looks like a download page for the application again. Third ... my computer runs pretty slow now, with the Microsoft product. Fourth, fifth, and sixth ... when I shut down I get three messages that I need to dispose of before it will shut down. So the Microsift Security Essentials is running and is telling me I'm protected, but it won't do a scan. Jusched.exe must be stopped dwwin.exe and drwtsn32.exe - DLL initialization failed. These two I have had the issue for some time, but the Jusched.exe problem is new. Anyway, here is the hijackthis log, for what it's worth ... thanks again for your time -- Matt Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:33:01 PM, on 1/30/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: G:\WINDOWS\System32\smss.exe G:\WINDOWS\system32\winlogon.exe G:\WINDOWS\system32\services.exe G:\WINDOWS\system32\lsass.exe G:\WINDOWS\system32\svchost.exe G:\Program Files\Microsoft Security Essentials\MsMpEng.exe G:\WINDOWS\System32\svchost.exe G:\WINDOWS\system32\svchost.exe G:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe G:\WINDOWS\Explorer.EXE G:\Program Files\Lavasoft\Ad-Aware\aawservice.exe G:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe G:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe G:\Program Files\BroadJump\Client Foundation\CFD.exe G:\Program Files\Google\Gmail Notifier\gnotify.exe G:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe G:\Program Files\Seagate\SystemTray\StxMenuMgr.exe G:\Program Files\Common Files\Symantec Shared\ccApp.exe G:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe G:\WINDOWS\system32\spoolsv.exe G:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe G:\WINDOWS\system32\devldr32.exe G:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe G:\Program Files\Common Files\Java\Java Update\jusched.exe G:\Program Files\Java\jre6\bin\jqs.exe G:\Program Files\Microsoft Security Essentials\msseces.exe G:\Program Files\Messenger\msmsgs.exe G:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE G:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe G:\Documents and Settings\Matt and Tra\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe G:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe G:\Program Files\Common Files\Motive\McciCMService.exe G:\WINDOWS\system32\ctfmon.exe G:\WINDOWS\System32\svchost.exe G:\Program Files\Olympus\DeviceDetector\DevDtct2.exe G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe G:\Program Files\Microsoft Broadband Networking\MSBNTray.exe G:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe G:\Program Files\CASIO\Photo Loader\Plauto.exe G:\Program Files\Seagate\AutoBackup\MemeoBackup.exe G:\Program Files\Mozilla Firefox\firefox.exe G:\Documents and Settings\Matt and Tra\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: CitiUS Shared Browser Helper Object - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - G:\WINDOWS\System32\BhoCitUS.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - G:\Program Files\AVG\AVG8\avgssie.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - G:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - G:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - G:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - G:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - G:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - G:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O4 - HKLM\..\Run: [ViewMgr] G:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] G:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [bJCFD] G:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] G:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [CitiVAN] G:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe /dontopenmycards O4 - HKLM\..\Run: [stxTrayMenu] "G:\Program Files\Seagate\SystemTray\StxMenuMgr.exe" O4 - HKLM\..\Run: [ccApp] "G:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Monitor] "G:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "G:\Program Files\Malwarebytes' Anti-Malware\VLdxejhQ8.exe" /runcleanupscript O4 - HKLM\..\Run: [sunJavaUpdateSched] "G:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "G:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [MSSE] "G:\Program Files\Microsoft Security Essentials\msseces.exe" -hide O4 - HKCU\..\Run: [MSMSGS] "G:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "G:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [DW6] "G:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" O4 - HKCU\..\Run: [sansaDispatch] G:\Documents and Settings\Matt and Tra\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe O4 - HKCU\..\Run: [msnmsgr] "G:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Startup: AutoBackup Launcher.lnk = G:\Program Files\Seagate\AutoBackup\MemeoLauncher.exe O4 - Global Startup: APC UPS Status.lnk = ? O4 - Global Startup: Device Detector 3.lnk = G:\Program Files\Olympus\DeviceDetector\DevDtct2.exe O4 - Global Startup: hp psc 2000 Series.lnk = G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: Microsoft Broadband Networking.lnk = ? O4 - Global Startup: Microsoft Office.lnk = G:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: officejet 6100.lnk = ? O4 - Global Startup: Photo Loader supervisory.lnk = G:\Program Files\CASIO\Photo Loader\Plauto.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://G:\WINDOWS\system32\GPhotos.scr/200 O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - G:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - G:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - G:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: Citi - {4C730913-3961-439b-83D5-F4E445520422} - G:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - G:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - G:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Support - {0AA59B53-7423-49E0-92F6-305ACA23F347} - http://www.comcastsupport.com (file missing) (HKCU) O9 - Extra button: Help - {4CEDCF7B-21B1-4285-A85E-D09B3A211292} - http://www.comcast.net/memberservices/ (file missing) (HKCU) O9 - Extra button: ComcastHSI - {5F09D1D1-A173-4664-92E0-0346B00D97B5} - http://www.comcast.net (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/oas/ActiveX/MSDcode.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://64.124.45.181/downloads/ccpm_0237.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - G:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.gocyberlink.com/winxp/CheckDVD.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/programs/OnlineScanner.cab O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1173709244937 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.winkflash.com/photo/loaders/ImageUploader4.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - http://game02.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {C915801D-6F00-49CD-8A9A-8DE5C11ADDC1} (Pixami Drag/Drop Upload UI Control) - http://www.photoworks.com/pixami/DragDropUploader.cab O16 - DPF: {CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shock...ash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.disneyphotopass.com/software/ImageUploader4.