DeadMoney
2008-07-15, 23:02
Another Virumonde issue.
I ran Spybot many, many, many times before I came to this forum. Oh yeah, and I ran Symantec AV many, many, many times. LOL
I'm running on a network so I had to start in safe mode with network support (I couldn't login without it)
Thank you for your assistance and support!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:31, on 2008-07-15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Safe mode with network support
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\userinit.exe
C:\windows\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {15E35E18-85A7-4954-9E03-EAB1EC1D8100} - C:\windows\system32\qoMCvWMe.dll (file missing)
O2 - BHO: (no name) - {52C28254-77AA-4929-8FD5-8ABAF310C85C} - C:\windows\system32\opnooOhI.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5D72C2A4-9AC6-4727-A705-CEA1F0220B78} - C:\windows\system32\opnomkIa.dll
O2 - BHO: (no name) - {7415D0FC-AE50-40E3-8B2D-DE67ACCE194D} - C:\windows\system32\awttqool.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix /autoclose
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA9686] command /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4301] cmd /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8455] command /c del "C:\windows\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2715] cmd /c del "C:\windows\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4907] command /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1952] cmd /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1623] command /c del "C:\windows\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3343] cmd /c del "C:\windows\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4050] command /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2487] cmd /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3039] command /c del "C:\windows\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3483] cmd /c del "C:\windows\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4269] command /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6588] cmd /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8288] command /c del "C:\windows\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6931] cmd /c del "C:\windows\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6623] command /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8417] cmd /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4472] command /c del "C:\windows\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1009] cmd /c del "C:\windows\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5090] command /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4270] cmd /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1448] command /c del "C:\WINDOWS\system32\opnooOhI.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5735] cmd /c del "C:\WINDOWS\system32\opnooOhI.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5658] command /c del "C:\windows\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4769] cmd /c del "C:\windows\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1496] command /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5728] cmd /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1172] command /c del "C:\windows\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7335] cmd /c del "C:\windows\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA833] command /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2948] cmd /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9514] command /c del "C:\windows\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9190] cmd /c del "C:\windows\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7088] command /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8204] cmd /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3871] command /c del "C:\windows\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2342] cmd /c del "C:\windows\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3815] command /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2256] cmd /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5371] command /c del "C:\windows\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7085] cmd /c del "C:\windows\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8638] command /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC476] cmd /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4039] command /c del "C:\windows\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3868] cmd /c del "C:\windows\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9466] command /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7931] cmd /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5615] command /c del "C:\windows\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4242] cmd /c del "C:\windows\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1726] command /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9203] cmd /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2259] command /c del "C:\windows\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5662] cmd /c del "C:\windows\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5046] command /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2097] cmd /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA466] command /c del "C:\windows\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9045] cmd /c del "C:\windows\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5809] command /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6185] cmd /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1217] command /c del "C:\windows\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4932] cmd /c del "C:\windows\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6386] command /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9163] cmd /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5448] command /c del "C:\WINDOWS\system32\opnooOhI.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8688] cmd /c del "C:\WINDOWS\system32\opnooOhI.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7129] command /c del "C:\windows\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9801] cmd /c del "C:\windows\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6991] command /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4086] cmd /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2548] command /c del "C:\WINDOWS\system32\opnooOhI.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3939] cmd /c del "C:\WINDOWS\system32\opnooOhI.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7858] command /c del "C:\windows\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6616] cmd /c del "C:\windows\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA32] command /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7104] cmd /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7291] command /c del "C:\WINDOWS\system32\opnooOhI.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC860] cmd /c del "C:\WINDOWS\system32\opnooOhI.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6099] command /c del "C:\windows\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1800] cmd /c del "C:\windows\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1873] command /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9319] cmd /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5620] command /c del "C:\WINDOWS\system32\opnooOhI.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2844] cmd /c del "C:\WINDOWS\system32\opnooOhI.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1225] command /c del "C:\windows\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6507] cmd /c del "C:\windows\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix /autoclose
O4 - HKLM\..\RunOnce: [SpybotDeletingA9474] command /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4140] cmd /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8871] command /c del "C:\WINDOWS\system32\opnooOhI.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7441] cmd /c del "C:\WINDOWS\system32\opnooOhI.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4934] command /c del "C:\windows\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1704] cmd /c del "C:\windows\SchedLgU.Txt"
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LaserAppUpdate] "C:\Program Files\Laser App Enterprise\laupdate.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB4853] command /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD604] cmd /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6424] command /c del "C:\WINDOWS\system32\opnooOhI.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6023] cmd /c del "C:\WINDOWS\system32\opnooOhI.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7671] command /c del "C:\windows\SchedLgU.Txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1811] cmd /c del "C:\windows\SchedLgU.Txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5310] command /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8408] cmd /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6272] command /c del "C:\WINDOWS\system32\opnooOhI.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8588] cmd /c del "C:\WINDOWS\system32\opnooOhI.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8862] command /c del "C:\windows\SchedLgU.Txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3350] cmd /c del "C:\windows\SchedLgU.Txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7323] command /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5192] cmd /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3823] command /c del "C:\WINDOWS\system32\opnooOhI.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1480] cmd /c del "C:\WINDOWS\system32\opnooOhI.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2285] command /c del "C:\windows\SchedLgU.Txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6883] cmd /c del "C:\windows\SchedLgU.Txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6680] command /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9444] cmd /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8749] command /c del "C:\WINDOWS\system32\opnooOhI.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5384] cmd /c del "C:\WINDOWS\system32\opnooOhI.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6512] command /c del "C:\windows\SchedLgU.Txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3716] cmd /c del "C:\windows\SchedLgU.Txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2853] command /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6271] cmd /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9567] command /c del "C:\WINDOWS\system32\opnooOhI.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9369] cmd /c del "C:\WINDOWS\system32\opnooOhI.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6560] command /c del "C:\windows\SchedLgU.Txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6773] cmd /c del "C:\windows\SchedLgU.Txt"
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Directrec Configuration Tool.lnk = ?
O4 - Global Startup: Start WebEx MeetMeNow.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Start WebEx MeetMeNow - {F5AD6CC5-776C-4DBB-B38F-F5404A3582F3} - C:\WINDOWS\DOWNLO~1\MyWebEx\419\mwmie.dll (file missing)
O9 - Extra 'Tools' menuitem: Start WebEx MeetMeNow - {F5AD6CC5-776C-4DBB-B38F-F5404A3582F3} - C:\WINDOWS\DOWNLO~1\MyWebEx\419\mwmie.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} -
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} -
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187196224920
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://mwmus.webex.com/client/v_mywebex-mwm/mywebex/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tfs.local
O17 - HKLM\Software\..\Telephony: DomainName = tfs.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = tfs.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = tfs.local
O20 - Winlogon Notify: opnomkIa - C:\windows\SYSTEM32\opnomkIa.dll
O23 - Service: Acronis install service (Acronis_install_service) - Acronis - C:\windows\acroinst.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DM1Service - OLYMPUS Corporation - C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
--
End of file - 20503 bytes
I ran Spybot many, many, many times before I came to this forum. Oh yeah, and I ran Symantec AV many, many, many times. LOL
I'm running on a network so I had to start in safe mode with network support (I couldn't login without it)
Thank you for your assistance and support!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:31, on 2008-07-15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Safe mode with network support
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\userinit.exe
C:\windows\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {15E35E18-85A7-4954-9E03-EAB1EC1D8100} - C:\windows\system32\qoMCvWMe.dll (file missing)
O2 - BHO: (no name) - {52C28254-77AA-4929-8FD5-8ABAF310C85C} - C:\windows\system32\opnooOhI.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5D72C2A4-9AC6-4727-A705-CEA1F0220B78} - C:\windows\system32\opnomkIa.dll
O2 - BHO: (no name) - {7415D0FC-AE50-40E3-8B2D-DE67ACCE194D} - C:\windows\system32\awttqool.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix /autoclose
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA9686] command /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4301] cmd /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8455] command /c del "C:\windows\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2715] cmd /c del "C:\windows\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4907] command /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1952] cmd /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1623] command /c del "C:\windows\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3343] cmd /c del "C:\windows\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4050] command /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2487] cmd /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3039] command /c del "C:\windows\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3483] cmd /c del "C:\windows\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4269] command /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6588] cmd /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8288] command /c del "C:\windows\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6931] cmd /c del "C:\windows\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6623] command /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8417] cmd /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4472] command /c del "C:\windows\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1009] cmd /c del "C:\windows\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5090] command /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4270] cmd /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1448] command /c del "C:\WINDOWS\system32\opnooOhI.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5735] cmd /c del "C:\WINDOWS\system32\opnooOhI.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5658] command /c del "C:\windows\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4769] cmd /c del "C:\windows\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1496] command /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5728] cmd /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1172] command /c del "C:\windows\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7335] cmd /c del "C:\windows\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA833] command /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2948] cmd /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9514] command /c del "C:\windows\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9190] cmd /c del "C:\windows\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7088] command /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8204] cmd /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3871] command /c del "C:\windows\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2342] cmd /c del "C:\windows\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3815] command /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2256] cmd /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5371] command /c del "C:\windows\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7085] cmd /c del "C:\windows\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8638] command /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC476] cmd /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4039] command /c del "C:\windows\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3868] cmd /c del "C:\windows\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9466] command /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7931] cmd /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5615] command /c del "C:\windows\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4242] cmd /c del "C:\windows\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1726] command /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9203] cmd /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2259] command /c del "C:\windows\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5662] cmd /c del "C:\windows\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5046] command /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2097] cmd /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA466] command /c del "C:\windows\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9045] cmd /c del "C:\windows\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5809] command /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6185] cmd /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1217] command /c del "C:\windows\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4932] cmd /c del "C:\windows\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6386] command /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9163] cmd /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5448] command /c del "C:\WINDOWS\system32\opnooOhI.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8688] cmd /c del "C:\WINDOWS\system32\opnooOhI.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7129] command /c del "C:\windows\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9801] cmd /c del "C:\windows\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6991] command /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4086] cmd /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2548] command /c del "C:\WINDOWS\system32\opnooOhI.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3939] cmd /c del "C:\WINDOWS\system32\opnooOhI.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7858] command /c del "C:\windows\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6616] cmd /c del "C:\windows\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA32] command /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7104] cmd /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7291] command /c del "C:\WINDOWS\system32\opnooOhI.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC860] cmd /c del "C:\WINDOWS\system32\opnooOhI.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6099] command /c del "C:\windows\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1800] cmd /c del "C:\windows\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1873] command /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9319] cmd /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5620] command /c del "C:\WINDOWS\system32\opnooOhI.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2844] cmd /c del "C:\WINDOWS\system32\opnooOhI.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1225] command /c del "C:\windows\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6507] cmd /c del "C:\windows\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix /autoclose
O4 - HKLM\..\RunOnce: [SpybotDeletingA9474] command /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4140] cmd /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8871] command /c del "C:\WINDOWS\system32\opnooOhI.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7441] cmd /c del "C:\WINDOWS\system32\opnooOhI.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4934] command /c del "C:\windows\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1704] cmd /c del "C:\windows\SchedLgU.Txt"
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LaserAppUpdate] "C:\Program Files\Laser App Enterprise\laupdate.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB4853] command /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD604] cmd /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6424] command /c del "C:\WINDOWS\system32\opnooOhI.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6023] cmd /c del "C:\WINDOWS\system32\opnooOhI.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7671] command /c del "C:\windows\SchedLgU.Txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1811] cmd /c del "C:\windows\SchedLgU.Txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5310] command /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8408] cmd /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6272] command /c del "C:\WINDOWS\system32\opnooOhI.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8588] cmd /c del "C:\WINDOWS\system32\opnooOhI.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8862] command /c del "C:\windows\SchedLgU.Txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3350] cmd /c del "C:\windows\SchedLgU.Txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7323] command /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5192] cmd /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3823] command /c del "C:\WINDOWS\system32\opnooOhI.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1480] cmd /c del "C:\WINDOWS\system32\opnooOhI.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2285] command /c del "C:\windows\SchedLgU.Txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6883] cmd /c del "C:\windows\SchedLgU.Txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6680] command /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9444] cmd /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8749] command /c del "C:\WINDOWS\system32\opnooOhI.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5384] cmd /c del "C:\WINDOWS\system32\opnooOhI.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6512] command /c del "C:\windows\SchedLgU.Txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3716] cmd /c del "C:\windows\SchedLgU.Txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2853] command /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6271] cmd /c del "C:\WINDOWS\system32\opnomkIa.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9567] command /c del "C:\WINDOWS\system32\opnooOhI.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9369] cmd /c del "C:\WINDOWS\system32\opnooOhI.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6560] command /c del "C:\windows\SchedLgU.Txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6773] cmd /c del "C:\windows\SchedLgU.Txt"
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Directrec Configuration Tool.lnk = ?
O4 - Global Startup: Start WebEx MeetMeNow.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Start WebEx MeetMeNow - {F5AD6CC5-776C-4DBB-B38F-F5404A3582F3} - C:\WINDOWS\DOWNLO~1\MyWebEx\419\mwmie.dll (file missing)
O9 - Extra 'Tools' menuitem: Start WebEx MeetMeNow - {F5AD6CC5-776C-4DBB-B38F-F5404A3582F3} - C:\WINDOWS\DOWNLO~1\MyWebEx\419\mwmie.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} -
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} -
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187196224920
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://mwmus.webex.com/client/v_mywebex-mwm/mywebex/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tfs.local
O17 - HKLM\Software\..\Telephony: DomainName = tfs.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = tfs.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = tfs.local
O20 - Winlogon Notify: opnomkIa - C:\windows\SYSTEM32\opnomkIa.dll
O23 - Service: Acronis install service (Acronis_install_service) - Acronis - C:\windows\acroinst.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DM1Service - OLYMPUS Corporation - C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
--
End of file - 20503 bytes