I've been having frequent sysprotect pop-ups when using Internet Explorer, so I switched my browser to Firefox and am still occasionally geting the sysprotect pop-up but not as often. I consulted the malware forum for a possible correction but none have helped as of yet. I did not delete anything within the HijackThis! program so I'm thinking that it most likely why, not exactly sure though.
Anyways...what have I done the most recently(today)?
Ran Ad-aware SE which came up with Virtumonde ad-aware being located, quaratined and then "removed"
Ran the ATF cleaner
Vundo.exe program where I run it as a task and then remove vundo and restarted my computer. However,
I did not run the Vundo.exe in safe mode as of yet
I then ran an Ewido scan and saved a log (see below)
Ran Ad-aware SE again, this time no Virtumonde ad-aware located
Then HijackThis! and saved a log (see below) and didn't fix anything
Any help would be appreciated.
Thanks!
EWIDO LOG (not sure if this is necessary)
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 10:32:23 AM, 5/19/2006
+ Report-Checksum: 96F76C05
+ Scan result:
:mozilla.7:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.141:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.142:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.294:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.295:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.296:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.297:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.298:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
::Report End
---------------
Logfile of HijackThis v1.99.1
Scan saved at 10:35:50 AM, on 5/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
c:\Toshiba\Ivp\Swupdate\swupdtmr.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\EzButton\EzButton.EXE
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\TrojanHunter 4.5\THGuard.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Hijack This\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SE...S01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 168.94.74.68:8080
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NI.UWFX5] "C:\Documents and Settings\Amanda\Local Settings\Temporary Internet Files\Content.IE5\ZR75UJN9\WinFixer2005ScannerInstall[1].exe"
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [Pinger] C:\TOSHIBA\IVP\ISM\pinger.exe /run
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AEGIS Client.lnk = ?
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?81e707279d0b465595bae42f5a42f5bd
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?81e707279d0b465595bae42f5a42f5bd
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://files.member....s/sbc/yinst.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay10...es/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1102117368593
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1128186418812
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://weddingchanne..._1/axofupld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photogize...geUploader3.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akama...ol/SymDlBrg.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...rl/SymAData.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - D:\CDS300\__CDS2.dll (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\Ivp\Swupdate\swupdtmr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe