Thread: Computer running very slow: Hijack this log included
View Single Post
Join Date: Jul 2004
Posts: 17
Reputation: Amanda is an unknown quantity at this point 
Solved Threads: 0
Amanda Amanda is offline Offline
Newbie Poster

Re: Computer running very slow: Hijack this log included

 
0
  #3
Jan 8th, 2009
Judy, Thanks for your help so far! I was not able to use the ESET online scanner, well it scanned but would not remove because I needed to purchase the program, so I used Panda Active Scan.

Malwarebytes' Anti-Malware 1.32
Database version: 1632
Windows 5.1.2600 Service Pack 3

1/8/2009 2:35:12 PM
mbam-log-2009-01-08 (14-35-12).txt

Scan type: Full Scan (C:\|F:\|G:\|H:\|I:\|)
Objects scanned: 102979
Time elapsed: 41 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 4
Registry Keys Infected: 18
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 82

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\esjamres.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\qoMggefC.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\nmakbv.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\gdxfok.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2aebfc35-7dc5-4a26-a92e-d58166c8087d} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{2aebfc35-7dc5-4a26-a92e-d58166c8087d} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ljjbrrjk (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b72a819f-fb91-416a-866f-ccf0ff222097} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b72a819f-fb91-416a-866f-ccf0ff222097} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c8101ac8-e15c-4d9f-b000-0e38870fb715} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c8101ac8-e15c-4d9f-b000-0e38870fb715} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2aebfc35-7dc5-4a26-a92e-d58166c8087d} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\f85a65f1 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\qomggefc -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\qomggefc -> Delete on reboot.

Folders Infected:
C:\Documents and Settings\Tamara Watts\Application Data\gadcom (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\qoMggefC.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\CfeggMoq.ini (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\CfeggMoq.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ljJBrRjK.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\adgavuaj.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jauvagda.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\esjamres.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\sermajse.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nmakbv.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\gdxfok.dll (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\Tamara Watts\Local Settings\Temporary Internet Files\Content.IE5\L9KG8XZ7\upd105320[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tamara Watts\Local Settings\Temporary Internet Files\Content.IE5\SN4ER0BZ\index[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{781B9E0A-A9F9-4D72-8CBE-54724B1293CB}\RP566\A0097026.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{781B9E0A-A9F9-4D72-8CBE-54724B1293CB}\RP566\A0097018.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{781B9E0A-A9F9-4D72-8CBE-54724B1293CB}\RP566\A0097019.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{781B9E0A-A9F9-4D72-8CBE-54724B1293CB}\RP566\A0097028.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{781B9E0A-A9F9-4D72-8CBE-54724B1293CB}\RP566\A0097029.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{781B9E0A-A9F9-4D72-8CBE-54724B1293CB}\RP566\A0097030.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{781B9E0A-A9F9-4D72-8CBE-54724B1293CB}\RP566\A0097032.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{781B9E0A-A9F9-4D72-8CBE-54724B1293CB}\RP566\A0097034.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{781B9E0A-A9F9-4D72-8CBE-54724B1293CB}\RP566\A0097035.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{781B9E0A-A9F9-4D72-8CBE-54724B1293CB}\RP566\A0097037.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{781B9E0A-A9F9-4D72-8CBE-54724B1293CB}\RP566\A0097040.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{781B9E0A-A9F9-4D72-8CBE-54724B1293CB}\RP566\A0097041.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{781B9E0A-A9F9-4D72-8CBE-54724B1293CB}\RP566\A0097042.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{781B9E0A-A9F9-4D72-8CBE-54724B1293CB}\RP566\A0097048.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{781B9E0A-A9F9-4D72-8CBE-54724B1293CB}\RP566\A0097049.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{781B9E0A-A9F9-4D72-8CBE-54724B1293CB}\RP566\A0097055.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{781B9E0A-A9F9-4D72-8CBE-54724B1293CB}\RP566\A0097056.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{781B9E0A-A9F9-4D72-8CBE-54724B1293CB}\RP566\A0097057.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{781B9E0A-A9F9-4D72-8CBE-54724B1293CB}\RP566\A0097058.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{781B9E0A-A9F9-4D72-8CBE-54724B1293CB}\RP566\A0097059.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{781B9E0A-A9F9-4D72-8CBE-54724B1293CB}\RP620\A0121614.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{781B9E0A-A9F9-4D72-8CBE-54724B1293CB}\RP620\A0121616.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{781B9E0A-A9F9-4D72-8CBE-54724B1293CB}\RP620\A0121617.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{781B9E0A-A9F9-4D72-8CBE-54724B1293CB}\RP620\A0121618.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{781B9E0A-A9F9-4D72-8CBE-54724B1293CB}\RP620\A0121619.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{781B9E0A-A9F9-4D72-8CBE-54724B1293CB}\RP620\A0121620.dll (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{781B9E0A-A9F9-4D72-8CBE-54724B1293CB}\RP620\A0121621.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{781B9E0A-A9F9-4D72-8CBE-54724B1293CB}\RP620\A0121623.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{781B9E0A-A9F9-4D72-8CBE-54724B1293CB}\RP620\A0121624.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{781B9E0A-A9F9-4D72-8CBE-54724B1293CB}\RP620\A0121625.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{781B9E0A-A9F9-4D72-8CBE-54724B1293CB}\RP620\A0121627.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{781B9E0A-A9F9-4D72-8CBE-54724B1293CB}\RP620\A0121629.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{781B9E0A-A9F9-4D72-8CBE-54724B1293CB}\RP620\A0121630.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{781B9E0A-A9F9-4D72-8CBE-54724B1293CB}\RP620\A0121634.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{781B9E0A-A9F9-4D72-8CBE-54724B1293CB}\RP620\A0121635.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{781B9E0A-A9F9-4D72-8CBE-54724B1293CB}\RP620\A0121637.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{781B9E0A-A9F9-4D72-8CBE-54724B1293CB}\RP620\A0121639.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{781B9E0A-A9F9-4D72-8CBE-54724B1293CB}\RP620\A0121641.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{781B9E0A-A9F9-4D72-8CBE-54724B1293CB}\RP620\A0121644.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{781B9E0A-A9F9-4D72-8CBE-54724B1293CB}\RP620\A0121650.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{781B9E0A-A9F9-4D72-8CBE-54724B1293CB}\RP636\A0127935.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{781B9E0A-A9F9-4D72-8CBE-54724B1293CB}\RP638\A0128039.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{781B9E0A-A9F9-4D72-8CBE-54724B1293CB}\RP638\A0128049.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{781B9E0A-A9F9-4D72-8CBE-54724B1293CB}\RP579\A0116097.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{781B9E0A-A9F9-4D72-8CBE-54724B1293CB}\RP579\A0116098.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{781B9E0A-A9F9-4D72-8CBE-54724B1293CB}\RP579\A0116099.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{781B9E0A-A9F9-4D72-8CBE-54724B1293CB}\RP579\A0116100.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{781B9E0A-A9F9-4D72-8CBE-54724B1293CB}\RP579\A0116103.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{781B9E0A-A9F9-4D72-8CBE-54724B1293CB}\RP579\A0116104.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{781B9E0A-A9F9-4D72-8CBE-54724B1293CB}\RP579\A0116107.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{781B9E0A-A9F9-4D72-8CBE-54724B1293CB}\RP579\A0116109.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{781B9E0A-A9F9-4D72-8CBE-54724B1293CB}\RP579\A0116110.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{781B9E0A-A9F9-4D72-8CBE-54724B1293CB}\RP579\A0116112.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{781B9E0A-A9F9-4D72-8CBE-54724B1293CB}\RP579\A0116114.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{781B9E0A-A9F9-4D72-8CBE-54724B1293CB}\RP579\A0116115.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{781B9E0A-A9F9-4D72-8CBE-54724B1293CB}\RP579\A0116117.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{781B9E0A-A9F9-4D72-8CBE-54724B1293CB}\RP579\A0116120.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{781B9E0A-A9F9-4D72-8CBE-54724B1293CB}\RP579\A0116121.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{781B9E0A-A9F9-4D72-8CBE-54724B1293CB}\RP579\A0116122.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{781B9E0A-A9F9-4D72-8CBE-54724B1293CB}\RP579\A0116105.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{781B9E0A-A9F9-4D72-8CBE-54724B1293CB}\RP579\A0116128.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{781B9E0A-A9F9-4D72-8CBE-54724B1293CB}\RP579\A0116129.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{781B9E0A-A9F9-4D72-8CBE-54724B1293CB}\RP579\A0116134.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{781B9E0A-A9F9-4D72-8CBE-54724B1293CB}\RP579\A0116196.dll (Adware.Shopper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{781B9E0A-A9F9-4D72-8CBE-54724B1293CB}\RP582\A0116267.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{781B9E0A-A9F9-4D72-8CBE-54724B1293CB}\RP582\A0116268.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bbsyprot.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hemraz.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hjhoopfn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nntbkvut.dll (Trojan.Vundo) -> Quarantined and deleted successfully.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:35:20 PM, on 1/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\U.S. Robotics\ControlCenter\Reminder.exe
C:\Documents and Settings\Tamara Watts\My Documents\RCA Detective\RCADetective.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.charter.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [lxczbmgr.exe] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKUS\S-1-5-21-2300266943-2599934274-3623824723-1008\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup (User 'LogMeInRemoteUser')
O4 - Startup: RCA Detective.lnk = C:\Documents and Settings\Tamara Watts\My Documents\RCA Detective\RCADetective.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Instant Update Reminder.lnk = ?
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1148500442421
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL nmakbv.dll gdxfok.dll
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwssvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StumbleUponUpdateService - stumbleupon.com - C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9776 bytes




