Kapersky Online Scanner hung up repeatedly (at least six times), so I don't have a Kapersky log file. I ran Spybot in Safe Mode, it identified virtumonde "problems" (top of log file posted here), rebooted, ran HijackThis and its log file is also included in this post. Please advise regarding next steps. You assistance will be most appreciated! Thank you!!!

SpyBot Log File - partial:


--- Search result list ---
Virtumonde: [SBI $42352499] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2651810970-398142656-2047231890-1111\Software\Microsoft\rdfa

Virtumonde: [SBI $47E741CD] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws

Virtumonde.dll: [SBI $7442D4BC] Library (File, nothing done)
D:\WINDOWS\system32\wvUmkHax.dll

Virtumonde.dll: [SBI $960C7A04] Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A06127E-AB34-40AF-9718-2FD20067DB14}

Virtumonde.dll: [SBI $960C7A04] Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2A06127E-AB34-40AF-9718-2FD20067DB14}

Statcounter: Tracking cookie (Internet Explorer: jim) (Cookie, nothing done)


HitBox: Tracking cookie (Internet Explorer: jim) (Cookie, nothing done)


HitBox: Tracking cookie (Internet Explorer: jim) (Cookie, nothing done)


Zedo: Tracking cookie (Internet Explorer: jim) (Cookie, nothing done)


WebTrends live: Tracking cookie (Internet Explorer: jim) (Cookie, nothing done)


DoubleClick: Tracking cookie (Internet Explorer: jim) (Cookie, nothing done)


HitsLink: Tracking cookie (Internet Explorer: jim) (Cookie, nothing done)


HitBox: Tracking cookie (Internet Explorer: jim) (Cookie, nothing done)


BurstMedia: Tracking cookie (Internet Explorer: jim) (Cookie, nothing done)


FastClick: Tracking cookie (Internet Explorer: jim) (Cookie, nothing done)


MediaPlex: Tracking cookie (Internet Explorer: jim) (Cookie, nothing done)


BurstMedia: Tracking cookie (Internet Explorer: jim) (Cookie, nothing done)



--- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) ---

2008-01-28 blindman.exe (1.0.0.7)
2008-01-28 SDDelFile.exe (1.0.2.4)
2008-01-28 SDMain.exe (1.0.0.5)
2007-10-07 SDShred.exe (1.0.1.2)
2008-01-28 SDUpdate.exe (1.0.8.8)
2008-01-28 SDWinSec.exe (1.0.0.11)
2008-01-28 SpybotSD.exe (1.5.2.20)
2008-01-28 TeaTimer.exe (1.5.2.16)
2008-04-14 unins000.exe (51.49.0.0)
2008-01-28 Update.exe (1.4.0.6)
2008-01-28 advcheck.dll (1.5.4.5)
2007-04-02 aports.dll (2.1.0.0)
2007-11-17 DelZip179.dll (1.79.7.4)
2008-01-28 SDFiles.dll (1.5.1.19)
2008-01-28 SDHelper.dll (1.5.0.11)
2008-01-28 Tools.dll (2.1.3.3)
2008-04-16 Includes\Adware.sbi (*)
2008-05-21 Includes\AdwareC.sbi (*)
2008-05-21 Includes\Beta.sbi (*)
2007-11-06 Includes\Beta.uti
2008-05-21 Includes\Cookies.sbi (*)
2007-12-26 Includes\Dialer.sbi (*)
2008-05-21 Includes\DialerC.sbi (*)
2008-05-21 Includes\HeavyDuty.sbi (*)
2008-04-30 Includes\Hijackers.sbi (*)
2008-05-21 Includes\HijackersC.sbi (*)
2008-04-30 Includes\Keyloggers.sbi (*)
2008-05-21 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-05-21 Includes\Malware.sbi (*)
2008-05-21 Includes\MalwareC.sbi (*)
2008-03-26 Includes\PUPS.sbi (*)
2008-05-21 Includes\PUPSC.sbi (*)
2008-05-21 Includes\Revision.sbi (*)
2008-01-09 Includes\Security.sbi (*)
2008-05-21 Includes\SecurityC.sbi (*)
2008-04-16 Includes\Spybots.sbi (*)
2008-05-21 Includes\SpybotsC.sbi (*)
2008-04-16 Includes\Spyware.sbi (*)
2008-05-21 Includes\SpywareC.sbi (*)
2007-11-06 Includes\Tracks.uti
2008-05-21 Includes\Trojans.sbi (*)
2008-05-21 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll



--- System information ---
Windows 2003/XPx64 (Build: 3790) Service Pack 2 (5.2.3790)
/ .NETFramework / 1.1: Security Update for Windows Server 2003 (KB933854)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1
/ MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
/ MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
/ MSXML4SP2: Security update for MSXML4 SP2 (KB936181)
/ Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
/ Windows / SP1: Microsoft National Language Support Downlevel APIs
/ Windows Media Player 6.4: Security Update for Windows Media Player 6.4 (KB925398)
/ Windows Server 2003 / SP0: Security Update for Windows Internet Explorer 7 (KB929969)
/ Windows Server 2003 / SP0: Security Update for Windows Internet Explorer 7 (KB931768)
/ Windows Server 2003 / SP0: Security Update for Windows Internet Explorer 7 (KB933566)
/ Windows Server 2003 / SP0: Security Update for Windows Internet Explorer 7 (KB937143)
/ Windows Server 2003 / SP0: Security Update for Windows Internet Explorer 7 (KB938127)
/ Windows Server 2003 / SP0: Security Update for Windows Internet Explorer 7 (KB939653)
/ Windows Server 2003 / SP0: Security Update for Windows Internet Explorer 7 (KB942615)
/ Windows Server 2003 / SP0: Security Update for Windows Internet Explorer 7 (KB944533)
/ Windows Server 2003 / SP0: Security Update for Windows Internet Explorer 7 (KB947864)
/ Windows Server 2003 / SP2: Windows Server 2003 Service Pack 2
/ Windows Server 2003 / SP2: Hotfix for Windows Server 2003 (KB926139)
/ Windows Server 2003 / SP3: Security Update for Windows Server 2003 (KB921503)
/ Windows Server 2003 / SP3: Security Update for Windows Server 2003 (KB924667-v2)
/ Windows Server 2003 / SP3: Update for Windows Server 2003 (KB925876)
/ Windows Server 2003 / SP3: Security Update for Windows Server 2003 (KB925902)
/ Windows Server 2003 / SP3: Security Update for Windows Server 2003 (KB926122)
/ Windows Server 2003 / SP3: Update for Windows Server 2003 (KB927891)
/ Windows Server 2003 / SP3: Security Update for Windows Server 2003 (KB929123)
/ Windows Server 2003 / SP3: Security Update for Windows Server 2003 (KB930178)
/ Windows Server 2003 / SP3: Security Update for Windows Server 2003 (KB931784)
/ Windows Server 2003 / SP3: Update for Windows Server 2003 (KB931836)
/ Windows Server 2003 / SP3: Security Update for Windows Server 2003 (KB932168)
/ Windows Server 2003 / SP3: Update for Windows Server 2003 (KB933360)
/ Windows Server 2003 / SP3: Security Update for Windows Server 2003 (KB933729)
/ Windows Server 2003 / SP3: Security Update for Windows Server 2003 (KB933854)
/ Windows Server 2003 / SP3: Security Update for Windows Server 2003 (KB935839)
/ Windows Server 2003 / SP3: Security Update for Windows Server 2003 (KB935840)
/ Windows Server 2003 / SP3: Security Update for Windows Server 2003 (KB935966)
/ Windows Server 2003 / SP3: Security Update for Windows Server 2003 (KB936021)
/ Windows Server 2003 / SP3: Update for Windows Server 2003 (KB936357)
/ Windows Server 2003 / SP3: Security Update for Windows Server 2003 (KB936782)
/ Windows Server 2003 / SP3: Security Update for Windows Server 2003 (KB941202)
/ Windows Server 2003 / SP3: Security Update for Windows Server 2003 (KB941568)
/ Windows Server 2003 / SP3: Security Update for Windows Server 2003 (KB941569)
/ Windows Server 2003 / SP3: Security Update for Windows Server 2003 (KB941644)
/ Windows Server 2003 / SP3: Security Update for Windows Server 2003 (KB941672)
/ Windows Server 2003 / SP3: Security Update for Windows Server 2003 (KB941693)
/ Windows Server 2003 / SP3: Update for Windows Server 2003 (KB942763)
/ Windows Server 2003 / SP3: Security Update for Windows Server 2003 (KB942830)
/ Windows Server 2003 / SP3: Security Update for Windows Server 2003 (KB942831)
/ Windows Server 2003 / SP3: Security Update for Windows Server 2003 (KB943055)
/ Windows Server 2003 / SP3: Security Update for Windows Server 2003 (KB943460)
/ Windows Server 2003 / SP3: Security Update for Windows Server 2003 (KB943484)
/ Windows Server 2003 / SP3: Security Update for Windows Server 2003 (KB943485)
/ Windows Server 2003 / SP3: Security Update for Windows Server 2003 (KB944653)
/ Windows Server 2003 / SP3: Security Update for Windows Server 2003 (KB945553)
/ Windows Server 2003 / SP3: Security Update for Windows Server 2003 (KB946026)
/ Windows Server 2003 / SP3: Update for Windows Server 2003 (KB948496)
/ Windows Server 2003 / SP3: Security Update for Windows Server 2003 (KB948590)
/ Windows Server 2003 / SP3: Security Update for Windows Server 2003 (KB948881)
/ XML Paper Specification Shared Components Pack 1.0: XML Paper Specification Shared Components Pack 1.0


