I was surfing last night (IE) and the screen started jumping and finally froze. I opened Windows Task Manager and hit End Task. The entire system (Word, IE, Outlook) shut down and automatically rebooted. When I came back to the computer this morning, my AVG (free edition) was showing a red "X" on the task bar and an open dialog box above it advised of "threats". AVG had never done this before. I scanned the system and came up with 6 theats - four different types of Trojan Horse viruses...downloader, dropper, pakes.P and a generic. I Googled and found Computer Hope, searched for a solution and found the "read before requesting malware removal help". I have completed all six steps and will add the requested logs below. The red "X" and dialog box are now gone and the system is running well but I understand there may be some final steps to be taken...
My system is a two-year-old AMD Athlon 64 x 2 duel core processor 4000+, 2.09 GHz with 2.87 GB RAM. I'm running XP, 2002 version, SP3. My audio/video cards are ATI HDMI and Realtek HD. Again, my antivirus is AVG free. All of my software was purchased and has serial numbers and installation disks.
I VERY much appreciate your time and any assistance you are able to provide!!
SUPERAntiSpyware Scan Log
http://www.superantispyware.comGenerated 09/26/2009 at 05:14 PM
Application Version : 4.29.1002
Core Rules Database Version : 4126
Trace Rules Database Version: 2065
Scan type : Complete Scan
Total Scan Time : 03:29:31
Memory items scanned : 791
Memory threats detected : 2
Registry items scanned : 7538
Registry threats detected : 15
File items scanned : 222427
File threats detected : 101
Trojan.Dropper/Gen-NV
C:\DOCUMENTS AND SETTINGS\LAURIE\APPLICATION DATA\SVCST.EXE
C:\DOCUMENTS AND SETTINGS\LAURIE\APPLICATION DATA\SVCST.EXE
C:\DOCUMENTS AND SETTINGS\LAURIE\APPLICATION DATA\SERES.EXE
C:\DOCUMENTS AND SETTINGS\LAURIE\APPLICATION DATA\SERES.EXE
[mserv] C:\DOCUMENTS AND SETTINGS\LAURIE\APPLICATION DATA\SVCST.EXE
[svchost] C:\DOCUMENTS AND SETTINGS\LAURIE\APPLICATION DATA\SVCST.EXE
C:\WINDOWS\Prefetch\SERES.EXE-0866E353.pf
C:\WINDOWS\Prefetch\SVCST.EXE-0BF3099C.pf
Adware.URLBlaze
HKLM\Software\Classes\CLSID\{CE7C3CF0-4B15-11D1-ABED-709549C10000}
HKCR\CLSID\{CE7C3CF0-4B15-11D1-ABED-709549C10000}
HKCR\CLSID\{CE7C3CF0-4B15-11D1-ABED-709549C10000}
HKCR\CLSID\{CE7C3CF0-4B15-11D1-ABED-709549C10000}\InprocServer32
HKCR\CLSID\{CE7C3CF0-4B15-11D1-ABED-709549C10000}\InprocServer32#ThreadingModel
HKCR\CLSID\{CE7C3CF0-4B15-11D1-ABED-709549C10000}\ProgID
HKCR\CLSID\{CE7C3CF0-4B15-11D1-ABED-709549C10000}\Programmable
HKCR\CLSID\{CE7C3CF0-4B15-11D1-ABED-709549C10000}\VersionIndependentProgID
HKCR\IEHlprObj.IEHlprObj.1
HKCR\IEHlprObj.IEHlprObj.1\CLSID
HKCR\IEHlprObj.IEHlprObj
C:\LOTUS\ORG6\ORGANIZE\IEHELPER.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CE7C3CF0-4B15-11D1-ABED-709549C10000}
HKU\S-1-5-21-1588278166-2062467409-1790443567-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CE7C3CF0-4B15-11D1-ABED-709549C10000}
Adware.Tracking Cookie
C:\Documents and Settings\Laurie\Cookies\laurie@atdmt[2].txt
C:\Edit\Documents and Settings\Laurie\Cookies\
[email protected][2].txt
C:\Edit\Documents and Settings\Laurie\Cookies\
[email protected][1].txt
C:\Edit\Documents and Settings\Laurie\Cookies\
[email protected][1].txt
C:\Edit\Documents and Settings\Laurie\Cookies\
[email protected][1].txt
C:\Edit\Documents and Settings\Laurie\Cookies\laurie@adecn[2].txt
C:\Edit\Documents and Settings\Laurie\Cookies\laurie@adinterax[2].txt
C:\Edit\Documents and Settings\Laurie\Cookies\laurie@adlegend[1].txt
C:\Edit\Documents and Settings\Laurie\Cookies\
[email protected][2].txt
C:\Edit\Documents and Settings\Laurie\Cookies\
[email protected][2].txt
C:\Edit\Documents and Settings\Laurie\Cookies\
[email protected][1].txt
C:\Edit\Documents and Settings\Laurie\Cookies\
[email protected][2].txt
C:\Edit\Documents and Settings\Laurie\Cookies\
[email protected][1].txt
C:\Edit\Documents and Settings\Laurie\Cookies\
[email protected][2].txt
C:\Edit\Documents and Settings\Laurie\Cookies\
[email protected][1].txt
C:\Edit\Documents and Settings\Laurie\Cookies\
[email protected][2].txt
C:\Edit\Documents and Settings\Laurie\Cookies\
[email protected][1].txt
C:\Edit\Documents and Settings\Laurie\Cookies\
[email protected][1].txt
C:\Edit\Documents and Settings\Laurie\Cookies\
[email protected][1].txt
C:\Edit\Documents and Settings\Laurie\Cookies\laurie@apmebf[2].txt
C:\Edit\Documents and Settings\Laurie\Cookies\
[email protected][1].txt
C:\Edit\Documents and Settings\Laurie\Cookies\
[email protected][1].txt
C:\Edit\Documents and Settings\Laurie\Cookies\laurie@bizrate[1].txt
C:\Edit\Documents and Settings\Laurie\Cookies\
[email protected][1].txt
C:\Edit\Documents and Settings\Laurie\Cookies\
[email protected][1].txt
C:\Edit\Documents and Settings\Laurie\Cookies\
[email protected][2].txt
C:\Edit\Documents and Settings\Laurie\Cookies\
[email protected][2].txt
C:\Edit\Documents and Settings\Laurie\Cookies\laurie@clicksor[1].txt
C:\Edit\Documents and Settings\Laurie\Cookies\laurie@clicktorrent[1].txt
C:\Edit\Documents and Settings\Laurie\Cookies\
[email protected][1].txt
C:\Edit\Documents and Settings\Laurie\Cookies\
[email protected][1].txt
C:\Edit\Documents and Settings\Laurie\Cookies\
[email protected][1].txt
C:\Edit\Documents and Settings\Laurie\Cookies\
[email protected][1].txt
C:\Edit\Documents and Settings\Laurie\Cookies\
[email protected][2].txt
C:\Edit\Documents and Settings\Laurie\Cookies\
[email protected][2].txt
C:\Edit\Documents and Settings\Laurie\Cookies\
[email protected][2].txt
C:\Edit\Documents and Settings\Laurie\Cookies\
[email protected][2].txt
C:\Edit\Documents and Settings\Laurie\Cookies\
[email protected][2].txt
C:\Edit\Documents and Settings\Laurie\Cookies\
[email protected][2].txt
C:\Edit\Documents and Settings\Laurie\Cookies\
[email protected][2].txt
C:\Edit\Documents and Settings\Laurie\Cookies\
[email protected][2].txt
C:\Edit\Documents and Settings\Laurie\Cookies\
[email protected][1].txt
C:\Edit\Documents and Settings\Laurie\Cookies\
[email protected][2].txt
C:\Edit\Documents and Settings\Laurie\Cookies\
[email protected][2].txt
C:\Edit\Documents and Settings\Laurie\Cookies\
[email protected][2].txt
C:\Edit\Documents and Settings\Laurie\Cookies\
[email protected][2].txt
C:\Edit\Documents and Settings\Laurie\Cookies\
[email protected][1].txt
C:\Edit\Documents and Settings\Laurie\Cookies\
[email protected][2].txt
C:\Edit\Documents and Settings\Laurie\Cookies\laurie@findarticles[2].txt
C:\Edit\Documents and Settings\Laurie\Cookies\
[email protected][1].txt
C:\Edit\Documents and Settings\Laurie\Cookies\
[email protected][1].txt
C:\Edit\Documents and Settings\Laurie\Cookies\
[email protected][2].txt
C:\Edit\Documents and Settings\Laurie\Cookies\
[email protected][3].txt
C:\Edit\Documents and Settings\Laurie\Cookies\
[email protected][1].txt
C:\Edit\Documents and Settings\Laurie\Cookies\laurie@imrworldwide[2].txt
C:\Edit\Documents and Settings\Laurie\Cookies\laurie@indexstats[2].txt
C:\Edit\Documents and Settings\Laurie\Cookies\laurie@indextools[2].txt
C:\Edit\Documents and Settings\Laurie\Cookies\laurie@insightexpressai[1].txt
C:\Edit\Documents and Settings\Laurie\Cookies\
[email protected][1].txt
C:\Edit\Documents and Settings\Laurie\Cookies\
[email protected][2].txt
C:\Edit\Documents and Settings\Laurie\Cookies\laurie@media6degrees[2].txt
C:\Edit\Documents and Settings\Laurie\Cookies\
[email protected][1].txt
C:\Edit\Documents and Settings\Laurie\Cookies\
[email protected][1].txt
C:\Edit\Documents and Settings\Laurie\Cookies\laurie@partner2profit[2].txt
C:\Edit\Documents and Settings\Laurie\Cookies\laurie@roiservice[1].txt
C:\Edit\Documents and Settings\Laurie\Cookies\
[email protected][1].txt
C:\Edit\Documents and Settings\Laurie\Cookies\
[email protected][3].txt
C:\Edit\Documents and Settings\Laurie\Cookies\
[email protected][4].txt
C:\Edit\Documents and Settings\Laurie\Cookies\
[email protected][2].txt
C:\Edit\Documents and Settings\Laurie\Cookies\
[email protected][3].txt
C:\Edit\Documents and Settings\Laurie\Cookies\
[email protected][2].txt
C:\Edit\Documents and Settings\Laurie\Cookies\
[email protected][1].txt
C:\Edit\Documents and Settings\Laurie\Cookies\
[email protected][2].txt
C:\Edit\Documents and Settings\Laurie\Cookies\laurie@specificclick[1].txt
C:\Edit\Documents and Settings\Laurie\Cookies\
[email protected][1].txt
C:\Edit\Documents and Settings\Laurie\Cookies\
[email protected][2].txt
C:\Edit\Documents and Settings\Laurie\Cookies\laurie@traffic[2].txt
C:\Edit\Documents and Settings\Laurie\Cookies\
[email protected][2].txt
C:\Edit\Documents and Settings\Laurie\Cookies\laurie@versiontracker[2].txt
C:\Edit\Documents and Settings\Laurie\Cookies\
[email protected][2].txt
C:\Edit\Documents and Settings\Laurie\Cookies\
[email protected][3].txt
C:\Edit\Documents and Settings\Laurie\Cookies\
[email protected][1].txt
C:\Edit\Documents and Settings\Laurie\Cookies\
[email protected][1].txt
C:\Edit\Documents and Settings\Laurie\Cookies\
[email protected][1].txt
C:\Edit\Documents and Settings\Laurie\Cookies\
[email protected][1].txt
C:\Edit\Documents and Settings\Laurie\Cookies\
[email protected][1].txt
C:\Edit\Documents and Settings\Laurie\Cookies\
[email protected][2].txt
C:\Edit\Documents and Settings\Laurie\Cookies\
[email protected][3].txt
C:\Edit\Documents and Settings\Laurie\Cookies\
[email protected][4].txt
C:\Edit\Documents and Settings\Laurie\Cookies\
[email protected][5].txt
C:\Edit\Documents and Settings\Laurie\Cookies\
[email protected][6].txt
C:\Edit\Documents and Settings\Laurie\Cookies\
[email protected][1].txt
C:\Edit\Documents and Settings\Laurie\Cookies\laurie@xiti[1].txt
Trojan.Agent/Gen
C:\DDQUD.EXE
Trojan.Unclassified-SysInfo/AVP
C:\DOCUMENTS AND SETTINGS\LAURIE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\OUTLOOK\RECYCLER\S-1-5-21-1588278166-2062467409-1790443567-1004\DC338\ORG6\REGISTER\SYSINFO.EXE
Trojan.Dropper/Gen
C:\WINDOWS\SYSTEM32\~.EXE
Malwarebytes' Anti-Malware 1.41
Database version: 2864
Windows 5.1.2600 Service Pack 3
9/26/2009 6:14:24 PM
mbam-log-2009-09-26 (18-14-24).txt
Scan type: Quick Scan
Objects scanned: 108294
Time elapsed: 5 minute(s), 9 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\cqfuy.exe (Trojan.Sasfis) -> Quarantined and deleted successfully.
C:\yhjj.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:37:18 PM, on 9/26/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\NoteBurner\VTBurnerGUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
C:\Program Files\CMS Products\BounceBack Express\BBLauncher.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\lotus\org6\organize\EASYCLIP6.EXE
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\PayPal\PayPal Plug-In\RBroker.exe
C:\Program Files\Trend Micro\sniper.exe\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by SHAW Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NoteBurner] C:\Program Files\NoteBurner\VTBurnerGUI.exe /silence
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EPSON Stylus CX9400Fax Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICFA.EXE /FU "C:\DOCUME~1\Laurie\LOCALS~1\Temp\E_S1A1.tmp" /EF "HKCU"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Audible Download Manager.lnk = C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
O4 - Global Startup: BounceBack Launcher.lnk = ?
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Lotus Organizer EasyClip.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Web Entry - {B4E30F61-16D9-11D3-85D1-005004229569} - C:\lotus\org6\organize\bandobjs.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) -
http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cabO16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) -
http://www.linkedin.com/cab/LinkedInContactFinderControl.cabO16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) -
http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cabO16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) -
http://www.imgag.com/cp/install/Crusher.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) -
https://theknotevents.webex.com/client/T26L/nbr/ieatgpc.cabO16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) -
http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cabO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
--
End of file - 15195 bytes
Thanks, again, and I await your reply!!
Laurie