;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-01-08 18:25:26
PROTECTIONS: 1
MALWARE: 12
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
AVG Anti-Virus Free 8.0 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Tamara Watts\Cookies\tamara_watts@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Tamara Watts\Cookies\tamara_watts@atdmt[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Tamara Watts\Cookies\tamara_watts@ad.yieldmanager[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Tamara Watts\Cookies\tamara_watts@advertising[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Tamara Watts\Cookies\tamara_watts@atwola[2].txt
00394185 Adware/Seekmo Adware No 0 Yes No C:\System Volume Information\_restore{781B9E0A-A9F9-4D72-8CBE-54724B1293CB}\RP582\A0116269.dll
00394306 Adware/Seekmo Adware No 0 Yes No C:\System Volume Information\_restore{781B9E0A-A9F9-4D72-8CBE-54724B1293CB}\RP579\A0116177.exe
00394357 Adware/Seekmo Adware No 0 Yes No C:\System Volume Information\_restore{781B9E0A-A9F9-4D72-8CBE-54724B1293CB}\RP579\A0116190.dll
00394364 Adware/Seekmo Adware No 0 Yes No C:\System Volume Information\_restore{781B9E0A-A9F9-4D72-8CBE-54724B1293CB}\RP579\A0116178.dll
01271815 Adware/Zango Adware No 0 Yes No C:\System Volume Information\_restore{781B9E0A-A9F9-4D72-8CBE-54724B1293CB}\RP579\A0116186.exe
04415028 Generic Malware Virus/Trojan No 0 Yes Yes C:\System Volume Information\_restore{781B9E0A-A9F9-4D72-8CBE-54724B1293CB}\RP579\A0116185.dll
04415029 Generic Malware Virus/Trojan No 0 No No C:\System Volume Information\_restore{781B9E0A-A9F9-4D72-8CBE-54724B1293CB}\RP579\A0116188.exe[LaunchHelp.dll]
;===================================================================================================================================================================================
SUSPECTS
Sent Location X
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description X
;===================================================================================================================================================================================
;===================================================================================================================================================================================

Waiting to hear from you! Thanks again!
Amanda
Reply With Quote