--- Startup entries list ---
Located: HK_LM:Run,
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
file: D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
size: 39792
MD5: 8B9145D229D4E89D15ACB820D4A3A90F

Located: HK_LM:Run, Carbonite Backup
command: D:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
file: D:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
size: 526272
MD5: 0EDA300B115E2296E83AFC74F25B88C6

Located: HK_LM:Run, CTDVDDet
command: D:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
file: D:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
size: 45056
MD5: 49530EA45EBD73E2C11C74DFEBC30D57

Located: HK_LM:Run, CTHelper
command: CTHELPER.EXE
file: D:\WINDOWS\CTHELPER.EXE
size: 17920
MD5: 866346F3D82F0CA2C7D80AFF41A6E1D3

Located: HK_LM:Run, CTSysVol
command: D:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
file: D:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
size: 49152
MD5: C88806E6C9AE0AD88D20E1BDA995355A

Located: HK_LM:Run, CTxfiHlp
command: CTXFIHLP.EXE
file: D:\WINDOWS\system32\CTXFIHLP.EXE
size: 18944
MD5: 279615246E6343B7C4BADBCB8CF37067

Located: HK_LM:Run, DU Meter
command: D:\Program Files\DU Meter\DUMeter.exe
file: D:\Program Files\DU Meter\DUMeter.exe
size: 1582616
MD5: 4888518F16044D6F386E098D2E0339F4

Located: HK_LM:Run, DWPersistentQueuedReporting
command: D:\PROGRA~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE -a
file: D:\PROGRA~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE
size: 437160
MD5: E108B79EEEE444335A9F300E4C756F6A

Located: HK_LM:Run, Google Desktop Search
command: "D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
file: D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
size: 29744
MD5: B39662E4C237AA25A2CD2379FF508099

Located: HK_LM:Run, IAAnotif
command: D:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
file: D:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
size: 139264
MD5: 8561DC9A6C9BDF4BB0E52C689672BE3D

Located: HK_LM:Run, SunJavaUpdateSched
command: "D:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
file: D:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
size: 144784
MD5: E8C086DA635EB410FEF106CB279ADFBF

Located: HK_LM:Run, UnlockerAssistant
command: "D:\Program Files\Unlocker\UnlockerAssistant.exe"
file: D:\Program Files\Unlocker\UnlockerAssistant.exe
size: 15872
MD5: 403E928BA217E38485009636C793F3C9

Located: HK_LM:Run, UserFaultCheck
command: %systemroot%\system32\dumprep 0 -u
file: D:\WINDOWS\system32\dumprep.exe
size: 15872
MD5: 5351B72962236969F31EB777447A4764

Located: HK_LM:Run, Windows Defender
command: "D:\Program Files\Windows Defender\MSASCui.exe" -hide
file: D:\Program Files\Windows Defender\MSASCui.exe
size: 866584
MD5: 77C03BF23AE56B0A31AE4D5BB4B3D0AC

Located: HK_LM:RunOnce, Spybot - Search & Destroy
command: "D:\Program Files\Spybot\SpybotSD.exe" /autocheck
file: D:\Program Files\Spybot\SpybotSD.exe
size: 5146448
MD5: 2ECA8CDEED7C82F879E766DA92A3561A

Located: HK_CU:Run, Picasa Media Detector
where: .DEFAULT...
command: D:\Program Files\Picasa2\PicasaMediaDetector.exe
file: D:\Program Files\Picasa2\PicasaMediaDetector.exe
size: 443968
MD5: 429C00E25AFA42015311C092E49BFD07

Located: HK_CU:RunOnce, tscuninstall
where: .DEFAULT...
command: %systemroot%\system32\tscupgrd.exe
file: D:\WINDOWS\system32\tscupgrd.exe
size: 44032
MD5: 7092C4A1615F2AE11F52060D1AE01A1D

Located: HK_CU:Run, ctfmon.exe
where: PE_D_ADMINISTRATOR.JIMI...
command: D:\WINDOWS\system32\ctfmon.exe
file: D:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 3A7B9D235519F50E1105C783949B0F70

Located: HK_CU:Run, swg
where: PE_D_ADMINISTRATOR.JIMI...
command: D:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:RunOnce, tscuninstall
where: PE_D_RUNVM1...
command: %systemroot%\system32\tscupgrd.exe
file: D:\WINDOWS\system32\tscupgrd.exe
size: 44032
MD5: 7092C4A1615F2AE11F52060D1AE01A1D

Located: HK_CU:RunOnce, tscuninstall
where: PE_D_RUNVM2...
command: %systemroot%\system32\tscupgrd.exe
file: D:\WINDOWS\system32\tscupgrd.exe
size: 44032
MD5: 7092C4A1615F2AE11F52060D1AE01A1D

Located: HK_CU:RunOnce, tscuninstall
where: PE_D_RUNVM3...
command: %systemroot%\system32\tscupgrd.exe
file: D:\WINDOWS\system32\tscupgrd.exe
size: 44032
MD5: 7092C4A1615F2AE11F52060D1AE01A1D

Located: HK_CU:RunOnce, tscuninstall
where: PE_D_VIRMAOP1...
command: %systemroot%\system32\tscupgrd.exe
file: D:\WINDOWS\system32\tscupgrd.exe
size: 44032
MD5: 7092C4A1615F2AE11F52060D1AE01A1D

Located: HK_CU:RunOnce, tscuninstall
where: S-1-5-20...
command: %systemroot%\system32\tscupgrd.exe
file: D:\WINDOWS\system32\tscupgrd.exe
size: 44032
MD5: 7092C4A1615F2AE11F52060D1AE01A1D

Located: HK_CU:Run, MoeMonitor.exe
where: S-1-5-21-2651810970-398142656-2047231890-1111...
command: "D:\Documents and Settings\jim\Local Settings\Application Data\Microsoft\Live Mesh\Bin\Servicing\0.9.2815.12\MoeMonitor.exe"
file: D:\Documents and Settings\jim\Local Settings\Application Data\Microsoft\Live Mesh\Bin\Servicing\0.9.2815.12\MoeMonitor.exe
size: 1187840
MD5: BA5A6926BD714A122B1C6AA360451075

Located: HK_CU:Run, PlaxoUpdate
where: S-1-5-21-2651810970-398142656-2047231890-1111...
command: D:\Program Files\Plaxo\3.11.0.27\PlaxoHelper_en.exe -a -t
file: D:\Program Files\Plaxo\3.11.0.27\PlaxoHelper_en.exe
size: 297031
MD5: 55EF11EE86C9F26F4EABAA11BE0773E6

Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-2651810970-398142656-2047231890-1111...
command: D:\Program Files\Spybot\TeaTimer.exe
file: D:\Program Files\Spybot\TeaTimer.exe
size: 2097488
MD5: A9A5DB6AC3721BE698B996913693D73F

Located: HK_CU:Run, swg
where: S-1-5-21-2651810970-398142656-2047231890-1111...
command: D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
file: D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
size: 68856
MD5: E616A6A6E91B0A86F2F6217CDE835FFE

Located: HK_CU:Run, Weather
where: S-1-5-21-2651810970-398142656-2047231890-1111...
command: D:\Program Files\AWS\WeatherBug\Weather.exe 1
file: D:\Program Files\AWS\WeatherBug\Weather.exe
size: 1343488
MD5: 921DFCF6CCC7B71021A62D24162F426B

Located: HK_CU:Run, Picasa Media Detector
where: S-1-5-18...
command: D:\Program Files\Picasa2\PicasaMediaDetector.exe
file: D:\Program Files\Picasa2\PicasaMediaDetector.exe
size: 443968
MD5: 429C00E25AFA42015311C092E49BFD07

Located: HK_CU:RunOnce, tscuninstall
where: S-1-5-18...
command: %systemroot%\system32\tscupgrd.exe
file: D:\WINDOWS\system32\tscupgrd.exe
size: 44032
MD5: 7092C4A1615F2AE11F52060D1AE01A1D

Located: Startup (common), Windows Desktop Search.lnk
where: D:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: D:\Program Files\Windows Desktop Search\WindowsSearch.exe
file: D:\Program Files\Windows Desktop Search\WindowsSearch.exe
size: 118784
MD5: 946467B375D696FA073A6B9370A4C6CE

Located: Startup (user), OneNote 2007 Screen Clipper and Launcher.lnk
where: D:\Documents and Settings\jim\Start Menu\Programs\Startup...
command: D:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
file: D:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
size: 101784
MD5: 24F5015DEB7C744DDF34CD786B6FA03F

Located: Startup (user), Shortcut to procexp.lnk
where: D:\Documents and Settings\jim\Start Menu\Programs\Startup...
command: D:\Program Files\SysInternals\procexp.exe
file: D:\Program Files\SysInternals\procexp.exe
size: 3623736
MD5: 483FEF27D086863DA3C433D96A6A06B4

Located: WinLogon, AtiExtEvent
command: Ati2evxx.dll
file: Ati2evxx.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, dimsntfy
command: dimsntfy.dll
file: dimsntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, hgGXNDsT
command: hgGXNDsT.dll
file: hgGXNDsT.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, LMIinit
command: LMIinit.dll
file: LMIinit.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, wlcrdplauncher
command: D:\Program Files\Live Mesh\Remote Desktop\wlcrdplauncher.dll
file: D:\Program Files\Live Mesh\Remote Desktop\wlcrdplauncher.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!



--- Browser helper object list ---
{00011268-E188-40DF-A514-835FCD78B1BF} (IE7Pro)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: IE7Pro
CLSID name: IE7Pro BHO
Path: D:\Program Files\IEPro\
Long name: IEPro.dll
Short name:
Date (created): 3/31/2008 5:56:32 AM
Date (last access): 5/27/2008 12:26:48 AM
Date (last write): 3/31/2008 5:56:32 AM
Filesize: 728168
Attributes: archive
MD5: 3F010C7D68756E290348AAECA3A139C8
CRC32: 02301AE4
Version: 2.2.0.4

{07A11D74-9D25-4fea-A833-8B0D76A5577A} (CmjBrowserHelperObject Object)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: CmjBrowserHelperObject Object
Path: D:\Program Files\Mindjet\MindManager 7\
Long name: Mm7InternetExplorer.dll
Short name:
Date (created): 12/17/2007 12:35:36 AM
Date (last access): 5/27/2008 12:13:38 AM
Date (last write): 12/17/2007 12:35:36 AM
Filesize: 70944
Attributes: archive
MD5: 1941A79DA15F1C5AF213A2212BEE54C3
CRC32: E63F9BDC
Version: 7.1.388.0

{1A1DAC8C-074D-440F-8707-7009A672D7D1} (IEToolbarBHO Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: IEToolbarBHO Class
Path: D:\Program Files\LinkedIn\IE Toolbar\3.0.3.1100\
Long name: LinkedInIEToolbar.dll
Short name:
Date (created): 7/25/2007 3:16:12 PM
Date (last access): 5/26/2008 11:12:18 PM
Date (last write): 7/25/2007 3:16:12 PM
Filesize: 1421312
Attributes: archive
MD5: D2757D9F5AB96502840B6942AB5930A3
CRC32: 11A2578F
Version: 3.0.3.1100

{2A06127E-AB34-40AF-9718-2FD20067DB14} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
Path: D:\WINDOWS\system32\
Long name: wvUmkHax.dll
Short name:
Date (created): 5/26/2008 6:09:20 PM
Date (last access): 5/27/2008 12:14:00 AM
Date (last write): 5/26/2008 6:09:20 PM
Filesize: 318848
Attributes: archive
MD5: ECF1E1C09CE459D6BA4592F14EADAF75
CRC32: D013C9B1

{4A3F62A9-AFEB-4543-AE4D-DC2442444E64} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
Path: D:\WINDOWS\system32\
Long name: hgGXNDsT.dll
Short name:
Date (created): 5/25/2008 3:40:10 AM
Date (last access): 5/27/2008 12:08:50 AM
Date (last write): 5/25/2008 3:40:10 AM
Filesize: 29824
Attributes: archive
MD5: BBE4A05159942B6F74E2D75E835904DC
CRC32: 69220D8A

{6462546F-70AE-4abc-B2B6-BE68E9410002} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:

{7E853D72-626A-48EC-A868-BA8D5E23E045} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:

{84053DA7-03DE-4FB6-80AE-202C04691D8A} (Diigo Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Diigo Toolbar Helper
Path: D:\Program Files\Diigo\
Long name: DiigoToolbar.3.0.55.dll
Short name:
Date (created): 4/21/2008 12:01:46 AM
Date (last access): 5/26/2008 11:12:18 PM
Date (last write): 4/21/2008 12:01:46 AM
Filesize: 1661952
Attributes: archive
MD5: B936884B96EE1F6F1BA0DEB44003E2B2
CRC32: 09558AFF
Version: 1.0.0.1

{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Helper
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll<br>googletoolbar*.dll<br>(* = number)<br>googletoolbar_en_*.**-big.dll<br>Googletoolbar_en_*.*.**-deleon.dll
info link: http://toolbar.google.com/
info source: TonyKlein
Path: d:\program files\google\
Long name: GoogleToolbar1.dll
Short name:
Date (created): 1/1/2008 7:15:54 PM
Date (last access): 5/26/2008 11:12:18 PM
Date (last write): 1/1/2008 7:15:54 PM
Filesize: 3253368
Attributes: readonly archive
MD5: F859836CD16AD80C1B0A082A74BB2696
CRC32: 7D910F3A
Version: 5.0.1112.3348

{AC41D38F-B56D-40AD-94E0-B493D130C959} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Notifier BHO
Path: D:\Program Files\Google\GoogleToolbarNotifier\3.0.914.9778\
Long name: swg.dll

{B20C99D2-1654-421C-B87A-618F46DBC2A3} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
Path: D:\WINDOWS\system32\
Long name: fccyvTMd.dll

{CC7E636D-39AA-49b6-B511-65413DA137A1} (IE Developer Toolbar BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: IE Developer Toolbar BHO
Path: D:\Program Files\Microsoft\Internet Explorer Developer Toolbar\
Long name: IEDevToolbar.dll
Short name:
Date (created): 3/1/2007 3:05:42 PM
Date (last access): 5/27/2008 12:26:48 AM
Date (last write): 3/1/2007 3:05:42 PM
Filesize: 623992
Attributes: archive
MD5: D89FBD68928E85F266CF8F4162719B9B
CRC32: B1353241
Version: 1.0.2188.0

{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:






***********************************************************
HijackThis Log File:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:05:32 AM, on 5/27/2008
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Windows Defender\MsMpEng.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\certsrv.exe
D:\WINDOWS\system32\CTsvcCDA.exe
D:\WINDOWS\System32\dns.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
D:\WINDOWS\system32\inetsrv\inetinfo.exe
D:\Program Files\UPHClean\uphclean.exe
D:\WINDOWS\System32\vssvc.exe
D:\Program Files\Live Mesh\Remote Desktop\wlcrasvc.exe
D:\Program Files\Xobni\XobniService.exe
D:\WINDOWS\system32\tcpsvcs.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
D:\Program Files\DU Meter\DUMeter.exe
D:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
D:\Program Files\Windows Defender\MSASCui.exe
D:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
D:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
D:\WINDOWS\CTHELPER.EXE
D:\Program Files\Unlocker\UnlockerAssistant.exe
D:\Program Files\Plaxo\3.11.0.27\PlaxoHelper_en.exe
D:\Program Files\Spybot\TeaTimer.exe
D:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
D:\Program Files\SysInternals\procexp.exe
D:\WINDOWS\system32\SearchIndexer.exe
D:\Program Files\Mozilla Firefox RC1\firefox.exe
D:\WINDOWS\system32\SearchProtocolHost.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O3 - Toolbar: Diigo Toolbar - {09197FFB-C236-4153-B268-31051E4F3B6C} - D:\Program Files\Diigo\DiigoToolbar.3.0.55.dll
O3 - Toolbar: LinkedIn Toolbar - {BB670D0B-5C46-40C7-B38B-40DD26987723} - D:\Program Files\LinkedIn\IE Toolbar\3.0.3.1100\LinkedinIEToolbar.dll
O4 - HKLM\..\Run: [IAAnotif] D:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DU Meter] D:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [CTSysVol] D:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] D:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [Windows Defender] "D:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [DWPersistentQueuedReporting] D:\PROGRA~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE -a
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Carbonite Backup] D:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UnlockerAssistant] "D:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [Weather] D:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PlaxoUpdate] D:\Program Files\Plaxo\3.11.0.27\PlaxoHelper_en.exe -a -t
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot\TeaTimer.exe
O4 - HKCU\..\Run: [MoeMonitor.exe] "D:\Documents and Settings\jim\Local Settings\Application Data\Microsoft\Live Mesh\Bin\Servicing\0.9.2815.12\MoeMonitor.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = D:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Shortcut to procexp.lnk = D:\Program Files\SysInternals\procexp.exe
O4 - Global Startup: Windows Desktop Search.lnk = D:\Program Files\Windows Desktop Search\WindowsSearch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to &Windows Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Copy As Html - D:\Program Files\Fillmore Technology Group\Utilities\IE\CopyHtmlTextIE.html
O8 - Extra context menu item: Copy As Plain Text - D:\Program Files\Fillmore Technology Group\Utilities\IE\CopyPlainTextIE.html
O8 - Extra context menu item: Download with GetRight - D:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Linked&In Search - res://D:\Program Files\LinkedIn\IE Toolbar\3.0.3.1100\LinkedinIEToolbar.dll/ContextMenu.htm
O8 - Extra context menu item: Open Link Target in Firefox - file://D:\Documents and Settings\jim\Application Data\Mozilla\Firefox\Profiles\7wmb6xy7.jim-ff3.0b4\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewlink.html
O8 - Extra context menu item: Open with GetRight Browser - D:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: View This Page in Firefox - file://D:\Documents and Settings\jim\Application Data\Mozilla\Firefox\Profiles\7wmb6xy7.jim-ff3.0b4\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewpage.html
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - D:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - D:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - D:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Send to Mindjet MindManager - {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - D:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
O9 - Extra button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "D:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra 'Tools' menuitem: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "D:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\Spybot\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\Spybot\SDHelper.dll
O15 - Trusted Zone: http://order.1and1.com
O15 - Trusted Zone: http://www.acxede.net
O15 - Trusted Zone: http://www.adobe.com
O15 - Trusted Zone: http://ati.amd.com
O15 - Trusted Zone: http://www.americanthinker.com
O15 - Trusted Zone: http://www.wireless.att.com
O15 - Trusted Zone: http://*.attblueroom.com
O15 - Trusted Zone: http://*.bellsouth.com
O15 - Trusted Zone: http://na.blackberry.com
O15 - Trusted Zone: http://2164th.blogspot.com
O15 - Trusted Zone: http://www.cameraware.com
O15 - Trusted Zone: http://www.careerbuilder.com
O15 - Trusted Zone: http://www.cbn.com
O15 - Trusted Zone: http://www.chase.com
O15 - Trusted Zone: http://www.codeplex.com
O15 - Trusted Zone: http://us.creative.com
O15 - Trusted Zone: http://support.dell.com
O15 - Trusted Zone: http://www.dellfinancialservices.com
O15 - Trusted Zone: http://*.digg.com
O15 - Trusted Zone: http://msstore.digitalriver.com
O15 - Trusted Zone: http://forum.diigo.com
O15 - Trusted Zone: http://groups.diigo.com
O15 - Trusted Zone: http://www.diigo.com
O15 - Trusted Zone: http://demo.dotnetnuke.com
O15 - Trusted Zone: http://www.dslreports.com
O15 - Trusted Zone: http://www.dvd-guides.com
O15 - Trusted Zone: http://www.dynamics.com
O15 - Trusted Zone: http://listings.ebay.com
O15 - Trusted Zone: http://my.ebay.com
O15 - Trusted Zone: http://search.stores.ebay.com
O15 - Trusted Zone: http://bt.etree.org
O15 - Trusted Zone: http://*.eventid.net
O15 - Trusted Zone: http://www.eworkmarkets.com
O15 - Trusted Zone: http://www.examiner.com
O15 - Trusted Zone: http://exg3.exghost.com
O15 - Trusted Zone: http://*.expressionengine.com
O15 - Trusted Zone: http://*.flsleaders.org
O15 - Trusted Zone: http://www.fordcredit.com
O15 - Trusted Zone: cc.gas-south.com
O15 - Trusted Zone: http://www.geoaccess.com
O15 - Trusted Zone: http://*.gigaom.com
O15 - Trusted Zone: http://www.gildertech.com
O15 - Trusted Zone: http://v4.globalmentoring.com
O15 - Trusted Zone: appsgrid.goodbarry.com
O15 - Trusted Zone: http://appsgrid01.goodbarry.com
O15 - Trusted Zone: http://appsgrid02.goodbarry.com
O15 - Trusted Zone: http://themeridiangroup.goodbarry.com
O15 - Trusted Zone: www.goodbarry.com (http://www.goodbarry.com)
O15 - Trusted Zone: http://*.goodbarry.com
O15 - Trusted Zone: http://host1.gotvoice.com
O15 - Trusted Zone: http://www1.icareers.com
O15 - Trusted Zone: http://www.ie7pro.com
O15 - Trusted Zone: http://www.intermedia.net
O15 - Trusted Zone: http://www.istockphoto.com
O15 - Trusted Zone: http://www.jobfox.com
O15 - Trusted Zone: http://www.kaspersky.com
O15 - Trusted Zone: http://www1.kiwee.com
O15 - Trusted Zone: http://www.kudzu.com
O15 - Trusted Zone: http://www.latimes.com
O15 - Trusted Zone: http://*.lifehacker.com
O15 - Trusted Zone: http://www.linkedin.com
O15 - Trusted Zone: http://*.skydrive.live.com
O15 - Trusted Zone: http://bl131w.blu131.mail.live.com
O15 - Trusted Zone: http://gallery.live.com
O15 - Trusted Zone: http://get.live.com
O15 - Trusted Zone: http://login.live.com
O15 - Trusted Zone: http://search.live.com
O15 - Trusted Zone: http://www.luckymarble.com
O15 - Trusted Zone: http://www.makeitsimple.com
O15 - Trusted Zone: http://www.michaelyon-online.com
O15 - Trusted Zone: http://www.mindjet.com
O15 - Trusted Zone: *.mozilla.com
O15 - Trusted Zone: http://wiki.mozilla.org
O15 - Trusted Zone: *.mozilla.org
O15 - Trusted Zone: http://blogs.msdn.com
O15 - Trusted Zone: http://moneycentral.msn.com
O15 - Trusted Zone: http://www.msn.com
O15 - Trusted Zone: http://controlpanel.msoutlookonline.net
O15 - Trusted Zone: http://www.myajc.com
O15 - Trusted Zone: http://*.myofficelivecommunity.com
O15 - Trusted Zone: http://blog.myspace.com
O15 - Trusted Zone: http://*.myspace.com
O15 - Trusted Zone: http://corner.nationalreview.com
O15 - Trusted Zone: http://www.nationalreview.com
O15 - Trusted Zone: http://www.newgroundtech.com
O15 - Trusted Zone: http://www.newgroundtech.net
O15 - Trusted Zone: http://*.newgroundtech.net
O15 - Trusted Zone: http://dev.officelive.com
O15 - Trusted Zone: http://home.officelive.com
O15 - Trusted Zone: http://newground.officelive.com
O15 - Trusted Zone: http://newground.tech.officelive.com
O15 - Trusted Zone: http://newgroundtechofficelivecom.officelive.com
O15 - Trusted Zone: http://smallbusiness.officelive.com
O15 - Trusted Zone: http://www.officelive.com
O15 - Trusted Zone: http://www.paperhouseonline.com
O15 - Trusted Zone: http://www.paypal.com
O15 - Trusted Zone: http://demo.pmachine.com
O15 - Trusted Zone: http://*.powerlineblog.com
O15 - Trusted Zone: http://www.readwriteweb.com
O15 - Trusted Zone: http://www.serverwatch.com
O15 - Trusted Zone: http://www.shopify.info
O15 - Trusted Zone: http://*.silverlight.net
O15 - Trusted Zone: http://www.sirius.com
O15 - Trusted Zone: http://cpanel.siteground137.com
O15 - Trusted Zone: http://www.smbnation.com
O15 - Trusted Zone: http://center.spoke.com
O15 - Trusted Zone: http://investors.sprint.com
O15 - Trusted Zone: http://www.techcrunch.com
O15 - Trusted Zone: http://corporatedealmaker.thedealblogs.com
O15 - Trusted Zone: http://www.themeridiangroup.biz
O15 - Trusted Zone: http://920wgka.townhall.com
O15 - Trusted Zone: http://*.townhall.com
O15 - Trusted Zone: http://esupport.trendmicro.com
O15 - Trusted Zone: http://housecall.trendmicro.com
O15 - Trusted Zone: http://housecall65.trendmicro.com
O15 - Trusted Zone: http://*.turbotax.com
O15 - Trusted Zone: http://en.wikipedia.org
O15 - Trusted Zone: http://www.windowsmarketplace.com
O15 - Trusted Zone: download.windowsupdate.com
O15 - Trusted Zone: http://download.windowsupdate.com
O15 - Trusted Zone: downloads.windowsupdate.com
O15 - Trusted Zone: http://online.wsj.com
O15 - Trusted Zone: http://www.wssdemo.com
O15 - Trusted Zone: http://www.xchangemag.com
O15 - Trusted Zone: http://www.stuff.yellowswordfish.com
O15 - Trusted Zone: http://www.youtube.com
O15 - Trusted Zone: http://crm.zoho.com
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {03B39B10-9AB9-4DBB-8189-7F76E0CE5F3F} (FavImport Class) - https://favorites.live.com/cab/ImportAx.cab?v=13,0,1609,00
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SYSSCANNER.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.3.5.cab
O16 - DPF: {4A57CD04-E031-4E91-A896-DD6EADAEA48D} - https://na2.salesforce.com/setup/outlook/setups2/install.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1182447780463
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182447771338
O16 - DPF: {70F72504-0622-45B0-87A1-19F4C40BBBA2} (PortPingCOM Class) - https://controlpanel.msoutlookonline.net/Customization/Downloads/PortPingCOM.DLL
O16 - DPF: {7C896371-4B7F-4B34-95B1-24851F5DED24} (Microsoft Virtual Server VMRC Control) - http://jimi.corp.newgroundtech.com:1024/VirtualServer/activex/VMRCActiveXClient.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://newgroundtechblog.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
O16 - DPF: {9BBB3919-F518-4D06-8209-299FC243FC30} -
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) -
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} (Java Plug-in 1.6.0) -
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {D3CCEFAF-8EE1-40FE-BE25-366E2B016DAB} (Microsoft Virtual Server VMRC Control) - http://jimi.corp.newgroundtech.com:1024/VirtualServer/activex/VMRCActiveXClient.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://webexevents.webex.com/client/T23L/event/ieatgpc.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.newgroundtech.com
O17 - HKLM\Software\..\Telephony: DomainName = corp.newgroundtech.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C498A6B-F42B-48F0-96F5-E2EF5EE9FB0D}: Domain = vnet
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C498A6B-F42B-48F0-96F5-E2EF5EE9FB0D}: NameServer = 192.168.1.10
O17 - HKLM\System\CCS\Services\Tcpip\..\{CE5607CF-9995-4613-A29D-562E530F08B5}: NameServer = 192.168.1.10
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = corp.newgroundtech.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = corp.newgroundtech.com
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = corp.newgroundtech.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O20 - AppInit_DLLs: "D:\PROGRA~1\Google\Google Desktop Search\GoogleDesktopNetwork3.dll"
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apache2.2 - Apache Software Foundation - D:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) - Google Inc. - D:\Program Files\Google\Common\Update\1.0.49.0\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - D:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - D:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Roxio UPnP Renderer 9 - Unknown owner - D:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe (file missing)
O23 - Service: Roxio Upnp Server 9 - Unknown owner - D:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe (file missing)
O23 - Service: RoxMediaDB9 - Unknown owner - D:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (file missing)
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Unknown owner - D:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (file missing)
O23 - Service: XobniService - Xobni Corporation - D:\Program Files\Xobni\XobniService.exe

--
End of file - 20704 bytes

Hello jwm4atl

Welcome to Safer Networking.

Please read Before YouPost (http://forums.spybot.info/showthread.php?t=288)
That said, All advice given by anyone volunteering here, is taken at own risk.
While best efforts are made to assist in removing infections safely, unexpected stuff can happen.

Since this computer is networked its important to download the programs we need to use and then disconnect from the network by unplugging the lan cable.

Please download Malwarebytes' Anti-Malware from Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html) or Here (http://www.besttechie.net/tools/mbam-setup.exe)

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and Paste the entire report in your next reply along with a Hijackthis log.

Please note that while waiting for a response, I began to follow the instructions provided ad majorgeeks.com for removing this malware. That included running SuperAntiSpyware, which identified and removed over 20 entries identified as Virtumonde. I then ran Spybot which showed no "problems". Next on their list was MalwareBytes Anti-Malware. I happened to return here in time to see that it was your suggestion as well. So I ran it next and the results are provided below.

MalwareBytes Anti-Malware identified five problems and quarantined them. Although it attempted to generate a log file, it asked if there were certain directories (like D:\documents and D:\Documents and Settings\<username>\and) which i did not permit. The resulting log file was empty. Please advise regarding next steps.

Here are the five entries it quarantined:

Trojan.FakeAlert - D:\Windows\edwf.exe
Malware.Trace - D:\Windows\cookies.ini
Malware.Trace - HKEY_Current_User\Software\Microsoft\affri
Trojan.FakeAlert - HKEY_Classes_Root\Interface\{14a9da84-0c80-4520-8452-f5c7c911a003}
Malware.Trace - HKEY_Local_Machine\Software\Microsoft\affri



HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:03:39 PM, on 5/28/2008
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Windows Defender\MsMpEng.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\certsrv.exe
D:\WINDOWS\system32\CTsvcCDA.exe
D:\WINDOWS\System32\dns.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
D:\WINDOWS\system32\inetsrv\inetinfo.exe
D:\Program Files\UPHClean\uphclean.exe
D:\WINDOWS\System32\vssvc.exe
D:\WINDOWS\system32\tcpsvcs.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
D:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\CTHELPER.EXE
D:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
D:\Program Files\SysInternals\procexp.exe
D:\WINDOWS\system32\SearchIndexer.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Mozilla Firefox RC1\firefox.exe
D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - D:\Program Files\IEPro\iepro.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CmjBrowserHelperObject Object - {07A11D74-9D25-4fea-A833-8B0D76A5577A} - D:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
O2 - BHO: (no name) - {10284D2A-01C4-460C-AC83-EF1AE1A25B2F} - (no file)
O2 - BHO: IEToolbarBHO Class - {1A1DAC8C-074D-440F-8707-7009A672D7D1} - D:\Program Files\LinkedIn\IE Toolbar\3.0.3.1100\LinkedinIEToolbar.dll
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - D:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {4A3F62A9-AFEB-4543-AE4D-DC2442444E64} - (no file)
O2 - BHO: (no name) - {6462546F-70AE-4abc-B2B6-BE68E9410002} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Diigo Toolbar Helper - {84053DA7-03DE-4FB6-80AE-202C04691D8A} - D:\Program Files\Diigo\DiigoToolbar.3.0.55.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AC41D38F-B56D-40AD-94E0-B493D130C959} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\3.0.914.9778\swg.dll (file missing)
O2 - BHO: (no name) - {B20C99D2-1654-421C-B87A-618F46DBC2A3} - D:\WINDOWS\system32\fccyvTMd.dll (file missing)
O2 - BHO: IE Developer Toolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - D:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O2 - BHO: (no name) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O3 - Toolbar: Diigo Toolbar - {09197FFB-C236-4153-B268-31051E4F3B6C} - D:\Program Files\Diigo\DiigoToolbar.3.0.55.dll
O3 - Toolbar: LinkedIn Toolbar - {BB670D0B-5C46-40C7-B38B-40DD26987723} - D:\Program Files\LinkedIn\IE Toolbar\3.0.3.1100\LinkedinIEToolbar.dll
O4 - HKLM\..\Run: [IAAnotif] D:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DU Meter] D:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [CTSysVol] D:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] D:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [Windows Defender] "D:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [DWPersistentQueuedReporting] D:\PROGRA~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE -a
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Carbonite Backup] D:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UnlockerAssistant] "D:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [Weather] D:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PlaxoUpdate] D:\Program Files\Plaxo\3.11.0.27\PlaxoHelper_en.exe -a -t
O4 - HKCU\..\Run: [MoeMonitor.exe] "D:\Documents and Settings\jim\Local Settings\Application Data\Microsoft\Live Mesh\Bin\Servicing\0.9.2815.12\MoeMonitor.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = D:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Shortcut to procexp.lnk = D:\Program Files\SysInternals\procexp.exe
O4 - Global Startup: Windows Desktop Search.lnk = D:\Program Files\Windows Desktop Search\WindowsSearch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to &Windows Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Copy As Html - D:\Program Files\Fillmore Technology Group\Utilities\IE\CopyHtmlTextIE.html
O8 - Extra context menu item: Copy As Plain Text - D:\Program Files\Fillmore Technology Group\Utilities\IE\CopyPlainTextIE.html
O8 - Extra context menu item: Download with GetRight - D:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Linked&In Search - res://D:\Program Files\LinkedIn\IE Toolbar\3.0.3.1100\LinkedinIEToolbar.dll/ContextMenu.htm
O8 - Extra context menu item: Open Link Target in Firefox - file://D:\Documents and Settings\jim\Application Data\Mozilla\Firefox\Profiles\7wmb6xy7.jim-ff3.0b4\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewlink.html
O8 - Extra context menu item: Open with GetRight Browser - D:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: View This Page in Firefox - file://D:\Documents and Settings\jim\Application Data\Mozilla\Firefox\Profiles\7wmb6xy7.jim-ff3.0b4\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewpage.html
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - D:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - D:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - D:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Send to Mindjet MindManager - {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - D:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
O9 - Extra button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "D:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra 'Tools' menuitem: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "D:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O15 - Trusted Zone: http://order.1and1.com
O15 - Trusted Zone: http://www.acxede.net
O15 - Trusted Zone: http://www.adobe.com
O15 - Trusted Zone: http://ati.amd.com
O15 - Trusted Zone: http://www.americanthinker.com
O15 - Trusted Zone: http://www.wireless.att.com
O15 - Trusted Zone: http://*.attblueroom.com
O15 - Trusted Zone: http://*.bellsouth.com
O15 - Trusted Zone: http://na.blackberry.com
O15 - Trusted Zone: http://2164th.blogspot.com
O15 - Trusted Zone: http://www.cameraware.com
O15 - Trusted Zone: http://www.careerbuilder.com
O15 - Trusted Zone: http://www.cbn.com
O15 - Trusted Zone: http://www.chase.com
O15 - Trusted Zone: http://www.codeplex.com
O15 - Trusted Zone: http://us.creative.com
O15 - Trusted Zone: http://support.dell.com
O15 - Trusted Zone: http://www.dellfinancialservices.com
O15 - Trusted Zone: http://*.digg.com
O15 - Trusted Zone: http://msstore.digitalriver.com
O15 - Trusted Zone: http://forum.diigo.com
O15 - Trusted Zone: http://groups.diigo.com
O15 - Trusted Zone: http://www.diigo.com
O15 - Trusted Zone: http://demo.dotnetnuke.com
O15 - Trusted Zone: http://www.dslreports.com
O15 - Trusted Zone: http://www.dvd-guides.com
O15 - Trusted Zone: http://www.dynamics.com
O15 - Trusted Zone: http://listings.ebay.com
O15 - Trusted Zone: http://my.ebay.com
O15 - Trusted Zone: http://search.stores.ebay.com
O15 - Trusted Zone: http://bt.etree.org
O15 - Trusted Zone: http://*.eventid.net
O15 - Trusted Zone: http://www.eworkmarkets.com
O15 - Trusted Zone: http://www.examiner.com
O15 - Trusted Zone: http://exg3.exghost.com
O15 - Trusted Zone: http://*.expressionengine.com
O15 - Trusted Zone: http://*.flsleaders.org
O15 - Trusted Zone: http://www.fordcredit.com
O15 - Trusted Zone: cc.gas-south.com
O15 - Trusted Zone: http://www.geoaccess.com
O15 - Trusted Zone: http://*.gigaom.com
O15 - Trusted Zone: http://www.gildertech.com
O15 - Trusted Zone: http://v4.globalmentoring.com
O15 - Trusted Zone: appsgrid.goodbarry.com
O15 - Trusted Zone: http://appsgrid01.goodbarry.com
O15 - Trusted Zone: http://appsgrid02.goodbarry.com
O15 - Trusted Zone: http://themeridiangroup.goodbarry.com
O15 - Trusted Zone: www.goodbarry.com
O15 - Trusted Zone: http://*.goodbarry.com
O15 - Trusted Zone: http://host1.gotvoice.com
O15 - Trusted Zone: http://www1.icareers.com
O15 - Trusted Zone: http://www.ie7pro.com
O15 - Trusted Zone: http://www.intermedia.net
O15 - Trusted Zone: http://www.istockphoto.com
O15 - Trusted Zone: http://www.jobfox.com
O15 - Trusted Zone: http://www.kaspersky.com
O15 - Trusted Zone: http://www1.kiwee.com
O15 - Trusted Zone: http://www.kudzu.com
O15 - Trusted Zone: http://www.latimes.com
O15 - Trusted Zone: http://*.lifehacker.com
O15 - Trusted Zone: http://www.linkedin.com
O15 - Trusted Zone: http://*.skydrive.live.com
O15 - Trusted Zone: http://bl131w.blu131.mail.live.com
O15 - Trusted Zone: http://gallery.live.com
O15 - Trusted Zone: http://get.live.com
O15 - Trusted Zone: http://login.live.com
O15 - Trusted Zone: http://search.live.com
O15 - Trusted Zone: http://www.luckymarble.com
O15 - Trusted Zone: http://www.makeitsimple.com
O15 - Trusted Zone: http://www.michaelyon-online.com
O15 - Trusted Zone: http://www.mindjet.com
O15 - Trusted Zone: *.mozilla.com
O15 - Trusted Zone: http://wiki.mozilla.org
O15 - Trusted Zone: *.mozilla.org
O15 - Trusted Zone: http://blogs.msdn.com
O15 - Trusted Zone: http://moneycentral.msn.com
O15 - Trusted Zone: http://www.msn.com
O15 - Trusted Zone: http://controlpanel.msoutlookonline.net
O15 - Trusted Zone: http://www.myajc.com
O15 - Trusted Zone: http://*.myofficelivecommunity.com
O15 - Trusted Zone: http://blog.myspace.com
O15 - Trusted Zone: http://*.myspace.com
O15 - Trusted Zone: http://corner.nationalreview.com
O15 - Trusted Zone: http://www.nationalreview.com
O15 - Trusted Zone: http://www.newgroundtech.com
O15 - Trusted Zone: http://www.newgroundtech.net
O15 - Trusted Zone: http://*.newgroundtech.net
O15 - Trusted Zone: http://dev.officelive.com
O15 - Trusted Zone: http://home.officelive.com
O15 - Trusted Zone: http://newground.officelive.com
O15 - Trusted Zone: http://newground.tech.officelive.com
O15 - Trusted Zone: http://newgroundtechofficelivecom.officelive.com
O15 - Trusted Zone: http://smallbusiness.officelive.com
O15 - Trusted Zone: http://www.officelive.com
O15 - Trusted Zone: http://www.paperhouseonline.com
O15 - Trusted Zone: http://www.paypal.com
O15 - Trusted Zone: http://demo.pmachine.com
O15 - Trusted Zone: http://*.powerlineblog.com
O15 - Trusted Zone: http://www.readwriteweb.com
O15 - Trusted Zone: http://www.serverwatch.com
O15 - Trusted Zone: http://www.shopify.info
O15 - Trusted Zone: http://*.silverlight.net
O15 - Trusted Zone: http://www.sirius.com
O15 - Trusted Zone: http://cpanel.siteground137.com
O15 - Trusted Zone: http://www.smbnation.com
O15 - Trusted Zone: http://center.spoke.com
O15 - Trusted Zone: http://investors.sprint.com
O15 - Trusted Zone: http://www.techcrunch.com
O15 - Trusted Zone: http://corporatedealmaker.thedealblogs.com
O15 - Trusted Zone: http://www.themeridiangroup.biz
O15 - Trusted Zone: http://920wgka.townhall.com
O15 - Trusted Zone: http://*.townhall.com
O15 - Trusted Zone: http://esupport.trendmicro.com
O15 - Trusted Zone: http://housecall.trendmicro.com
O15 - Trusted Zone: http://housecall65.trendmicro.com
O15 - Trusted Zone: http://*.turbotax.com
O15 - Trusted Zone: http://en.wikipedia.org
O15 - Trusted Zone: http://www.windowsmarketplace.com
O15 - Trusted Zone: download.windowsupdate.com
O15 - Trusted Zone: http://download.windowsupdate.com
O15 - Trusted Zone: downloads.windowsupdate.com
O15 - Trusted Zone: http://online.wsj.com
O15 - Trusted Zone: http://www.wssdemo.com
O15 - Trusted Zone: http://www.xchangemag.com
O15 - Trusted Zone: http://www.stuff.yellowswordfish.com
O15 - Trusted Zone: http://www.youtube.com
O15 - Trusted Zone: http://crm.zoho.com
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {03B39B10-9AB9-4DBB-8189-7F76E0CE5F3F} (FavImport Class) - https://favorites.live.com/cab/ImportAx.cab?v=13,0,1609,00
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SYSSCANNER.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.3.5.cab
O16 - DPF: {4A57CD04-E031-4E91-A896-DD6EADAEA48D} - https://na2.salesforce.com/setup/outlook/setups2/install.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1182447780463
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182447771338
O16 - DPF: {70F72504-0622-45B0-87A1-19F4C40BBBA2} (PortPingCOM Class) - https://controlpanel.msoutlookonline.net/Customization/Downloads/PortPingCOM.DLL
O16 - DPF: {7C896371-4B7F-4B34-95B1-24851F5DED24} (Microsoft Virtual Server VMRC Control) - http://jimi.corp.newgroundtech.com:1024/VirtualServer/activex/VMRCActiveXClient.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://newgroundtechblog.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
O16 - DPF: {9BBB3919-F518-4D06-8209-299FC243FC30} -
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) -
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} (Java Plug-in 1.6.0) -
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {D3CCEFAF-8EE1-40FE-BE25-366E2B016DAB} (Microsoft Virtual Server VMRC Control) - http://jimi.corp.newgroundtech.com:1024/VirtualServer/activex/VMRCActiveXClient.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://webexevents.webex.com/client/T23L/event/ieatgpc.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.newgroundtech.com
O17 - HKLM\Software\..\Telephony: DomainName = corp.newgroundtech.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C498A6B-F42B-48F0-96F5-E2EF5EE9FB0D}: Domain = vnet
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C498A6B-F42B-48F0-96F5-E2EF5EE9FB0D}: NameServer = 192.168.1.10
O17 - HKLM\System\CCS\Services\Tcpip\..\{CE5607CF-9995-4613-A29D-562E530F08B5}: NameServer = 192.168.1.10
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = corp.newgroundtech.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = corp.newgroundtech.com
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = corp.newgroundtech.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: hgGXNDsT - D:\WINDOWS\
O20 - Winlogon Notify: wlcrdplauncher - D:\Program Files\Live Mesh\Remote Desktop\wlcrdplauncher.dll
O23 - Service: Apache2.2 - Apache Software Foundation - D:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) - Google Inc. - D:\Program Files\Google\Common\Update\1.0.49.0\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - D:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - D:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Roxio UPnP Renderer 9 - Unknown owner - D:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe (file missing)
O23 - Service: Roxio Upnp Server 9 - Unknown owner - D:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - D:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - D:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: XobniService - Xobni Corporation - D:\Program Files\Xobni\XobniService.exe

--
End of file - 21812 bytes

Hello,

I am finding that between what SAS does not find Malwarebytes does so its good to run them both.

Weatherbug brings adware with it so I would uninstall it via the Add Remove Programs in the Control Panel, you would be better of with the Weather Program from the Weather Channel.


Open HijackThis > Do a System Scan Only, close your browser and all open windows including this one, the only program or window you should have open is HijackThis, check the following entries and click on Fix Checked.

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O2 - BHO: (no name) - {10284D2A-01C4-460C-AC83-EF1AE1A25B2F} - (no file)
O2 - BHO: (no name) - {4A3F62A9-AFEB-4543-AE4D-DC2442444E64} - (no file)
O2 - BHO: (no name) - {B20C99D2-1654-421C-B87A-618F46DBC2A3} - D:\WINDOWS\system32\fccyvTMd.dll (file missing)

O4 - HKCU\..\Run: [Weather] D:\Program Files\AWS\WeatherBug\Weather.exe 1

O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/F...ansferCtrl.cab


Again after you download Combofix to your Desktop, before you run it disconnect from the network.




Download ComboFix from Here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) or Here (http://subs.geekstogo.com/ComboFix.exe) to your Desktop.

In the event you already have Combofix, this is a new version that I need you to download.
It must be saved directly to your desktop.


1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.


Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan.
Click on this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Remember to re enable the protection again afterwards before connecting to the net



2. Close any open browsers and make sure you are disconnected from the net. Unplug the cable if need be before running combofix.

IF you have not already done so Combofix will disconnect your machine from the Internet when it starts.
If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.


3. Now double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review

Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze.

Post the Combofix log and a new HJT log please

I found the list of items quarantined by SuperAntiSpyware:

Adware.Vundo.Variant.Rel
HKLM\Software\Microsoft\aoprndtws
HKLM\Software\Microsoft\FCOVM
HKUS\S-1-5-21-<string>\Software\Microsoft\rdfa

Adware.Vundo.Variant.Resident
D:\Windows\System32\WVUMKHAX.DLL
D:\Windows\System32\WVUMKHAX.DLL

Adware.Vundo.Variant/J
D:\Windows\VREGFWLX.DLL

Trojan.Unclassified-Unpacked/Suspicious
D:\Program Files\DISKINTERNALS\FLASHRECOVERY\CONTMENU.DLL

Trojan.Vundo-Variant/Small
D:\Windows\System32\HGGXNDST.DLL
D:\Windows\System32\HGGXNDST.DLL
D:\Windows\System32\SOSULAUR.DLL
D:\Windows\System32\SOSULAUR.DLL
HKCR\CLSID\{10284D2A-01C4-460C-AC83-EF1AE1A25B2F}
HKCR\CLSID\{10284D2A-01C4-460C-AC83-EF1AE1A25B2F}InprocServer32
HKCR\CLSID\{10284D2A-01C4-460C-AC83-EF1AE1A25B2F}InprocServer32 (Threading Model -Both)
HKCR\CLSID\{4A3F62A9-AFEB-4543-AE4D-DC2442444E64}
HKCR\CLSID\{4A3F62A9-AFEB-4543-AE4D-DC2442444E64}InprocServer32
HKCR\CLSID\{4A3F62A9-AFEB-4543-AE4D-DC2442444E64}InprocServer32 (Threading Model -Both)
HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\hgGXNDsT
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10284D2A-01C4-460C-AC83-EF1AE1A25B2F}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A3F62A9-AFEB-4543-AE4D-DC2442444E64}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Execute Hooks ({{4A3F62A9-AFEB-4543-AE4D-DC2442444E64}-)

Combofix will find more entries I am sure. Look at your Hijackthis log at all the 015 entries, there all in your Internet Explorer Trusted Zone, do you want them there, we can fix that if you wish.

prolly cause this is a Win 2003 OS (R2 SE SP2). Is there a version of ComboFix that will run on it?

I ran HJT-Fix successfully.

Regarding those 015 Trusted Zones entries - they all appear to be for sites that I have specifically entered. Never see this list printed, so I do notice that some I know longer use, but I will remove those manually.

Let me know what to do regarding ComboFix.

Thanks,
Jim

I thought AWS had stopped its miscreant behavior. I installed it out of sheer laziness, for those rare occasions when my FF browser is not in use and I need to see the forecast. It's gone now, so I'll just have to use a little more initiative, which is a good thing.

I ran HJT-Fix successfully. <-- Not following you here, did you run it? If so post the log

Your instructions from below said to run HJT to remove those entries, which I did. There was no log file created that I saw. Do you want me to run it now and create a log file? What about combofix?

Sorry about the mixup, to many irons in the fire. I am sure that Combofix will run on your system being an NT based system but hang off a bit, I just contacted the author to make sure.

Yes post a new HJT log its the only way we know whats been removed and what has not.

No problem. I clicked on Combofix.exe on my desktop. It creates the ComboFix folder and files, but then pops up the OS error message that says it only runs on Win XP and 2000. So, you'll have to let me know how to kick it off after that error message is cleared (if you decide to go that route).

