Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Crazy computer-sluggish, error messages, programs don't run

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Crazy computer-sluggish, error messages, programs don't run

Unread postby nsirak » July 29th, 2008, 7:21 pm

Would appreciate help with our hijack this error log. Before we wipe out this computer or just toss it out the window, please help! Thank you in advance for any advice or assistance.

Here is the log:

ppLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:12:08 PM, on 7/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\vptray.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Snood\Snood.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customi ... earch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customi ... .yahoo.com
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\PARENTS\Application Data\Mozilla\Profiles\default\vfo7lvv5.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0BB02ACE-D222-48B4-8AAB-2B683AA2DAF2} - (no file)
O2 - BHO: (no name) - {1579a398-60ce-47bb-99fe-f155155ff768} - (no file)
O2 - BHO: (no name) - {1F753F8A-459F-4333-96B5-B61F575AD0E2} - C:\WINDOWS\system32\geBqPFvs.dll (file missing)
O2 - BHO: (no name) - {36E1CEFE-6298-E33B-49E5-74BE4C9C4635} - C:\WINDOWS\System32\qelbtiti.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {6856D484-F365-4AE0-A5DF-80AB98DCD410} - (no file)
O2 - BHO: (no name) - {70E1AA0F-665C-411A-8A8F-0C9334207A44} - (no file)
O2 - BHO: (no name) - {75985f71-0a8d-4abb-b464-ca02384a61d9} - (no file)
O2 - BHO: (no name) - {7FF84A2C-9D80-7EE1-6067-9C6B8D24347E} - (no file)
O2 - BHO: (no name) - {98645688-8AA5-44BD-8938-03616CC35045} - (no file)
O2 - BHO: (no name) - {C55963CF-0411-4484-A910-5D5CF7EF8406} - (no file)
O2 - BHO: (no name) - {CF2B65CC-25BC-D8C5-4E5E-AD7CD2CE4531} - C:\WINDOWS\System32\mqljqiqa.dll
O2 - BHO: (no name) - {D2D31E1E-BCAB-4890-AE05-5C32CDCE3872} - (no file)
O2 - BHO: (no name) - {D47DDBE7-FC1B-45D6-ADD1-65F6EC995A11} - (no file)
O2 - BHO: (no name) - {E252FD0E-7509-45D2-AA16-BD3835A25AE0} - (no file)
O2 - BHO: (no name) - {e40db7d0-ed90-4746-9e95-be5c7d2b8311} - (no file)
O2 - BHO: (no name) - {F9DF827A-8FA7-48A3-B268-CA4DB563EA40} - (no file)
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\\vptray.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [c48c7959] rundll32.exe "C:\WINDOWS\system32\jlenmunx.dll",b
O4 - HKLM\..\Run: [BMc7bf4ac5] Rundll32.exe "C:\WINDOWS\system32\pkoivpqm.dll",s
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA827] command /c del "C:\WINDOWS\SYSTEM32\dbghjhye.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6813] cmd /c del "C:\WINDOWS\SYSTEM32\dbghjhye.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3178] command /c del "C:\WINDOWS\SYSTEM32\ggkuqg.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7476] cmd /c del "C:\WINDOWS\SYSTEM32\ggkuqg.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7341] command /c del "C:\WINDOWS\SYSTEM32\mnzavp.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5900] cmd /c del "C:\WINDOWS\SYSTEM32\mnzavp.dll_old"
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - HKCU\..\RunOnce: [SpybotDeletingB2257] command /c del "C:\WINDOWS\SYSTEM32\dbghjhye.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7704] cmd /c del "C:\WINDOWS\SYSTEM32\dbghjhye.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9125] command /c del "C:\WINDOWS\SYSTEM32\ggkuqg.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3922] cmd /c del "C:\WINDOWS\SYSTEM32\ggkuqg.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8122] command /c del "C:\WINDOWS\SYSTEM32\mnzavp.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8399] cmd /c del "C:\WINDOWS\SYSTEM32\mnzavp.dll_old"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Parents\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {01234567-1234-1234-1234-012345678921} - http://register.voiceglo.com/blue.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/mci ... insctl.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9214377390
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.c ... mplete.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcg ... cgdmgr.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O20 - Winlogon Notify: khfEWqOe - khfEWqOe.dll (file missing)
O20 - Winlogon Notify: ssqqoli - ssqqoli.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 11043 bytes
nsirak
Active Member
 
Posts: 13
Joined: July 29th, 2008, 6:30 pm
Advertisement
Register to Remove

Re: Crazy computer-sluggish, error messages, programs don't run

Unread postby random/random » July 30th, 2008, 2:07 pm

Right click here and click save link as
Save it as resetteatimer.bat to your desktop

1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
5) Restart your computer.

Double click on resetteatimer.bat and wait for it to finish

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt

Post back with the Malwarebytes' Anti-Malware log and a new HijackThis log.
User avatar
random/random
Developer
Developer
 
Posts: 7731
Joined: December 18th, 2005, 3:30 pm

Re: Crazy computer-sluggish, error messages, programs don't run

Unread postby nsirak » July 31st, 2008, 12:49 am

Thank you ... followed all steps. Here is the Malware Log:

Malwarebytes' Anti-Malware 1.24
Database version: 1012
Windows 5.1.2600 Service Pack 2

11:45:07 PM 7/30/2008
mbam-log-7-30-2008 (23-45-07).txt

Scan type: Full Scan (C:\|)
Objects scanned: 143864
Time elapsed: 1 hour(s), 25 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 6
Files Infected: 36