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.com/resources/neutral/co....cab?10,0,910,0 O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - G:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: APC UPS Service - American Power Conversion Corporation - G:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe O23 - Service: Apple Mobile Device - Apple, Inc. - G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Google Updater Service (gusvc) - Google - G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - G:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - G:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - G:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - G:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe O23 - Service: LiveUpdate - Symantec Corporation - G:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: McciCMService - Motive Communications, Inc. - G:\Program Files\Common Files\Motive\McciCMService.exe O23 - Service: Pml Driver HPZ12 - HP - G:\WINDOWS\System32\HPZipm12.exe O23 - Service: Symantec Core LC - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O24 - Desktop Component 1: (no name) - G:\Documents and Settings\Matt and Tra\Desktop\Traci\baby_desktop.html -- End of file - 15251 bytes
  11. Thanks. Currently I'm running Symantec anti-virus ... with occasional spybot and adaware runs (though I hadn't run either of the latter in some time ... shame on me). I don't use Norton anymore, I uninstalled it when I stopped using it, are you seeing traces of it somewhere? I had AVG for awhile but when they came out with their version 8, it became such a dog ... 2.5 hours of slow computer for a daily scan was just too much for me. Perhaps things have improved with their more recent offerings? What do you recommend for a lean, mean preventative setup? Here are the logs. ESET G:\Documents and Settings\Matt and Tra\Start Menu\Programs\Startup\PowerReg Scheduler.exe Win32/PowerReg application G:\Program Files\AIM\Sysfiles\WxBug.EXE Win32/Adware.WBug.A application G:\System Volume Information\_restore{92363070-3CB0-4799-8C84-F4B8AD3169E4}\RP1769\A0372211.dll a variant of Win32/Kryptik.CBR trojan G:\System Volume Information\_restore{92363070-3CB0-4799-8C84-F4B8AD3169E4}\RP1769\A0372285.dll a variant of Win32/Kryptik.CBR trojan G:\System Volume Information\_restore{92363070-3CB0-4799-8C84-F4B8AD3169E4}\RP1769\A0372286.dll a variant of Win32/Kryptik.CBR trojan G:\System Volume Information\_restore{92363070-3CB0-4799-8C84-F4B8AD3169E4}\RP1769\A0372287.dll a variant of Win32/Kryptik.CBR trojan G:\System Volume Information\_restore{92363070-3CB0-4799-8C84-F4B8AD3169E4}\RP1770\A0372312.dll a variant of Win32/Kryptik.CBQ trojan G:\System Volume Information\_restore{92363070-3CB0-4799-8C84-F4B8AD3169E4}\RP1770\A0372315.dll a variant of Win32/Kryptik.CBR trojan G:\System Volume Information\_restore{92363070-3CB0-4799-8C84-F4B8AD3169E4}\RP1770\A0372316.dll a variant of Win32/Kryptik.CBQ trojan G:\System Volume Information\_restore{92363070-3CB0-4799-8C84-F4B8AD3169E4}\RP1770\A0372347.dll a variant of Win32/Kryptik.CBQ trojan G:\System Volume Information\_restore{92363070-3CB0-4799-8C84-F4B8AD3169E4}\RP1770\A0372348.dll a variant of Win32/Kryptik.CBQ trojan G:\System Volume Information\_restore{92363070-3CB0-4799-8C84-F4B8AD3169E4}\RP1770\A0372351.dll a variant of Win32/Kryptik.CBQ trojan G:\System Volume Information\_restore{92363070-3CB0-4799-8C84-F4B8AD3169E4}\RP1770\A0372352.dll a variant of Win32/Kryptik.CBQ trojan G:\System Volume Information\_restore{92363070-3CB0-4799-8C84-F4B8AD3169E4}\RP1770\A0372353.dll a variant of Win32/Kryptik.CBR trojan G:\System Volume Information\_restore{92363070-3CB0-4799-8C84-F4B8AD3169E4}\RP1770\A0372354.dll a variant of Win32/Kryptik.CBR trojan G:\System Volume Information\_restore{92363070-3CB0-4799-8C84-F4B8AD3169E4}\RP1770\A0372355.dll a variant of Win32/Kryptik.CBQ trojan G:\System Volume Information\_restore{92363070-3CB0-4799-8C84-F4B8AD3169E4}\RP1770\A0372378.dll a variant of Win32/Kryptik.CBQ trojan Results of screen317's Security Check version 0.99.1 Windows XP Service Pack 2 Out of date service pack!! `````````````````````````````` Antivirus/Firewall Check: ESET Online Scanner v3 ESET Online Scanner Symantec Endpoint Protection `````````````````````````````` Anti-malware/Other Utilities Check: Out of date Spybot installed! Ad-Aware Spybot - Search & Destroy 1.4 Spyware Doctor 7.0 HijackThis 2.0.2 Java 6 Update 18 Java Auto Updater Out of date Java installed! Adobe Flash Player 10 Adobe Atmosphere Player for Acrobat and Adobe Reader Adobe Reader 8.1.2 Adobe Reader 8.1.2 Security Update 1 (KB403742) Out of date Adobe Reader installed! `````````````````````````````` Process Check: objlist.exe by Laurent Norton ccSvcHst.exe Ad-Aware AAWService.exe Ad-Aware AAWTray.exe is disabled! `````````````````````````````` DNS Vulnerability Check: nslookup.exe missing! GREAT! (Not vulnerable to DNS cache poisoning) `````````End of Log```````````
  12. Thanks again. Here are the logfiles. Things seem to be running about as slowly as they've run throughout my recent memory. My PC has never been the master of performance even when new 9 years ago. An oddity that has occurred is that my HP printer is now no longer mounted and upon startup I am asked about mounting the new hardware. When I try to defrag, it usually hangs at some point. Now that I've got a cleaner setup than usual, perhaps I'll try to defrag again as well. Well, on to the logs: ComboFix 10-01-28.04 - Matt and Tra 01/28/2010 22:53:43.2.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.528 [GMT -5:00] Running from: g:\documents and settings\Matt and Tra\Desktop\ComboFix.exe Command switches used :: g:\documents and settings\Matt and Tra\Desktop\CFScript.txt AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C} FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6} FILE :: "g:\windows\system32\drivers\rkpybae.sys" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . g:\windows\system32\drivers\rkpybae.sys . ((((((((((((((((((((((((( Files Created from 2009-12-28 to 2010-01-29 ))))))))))))))))))))))))))))))) . 2010-01-28 01:23 . 2010-01-28 01:23 -------- d-----w- g:\program files\Paint.NET 2010-01-28 01:23 . 2010-01-28 01:26 -------- d-----w- g:\documents and settings\Matt and Tra\Local Settings\Application Data\Paint.NET 2010-01-27 12:03 . 2003-06-18 22:31 18944 ----a-w- g:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll 2010-01-27 12:03 . 2003-06-18 22:31 17920 ----a-w- g:\windows\system32\mdimon.dll 2010-01-27 12:00 . 2010-01-27 12:00 -------- d-----w- g:\program files\Microsoft.NET 2010-01-27 02:41 . 2010-01-27 02:41 -------- d-----w- g:\documents and settings\Matt and Tra\Application Data\Malwarebytes 2010-01-27 02:36 . 2010-01-07 20:17 38224 ----a-w- g:\windows\system32\drivers\mbamswissarmy.sys 2010-01-27 02:36 . 2010-01-27 02:36 -------- d-----w- g:\documents and settings\All Users\Application Data\Malwarebytes 2010-01-27 02:36 . 2010-01-27 03:35 -------- d-----w- g:\program files\Malwarebytes' Anti-Malware 2010-01-27 02:36 . 2010-01-07 20:17 19160 ----a-w- g:\windows\system32\drivers\mbam.sys 2010-01-27 00:28 . 2010-01-27 00:28 -------- d-sh--w- g:\windows\system32\config\systemprofile\IETldCache 2010-01-26 23:53 . 2010-01-26 23:53 -------- d-----w- g:\documents and settings\Matt and Tra\Local Settings\Application Data\Threat Expert 2010-01-26 23:46 . 2009-11-10 15:26 767952 ----a-w- g:\windows\BDTSupport.dll 2010-01-26 23:46 . 2009-11-10 15:28 149456 ----a-w- g:\windows\SGDetectionTool.dll 2010-01-26 23:46 . 2008-11-26 17:08 131 ----a-w- g:\windows\IDB.zip 2010-01-26 23:46 . 2009-11-10 15:28 165840 ----a-w- g:\windows\PCTBDRes.dll 2010-01-26 23:46 . 2009-11-10 15:28 1640400 ----a-w- g:\windows\PCTBDCore.dll 2010-01-26 23:46 . 2009-10-28 06:36 1152444 ----a-w- g:\windows\UDB.zip 2010-01-26 23:38 . 2009-10-30 16:11 233136 ----a-w- g:\windows\system32\drivers\pctgntdi.sys 2010-01-26 23:37 . 2009-11-09 16:20 207792 ----a-w- g:\windows\system32\drivers\PCTCore.sys 2010-01-26 23:37 . 2009-10-06 21:31 87784 ----a-w- g:\windows\system32\drivers\PCTAppEvent.sys 2010-01-26 23:37 . 2009-09-03 14:45 70408 ----a-w- g:\windows\system32\drivers\pctplsg.sys 2010-01-26 23:37 . 2010-01-27 02:01 -------- d-----w- g:\program files\Spyware Doctor 2010-01-26 23:37 . 2010-01-26 23:47 -------- d-----w- g:\program files\Common Files\PC Tools 2010-01-26 23:37 . 2010-01-26 23:37 -------- d-----w- g:\documents and settings\Matt and Tra\Application Data\PC Tools 2010-01-26 23:37 . 2010-01-26 23:37 -------- d-----w- g:\documents and settings\All Users\Application Data\PC Tools 2010-01-25 15:40 . 2010-01-25 15:43 -------- d-----w- g:\program files\PhotoMix 2010-01-15 03:50 . 2010-01-15 03:50 -------- d-----w- g:\program files\Microsoft Works 2010-01-13 09:36 . 2009-11-21 16:36 470528 -c----w- g:\windows\system32\dllcache\aclayers.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-29 04:31 . 2008-04-14 22:48 -------- d---a-w- g:\documents and settings\All Users\Application Data\TEMP 2010-01-28 01:22 . 2003-10-31 19:05 108272 ----a-w- g:\documents and settings\Matt and Tra\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-01-27 03:31 . 2009-10-06 00:00 -------- d-----w- g:\program files\Common Files\eSellerate 2010-01-21 18:38 . 2009-03-20 01:36 -------- d-----w- g:\program files\Microsoft Silverlight 2010-01-17 22:42 . 2003-12-19 17:08 -------- d-----w- g:\program files\EditPlus 2 2010-01-01 18:58 . 2007-03-04 00:07 -------- d-----w- g:\program files\Common Files\Wise Installation Wizard 2010-01-01 18:57 . 2008-09-17 15:25 -------- d-----w- g:\program files\LeapFrog 2009-12-24 13:40 . 2008-03-20 01:50 -------- d-----w- g:\program files\crayon 2009-12-21 19:14 . 2006-06-23 15:33 916480 ----a-w- g:\windows\system32\wininet.dll 2009-12-14 19:15 . 2009-12-14 19:15 2146304 ----a-w- g:\windows\system32\GPhotos.scr 2009-12-10 00:22 . 2003-08-14 03:10 -------- d-----w- g:\program files\Microsoft ActiveSync 2009-12-05 18:43 . 2009-12-05 18:43 -------- d-----w- g:\program files\7-Zip 2009-12-01 12:05 . 2009-12-01 12:05 -------- d-----w- g:\documents and settings\Matt and Tra\Application Data\Search Settings 2009-12-01 12:05 . 2009-12-01 12:05 -------- d-----w- g:\documents and settings\Matt and Tra\Application Data\Dealio 2009-11-14 18:34 . 2003-08-14 03:02 517 ----a-w- g:\windows\PowerReg.dat 2009-11-13 22:57 . 2009-11-13 22:57 922112 ------w- g:\windows\system32\imapi2fs.dll 2009-11-13 22:57 . 2009-11-13 22:57 426496 ------w- g:\windows\system32\imapi2.dll 2009-11-13 22:57 . 2008-12-07 01:58 62592 ----a-w- g:\windows\system32\drivers\cdrom.sys 2006-08-16 12:06 . 2006-08-16 12:06 774144 ----a-w- g:\program files\RngInterstitial.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="g:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] "DW6"="g:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-10-08 818288] "SansaDispatch"="g:\documents and settings\Matt and Tra\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2008-12-07 79872] "msnmsgr"="g:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ViewMgr"="g:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe" [2004-11-12 106557] "Share-to-Web Namespace Daemon"="g:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 69632] "BJCFD"="g:\program files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 376912] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="g:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232] "QuickTime Task"="g:\program files\QuickTime\qttask.exe" [2007-06-29 286720] "CitiVAN"="g:\program files\Citi Virtual Account Numbers\CitiVAN.exe" [2004-08-12 192512] "Adobe Reader Speed Launcher"="g:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792] "StxTrayMenu"="g:\program files\Seagate\SystemTray\StxMenuMgr.exe" [2007-01-18 190008] "ccApp"="g:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-08-14 115560] "Monitor"="g:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2009-11-10 443728] "Malwarebytes Anti-Malware (reboot)"="g:\program files\Malwarebytes' Anti-Malware\VLdxejhQ8.exe" [2010-01-27 1394000] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2006-10-04 53760] g:\documents and settings\Matt and Tra\Start Menu\Programs\Startup\ AutoBackup Launcher.lnk - g:\program files\Seagate\AutoBackup\MemeoLauncher.exe [2008-1-14 95456] PowerReg Scheduler.exe [2003-8-13 225280] g:\documents and settings\All Users\Start Menu\Programs\Startup\ APC UPS Status.lnk - g:\program files\APC\APC PowerChute Personal Edition\Display.exe [2008-2-24 221247] Device Detector 3.lnk - g:\program files\Olympus\DeviceDetector\DevDtct2.exe [2007-2-10 118784] hp psc 2000 Series.lnk - g:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2002-6-27 323646] Microsoft Broadband Networking.lnk - g:\windows\Installer\{2C84BB95-1DB9-4AC4-8750-F979BBCDD859}\_18be6784.exe [2003-10-31 25214] Microsoft Office.lnk - g:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] officejet 6100.lnk - g:\program files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2002-6-27 147456] Photo Loader supervisory.lnk - g:\program files\CASIO\Photo Loader\Plauto.exe [2006-8-17 229376] [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1] Source= g:\documents and settings\Matt and Tra\Desktop\Traci\baby_desktop.html FriendlyName= [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus] @="Service" [HKLM\~\startupfolder\G:^Documents and Settings^Matt and Tra^Start Menu^Programs^Startup^Desktop Application Director 9.LNK] path=g:\documents and settings\Matt and Tra\Start Menu\Programs\Startup\Desktop Application Director 9.LNK backup=g:\windows\pss\Desktop Application Director 9.LNKStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD] 2001-09-04 20:31 655360 ----a-w- g:\program files\Adaptec\Easy CD Creator 5\DirectCD\Directcd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2007-09-26 18:42 267064 ----a-w- g:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor] 2009-11-10 15:14 443728 ----a-w- g:\program files\LeapFrog\LeapFrog Connect\Monitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge] 2007-06-21 11:29 438359 ----a-w- g:\progra~1\SPRINT~1\SMARTB~1\SprintDSLAlert.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] 2009-07-26 20:44 3883856 ----a-w- g:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 16:50 155648 ----a-w- g:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "g:\\Program Files\\Messenger\\msmsgs.exe"= "g:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"= "g:\\Program Files\\Microsoft Broadband Networking\\MSBNUpdate.exe"= "g:\\Program Files\\Microsoft Broadband Networking\\MSBNUtil.exe"= "g:\\Program Files\\Microsoft Broadband Networking\\MSBNCfg.exe"= "g:\\Program Files\\iTunes\\iTunes.exe"= "g:\\Program Files\\AIM\\aim.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "g:\\Program Files\\Mozilla Firefox\\firefox.exe"= "g:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"= "g:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"= "g:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"= "g:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "g:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "g:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SavUI.exe"= "g:\\Program Files\\Olympus\\DeviceDetector\\DevDtct2.exe"= "g:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SmcGui.exe"= R0 PCTCore;PCTools KDS;g:\windows\system32\drivers\PCTCore.sys [1/26/2010 6:37 PM 207792] R2 Browser Defender Update Service;Browser Defender Update Service;g:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [1/26/2010 6:46 PM 112592] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;g:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/26/2009 8:11 PM 102448] R3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;g:\windows\system32\drivers\lne100v5.sys [5/12/2004 4:33 PM 36224] S3 COH_Mon;COH_Mon;g:\windows\system32\drivers\COH_Mon.sys [11/18/2008 5:17 PM 23888] S3 sdAuxService;PC Tools Auxiliary Service;g:\program files\Spyware Doctor\pctsAuxs.exe [1/26/2010 6:37 PM 359624] S4 Viewpoint Manager Service;Viewpoint Manager Service;g:\program files\Viewpoint\Common\ViewpointService.exe [10/27/2007 8:26 AM 24652] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper . Contents of the 'Scheduled Tasks' folder 2010-01-23 g:\windows\Tasks\AppleSoftwareUpdate.job - g:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:57] 2003-11-26 g:\windows\Tasks\FRU Task 2002-06-27 08:46ewlett-Packard2002-06-27 08:46p psc 2200 seriesF56855811176EC24C9B302F94878AD886AF77CFF060829168.job - g:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-06-27 05:46] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = 127.0.0.1 uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: Add to Google Photos Screensa&ver - g:\windows\system32\GPhotos.scr/200 DPF: Microsoft XML Parser for Java - file://g:\windows\Java\classes\xmldso.cab DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - hxxp://offers.e-centives.com/cif/download/bin/actxcab.cab DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game02.zylom.com/activex/zylomgamesplayer.cab DPF: {C915801D-6F00-49CD-8A9A-8DE5C11ADDC1} - hxxp://www.photoworks.com/pixami/DragDropUploader.cab FF - ProfilePath - g:\documents and settings\Matt and Tra\Application Data\Mozilla\Firefox\Profiles\d67kn4eb.Default User\ FF - prefs.js: browser.search.selectedEngine - Google FF - component: g:\program files\Mozilla Firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll FF - plugin: g:\documents and settings\Matt and Tra\Application Data\Move Networks\plugins\npqmp071505000010.dll FF - plugin: g:\documents and settings\Matt and Tra\Application Data\Mozilla\Firefox\Profiles\d67kn4eb.Default User\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll FF - plugin: g:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: g:\program files\Java\j2re1.4.1_05\bin\NPJava11.dll FF - plugin: g:\program files\Java\j2re1.4.1_05\bin\NPJava12.dll FF - plugin: g:\program files\Java\j2re1.4.1_05\bin\NPJava13.dll FF - plugin: g:\program files\Java\j2re1.4.1_05\bin\NPJava32.dll FF - plugin: g:\program files\Java\j2re1.4.1_05\bin\NPJPI141_05.dll FF - plugin: g:\program files\Java\j2re1.4.1_05\bin\NPOJI610.dll FF - plugin: g:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll FF - plugin: g:\program files\Mozilla Firefox\plugins\npImgCtl.dll FF - plugin: g:\program files\Mozilla Firefox\plugins\npracplug.dll FF - plugin: g:\program files\Mozilla Firefox\plugins\npunagi2.dll FF - plugin: g:\program files\Mozilla Firefox\plugins\npViewpoint.dll FF - plugin: g:\program files\Mozilla Firefox\plugins\npyaxmpb.dll FF - plugin: g:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll FF - plugin: g:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - g:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-28 23:33 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKCU\Software\Microsoft\Windows\CurrentVersion\Run SansaDispatch = g:\documents and settings\Matt and Tra\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe???????????????????????????????????????????????????????????????????????????????????????????????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1645522239-1659004503-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\
  13. Hi Kenny94, Here is the ComboFix log....hope you can help. Thanks for your assist thus far. ComboFix 10-01-28.04 - Matt and Tra 01/28/2010 18:22:07.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.431 [GMT -5:00] Running from: g:\documents and settings\Matt and Tra\Desktop\ComboFix.exe AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C} FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . E:\Autorun.inf G:\Images g:\program files\Dealio Toolbar g:\program files\Dealio Toolbar\config.ini g:\program files\Dealio Toolbar\DealioToolbarIE.dll g:\program files\Dealio Toolbar\Res\amazon.gif g:\program files\Dealio Toolbar\Res\apple.gif g:\program files\Dealio Toolbar\Res\barnes.gif g:\program files\Dealio Toolbar\Res\bestbuy.gif g:\program files\Dealio Toolbar\Res\dealio_logo.gif g:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif g:\program files\Dealio Toolbar\Res\ebay.gif g:\program files\Dealio Toolbar\Res\icon_settings.gif g:\program files\Dealio Toolbar\Res\macys.gif g:\program files\Dealio Toolbar\Res\newegg.gif g:\program files\Dealio Toolbar\Res\overstock.gif g:\program files\Dealio Toolbar\Res\search-button-hover.gif g:\program files\Dealio Toolbar\Res\search-button.gif g:\program files\Dealio Toolbar\Res\search-chevron-hover.gif g:\program files\Dealio Toolbar\Res\search-chevron.gif g:\program files\Dealio Toolbar\Res\search_amazon.gif g:\program files\Dealio Toolbar\Res\search_dealio.gif g:\program files\Dealio Toolbar\Res\search_ebay.gif g:\program files\Dealio Toolbar\Res\search_yahoo.gif g:\program files\Dealio Toolbar\Res\separator.gif g:\program files\Dealio Toolbar\Res\target.gif g:\program files\Dealio Toolbar\Res\walmart.gif g:\program files\Dealio Toolbar\Res\widgets.xml g:\program files\Dealio Toolbar\SearchSettings.dll g:\program files\Dealio Toolbar\SearchSettings.exe g:\program files\Dealio Toolbar\SearchSettingsRes409.dll g:\program files\Dealio Toolbar\sscfg.ini g:\program files\Dealio Toolbar\WidgiHelper.exe g:\program files\temp g:\program files\temp\Amazing Windows XP.exe g:\program files\temp\Holiday Snowflakes.exe g:\windows\Downloaded Program Files\ODCTOOLS g:\windows\Downloaded Program Files\RdxIE.dll g:\windows\puzokaya.dll g:\windows\system32\BSTIEPrintCtl1.dll g:\windows\system32\charset.dll g:\windows\Tasks\ivcfnbkj.job . ((((((((((((((((((((((((( Files Created from 2009-12-28 to 2010-01-29 ))))))))))))))))))))))))))))))) . 2010-01-28 01:23 . 2010-01-28 01:23 -------- d-----w- g:\program files\Paint.NET 2010-01-28 01:23 . 2010-01-28 01:26 -------- d-----w- g:\documents and settings\Matt and Tra\Local Settings\Application Data\Paint.NET 2010-01-27 12:03 . 2003-06-18 22:31 18944 ----a-w- g:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll 2010-01-27 12:03 . 2003-06-18 22:31 17920 ----a-w- g:\windows\system32\mdimon.dll 2010-01-27 12:00 . 2010-01-27 12:00 -------- d-----w- g:\program files\Microsoft.NET 2010-01-27 03:19 . 2010-01-27 03:19 54016 ----a-w- g:\windows\system32\drivers\rkpybae.sys 2010-01-27 02:41 . 2010-01-27 02:41 -------- d-----w- g:\documents and settings\Matt and Tra\Application Data\Malwarebytes 2010-01-27 02:36 . 2010-01-07 20:17 38224 ----a-w- g:\windows\system32\drivers\mbamswissarmy.sys 2010-01-27 02:36 . 2010-01-27 02:36 -------- d-----w- g:\documents and settings\All Users\Application Data\Malwarebytes 2010-01-27 02:36 . 2010-01-27 03:35 -------- d-----w- g:\program files\Malwarebytes' Anti-Malware 2010-01-27 02:36 . 2010-01-07 20:17 19160 ----a-w- g:\windows\system32\drivers\mbam.sys 2010-01-27 00:28 . 2010-01-27 00:28 -------- d-sh--w- g:\windows\system32\config\systemprofile\IETldCache 2010-01-26 23:53 . 2010-01-26 23:53 -------- d-----w- g:\documents and settings\Matt and Tra\Local Settings\Application Data\Threat Expert 2010-01-26 23:46 . 2009-11-10 15:26 767952 ----a-w- g:\windows\BDTSupport.dll 2010-01-26 23:46 . 2009-11-10 15:28 149456 ----a-w- g:\windows\SGDetectionTool.dll 2010-01-26 23:46 . 2008-11-26 17:08 131 ----a-w- g:\windows\IDB.zip 2010-01-26 23:46 . 2009-11-10 15:28 165840 ----a-w- g:\windows\PCTBDRes.dll 2010-01-26 23:46 . 2009-11-10 15:28 1640400 ----a-w- g:\windows\PCTBDCore.dll 2010-01-26 23:46 . 2009-10-28 06:36 1152444 ----a-w- g:\windows\UDB.zip 2010-01-26 23:38 . 2009-10-30 16:11 233136 ----a-w- g:\windows\system32\drivers\pctgntdi.sys 2010-01-26 23:37 . 2009-11-09 16:20 207792 ----a-w- g:\windows\system32\drivers\PCTCore.sys 2010-01-26 23:37 . 2009-10-06 21:31 87784 ----a-w- g:\windows\system32\drivers\PCTAppEvent.sys 2010-01-26 23:37 . 2009-09-03 14:45 70408 ----a-w- g:\windows\system32\drivers\pctplsg.sys 2010-01-26 23:37 . 2010-01-27 02:01 -------- d-----w- g:\program files\Spyware Doctor 2010-01-26 23:37 . 2010-01-26 23:47 -------- d-----w- g:\program files\Common Files\PC Tools 2010-01-26 23:37 . 2010-01-26 23:37 -------- d-----w- g:\documents and settings\Matt and Tra\Application Data\PC Tools 2010-01-26 23:37 . 2010-01-26 23:37 -------- d-----w- g:\documents and settings\All Users\Application Data\PC Tools 2010-01-25 15:40 . 2010-01-25 15:43 -------- d-----w- g:\program files\PhotoMix 2010-01-15 03:50 . 2010-01-15 03:50 -------- d-----w- g:\program files\Microsoft Works 2010-01-13 09:36 . 2009-11-21 16:36 470528 -c----w- g:\windows\system32\dllcache\aclayers.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-28 23:57 . 2008-04-14 22:48 -------- d---a-w- g:\documents and settings\All Users\Application Data\TEMP 2010-01-28 01:22 . 2003-10-31 19:05 108272 ----a-w- g:\documents and settings\Matt and Tra\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-01-27 03:31 . 2009-10-06 00:00 -------- d-----w- g:\program files\Common Files\eSellerate 2010-01-21 18:38 . 2009-03-20 01:36 -------- d-----w- g:\program files\Microsoft Silverlight 2010-01-17 22:42 . 2003-12-19 17:08 -------- d-----w- g:\program files\EditPlus 2 2010-01-01 18:58 . 2007-03-04 00:07 -------- d-----w- g:\program files\Common Files\Wise Installation Wizard 2010-01-01 18:57 . 2008-09-17 15:25 -------- d-----w- g:\program files\LeapFrog 2009-12-24 13:40 . 2008-03-20 01:50 -------- d-----w- g:\program files\crayon 2009-12-21 19:14 . 2006-06-23 15:33 916480 ----a-w- g:\windows\system32\wininet.dll 2009-12-14 19:15 . 2009-12-14 19:15 2146304 ----a-w- g:\windows\system32\GPhotos.scr 2009-12-10 00:22 . 2003-08-14 03:10 -------- d-----w- g:\program files\Microsoft ActiveSync 2009-12-05 18:43 . 2009-12-05 18:43 -------- d-----w- g:\program files\7-Zip 2009-12-01 12:05 . 2009-12-01 12:05 -------- d-----w- g:\documents and settings\Matt and Tra\Application Data\Search Settings 2009-12-01 12:05 . 2009-12-01 12:05 -------- d-----w- g:\documents and settings\Matt and Tra\Application Data\Dealio 2009-11-14 18:34 . 2003-08-14 03:02 517 ----a-w- g:\windows\PowerReg.dat 2009-11-13 22:57 . 2009-11-13 22:57 922112 ------w- g:\windows\system32\imapi2fs.dll 2009-11-13 22:57 . 2009-11-13 22:57 426496 ------w- g:\windows\system32\imapi2.dll 2009-11-13 22:57 . 2008-12-07 01:58 62592 ----a-w- g:\windows\system32\drivers\cdrom.sys 2006-08-16 12:06 . 2006-08-16 12:06 774144 ----a-w- g:\program files\RngInterstitial.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="g:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] "DW6"="g:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-10-08 818288] "SansaDispatch"="g:\documents and settings\Matt and Tra\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2008-12-07 79872] "msnmsgr"="g:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ViewMgr"="g:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe" [2004-11-12 106557] "Share-to-Web Namespace Daemon"="g:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 69632] "BJCFD"="g:\program files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 376912] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="g:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232] "QuickTime Task"="g:\program files\QuickTime\qttask.exe" [2007-06-29 286720] "CitiVAN"="g:\program files\Citi Virtual Account Numbers\CitiVAN.exe" [2004-08-12 192512] "Adobe Reader Speed Launcher"="g:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792] "StxTrayMenu"="g:\program files\Seagate\SystemTray\StxMenuMgr.exe" [2007-01-18 190008] "ccApp"="g:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-08-14 115560] "Monitor"="g:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2009-11-10 443728] "Malwarebytes Anti-Malware (reboot)"="g:\program files\Malwarebytes' Anti-Malware\VLdxejhQ8.exe" [2010-01-27 1394000] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2006-10-04 53760] g:\documents and settings\Matt and Tra\Start Menu\Programs\Startup\ AutoBackup Launcher.lnk - g:\program files\Seagate\AutoBackup\MemeoLauncher.exe [2008-1-14 95456] PowerReg Scheduler.exe [2003-8-13 225280] g:\documents and settings\All Users\Start Menu\Programs\Startup\ APC UPS Status.lnk - g:\program files\APC\APC PowerChute Personal Edition\Display.exe [2008-2-24 221247] Device Detector 3.lnk - g:\program files\Olympus\DeviceDetector\DevDtct2.exe [2007-2-10 118784] hp psc 2000 Series.lnk - g:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2002-6-27 323646] Microsoft Broadband Networking.lnk - g:\windows\Installer\{2C84BB95-1DB9-4AC4-8750-F979BBCDD859}\_18be6784.exe [2003-10-31 25214] Microsoft Office.lnk - g:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] officejet 6100.lnk - g:\program files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2002-6-27 147456] Photo Loader supervisory.lnk - g:\program files\CASIO\Photo Loader\Plauto.exe [2006-8-17 229376] [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1] Source= g:\documents and settings\Matt and Tra\Desktop\Traci\baby_desktop.html FriendlyName= [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=g:\windows\system32\nvdesk32.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus] @="Service" [HKLM\~\startupfolder\G:^Documents and Settings^Matt and Tra^Start Menu^Programs^Startup^Desktop Application Director 9.LNK] path=g:\documents and settings\Matt and Tra\Start Menu\Programs\Startup\Desktop Application Director 9.LNK backup=g:\windows\pss\Desktop Application Director 9.LNKStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD] 2001-09-04 20:31 655360 ----a-w- g:\program files\Adaptec\Easy CD Creator 5\DirectCD\Directcd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2007-09-26 18:42 267064 ----a-w- g:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor] 2009-11-10 15:14 443728 ----a-w- g:\program files\LeapFrog\LeapFrog Connect\Monitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge] 2007-06-21 11:29 438359 ----a-w- g:\progra~1\SPRINT~1\SMARTB~1\SprintDSLAlert.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] 2009-07-26 20:44 3883856 ----a-w- g:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 16:50 155648 ----a-w- g:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "g:\\Program Files\\Messenger\\msmsgs.exe"= "g:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"= "g:\\Program Files\\Microsoft Broadband Networking\\MSBNUpdate.exe"= "g:\\Program Files\\Microsoft Broadband Networking\\MSBNUtil.exe"= "g:\\Program Files\\Microsoft Broadband Networking\\MSBNCfg.exe"= "g:\\Program Files\\iTunes\\iTunes.exe"= "g:\\Program Files\\AIM\\aim.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "g:\\Program Files\\Mozilla Firefox\\firefox.exe"= "g:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"= "g:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"= "g:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"= "g:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "g:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "g:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SavUI.exe"= "g:\\Program Files\\Olympus\\DeviceDetector\\DevDtct2.exe"= "g:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SmcGui.exe"= R0 PCTCore;PCTools KDS;g:\windows\system32\drivers\PCTCore.sys [1/26/2010 6:37 PM 207792] R2 Browser Defender Update Service;Browser Defender Update Service;g:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [1/26/2010 6:46 PM 112592] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;g:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/26/2009 8:11 PM 102448] R3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;g:\windows\system32\drivers\lne100v5.sys [5/12/2004 4:33 PM 36224] S3 COH_Mon;COH_Mon;g:\windows\system32\drivers\COH_Mon.sys [11/18/2008 5:17 PM 23888] S3 sdAuxService;PC Tools Auxiliary Service;g:\program files\Spyware Doctor\pctsAuxs.exe [1/26/2010 6:37 PM 359624] S4 Viewpoint Manager Service;Viewpoint Manager Service;g:\program files\Viewpoint\Common\ViewpointService.exe [10/27/2007 8:26 AM 24652] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper . Contents of the 'Scheduled Tasks' folder 2010-01-23 g:\windows\Tasks\AppleSoftwareUpdate.job - g:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:57] 2003-11-26 g:\windows\Tasks\FRU Task 2002-06-27 08:46ewlett-Packard2002-06-27 08:46p psc 2200 seriesF56855811176EC24C9B302F94878AD886AF77CFF060829168.job - g:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-06-27 05:46] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = 127.0.0.1 uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: Add to Google Photos Screensa&ver - g:\windows\system32\GPhotos.scr/200 DPF: Microsoft XML Parser for Java - file://g:\windows\Java\classes\xmldso.cab DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - hxxp://offers.e-centives.com/cif/download/bin/actxcab.cab DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game02.zylom.com/activex/zylomgamesplayer.cab DPF: {C915801D-6F00-49CD-8A9A-8DE5C11ADDC1} - hxxp://www.photoworks.com/pixami/DragDropUploader.cab FF - ProfilePath - g:\documents and settings\Matt and Tra\Application Data\Mozilla\Firefox\Profiles\d67kn4eb.Default User\ FF - prefs.js: browser.search.selectedEngine - Google FF - component: g:\program files\Mozilla Firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll FF - plugin: g:\documents and settings\Matt and Tra\Application Data\Move Networks\plugins\npqmp071505000010.dll FF - plugin: g:\documents and settings\Matt and Tra\Application Data\Mozilla\Firefox\Profiles\d67kn4eb.Default User\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll FF - plugin: g:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: g:\program files\Java\j2re1.4.1_05\bin\NPJava11.dll FF - plugin: g:\program files\Java\j2re1.4.1_05\bin\NPJava12.dll FF - plugin: g:\program files\Java\j2re1.4.1_05\bin\NPJava13.dll FF - plugin: g:\program files\Java\j2re1.4.1_05\bin\NPJava32.dll FF - plugin: g:\program files\Java\j2re1.4.1_05\bin\NPJPI141_05.dll FF - plugin: g:\program files\Java\j2re1.4.1_05\bin\NPOJI610.dll FF - plugin: g:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll FF - plugin: g:\program files\Mozilla Firefox\plugins\npImgCtl.dll FF - plugin: g:\program files\Mozilla Firefox\plugins\npracplug.dll FF - plugin: g:\program files\Mozilla Firefox\plugins\npunagi2.dll FF - plugin: g:\program files\Mozilla Firefox\plugins\npViewpoint.dll FF - plugin: g:\program files\Mozilla Firefox\plugins\npyaxmpb.dll FF - plugin: g:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll FF - plugin: g:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - g:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHANS REMOVED - - - - URLSearchHooks-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - g:\program files\Dealio Toolbar\SearchSettings.dll BHO-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - g:\program files\Dealio Toolbar\DealioToolbarIE.dll BHO-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - g:\program files\Dealio Toolbar\SearchSettings.dll Toolbar-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - g:\program files\Dealio Toolbar\DealioToolbarIE.dll HKCU-Run-Mozilla Quick Launch - g:\program files\mozilla.org\Mozilla\Mozilla.exe HKCU-Run-updateMgr - g:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe HKLM-Run-SearchSettings - g:\program files\Dealio Toolbar\SearchSettings.exe SharedTaskScheduler-{82f52804-22c7-4d4f-b85b-54d5eddecc50} - g:\windows\system32\lawireyo.dll SharedTaskScheduler-{013ee333-ea95-43a4-b9dd-2f5d84fed0e0} - g:\windows\system32\fokivilo.dll SSODL-bugibovop-{82f52804-22c7-4d4f-b85b-54d5eddecc50} - g:\windows\system32\lawireyo.dll SSODL-figagirut-{013ee333-ea95-43a4-b9dd-2f5d84fed0e0} - g:\windows\system32\fokivilo.dll Notify-dimsntfy - (no file) SafeBoot-AVG Anti-Spyware Driver SafeBoot-AVG Anti-Spyware Guard SafeBoot-Symantec Antvirus MSConfigStartUp-SprintDSLSetup - d:\installs\BrdJmp\SprintDSLSetup.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-28 19:01 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKCU\Software\Microsoft\Windows\CurrentVersion\Run SansaDispatch = g:\documents and settings\Matt and Tra\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe???????????????????????????????????????????????????????????????????????????????????????????????? scanning hidden files ... g:\docume~1\MATTAN~1\LOCALS~1\Temp\catchme.dll 53248 bytes executable scan completed successfully hidden files: 1 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1645522239-1659004503-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\
  14. Hello, I'm trying to work through a persistenv Vundo virus. I believe I have beat it down mostly,but it keeps peeking up for air. I ran MalwareBytes, twice -- each time it found several instances of Vundo and some other things, but it could not clean a couple of the files both times. When I checked back, the files it said it could not clean, were not appearing. But this morning my automatic updates was disabled so I suspect Vundo is still there. Here are MalwareBytes and HijackThis logs, please let me know if you could kindly assist. Thanks. And yes, my main drive is mapped to G, not C, I had a bad sector once, and when I partitioned it away, for some reason I was thinking I couldn't use C, so I didn't. Malwarebytes' Anti-Malware 1.44 Database version: 3643 Windows 5.1.2600 Service Pack 2 Internet Explorer 8.0.6001.18702 1/26/2010 10:18:39 PM mbam-log-2010-01-26 (22-18-39).txt Scan type: Quick Scan Objects scanned: 124092 Time elapsed: 24 minute(s), 55 second(s) Memory Processes Infected: 0 Memory Modules Infected: 1 Registry Keys Infected: 20 Registry Values Infected: 5 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 14 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: G:\WINDOWS\system32\tusiheku.dll (Trojan.Vundo.H) -> Delete on reboot. Registry Keys Infected: HKEY_CLASSES_ROOT\ewebprefilldata.365 (Rogue.PCDocPro) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{fd96bc95-a0b9-4533-b0d3-8d47e9924d34} (Rogue.PCDocPro) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{4cc7b178-100e-4533-ba30-bdb668229bf9} (Rogue.PCDocPro) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{788c5a1b-3643-4e99-87df-e9e0c5b73691} (Rogue.PCDocPro) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{9512c7b2-2065-4774-a522-2effb4188331} (Rogue.PCDocPro) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{892f787f-b650-4a3e-aa5b-2b8021ce4d0a} (Rogue.PCDocPro) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a0b0e5ab-617c-4a7d-8a94-9937d24b6670} (Rogue.PCDocPro) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{b34ccd89-d1cd-4f9a-ba6c-936ba7f7a239} (Rogue.PCDocPro) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ewebprefilldata.365.1 (Rogue.PCDocPro) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ewebresultdata.365 (Rogue.PCDocPro) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ewebresultdata.365.1 (Rogue.PCDocPro) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ewebsdk.365 (Rogue.PCDocPro) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ewebsdk.365.1 (Rogue.PCDocPro) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services (Adware.Hotbar) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tozawukiw (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\G:\Program Files\Common Files\eSellerate\eWebControl365.dll (Rogue.PCDocPro) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4e7bd74f-2b8d-469e-86bd-fd60bb9aae3a} (Adware.OneToolBar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\wxfw.dll (Adware.Hotbar) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: tusiheku.dll -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: G:\WINDOWS\system32\bofofevu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. G:\WINDOWS\system32\hofalobu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. G:\WINDOWS\system32\kekasika.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. G:\WINDOWS\system32\kivumolo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. G:\WINDOWS\system32\lemovefo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. G:\WINDOWS\system32\pozayeda.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. G:\WINDOWS\system32\sihayuso.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. G:\WINDOWS\system32\tusiheku.dll (Trojan.Vundo.H) -> Delete on reboot. G:\WINDOWS\system32\wegubeva.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. G:\WINDOWS\system32\yihuhote.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. G:\Program Files\Common Files\eSellerate\eWebControl365.dll (Rogue.PCDocPro) -> Delete on reboot. G:\Documents and Settings\All Users\Application Data\husenafe.dll (Trojan.Agent) -> Quarantined and deleted successfully. G:\Program Files\zugovela.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully. G:\reset.cmd (Trojan.Agent) -> Quarantined and deleted successfully. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:08:23 AM, on 1/27/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: G:\WINDOWS\System32\smss.exe G:\WINDOWS\system32\winlogon.exe G:\WINDOWS\system32\services.exe G:\WINDOWS\system32\lsass.exe G:\WINDOWS\system32\svchost.exe G:\WINDOWS\System32\svchost.exe G:\WINDOWS\system32\svchost.exe G:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe G:\WINDOWS\Explorer.EXE G:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe G:\Program Files\Lavasoft\Ad-Aware\aawservice.exe G:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe G:\WINDOWS\system32\spoolsv.exe G:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe G:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe G:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe G:\Program Files\Common Files\Motive\McciCMService.exe G:\WINDOWS\System32\svchost.exe G:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe G:\WINDOWS\system32\devldr32.exe G:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe G:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe G:\Program Files\BroadJump\Client Foundation\CFD.exe G:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe G:\Program Files\Google\Gmail Notifier\gnotify.exe G:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe G:\Program Files\Seagate\SystemTray\StxMenuMgr.exe G:\Program Files\Common Files\Symantec Shared\ccApp.exe G:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe G:\Program Files\Spyware Doctor\pctsTray.exe G:\Program Files\Messenger\msmsgs.exe G:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE G:\WINDOWS\system32\ctfmon.exe G:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe G:\Documents and Settings\Matt and Tra\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe G:\Program Files\Windows Live\Messenger\msnmsgr.exe G:\Program Files\Olympus\DeviceDetector\DevDtct2.exe G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe G:\Program Files\Microsoft Broadband Networking\MSBNTray.exe G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe G:\Program Files\CASIO\Photo Loader\Plauto.exe G:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe G:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe G:\WINDOWS\System32\HPZipm12.exe G:\Program Files\Seagate\AutoBackup\MemeoBackup.exe G:\WINDOWS\System32\msiexec.exe G:\WINDOWS\system32\wuauclt.exe G:\WINDOWS\system32\rundll32.exe G:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE G:\Program Files\Mozilla Firefox\firefox.exe G:\Documents and Settings\Matt and Tra\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - G:\Program Files\Dealio Toolbar\SearchSettings.dll O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - G:\Program Files\Dealio Toolbar\DealioToolbarIE.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - G:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O2 - BHO: CitiUS Shared Browser Helper Object - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - G:\WINDOWS\System32\BhoCitUS.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - G:\Program Files\AVG\AVG8\avgssie.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - G:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - G:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - G:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - G:\Program Files\Dealio Toolbar\SearchSettings.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - G:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - G:\Program Files\Dealio Toolbar\DealioToolbarIE.dll O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - G:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O4 - HKLM\..\Run: [ViewMgr] G:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] G:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [bJCFD] G:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] G:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [CitiVAN] G:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe /dontopenmycards O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [stxTrayMenu] "G:\Program Files\Seagate\SystemTray\StxMenuMgr.exe" O4 - HKLM\..\Run: [ccApp] "G:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [searchSettings] G:\Program Files\Dealio Toolbar\SearchSettings.exe O4 - HKLM\..\Run: [Monitor] "G:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe" O4 - HKLM\..\Run: [iSTray] "G:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "G:\Program Files\Malwarebytes' Anti-Malware\VLdxejhQ8.exe" /runcleanupscript O4 - HKCU\..\Run: [MSMSGS] "G:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Mozilla Quick Launch] "G:\Program Files\mozilla.org\Mozilla\Mozilla.exe" -turbo O4 - HKCU\..\Run: [H/PC Connection Agent] "G:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] "G:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [DW6] "G:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" O4 - HKCU\..\Run: [sansaDispatch] G:\Documents and Settings\Matt and Tra\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe O4 - HKCU\..\Run: [msnmsgr] "G:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Startup: AutoBackup Launcher.lnk = G:\Program Files\Seagate\AutoBackup\MemeoLauncher.exe O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: APC UPS Status.lnk = ? O4 - Global Startup: Device Detector 3.lnk = G:\Program Files\Olympus\DeviceDetector\DevDtct2.exe O4 - Global Startup: hp psc 2000 Series.lnk = G:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: Microsoft Broadband Networking.lnk = ? O4 - Global Startup: Microsoft Office.lnk = G:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: officejet 6100.lnk = ? O4 - Global Startup: Photo Loader supervisory.lnk = G:\Program Files\CASIO\Photo Loader\Plauto.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://G:\WINDOWS\system32\GPhotos.scr/200 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\j2re1.4.1_05\bin\npjpi141_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\j2re1.4.1_05\bin\npjpi141_05.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - G:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - G:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - G:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: Citi - {4C730913-3961-439b-83D5-F4E445520422} - G:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - G:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - G:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Support - {0AA59B53-7423-49E0-92F6-305ACA23F347} - http://www.comcastsupport.com (file missing) (HKCU) O9 - Extra button: Help - {4CEDCF7B-21B1-4285-A85E-D09B3A211292} - http://www.comcast.net/memberservices/ (file missing) (HKCU) O9 - Extra button: ComcastHSI - {5F09D1D1-A173-4664-92E0-0346B00D97B5} - http://www.comcast.net (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/oas/ActiveX/MSDcode.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://64.124.45.181/downloads/ccpm_0237.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - G:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.gocyberlink.com/winxp/CheckDVD.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/24de8104498895...ip/RdxIE601.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/programs/OnlineScanner.cab O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1173709244937 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.winkflash.com/photo/loaders/ImageUploader4.cab O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - http://game02.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {C915801D-6F00-49CD-8A9A-8DE5C11ADDC1} (Pixami Drag/Drop Upload UI Control) - http://www.photoworks.com/pixami/DragDropUploader.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shock...ash/swflash.cab O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.disneyphotopass.com/software/ImageUploader4.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.com/resources/neutral/co....cab?10,0,910,0 O20 - AppInit_DLLs: NVDESK32.DLL g:\windows\system32\lawireyo.dll g:\windows\system32\fokivilo.dll,fuwojake.dll O21 - SSODL: bugibovop - {82f52804-22c7-4d4f-b85b-54d5eddecc50} - g:\windows\system32\lawireyo.dll (file missing) O21 - SSODL: figagirut - {013ee333-ea95-43a4-b9dd-2f5d84fed0e0} - g:\windows\system32\fokivilo.dll (file missing) O22 - SharedTaskScheduler: kupuhivus - {82f52804-22c7-4d4f-b85b-54d5eddecc50} - g:\windows\system32\lawireyo.dll (file missing) O22 - SharedTaskScheduler: gahurihor - {013ee333-ea95-43a4-b9dd-2f5d84fed0e0} - g:\windows\system32\fokivilo.dll (file missing) O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - G:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: APC UPS Service - American Power Conversion Corporation - G:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe O23 - Service: Apple Mobile Device - Apple, Inc. - G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - G:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Google Updater Service (gusvc) - Google - G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - G:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - G:\WINDOWS\System32\ImapiRox.exe O23 - Service: iPod Service - Apple Inc. - G:\Program Files\iPod\bin\iPodService.exe O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - G:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe O23 - Service: LiveUpdate - Symantec Corporation - G:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: McciCMService - Motive Communications, Inc. - G:\Program Files\Common Files\Motive\McciCMService.exe O23 - Service: Pml Driver HPZ12 - HP - G:\WINDOWS\System32\HPZipm12.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - G:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - G:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - G:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - G:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - G:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe O23 - Service: Symantec Core LC - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O24 - Desktop Component 1: (no name) - G:\Documents and Settings\Matt and Tra\Desktop\Traci\baby_desktop.html -- End of file - 18088 bytes
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.