Here's the latest HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:41:12 PM, on 5/28/2008
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\certsrv.exe
D:\WINDOWS\system32\CTsvcCDA.exe
D:\WINDOWS\System32\dns.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
D:\WINDOWS\system32\inetsrv\inetinfo.exe
D:\Program Files\UPHClean\uphclean.exe
D:\WINDOWS\System32\vssvc.exe
D:\WINDOWS\system32\tcpsvcs.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
D:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
D:\WINDOWS\CTHELPER.EXE
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\SysInternals\procexp.exe
D:\WINDOWS\system32\SearchIndexer.exe
D:\Program Files\Windows Defender\MsMpEng.exe
D:\Program Files\Windows Defender\MSASCui.exe
D:\Program Files\Spybot\TeaTimer.exe
D:\Program Files\Mozilla Firefox RC1\firefox.exe
D:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
D:\WINDOWS\system32\SearchProtocolHost.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - D:\Program Files\IEPro\iepro.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CmjBrowserHelperObject Object - {07A11D74-9D25-4fea-A833-8B0D76A5577A} - D:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
O2 - BHO: IEToolbarBHO Class - {1A1DAC8C-074D-440F-8707-7009A672D7D1} - D:\Program Files\LinkedIn\IE Toolbar\3.0.3.1100\LinkedinIEToolbar.dll
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - D:\Program Files\GetRight\xx2gr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\Spybot\SDHelper.dll
O2 - BHO: (no name) - {6462546F-70AE-4abc-B2B6-BE68E9410002} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Diigo Toolbar Helper - {84053DA7-03DE-4FB6-80AE-202C04691D8A} - D:\Program Files\Diigo\DiigoToolbar.3.0.55.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AC41D38F-B56D-40AD-94E0-B493D130C959} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\3.0.914.9778\swg.dll (file missing)
O2 - BHO: IE Developer Toolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - D:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O2 - BHO: (no name) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O3 - Toolbar: Diigo Toolbar - {09197FFB-C236-4153-B268-31051E4F3B6C} - D:\Program Files\Diigo\DiigoToolbar.3.0.55.dll
O3 - Toolbar: LinkedIn Toolbar - {BB670D0B-5C46-40C7-B38B-40DD26987723} - D:\Program Files\LinkedIn\IE Toolbar\3.0.3.1100\LinkedinIEToolbar.dll
O4 - HKLM\..\Run: [IAAnotif] D:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DU Meter] D:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [CTSysVol] D:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] D:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [Windows Defender] "D:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [DWPersistentQueuedReporting] D:\PROGRA~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE -a
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Carbonite Backup] D:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PlaxoUpdate] D:\Program Files\Plaxo\3.11.0.27\PlaxoHelper_en.exe -a -t
O4 - HKCU\..\Run: [MoeMonitor.exe] "D:\Documents and Settings\jim\Local Settings\Application Data\Microsoft\Live Mesh\Bin\Servicing\0.9.2815.12\MoeMonitor.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = D:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Shortcut to procexp.lnk = D:\Program Files\SysInternals\procexp.exe
O4 - Global Startup: Windows Desktop Search.lnk = D:\Program Files\Windows Desktop Search\WindowsSearch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to &Windows Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Copy As Html - D:\Program Files\Fillmore Technology Group\Utilities\IE\CopyHtmlTextIE.html
O8 - Extra context menu item: Copy As Plain Text - D:\Program Files\Fillmore Technology Group\Utilities\IE\CopyPlainTextIE.html
O8 - Extra context menu item: Download with GetRight - D:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Linked&In Search - res://D:\Program Files\LinkedIn\IE Toolbar\3.0.3.1100\LinkedinIEToolbar.dll/ContextMenu.htm
O8 - Extra context menu item: Open Link Target in Firefox - file://D:\Documents and Settings\jim\Application Data\Mozilla\Firefox\Profiles\7wmb6xy7.jim-ff3.0b4\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewlink.html
O8 - Extra context menu item: Open with GetRight Browser - D:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: View This Page in Firefox - file://D:\Documents and Settings\jim\Application Data\Mozilla\Firefox\Profiles\7wmb6xy7.jim-ff3.0b4\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewpage.html
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - D:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - D:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - D:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Send to Mindjet MindManager - {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - D:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
O9 - Extra button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "D:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra 'Tools' menuitem: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "D:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\Spybot\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\Spybot\SDHelper.dll
O15 - Trusted Zone: http://order.1and1.com
O15 - Trusted Zone: http://www.acxede.net
O15 - Trusted Zone: http://www.adobe.com
O15 - Trusted Zone: http://ati.amd.com
O15 - Trusted Zone: http://www.americanthinker.com
O15 - Trusted Zone: http://www.wireless.att.com
O15 - Trusted Zone: http://*.attblueroom.com
O15 - Trusted Zone: http://*.bellsouth.com
O15 - Trusted Zone: http://na.blackberry.com
O15 - Trusted Zone: http://2164th.blogspot.com
O15 - Trusted Zone: http://www.cameraware.com
O15 - Trusted Zone: http://www.careerbuilder.com
O15 - Trusted Zone: http://www.cbn.com
O15 - Trusted Zone: http://www.chase.com
O15 - Trusted Zone: http://www.codeplex.com
O15 - Trusted Zone: http://us.creative.com
O15 - Trusted Zone: http://support.dell.com
O15 - Trusted Zone: http://www.dellfinancialservices.com
O15 - Trusted Zone: http://*.digg.com
O15 - Trusted Zone: http://msstore.digitalriver.com
O15 - Trusted Zone: http://forum.diigo.com
O15 - Trusted Zone: http://groups.diigo.com
O15 - Trusted Zone: http://www.diigo.com
O15 - Trusted Zone: http://demo.dotnetnuke.com
O15 - Trusted Zone: http://www.dslreports.com
O15 - Trusted Zone: http://www.dvd-guides.com
O15 - Trusted Zone: http://www.dynamics.com
O15 - Trusted Zone: http://listings.ebay.com
O15 - Trusted Zone: http://my.ebay.com
O15 - Trusted Zone: http://search.stores.ebay.com
O15 - Trusted Zone: http://bt.etree.org
O15 - Trusted Zone: http://*.eventid.net
O15 - Trusted Zone: http://www.eworkmarkets.com
O15 - Trusted Zone: http://www.examiner.com
O15 - Trusted Zone: http://exg3.exghost.com
O15 - Trusted Zone: http://*.expressionengine.com
O15 - Trusted Zone: http://*.flsleaders.org
O15 - Trusted Zone: http://www.fordcredit.com
O15 - Trusted Zone: cc.gas-south.com
O15 - Trusted Zone: http://www.geoaccess.com
O15 - Trusted Zone: http://*.gigaom.com
O15 - Trusted Zone: http://www.gildertech.com
O15 - Trusted Zone: http://v4.globalmentoring.com
O15 - Trusted Zone: appsgrid.goodbarry.com
O15 - Trusted Zone: http://appsgrid01.goodbarry.com
O15 - Trusted Zone: http://appsgrid02.goodbarry.com
O15 - Trusted Zone: http://themeridiangroup.goodbarry.com
O15 - Trusted Zone: www.goodbarry.com
O15 - Trusted Zone: http://*.goodbarry.com
O15 - Trusted Zone: http://host1.gotvoice.com
O15 - Trusted Zone: http://www1.icareers.com
O15 - Trusted Zone: http://www.ie7pro.com
O15 - Trusted Zone: http://www.intermedia.net
O15 - Trusted Zone: http://www.istockphoto.com
O15 - Trusted Zone: http://www.jobfox.com
O15 - Trusted Zone: http://www.kaspersky.com
O15 - Trusted Zone: http://www1.kiwee.com
O15 - Trusted Zone: http://www.kudzu.com
O15 - Trusted Zone: http://www.latimes.com
O15 - Trusted Zone: http://*.lifehacker.com
O15 - Trusted Zone: http://www.linkedin.com
O15 - Trusted Zone: http://*.skydrive.live.com
O15 - Trusted Zone: http://bl131w.blu131.mail.live.com
O15 - Trusted Zone: http://gallery.live.com
O15 - Trusted Zone: http://get.live.com
O15 - Trusted Zone: http://login.live.com
O15 - Trusted Zone: http://search.live.com
O15 - Trusted Zone: http://www.luckymarble.com
O15 - Trusted Zone: http://www.makeitsimple.com
O15 - Trusted Zone: http://www.michaelyon-online.com
O15 - Trusted Zone: http://www.mindjet.com
O15 - Trusted Zone: *.mozilla.com
O15 - Trusted Zone: http://wiki.mozilla.org
O15 - Trusted Zone: *.mozilla.org
O15 - Trusted Zone: http://blogs.msdn.com
O15 - Trusted Zone: http://moneycentral.msn.com
O15 - Trusted Zone: http://www.msn.com
O15 - Trusted Zone: http://controlpanel.msoutlookonline.net
O15 - Trusted Zone: http://www.myajc.com
O15 - Trusted Zone: http://*.myofficelivecommunity.com
O15 - Trusted Zone: http://blog.myspace.com
O15 - Trusted Zone: http://*.myspace.com
O15 - Trusted Zone: http://corner.nationalreview.com
O15 - Trusted Zone: http://www.nationalreview.com
O15 - Trusted Zone: http://www.newgroundtech.com
O15 - Trusted Zone: http://www.newgroundtech.net
O15 - Trusted Zone: http://*.newgroundtech.net
O15 - Trusted Zone: http://dev.officelive.com
O15 - Trusted Zone: http://home.officelive.com
O15 - Trusted Zone: http://newground.officelive.com
O15 - Trusted Zone: http://newground.tech.officelive.com
O15 - Trusted Zone: http://newgroundtechofficelivecom.officelive.com
O15 - Trusted Zone: http://smallbusiness.officelive.com
O15 - Trusted Zone: http://www.officelive.com
O15 - Trusted Zone: http://www.paperhouseonline.com
O15 - Trusted Zone: http://www.paypal.com
O15 - Trusted Zone: http://demo.pmachine.com
O15 - Trusted Zone: http://*.powerlineblog.com
O15 - Trusted Zone: http://www.readwriteweb.com
O15 - Trusted Zone: http://www.serverwatch.com
O15 - Trusted Zone: http://www.shopify.info
O15 - Trusted Zone: http://*.silverlight.net
O15 - Trusted Zone: http://www.sirius.com
O15 - Trusted Zone: http://cpanel.siteground137.com
O15 - Trusted Zone: http://www.smbnation.com
O15 - Trusted Zone: http://center.spoke.com
O15 - Trusted Zone: http://investors.sprint.com
O15 - Trusted Zone: http://www.techcrunch.com
O15 - Trusted Zone: http://corporatedealmaker.thedealblogs.com
O15 - Trusted Zone: http://www.themeridiangroup.biz
O15 - Trusted Zone: http://920wgka.townhall.com
O15 - Trusted Zone: http://*.townhall.com
O15 - Trusted Zone: http://esupport.trendmicro.com
O15 - Trusted Zone: http://housecall.trendmicro.com
O15 - Trusted Zone: http://housecall65.trendmicro.com
O15 - Trusted Zone: http://*.turbotax.com
O15 - Trusted Zone: http://en.wikipedia.org
O15 - Trusted Zone: http://www.windowsmarketplace.com
O15 - Trusted Zone: download.windowsupdate.com
O15 - Trusted Zone: http://download.windowsupdate.com
O15 - Trusted Zone: downloads.windowsupdate.com
O15 - Trusted Zone: http://online.wsj.com
O15 - Trusted Zone: http://www.wssdemo.com
O15 - Trusted Zone: http://www.xchangemag.com
O15 - Trusted Zone: http://www.stuff.yellowswordfish.com
O15 - Trusted Zone: http://www.youtube.com
O15 - Trusted Zone: http://crm.zoho.com
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {03B39B10-9AB9-4DBB-8189-7F76E0CE5F3F} (FavImport Class) - https://favorites.live.com/cab/ImportAx.cab?v=13,0,1609,00
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SYSSCANNER.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.3.5.cab
O16 - DPF: {4A57CD04-E031-4E91-A896-DD6EADAEA48D} - https://na2.salesforce.com/setup/outlook/setups2/install.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1182447780463
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182447771338
O16 - DPF: {70F72504-0622-45B0-87A1-19F4C40BBBA2} (PortPingCOM Class) - https://controlpanel.msoutlookonline.net/Customization/Downloads/PortPingCOM.DLL
O16 - DPF: {7C896371-4B7F-4B34-95B1-24851F5DED24} (Microsoft Virtual Server VMRC Control) - http://jimi.corp.newgroundtech.com:1024/VirtualServer/activex/VMRCActiveXClient.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://newgroundtechblog.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {9BBB3919-F518-4D06-8209-299FC243FC30} -
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) -
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} (Java Plug-in 1.6.0) -
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {D3CCEFAF-8EE1-40FE-BE25-366E2B016DAB} (Microsoft Virtual Server VMRC Control) - http://jimi.corp.newgroundtech.com:1024/VirtualServer/activex/VMRCActiveXClient.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://webexevents.webex.com/client/T23L/event/ieatgpc.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.newgroundtech.com
O17 - HKLM\Software\..\Telephony: DomainName = corp.newgroundtech.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C498A6B-F42B-48F0-96F5-E2EF5EE9FB0D}: Domain = vnet
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C498A6B-F42B-48F0-96F5-E2EF5EE9FB0D}: NameServer = 192.168.1.10
O17 - HKLM\System\CCS\Services\Tcpip\..\{CE5607CF-9995-4613-A29D-562E530F08B5}: NameServer = 192.168.1.10
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = corp.newgroundtech.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = corp.newgroundtech.com
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = corp.newgroundtech.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: hgGXNDsT - D:\WINDOWS\
O20 - Winlogon Notify: wlcrdplauncher - D:\Program Files\Live Mesh\Remote Desktop\wlcrdplauncher.dll
O23 - Service: Apache2.2 - Apache Software Foundation - D:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) - Google Inc. - D:\Program Files\Google\Common\Update\1.0.49.0\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - D:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - D:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Roxio UPnP Renderer 9 - Unknown owner - D:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe (file missing)
O23 - Service: Roxio Upnp Server 9 - Unknown owner - D:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - D:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - D:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: XobniService - Xobni Corporation - D:\Program Files\Xobni\XobniService.exe

--
End of file - 21743 bytes

Hi,

Combofix won't run on your Operating System. I think in all the years I have been at this yours is the first one I have worked.

Remove this with HJT. Its left over from Vundo
O20 - Winlogon Notify: hgGXNDsT - D:\WINDOWS\

The rest of your log looks fine :bigthumb: How are things running now??

I'll get rid of that winlogon entry. Too bad ComboFix will not run on Win Srvr 2003. Your assistance has been most helpful and I appreciate it very much. Thank you!

Thats great, glad things are better :bigthumb:

Remove that 020 entry with HJT, reboot and run HJT Scan Only and make sure its gone, if not post back , that needs to go.




How did I get infected in the first place ? Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
TonyKlein CastleCops (http://www.castlecops.com/postlite7736-.html)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)



Safe Surfn
Ken

Including the 020 WinLogon file entry. I will keep a very tight watch out for anomalies and abnormalities for the next week or so. Thanks for the help and have a great evening!

:bigthumb:

Your very welcome:p: