http://htepo.com/ceh...4D8DC2DA45E9526
rather than to my usual homepage. When I navigate between pages, the browser will sometimes be redirected to other sites (some of them offering security programs) or sometimes another window will open on top of the one that I am reading. In addition, while the computer is running (whether or not Internet Explorer is open) text balloons appear in the lower right-hand part of the screen with messages such as 'System Alert: Your system is infected with Spy.trojan.win32', 'System Alert: Malware threats', or 'System performance warning', together with other details.
I have followed carefully the steps on your 'You must read this...' page, running ATF Cleaner, performing System Restore, scanning with AVG Anti-Spyware, SUPERAntiSpyware and PandaActivescan. AVG and SAS found numerous threats, which I quarantined or deleted, as recommended by the programs; the logs are reproduced below. I attempted to load Windows SP1a, but this was not permitted as I already have a more recent version on my system. Finally, I ran HijackThis; the log is reproduced below.
I'm not sure what else I can do here, which is why I am posting this request for help. I appreciate whatever you might be able to do for me.
SUPERAntiSpyware Scan Log:
SUPERAntiSpyware Scan Log
Generated 11/11/2007 at 11:15 PM
Application Version : 3.6.1000
Core Rules Database Version : 3342
Trace Rules Database Version: 1343
Scan type : Complete Scan
Total Scan Time : 01:17:53
Memory items scanned : 632
Memory threats detected : 2
Registry items scanned : 6217
Registry threats detected : 19
File items scanned : 65072
File threats detected : 64
Adware.Vundo-Variant
C:\WINDOWS\SYSTEM32\UNAJYXGD.DLL
C:\WINDOWS\SYSTEM32\UNAJYXGD.DLL
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\unajyxgd
C:\WINDOWS\SYSTEM32\MONQABJM.DLL
C:\WINDOWS\SYSTEM32\RXHTXWVW.DLL
Trojan.WinFixer
C:\WINDOWS\SYSTEM32\DDCCB.DLL
C:\WINDOWS\SYSTEM32\DDCCB.DLL
HKLM\Software\Classes\CLSID\{23D82F66-4124-46C7-86ED-2ED9345BF90F}
HKCR\CLSID\{23D82F66-4124-46C7-86ED-2ED9345BF90F}
HKCR\CLSID\{23D82F66-4124-46C7-86ED-2ED9345BF90F}\InprocServer32
HKCR\CLSID\{23D82F66-4124-46C7-86ED-2ED9345BF90F}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{23D82F66-4124-46C7-86ED-2ED9345BF90F}
Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}
HKCR\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}
HKCR\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}
HKCR\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}\InprocServer32
HKCR\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{11A69AE4-FBED-4832-A2BF-45AF82825583}
HKU\S-1-5-21-4259301892-4040164625-4016269280-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{11A69AE4-FBED-4832-A2BF-45AF82825583}
Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}
HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}
HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}\InprocServer32
HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}
HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}
Adware.Tracking Cookie
C:\Documents and Settings\David Oakes\Cookies\david_oakes@linksynergy[1].txt
Trojan.Unknown Origin
C:\DOCUMENTS AND SETTINGS\DAVID OAKES\LOCAL SETTINGS\TEMP\ICO1.TMP
C:\DOCUMENTS AND SETTINGS\DAVID OAKES\LOCAL SETTINGS\TEMP\ICO10.TMP
C:\DOCUMENTS AND SETTINGS\DAVID OAKES\LOCAL SETTINGS\TEMP\ICO11.TMP
C:\DOCUMENTS AND SETTINGS\DAVID OAKES\LOCAL SETTINGS\TEMP\ICO12.TMP
C:\DOCUMENTS AND SETTINGS\DAVID OAKES\LOCAL SETTINGS\TEMP\ICO13.TMP
C:\DOCUMENTS AND SETTINGS\DAVID OAKES\LOCAL SETTINGS\TEMP\ICO14.TMP
C:\DOCUMENTS AND SETTINGS\DAVID OAKES\LOCAL SETTINGS\TEMP\ICO15.TMP
C:\DOCUMENTS AND SETTINGS\DAVID OAKES\LOCAL SETTINGS\TEMP\ICO16.TMP
C:\DOCUMENTS AND SETTINGS\DAVID OAKES\LOCAL SETTINGS\TEMP\ICO17.TMP
C:\DOCUMENTS AND SETTINGS\DAVID OAKES\LOCAL SETTINGS\TEMP\ICO18.TMP
C:\DOCUMENTS AND SETTINGS\DAVID OAKES\LOCAL SETTINGS\TEMP\ICO19.TMP
C:\DOCUMENTS AND SETTINGS\DAVID OAKES\LOCAL SETTINGS\TEMP\ICO1A.TMP
C:\DOCUMENTS AND SETTINGS\DAVID OAKES\LOCAL SETTINGS\TEMP\ICO1B.TMP
C:\DOCUMENTS AND SETTINGS\DAVID OAKES\LOCAL SETTINGS\TEMP\ICO1C.TMP
C:\DOCUMENTS AND SETTINGS\DAVID OAKES\LOCAL SETTINGS\TEMP\ICO1D.TMP
C:\DOCUMENTS AND SETTINGS\DAVID OAKES\LOCAL SETTINGS\TEMP\ICO1E.TMP
C:\DOCUMENTS AND SETTINGS\DAVID OAKES\LOCAL SETTINGS\TEMP\ICO1F.TMP
C:\DOCUMENTS AND SETTINGS\DAVID OAKES\LOCAL SETTINGS\TEMP\ICO2.TMP
C:\DOCUMENTS AND SETTINGS\DAVID OAKES\LOCAL SETTINGS\TEMP\ICO20.TMP
C:\DOCUMENTS AND SETTINGS\DAVID OAKES\LOCAL SETTINGS\TEMP\ICO21.TMP
C:\DOCUMENTS AND SETTINGS\DAVID OAKES\LOCAL SETTINGS\TEMP\ICO22.TMP
C:\DOCUMENTS AND SETTINGS\DAVID OAKES\LOCAL SETTINGS\TEMP\ICO23.TMP
C:\DOCUMENTS AND SETTINGS\DAVID OAKES\LOCAL SETTINGS\TEMP\ICO24.TMP
C:\DOCUMENTS AND SETTINGS\DAVID OAKES\LOCAL SETTINGS\TEMP\ICO25.TMP
C:\DOCUMENTS AND SETTINGS\DAVID OAKES\LOCAL SETTINGS\TEMP\ICO26.TMP
C:\DOCUMENTS AND SETTINGS\DAVID OAKES\LOCAL SETTINGS\TEMP\ICO27.TMP
C:\DOCUMENTS AND SETTINGS\DAVID OAKES\LOCAL SETTINGS\TEMP\ICO28.TMP
C:\DOCUMENTS AND SETTINGS\DAVID OAKES\LOCAL SETTINGS\TEMP\ICO29.TMP
C:\DOCUMENTS AND SETTINGS\DAVID OAKES\LOCAL SETTINGS\TEMP\ICO2A.TMP
C:\DOCUMENTS AND SETTINGS\DAVID OAKES\LOCAL SETTINGS\TEMP\ICO2B.TMP
C:\DOCUMENTS AND SETTINGS\DAVID OAKES\LOCAL SETTINGS\TEMP\ICO2C.TMP
C:\DOCUMENTS AND SETTINGS\DAVID OAKES\LOCAL SETTINGS\TEMP\ICO2D.TMP
C:\DOCUMENTS AND SETTINGS\DAVID OAKES\LOCAL SETTINGS\TEMP\ICO2E.TMP
C:\DOCUMENTS AND SETTINGS\DAVID OAKES\LOCAL SETTINGS\TEMP\ICO2F.TMP
C:\DOCUMENTS AND SETTINGS\DAVID OAKES\LOCAL SETTINGS\TEMP\ICO3.TMP
C:\DOCUMENTS AND SETTINGS\DAVID OAKES\LOCAL SETTINGS\TEMP\ICO30.TMP
C:\DOCUMENTS AND SETTINGS\DAVID OAKES\LOCAL SETTINGS\TEMP\ICO31.TMP
C:\DOCUMENTS AND SETTINGS\DAVID OAKES\LOCAL SETTINGS\TEMP\ICO32.TMP
C:\DOCUMENTS AND SETTINGS\DAVID OAKES\LOCAL SETTINGS\TEMP\ICO33.TMP
C:\DOCUMENTS AND SETTINGS\DAVID OAKES\LOCAL SETTINGS\TEMP\ICO34.TMP
C:\DOCUMENTS AND SETTINGS\DAVID OAKES\LOCAL SETTINGS\TEMP\ICO35.TMP
C:\DOCUMENTS AND SETTINGS\DAVID OAKES\LOCAL SETTINGS\TEMP\ICO37.TMP
C:\DOCUMENTS AND SETTINGS\DAVID OAKES\LOCAL SETTINGS\TEMP\ICO38.TMP
C:\DOCUMENTS AND SETTINGS\DAVID OAKES\LOCAL SETTINGS\TEMP\ICO3A.TMP
C:\DOCUMENTS AND SETTINGS\DAVID OAKES\LOCAL SETTINGS\TEMP\ICO4.TMP
C:\DOCUMENTS AND SETTINGS\DAVID OAKES\LOCAL SETTINGS\TEMP\ICO5.TMP
C:\DOCUMENTS AND SETTINGS\DAVID OAKES\LOCAL SETTINGS\TEMP\ICO6.TMP
C:\DOCUMENTS AND SETTINGS\DAVID OAKES\LOCAL SETTINGS\TEMP\ICO7.TMP
C:\DOCUMENTS AND SETTINGS\DAVID OAKES\LOCAL SETTINGS\TEMP\ICO8.TMP
C:\DOCUMENTS AND SETTINGS\DAVID OAKES\LOCAL SETTINGS\TEMP\ICO9.TMP
C:\DOCUMENTS AND SETTINGS\DAVID OAKES\LOCAL SETTINGS\TEMP\ICOA.TMP
C:\DOCUMENTS AND SETTINGS\DAVID OAKES\LOCAL SETTINGS\TEMP\ICOB.TMP
C:\DOCUMENTS AND SETTINGS\DAVID OAKES\LOCAL SETTINGS\TEMP\ICOC.TMP
C:\DOCUMENTS AND SETTINGS\DAVID OAKES\LOCAL SETTINGS\TEMP\ICOD.TMP
C:\DOCUMENTS AND SETTINGS\DAVID OAKES\LOCAL SETTINGS\TEMP\ICOE.TMP
C:\DOCUMENTS AND SETTINGS\DAVID OAKES\LOCAL SETTINGS\TEMP\ICOF.TMP
Trojan.Downloader-Gen/DDC
C:\DOCUMENTS AND SETTINGS\DAVID OAKES\LOCAL SETTINGS\TEMP\SKXEGKCY.EXE
C:\DOCUMENTS AND SETTINGS\DAVID OAKES\LOCAL SETTINGS\TEMP\VFBJEAXE.EXE
C:\DOCUMENTS AND SETTINGS\DAVID OAKES\LOCAL SETTINGS\TEMP\WFRRQECJ.EXE
Activescan Report:
Incident Status Location
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\unajyxgd.dll
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\David Oakes\Application Data\Mozilla\Firefox\Profiles\5aay8ykv.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\David Oakes\Cookies\david_oakes@doubleclick[1].txt
Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\David Oakes\Cookies\david_oakes@linksynergy[1].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\David Oakes\Cookies\[email protected][1].txt
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\David Oakes\Local Settings\Temp\aepsektk.exe
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\David Oakes\Local Settings\Temp\hhswcyux.exe
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\David Oakes\Local Settings\Temp\qudlufxn.exe
HijackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 11:50:33, on 12/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ig?hl=en
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.ca...i...&channel=ca
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\unajyxgd.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NI.UGA6P_0001_N122M2210] "C:\Documents and Settings\David Oakes\Local Settings\Temp\wintavsnet.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [9cdcbe61] rundll32.exe "C:\WINDOWS\system32\ydualtpc.dll",b
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: OCRAWARE.lnk = C:\OPLIMIT\OCRAWARE.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - AppInit_DLLs: wxvault.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: NTRU Hybrid TSS v2.0.7 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
Incidentally, I clicked on Save list... to save the uninstall list from HijackThis, but no text file was produced. There is a .dat file in the HijackThis folder, but I have not attempted to open it.
My thanks again for any help you can offer.
Sign In
Create Account