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f9df827a-8fa7-48a3-b268-ca4db563ea40} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{f9df827a-8fa7-48a3-b268-ca4db563ea40} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\gebqpfvs -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\dynamic toolbar (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\Temporary (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\nGpxx01 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\JavaCore (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareMaster (Rogue.AntiSpywareMaster) -> Quarantined and deleted successfully.
C:\Program Files\Svconr (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\SYSTEM32\apkeslgp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\pglsekpa.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\geBqPFvs.dll_old (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\svFPqBeg.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\svFPqBeg.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\jlenmunx.dll_old (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\xnumnelj.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\ldqeprch.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\hcrpeqdl.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\otxffrer.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\rerffxto.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\sgcycrum.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\murcycgs.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\uwblakja.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\ajkalbwu.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\yltxkptx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\xtpkxtly.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kaley\Local Settings\Temp\yazzsnet.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kaley\Local Settings\Temporary Internet Files\Content.IE5\3T0ZT2NL\query[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kaley\Local Settings\Temporary Internet Files\Content.IE5\3T0ZT2NL\installer[1].exe (Trojan.Proxy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kaley\Local Settings\Temporary Internet Files\Content.IE5\NHX2CY32\iddqd[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kaley\Local Settings\Temporary Internet Files\Content.IE5\NHX2CY32\kb671231[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kaley\Local Settings\Temporary Internet Files\Content.IE5\OXU7GP27\hctp[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kaley\Local Settings\Temporary Internet Files\Content.IE5\OXU7GP27\hctp[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kaley\Local Settings\Temporary Internet Files\Content.IE5\OXYZCD2B\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kaley\Local Settings\Temporary Internet Files\Content.IE5\SH6BO9UR\iddqd[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kaley\Local Settings\Temporary Internet Files\Content.IE5\SPQ7GXEF\query[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareMaster\asm.exe (Rogue.AntiSpyMaster) -> Quarantined and deleted successfully.
C:\Program Files\JavaCore\JavaCore.exe (Trojan.Insider) -> Quarantined and deleted successfully.
C:\Program Files\JavaCore\UnInstall.exe (Adware.Insider) -> Quarantined and deleted successfully.
C:\WINDOWS\mrofinu572.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\rqrpomk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMc7bf4ac5.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMc7bf4ac5.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.


and the new hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:47:20 PM, on 7/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\vptray.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Snood\Snood.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customi ... earch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customi ... .yahoo.com
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\PARENTS\Application Data\Mozilla\Profiles\default\vfo7lvv5.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0BB02ACE-D222-48B4-8AAB-2B683AA2DAF2} - (no file)
O2 - BHO: (no name) - {1579a398-60ce-47bb-99fe-f155155ff768} - (no file)
O2 - BHO: (no name) - {1F753F8A-459F-4333-96B5-B61F575AD0E2} - C:\WINDOWS\system32\geBqPFvs.dll (file missing)
O2 - BHO: (no name) - {36E1CEFE-6298-E33B-49E5-74BE4C9C4635} - C:\WINDOWS\System32\qelbtiti.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {6856D484-F365-4AE0-A5DF-80AB98DCD410} - (no file)
O2 - BHO: (no name) - {70E1AA0F-665C-411A-8A8F-0C9334207A44} - (no file)
O2 - BHO: (no name) - {75985f71-0a8d-4abb-b464-ca02384a61d9} - (no file)
O2 - BHO: (no name) - {7FF84A2C-9D80-7EE1-6067-9C6B8D24347E} - (no file)
O2 - BHO: (no name) - {98645688-8AA5-44BD-8938-03616CC35045} - (no file)
O2 - BHO: (no name) - {C55963CF-0411-4484-A910-5D5CF7EF8406} - (no file)
O2 - BHO: (no name) - {CF2B65CC-25BC-D8C5-4E5E-AD7CD2CE4531} - C:\WINDOWS\System32\mqljqiqa.dll
O2 - BHO: (no name) - {D2D31E1E-BCAB-4890-AE05-5C32CDCE3872} - (no file)
O2 - BHO: (no name) - {D47DDBE7-FC1B-45D6-ADD1-65F6EC995A11} - (no file)
O2 - BHO: (no name) - {E252FD0E-7509-45D2-AA16-BD3835A25AE0} - (no file)
O2 - BHO: (no name) - {e40db7d0-ed90-4746-9e95-be5c7d2b8311} - (no file)
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\\vptray.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [c48c7959] rundll32.exe "C:\WINDOWS\system32\jlenmunx.dll",b
O4 - HKLM\..\Run: [BMc7bf4ac5] Rundll32.exe "C:\WINDOWS\system32\pkoivpqm.dll",s
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Parents\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {01234567-1234-1234-1234-012345678921} - http://register.voiceglo.com/blue.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/mci ... insctl.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9214377390
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.c ... mplete.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcg ... cgdmgr.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O20 - Winlogon Notify: khfEWqOe - khfEWqOe.dll (file missing)
O20 - Winlogon Notify: ssqqoli - ssqqoli.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 9432 bytes

Thank you again for your assistance.
nsirak
Active Member
 
Posts: 13
Joined: July 29th, 2008, 6:30 pm

Re: Crazy computer-sluggish, error messages, programs don't run

Unread postby random/random » July 31st, 2008, 12:55 pm

Go to Start > My Computer
Go to Tools > Folder Options
Click on the View tab
Untick the following:
  • Hide extensions for known file types
  • Hide protected operating system files (Recommended)
You will get a message warning you about showing protected operating system files, click Yes
Make sure this option is selected:
  • Show hidden files and folders
Click Apply and then click OK

Run HijackThis.
Click on Do a system scan only.
Place a checkmark next to these lines (if still present).

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customi ... earch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customi ... .yahoo.com
O2 - BHO: (no name) - {0BB02ACE-D222-48B4-8AAB-2B683AA2DAF2} - (no file)
O2 - BHO: (no name) - {1579a398-60ce-47bb-99fe-f155155ff768} - (no file)
O2 - BHO: (no name) - {1F753F8A-459F-4333-96B5-B61F575AD0E2} - C:\WINDOWS\system32\geBqPFvs.dll (file missing)
O2 - BHO: (no name) - {36E1CEFE-6298-E33B-49E5-74BE4C9C4635} - C:\WINDOWS\System32\qelbtiti.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {6856D484-F365-4AE0-A5DF-80AB98DCD410} - (no file)
O2 - BHO: (no name) - {70E1AA0F-665C-411A-8A8F-0C9334207A44} - (no file)
O2 - BHO: (no name) - {75985f71-0a8d-4abb-b464-ca02384a61d9} - (no file)
O2 - BHO: (no name) - {7FF84A2C-9D80-7EE1-6067-9C6B8D24347E} - (no file)
O2 - BHO: (no name) - {98645688-8AA5-44BD-8938-03616CC35045} - (no file)
O2 - BHO: (no name) - {C55963CF-0411-4484-A910-5D5CF7EF8406} - (no file)
O2 - BHO: (no name) - {CF2B65CC-25BC-D8C5-4E5E-AD7CD2CE4531} - C:\WINDOWS\System32\mqljqiqa.dll
O2 - BHO: (no name) - {D2D31E1E-BCAB-4890-AE05-5C32CDCE3872} - (no file)
O2 - BHO: (no name) - {D47DDBE7-FC1B-45D6-ADD1-65F6EC995A11} - (no file)
O2 - BHO: (no name) - {E252FD0E-7509-45D2-AA16-BD3835A25AE0} - (no file)
O2 - BHO: (no name) - {e40db7d0-ed90-4746-9e95-be5c7d2b8311} - (no file)
O4 - HKLM\..\Run: [c48c7959] rundll32.exe "C:\WINDOWS\system32\jlenmunx.dll",b
O4 - HKLM\..\Run: [BMc7bf4ac5] Rundll32.exe "C:\WINDOWS\system32\pkoivpqm.dll",s
O20 - Winlogon Notify: khfEWqOe - khfEWqOe.dll (file missing)
O20 - Winlogon Notify: ssqqoli - ssqqoli.dll (file missing)


Then close all windows except HijackThis and click Fix Checked.

Restart

Use Windows Explorer to find and delete these files:

C:\WINDOWS\System32\qelbtiti.dll
C:\WINDOWS\System32\mqljqiqa.dll
C:\WINDOWS\system32\jlenmunx.dll
C:\WINDOWS\system32\pkoivpqm.dll

As an example:
To delete C:\WINDOWS\badfile.dll
Double click the My Computer icon on your Desktop. Or click on the Windows KEY + E.
Double click on Local Disc (C:\)
Double click on the Windows folder,
Right click on badfile.dll and then from the menu that appears, click on Delete


Finally, please post a new HijackThis log, and a description of any remaining problems.
User avatar
random/random
Developer
Developer
 
Posts: 7731
Joined: December 18th, 2005, 3:30 pm

Re: Crazy computer-sluggish, error messages, programs don't run

Unread postby nsirak » July 31st, 2008, 10:23 pm

Thanks so much for your help! This computer is showing signs of improvement already. I followed all the steps you listed, but was not able to find these files. I looked and also did a search.

C:\WINDOWS\System32\qelbtiti.dll
C:\WINDOWS\System32\mqljqiqa.dll
C:\WINDOWS\system32\jlenmunx.dll

Here is the current log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:18:18 PM, on 7/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\vptray.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\PARENTS\Application Data\Mozilla\Profiles\default\vfo7lvv5.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {36E1CEFE-6298-E33B-49E5-74BE4C9C4635} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7FF84A2C-9D80-7EE1-6067-9C6B8D24347E} - (no file)
O2 - BHO: (no name) - {CF2B65CC-25BC-D8C5-4E5E-AD7CD2CE4531} - (no file)
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\\vptray.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Parents\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {01234567-1234-1234-1234-012345678921} - http://register.voiceglo.com/blue.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/mci ... insctl.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9214377390
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.c ... mplete.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcg ... cgdmgr.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 7543 bytes

I'll try some normal processes on the computer -- and will keep the kids off! -- for a few days and then will post any additional problems. Thank you SO much for your assistance.

Also, can you suggest how I should remove "dealhelper" ? It won't remove through the add/remove programs process. I have looked online and there are a lot of suggestions regarding downloading software or deleting a lot of registry items, but I'm not sure what to trust at this point.

Thank you again!
nsirak
Active Member
 
Posts: 13
Joined: July 29th, 2008, 6:30 pm

Re: Crazy computer-sluggish, error messages, programs don't run

Unread postby random/random » August 1st, 2008, 9:25 am

Also, can you suggest how I should remove "dealhelper" ? It won't remove through the add/remove programs process. I have looked online and there are a lot of suggestions regarding downloading software or deleting a lot of registry items, but I'm not sure what to trust at this point.


Open HijackThis
Click on Open the misc tools section
Click on Open uninstall manager
Select Dealhelper
Click Delete this entry

Run HijackThis.
Click on Do a system scan only.
Place a checkmark next to these lines (if still present).

O2 - BHO: (no name) - {36E1CEFE-6298-E33B-49E5-74BE4C9C4635} - (no file)
O2 - BHO: (no name) - {7FF84A2C-9D80-7EE1-6067-9C6B8D24347E} - (no file)
O2 - BHO: (no name) - {CF2B65CC-25BC-D8C5-4E5E-AD7CD2CE4531} - (no file)


Then close all windows except HijackThis and click Fix Checked.

Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post, along with a new HijackThis log and a description of any remaining problems.
User avatar
random/random
Developer
Developer
 
Posts: 7731
Joined: December 18th, 2005, 3:30 pm

Re: Crazy computer-sluggish, error messages, programs don't run

Unread postby nsirak » August 1st, 2008, 11:22 pm

Thank you again, especially for the quick replies.

First, here is the Kaspersky log:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, August 1, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, August 02, 2008 01:28:45
Records in database: 1042996
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 87681
Threat name: 86
Infected objects: 279
Suspicious objects: 0
Duration of the scan: 02:07:04


File name / Threat name / Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01840000.VBN Infected: Trojan-Downloader.Win32.VB.cgu 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01840001.VBN Infected: Trojan-Downloader.Win32.Agent.kvv 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01840002.VBN Infected: Trojan-Downloader.Win32.Agent.kvv 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01840003.VBN Infected: not-a-virus:AdWare.Win32.PurityScan.gv 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01840004.VBN Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01840005.VBN Infected: not-a-virus:Downloader.Win32.WinFixer.dz 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01840006.VBN Infected: not-a-virus:Downloader.Win32.WinFixer.dz 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01840007.VBN Infected: Trojan-Downloader.Win32.VB.cgu 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01840008.VBN Infected: not-a-virus:Downloader.Win32.WinFixer.au 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01840009.VBN Infected: Trojan-Downloader.Win32.Agent.kvv 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0184000A.VBN Infected: Trojan-Downloader.Win32.Agent.kvv 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0184000B.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0184000C.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01DC0000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02500000.VBN Infected: Trojan-Downloader.Win32.VB.edw 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02500001.VBN Infected: not-a-virus:AdWare.Win32.PurityScan.hk 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02500002.VBN Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02500003.VBN Infected: Trojan-Downloader.Win32.VB.edw 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02500004.VBN Infected: Trojan.Win32.BHO.blh 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02500005.VBN Infected: not-a-virus:AdWare.Win32.Rond.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02500006.VBN Infected: Trojan-Downloader.Win32.Agent.jih 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02500007.VBN Infected: Trojan-Downloader.Win32.Agent.ezc 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02500009.VBN Infected: not-a-virus:AdWare.Win32.Rond.d 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0250000A.VBN Infected: Trojan-Downloader.Win32.Agent.ofz 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\03940000.VBN Infected: Trojan-Downloader.Java.OpenConnection.l 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\03940000.VBN Infected: Trojan.Java.ClassLoader.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\03940000.VBN Infected: Trojan.Java.ClassLoader.Dummy.d 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\03940000.VBN Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04F80000.VBN Infected: Trojan-Downloader.Win32.Small.ahx 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05240000.VBN Infected: Trojan.Win32.Delf.gh 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06040000.VBN Infected: not-a-virus:AdWare.Win32.WebSearch.f 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06040000.VBN Infected: not-a-virus:AdWare.Win32.WebSearch.o 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06040001.VBN Infected: not-a-virus:AdWare.Win32.Wintol.d 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06040002.VBN Infected: not-a-virus:AdWare.Win32.F1Organizer.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06040003.VBN Infected: not-a-virus:AdWare.Win32.MDH.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06040004.VBN Infected: not-a-virus:AdWare.Win32.WebSearch.f 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06040004.VBN Infected: not-a-virus:AdWare.Win32.WebSearch.o 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06040005.VBN Infected: not-a-virus:AdWare.Win32.GatorClone.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06B80000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.vix 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06B80001.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06B80002.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.vja 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06B80003.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.vjd 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06B80004.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.vjh 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06B80005.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06B80006.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07240000.VBN Infected: Trojan-Downloader.Win32.Homles.bm 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07340000.VBN Infected: Trojan.Win32.Monder.br 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07340001.VBN Infected: Trojan.Win32.Monder.bm 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07340002.VBN Infected: Trojan.Win32.Monder.bm 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07340003.VBN Infected: Trojan.Win32.Monder.aq 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07DC0000.VBN Infected: Exploit.HTML.Mht 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07DC0001.VBN Infected: Exploit.HTML.Mht 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08380000.VBN Infected: Trojan.Win32.DelFiles.n 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08380002.VBN Infected: Trojan-Dropper.Win32.Small.gj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08540000.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08540005.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08540006.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08540007.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08540008.VBN Infected: Trojan-Downloader.Win32.ConHook.aek 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09080000.VBN Infected: Trojan.Win32.Agent.aw 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09080001.VBN Infected: Trojan-Dropper.Win32.Agent.fu 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09140000.VBN Infected: Trojan-Downloader.Win32.ConHook.aek 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A000000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A000001.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A000002.VBN Infected: Trojan.Win32.Monder.aw 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A000003.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A000004.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A000005.VBN Infected: Trojan.Win32.Monder.aw 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A000006.VBN Infected: Trojan.Win32.Monder.aw 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A000007.VBN Infected: Trojan.Win32.Monder.aw 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A000008.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A100000.VBN Infected: Trojan-Dropper.Win32.Small.gj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A2C0000.VBN Infected: Trojan-Spy.Win32.Agent.l 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A2C0002.VBN Infected: Trojan-Spy.Win32.Agent.l 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A340000.VBN Infected: Trojan.Win32.Monder.ai 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A340001.VBN Infected: Trojan.Win32.Monder.ct 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A340002.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.ixf 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A340003.VBN Infected: Trojan.Win32.Monder.cq 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A340004.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A340005.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.ixf 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A340006.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A340007.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A340008.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A340009.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A34000A.VBN Infected: Trojan.Win32.Monder.cq 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A34000B.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A34000C.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A34000D.VBN Infected: Trojan.Win32.Monder.ai 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A34000E.VBN Infected: Trojan.Win32.Monder.ai 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A34000F.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A340010.VBN Infected: Trojan.Win32.Monder.ai 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A340011.VBN Infected: Trojan.Win32.Monder.ai 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A340012.VBN Infected: Trojan.Win32.Monder.ai 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A340013.VBN Infected: Trojan.Win32.Monder.ai 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A340014.VBN Infected: Trojan.Win32.Monder.ai 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A340015.VBN Infected: Trojan.Win32.Monder.ai 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A340016.VBN Infected: Trojan.Win32.Monder.ai 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A340017.VBN Infected: Trojan.Win32.Monder.ai 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A340018.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.ixe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A340019.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A34001A.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A34001B.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A540000.VBN Infected: Trojan.Win32.Monder.bcb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A540001.VBN Infected: Trojan.Win32.Monder.bez 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A540002.VBN Infected: Trojan.Win32.Monder.bcb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A840000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A840001.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A840002.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0ABC0000.VBN Infected: Trojan.Win32.Agent.aw 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0ABC0002.VBN Infected: Trojan.Win32.Agent.aw 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0ABC0004.VBN Infected: Trojan.Win32.Agent.aw 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0ABC0006.VBN Infected: Trojan.Win32.Agent.aw 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0ABC0008.VBN Infected: Trojan.Win32.Agent.aw 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B380000.VBN Infected: Trojan.Win32.Monder.ai 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B380001.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B380002.VBN Infected: Trojan.Win32.Monder.ai 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B380003.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B380004.VBN Infected: Trojan.Win32.Monder.ad 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B380005.VBN Infected: Trojan.Win32.Monder.ad 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B380006.VBN Infected: Trojan.Win32.Monder.ct 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B840000.VBN Infected: Trojan-Downloader.Win32.Small.ahx 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B880000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B880001.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BFC0000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BFC0001.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C5C0000.VBN Infected: Trojan.Win32.Agent.aw 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C5C0002.VBN Infected: Trojan.Win32.Agent.aw 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C5C0004.VBN Infected: Trojan.Win32.Agent.aw 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C5C0006.VBN Infected: Trojan-Dropper.Win32.Agent.fu 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C5C0008.VBN Infected: Trojan.Win32.Agent.aw 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C5C000A.VBN Infected: Trojan-Downloader.Win32.Agent.gn 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C5C000C.VBN Infected: Trojan.Win32.Agent.aw 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C5C000E.VBN Infected: Trojan.Win32.Agent.aw 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C5C0010.VBN Infected: Trojan.Win32.Agent.aw 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C5C0012.VBN Infected: Trojan.Win32.Agent.aw 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C5C0014.VBN Infected: Trojan.Win32.Agent.aw 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C5C0016.VBN Infected: Trojan.Win32.Agent.aw 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C5C0018.VBN Infected: Trojan.Win32.Agent.aw 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C5C001A.VBN Infected: Trojan.Win32.Agent.aw 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C5C001C.VBN Infected: Trojan.Win32.Agent.aw 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C780000.VBN Infected: Trojan-Proxy.Win32.Agent.l 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD40000.VBN Infected: Trojan.Win32.Monder.cq 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD40002.VBN Infected: Trojan.Win32.Monder.ai 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD40004.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD40006.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD40008.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD4000A.VBN Infected: Trojan.Win32.Monder.cq 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD4000C.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD4000E.VBN Infected: Trojan.Win32.Monder.ai 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD40010.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD40012.VBN Infected: Trojan.Win32.Monder.ai 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CFC0000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CFC0001.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CFC0002.VBN Infected: Trojan.Win32.Monder.aw 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CFC0003.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D740000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.vjh 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D740001.VBN Infected: Trojan.Win32.Monderc.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D7C0000.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DD40000.VBN Infected: Trojan.Win32.Monder.br 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DD40002.VBN Infected: Trojan.Win32.Monder.aq 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DD40004.VBN Infected: Trojan.Win32.Monder.bm 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DD40006.VBN Infected: Trojan.Win32.Monder.bm 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DD40008.VBN Infected: Trojan.Win32.Monder.aq 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E500000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EE80000.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EE80001.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EE80002.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EE80003.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EE80004.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EE80005.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EE80006.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EE80007.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EE80008.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EE80009.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EE8000A.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EE8000B.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EE8000C.VBN Infected: Trojan.Win32.Monder.aw 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EE8000D.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EE8000E.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EE8000F.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F600000.VBN Infected: Trojan.Win32.Monder.cf 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F600001.VBN Infected: Trojan.Win32.Monder.al 1
C:\Documents and Settings\Kaley\Local Settings\Temporary Internet Files\Content.IE5\3T0ZT2NL\CAG1494R Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\Kaley\Local Settings\Temporary Internet Files\Content.IE5\G1QJCDMN\a537119c47192bc08952189ae8782f08[1].zip Infected: not-a-virus:AdWare.Win32.Insider.c 1
C:\Documents and Settings\Kaley\Local Settings\Temporary Internet Files\Content.IE5\G1QJCDMN\b433b5a80d2cb00f8f1c54387f9aa332[1].zip Infected: Trojan-Downloader.Win32.Agent.jih 1
C:\Documents and Settings\Kaley\Local Settings\Temporary Internet Files\Content.IE5\OXU7GP27\718f466754402ac597de014577627f96[1].zip Infected: Trojan-Downloader.Win32.Small.buy 1
C:\Documents and Settings\Kaley\Local Settings\Temporary Internet Files\Content.IE5\OXU7GP27\718f466754402ac597de014577627f96[1].zip Infected: not-a-virus:AdWare.Win32.Mostofate.u 1
C:\Documents and Settings\Kaley\Local Settings\Temporary Internet Files\Content.IE5\OXYZCD2B\26453da423d82a5fc6fae941d05f1151[1].zip Infected: Trojan-Downloader.Win32.Agent.ezc 1
C:\Documents and Settings\Kaley\Local Settings\Temporary Internet Files\Content.IE5\QKQ2P6E9\3cd898b13299cb4bc0d5dc64745518ed[1].zip Infected: not-a-virus:AdWare.Win32.Insider.f 1
C:\Documents and Settings\Kaley\Local Settings\Temporary Internet Files\Content.IE5\QKQ2P6E9\93e4c2046fcb4ac4bdc3dbbcc28127fb[1].zip Infected: Trojan.Win32.BHO.blh 1
C:\Documents and Settings\Kaley\Local Settings\Temporary Internet Files\Content.IE5\SH6BO9UR\488aede55160e40e3d5988951bfacaca[1].zip Infected: Trojan-Downloader.Win32.Agent.ofz 1
C:\Documents and Settings\Kaley\Local Settings\Temporary Internet Files\Content.IE5\SH6BO9UR\c1f5cc94a30f082054f3a00e6655462d[1].zip Infected: not-a-virus:AdWare.Win32.Rond.d 1
C:\Documents and Settings\Kaley\Local Settings\Temporary Internet Files\Content.IE5\SPQ7GXEF\CAYV052F Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\Nick\Local Settings\Temp\bacdvd.dat Infected: not-a-virus:AdWare.Win32.GatorClone.a 1
C:\Documents and Settings\Nick\Local Settings\Temp\~376325.tmp Infected: not-a-virus:AdWare.Win32.Wintol.f 1
C:\Documents and Settings\Nick\Local Settings\Temp\~393019.tmp Infected: Trojan-Downloader.Win32.Wintool.d 1
C:\Documents and Settings\Nick\Local Settings\Temp\~393284.tmp Infected: not-a-virus:AdWare.Win32.Wintol.i 1
C:\Documents and Settings\Nick\Local Settings\Temp\~411502.tmp Infected: not-a-virus:AdWare.Win32.Wintol.d 1
C:\Documents and Settings\Nick\Local Settings\Temp\~412704.tmp Infected: not-a-virus:AdWare.Win32.Wintol.d 1
C:\Documents and Settings\Nick\Local Settings\Temp\~417527.tmp Infected: not-a-virus:AdWare.Win32.Wintol.d 1
C:\Documents and Settings\Nick\Local Settings\Temp\~417864.tmp Infected: not-a-virus:AdWare.Win32.Wintol.f 1
C:\Documents and Settings\Nick\Local Settings\Temp\~422069.tmp Infected: not-a-virus:AdWare.Win32.Wintol.d 1
C:\Documents and Settings\Nick\Local Settings\Temp\~422887.tmp Infected: not-a-virus:AdWare.Win32.Wintol.d 1
C:\Documents and Settings\Nick\Local Settings\Temp\~430210.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p 1
C:\Documents and Settings\Nick\Local Settings\Temp\~444500.tmp Infected: Trojan-Downloader.Win32.Wintool.d 1
C:\Documents and Settings\Nick\Local Settings\Temp\~489175.tmp Infected: not-a-virus:AdWare.Win32.Wintol.c 1
C:\Documents and Settings\Nick\Local Settings\Temp\~49135.tmp Infected: not-a-virus:AdWare.Win32.Wintol.c 1
C:\Documents and Settings\Nick\Local Settings\Temp\~492896.tmp Infected: not-a-virus:AdWare.Win32.Wintol.d 1
C:\Documents and Settings\Nick\Local Settings\Temp\~496884.tmp Infected: not-a-virus:AdWare.Win32.Wintol.f 1
C:\Documents and Settings\Nick\Local Settings\Temp\~556094.tmp Infected: not-a-virus:AdWare.Win32.Wintol.f 1
C:\Documents and Settings\Nick\Local Settings\Temp\~607734.tmp Infected: not-a-virus:AdWare.Win32.Wintol.f 1
C:\Documents and Settings\Nick\Local Settings\Temp\~613763.tmp Infected: not-a-virus:AdWare.Win32.Wintol.d 1
C:\Documents and Settings\Nick\Local Settings\Temp\~616662.tmp Infected: not-a-virus:AdWare.Win32.Wintol.c 1
C:\Documents and Settings\Nick\Local Settings\Temp\~620564.tmp Infected: not-a-virus:AdWare.Win32.Wintol.c 1
C:\Documents and Settings\Nick\Local Settings\Temp\~627421.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p 1
C:\Documents and Settings\Nick\Local Settings\Temp\~641929.tmp Infected: not-a-virus:AdWare.Win32.Wintol.i 1
C:\Documents and Settings\Nick\Local Settings\Temp\~687765.tmp Infected: not-a-virus:AdWare.Win32.Wintol.d 1
C:\Documents and Settings\Nick\Local Settings\Temp\~697314.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Nick\Local Settings\Temp\~708859.tmp Infected: Trojan-Downloader.Win32.Wintool.d 1
C:\Documents and Settings\Nick\Local Settings\Temp\~736029.tmp Infected: not-a-virus:AdWare.Win32.Wintol.d 1
C:\Documents and Settings\Nick\Local Settings\Temp\~760434.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p 1
C:\Documents and Settings\Parents\.housecall\Quarantine\A0096581.EXE.bac_a02792 Infected: Trojan-Downloader.Win32.Small.wk 1
C:\Documents and Settings\Parents\.housecall\Quarantine\A0096582.exe.bac_a02792 Infected: not-a-virus:AdWare.Win32.GogoTools.a 1
C:\Documents and Settings\Parents\.housecall\Quarantine\A0096583.dll.bac_a02792 Infected: Trojan-Dropper.Win32.Small.nj 1
C:\Documents and Settings\Parents\.housecall\Quarantine\A0096584.exe.bac_a02792 Infected: not-a-virus:AdWare.Win32.DealHelper.b 1
C:\Documents and Settings\Parents\.housecall\Quarantine\A0096585.exe.bac_a02792 Infected: not-a-virus:AdWare.Win32.ComedyPlanet.b 1
C:\Documents and Settings\Parents\.housecall\Quarantine\A0096586.exe.bac_a02792 Infected: not-a-virus:AdWare.Win32.MDH.a 1
C:\Documents and Settings\Parents\.housecall\Quarantine\cp.exe.bac_a02488 Infected: not-a-virus:AdWare.Win32.ComedyPlanet.b 1
C:\Documents and Settings\Parents\.housecall\Quarantine\DHUn.exe.bac_a02488 Infected: not-a-virus:AdWare.Win32.DealHelper.b 1
C:\Documents and Settings\Parents\.housecall\Quarantine\d_15_0[1].bac_a02488 Infected: Trojan.Win32.Golid.g 1
C:\Documents and Settings\Parents\.housecall\Quarantine\d_16_0[1].bac_a02488 Infected: Trojan.Win32.Golid.g 1
C:\Documents and Settings\Parents\.housecall\Quarantine\gogotoolsSILAWO9pi.exe.bac_a02488 Infected: not-a-virus:AdWare.Win32.GogoTools.a 1
C:\Documents and Settings\Parents\.housecall\Quarantine\HyperLinker.exe.bac_a02488 Infected: not-a-virus:AdWare.Win32.MDH.a 1
C:\Documents and Settings\Parents\.housecall\Quarantine\mseggo.gif.bac_a02488 Infected: Trojan-Spy.Win32.Delf.dx 1
C:\Documents and Settings\Parents\.housecall\Quarantine\msglji.gif.bac_a02488 Infected: not-a-virus:AdWare.Win32.SearchAssistant.d 1
C:\Documents and Settings\Parents\.housecall\Quarantine\msnimk.gif.bac_a02488 Infected: not-a-virus:AdWare.Win32.Ipend 1
C:\Documents and Settings\Parents\.housecall\Quarantine\saie321.dll.bac_a02488 Infected: Trojan-Dropper.Win32.Small.nj 1
C:\Documents and Settings\Parents\.housecall\Quarantine\temp.cab.bac_a02488 Infected: not-a-virus:AdWare.Win32.WebSearch.f 1
C:\Documents and Settings\Parents\.housecall\Quarantine\temp.cab.bac_a02488 Infected: not-a-virus:AdWare.Win32.WebSearch.o 1
C:\Documents and Settings\Parents\.housecall\Quarantine\TVM_B537.EXE.bac_a02488 Infected: Trojan-Downloader.Win32.Small.wk 1
C:\Documents and Settings\Parents\.housecall\Quarantine\WinWildApp.exe.bac_a02488 Infected: not-a-virus:AdWare.Win32.WinFetcher.b 1
C:\Documents and Settings\Parents\.housecall\Quarantine\~313878.tmp.bac_a02488 Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Parents\.housecall\Quarantine\~332277.tmp.bac_a02488 Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Parents\.housecall\Quarantine\~377071.tmp.bac_a02488 Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Parents\.housecall\Quarantine\~382655.tmp.bac_a02488 Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Parents\.housecall\Quarantine\~387838.tmp.bac_a02488 Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Parents\.housecall\Quarantine\~407063.tmp.bac_a02488 Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Parents\.housecall\Quarantine\~415927.tmp.bac_a02488 Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Parents\.housecall\Quarantine\~514888.tmp.bac_a02488 Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Parents\.housecall\Quarantine\~524766.tmp.bac_a02488 Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Parents\.housecall\Quarantine\~570472.tmp.bac_a02488 Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Parents\.housecall\Quarantine\~590885.tmp.bac_a02488 Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Parents\.housecall\Quarantine\~615895.tmp.bac_a02488 Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Parents\.housecall\Quarantine\~660240.tmp.bac_a02488 Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Parents\.housecall\Quarantine\~693256.tmp.bac_a02488 Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Parents\.housecall\Quarantine\~708470.tmp.bac_a02488 Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Parents\.housecall\Quarantine\~724459.tmp.bac_a02488 Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Parents\.housecall\Quarantine\~779007.tmp.bac_a02488 Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Parents\.housecall\Quarantine\~793538.tmp.bac_a02488 Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Parents\.housecall\Quarantine\~796860.tmp.bac_a02488 Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Parents\.housecall\Quarantine\~810994.tmp.bac_a02488 Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Parents\.housecall\Quarantine\~815031.tmp.bac_a02488 Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Parents\.housecall\Quarantine\~833452.tmp.bac_a02488 Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Parents\.housecall\Quarantine\~835198.tmp.bac_a02488 Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Parents\Desktop\2020setup.exe Infected: not-a-virus:AdWare.Win32.ShopNav.b 1
C:\Documents and Settings\Parents\Desktop\2020setup.exe Infected: not-a-virus:AdWare.Win32.ShopNav.e 1
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080731-205255-189.dll Infected: Trojan.Win32.Golid.f 1
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080731-205255-504.dll Infected: Trojan.Win32.Golid.f 1
C:\WINDOWS\SYSTEM32\crvdogvc.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\SYSTEM32\dbysjvuz.dll Infected: Trojan.Win32.Golid.g 1
C:\WINDOWS\SYSTEM32\fnavmzel.dll Infected: Trojan.Win32.Golid.f 1
C:\WINDOWS\SYSTEM32\GoGo11.dll Infected: not-a-virus:AdWare.Win32.GogoTools.a 1
C:\WINDOWS\SYSTEM32\gogotools.exe Infected: not-a-virus:AdWare.Win32.GogoTools.l 1
C:\WINDOWS\SYSTEM32\gogotools.exe Infected: not-a-virus:AdWare.Win32.GogoTools.g 2
C:\WINDOWS\SYSTEM32\gogotools.exe Infected: not-a-virus:AdWare.Win32.GogoTools.d 1
C:\WINDOWS\SYSTEM32\gogotoolsSILAWO11pi.exe Infected: not-a-virus:AdWare.Win32.GogoTools.a 1
C:\WINDOWS\SYSTEM32\mscjjn.dll Infected: not-a-virus:AdWare.Win32.180Solutions 1
C:\WINDOWS\SYSTEM32\msjpok.dll Infected: Trojan-Dropper.Win32.Siboco.d 1

The selected area was scanned.

and the new Hijack This log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:22:35 PM, on 8/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\vptray.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Snood\Snood.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\PARENTS\Application Data\Mozilla\Profiles\default\vfo7lvv5.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {36E1CEFE-6298-E33B-49E5-74BE4C9C4635} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7FF84A2C-9D80-7EE1-6067-9C6B8D24347E} - (no file)
O2 - BHO: (no name) - {CF2B65CC-25BC-D8C5-4E5E-AD7CD2CE4531} - (no file)
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\\vptray.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKUS\S-1-5-21-2970544395-2067485633-3793812499-1008\..\Run: [Sonic RecordNow!] (User 'Kaley')
O4 - HKUS\S-1-5-21-2970544395-2067485633-3793812499-1008\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe" (User 'Kaley')
O4 - HKUS\S-1-5-21-2970544395-2067485633-3793812499-1008\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Kaley')
O4 - HKUS\S-1-5-21-2970544395-2067485633-3793812499-1008\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (User 'Kaley')
O4 - HKUS\S-1-5-21-2970544395-2067485633-3793812499-1008\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" (User 'Kaley')
O4 - HKUS\S-1-5-21-2970544395-2067485633-3793812499-1008\..\Run: [Svconr] C:\Program Files\Svconr\Svconr.exe (User 'Kaley')
O4 - HKUS\S-1-5-21-2970544395-2067485633-3793812499-1008\..\Run: [JavaCore] C:\Program Files\\JavaCore\\JavaCore.exe (User 'Kaley')
O4 - HKUS\S-1-5-21-2970544395-2067485633-3793812499-1008\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 (User 'Kaley')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - S-1-5-21-2970544395-2067485633-3793812499-1008 Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (User 'Kaley')
O4 - S-1-5-21-2970544395-2067485633-3793812499-1008 User Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (User 'Kaley')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Parents\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {01234567-1234-1234-1234-012345678921} - http://register.voiceglo.com/blue.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/mci ... insctl.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9214377390
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.c ... mplete.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcg ... cgdmgr.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 9750 bytes

Thank you!
nsirak
Active Member
 
Posts: 13
Joined: July 29th, 2008, 6:30 pm

Re: Crazy computer-sluggish, error messages, programs don't run

Unread postby random/random » August 2nd, 2008, 2:03 pm

Delete the contents of this folder:

C:\Documents and Settings\Parents\.housecall\Quarantine

Empty the quarantine of symantec antivirus

  • Go to Start > All Programs > Accessories > Cleanmgr
  • Select each Hard Drive in order and Click OK
  • Let it calculate the amount of space that it can clean
  • Make sure Temporary Internet Files, Temporary Files and Recycle Bin are selected
  • Click OK and allow it to Clean

Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process.

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

Run HijackThis.
Click on Do a system scan only.
Place a checkmark next to these lines (if still present).

O2 - BHO: (no name) - {36E1CEFE-6298-E33B-49E5-74BE4C9C4635} - (no file)
O2 - BHO: (no name) - {7FF84A2C-9D80-7EE1-6067-9C6B8D24347E} - (no file)
O2 - BHO: (no name) - {CF2B65CC-25BC-D8C5-4E5E-AD7CD2CE4531} - (no file)


Then close all windows except HijackThis and click Fix Checked.

Use Windows Explorer to find and delete these files:

C:\Documents and Settings\Parents\Desktop\2020setup.exe
C:\WINDOWS\SYSTEM32\crvdogvc.dll
C:\WINDOWS\SYSTEM32\dbysjvuz.dll
C:\WINDOWS\SYSTEM32\fnavmzel.dll
C:\WINDOWS\SYSTEM32\GoGo11.dll
C:\WINDOWS\SYSTEM32\gogotools.exe
C:\WINDOWS\SYSTEM32\gogotoolsSILAWO11pi.exe
C:\WINDOWS\SYSTEM32\mscjjn.dll
C:\WINDOWS\SYSTEM32\msjpok.dll

As an example:
To delete C:\WINDOWS\badfile.dll
Double click the My Computer icon on your Desktop.
Double click on Local Disc (C:\)
Double click on the Windows folder,
Right click on badfile.dll and then from the menu that appears, click on Delete


Restart into normal mode, then post a new HijackThis log & let me know of any remaining problems.
User avatar
random/random
Developer
Developer
 
Posts: 7731
Joined: December 18th, 2005, 3:30 pm

Re: Crazy computer-sluggish, error messages, programs don't run

Unread postby nsirak » August 4th, 2008, 9:11 pm

Hello,
Thank you again ... followed all instructions. I was able to delete all except could not locate C:\WINDOWS\SYSTEM32\crvdogvc.dll.

Here is the current Hijack This Log. I will see how things work over the next few days. I really appreciate your patience and time!



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:08:59 PM, on 8/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\vptray.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\PARENTS\Application Data\Mozilla\Profiles\default\vfo7lvv5.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {36E1CEFE-6298-E33B-49E5-74BE4C9C4635} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7FF84A2C-9D80-7EE1-6067-9C6B8D24347E} - (no file)
O2 - BHO: (no name) - {CF2B65CC-25BC-D8C5-4E5E-AD7CD2CE4531} - (no file)
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\\vptray.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Parents\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {01234567-1234-1234-1234-012345678921} - http://register.voiceglo.com/blue.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/mci ... insctl.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9214377390
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.c ... mplete.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcg ... cgdmgr.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 8081 bytes
nsirak
Active Member
 
Posts: 13
Joined: July 29th, 2008, 6:30 pm

Re: Crazy computer-sluggish, error messages, programs don't run

Unread postby random/random » August 5th, 2008, 1:05 pm

These lines just don't seem to want to go:


O2 - BHO: (no name) - {36E1CEFE-6298-E33B-49E5-74BE4C9C4635} - (no file)
O2 - BHO: (no name) - {7FF84A2C-9D80-7EE1-6067-9C6B8D24347E} - (no file)
O2 - BHO: (no name) - {CF2B65CC-25BC-D8C5-4E5E-AD7CD2CE4531} - (no file)

Backup Your Registry with ERUNT
  • Please use the following link and scroll down to ERUNT and download it.
    http://aumha.org/freeware/freeware.php
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.
Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe

Copy the contents of the following codebox to a notepad window

Code: Select all
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{36E1CEFE-6298-E33B-49E5-74BE4C9C4635}]

[-HKEY_CLASSES_ROOT\CLSID\{36E1CEFE-6298-E33B-49E5-74BE4C9C4635}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7FF84A2C-9D80-7EE1-6067-9C6B8D24347E}]

[-HKEY_CLASSES_ROOT\CLSID\{7FF84A2C-9D80-7EE1-6067-9C6B8D24347E}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CF2B65CC-25BC-D8C5-4E5E-AD7CD2CE4531}]

[-HKEY_CLASSES_ROOT\CLSID\{CF2B65CC-25BC-D8C5-4E5E-AD7CD2CE4531}]

 


Save it to the desktop as fix.reg, making sure save as type is set to all files

Locate Fix.reg on your desktop and double-click it. When asked if you want to merge with the registry, click YES. Wait for the merged successfully prompt

Post back with a new HijackThis log.
User avatar
random/random
Developer
Developer
 
Posts: 7731
Joined: December 18th, 2005, 3:30 pm

Re: Crazy computer-sluggish, error messages, programs don't run

Unread postby nsirak » August 5th, 2008, 11:37 pm

OK, followed all instructions. New log will follow.

Thank you again! Hopefully we're almost there! Don't know if this has occurred because of all our problems, but Notepad no longer works.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:33:38 PM, on 8/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\vptray.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Brother\Brmfcmon\brmfcwnd.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\PARENTS\Application Data\Mozilla\Profiles\default\vfo7lvv5.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {36E1CEFE-6298-E33B-49E5-74BE4C9C4635} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7FF84A2C-9D80-7EE1-6067-9C6B8D24347E} - (no file)
O2 - BHO: (no name) - {CF2B65CC-25BC-D8C5-4E5E-AD7CD2CE4531} - (no file)
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\\vptray.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Parents\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {01234567-1234-1234-1234-012345678921} - http://register.voiceglo.com/blue.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/mci ... insctl.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9214377390
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.c ... mplete.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcg ... cgdmgr.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 8212 bytes
Thank you again, and I do appreciate your responses!
nsirak
Active Member
 
Posts: 13
Joined: July 29th, 2008, 6:30 pm

Re: Crazy computer-sluggish, error messages, programs don't run

Unread postby random/random » August 6th, 2008, 12:51 pm

What error messages do you get when trying to open notepad?
User avatar
random/random
Developer
Developer
 
Posts: 7731
Joined: December 18th, 2005, 3:30 pm

Re: Crazy computer-sluggish, error messages, programs don't run

Unread postby nsirak » August 6th, 2008, 4:16 pm

When I try to open Notepad through the start / all programs / accessories / notepad, it says:

The drive or network connection that the shortcut Notepad.lnk refers to is unavailable. Make sure that the disk is properly inserted or the network resouce is available and then try again.
nsirak
Active Member
 
Posts: 13
Joined: July 29th, 2008, 6:30 pm

Re: Crazy computer-sluggish, error messages, programs don't run

Unread postby random/random » August 6th, 2008, 4:29 pm

Right click the notepad icon
Click properties
Copy & paste the text from the box labelled target as a reply to this topic.
User avatar
random/random
Developer
Developer
 
Posts: 7731
Joined: December 18th, 2005, 3:30 pm

Re: Crazy computer-sluggish, error messages, programs don't run

Unread postby nsirak » August 6th, 2008, 11:04 pm

OK, here it is:


%SystemRoot%\system32\notepad.exe

Thank you.
nsirak
Active Member
 
Posts: 13
Joined: July 29th, 2008, 6:30 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: ataa92 and 54 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware