Login 
 Search | |
| |
| Thread Tools |
05-Nov-2009, 04:39 PM
#1 | ||||||
 Address book virus???? Help!! It seems I'm sending out emails to everyone in my address book, with some link in it. How can I find out what it is...and how do I get rid of it!!! ???  I am downloading Spyware Doctor w/ Antivirus as we speak...and I have Zone Alarm running. Thanks for your help in advance!!  |
| |
05-Nov-2009, 07:00 PM
#2 | ||||||
| Forget about downloading PC Tools Spyware Doctor. It won't allow you to fix anything with it until you buy it. It's a system resource hog anyway. ---------------------------------------------------------------- Go here and click the green icon to download Malwarebytes Anti-Malware 1.41. Go here and click the green icon to download SUPERAntiSpyware 4.29.0.1004. Go here and click the green icon to download HijackThis 2.0.2. After these 3 files have been downloaded and saved, close all open windows and then install HijackThis in its default location. Run a scan with it - which will take less than 30 seconds. Save the resulting log in Notepad. Return here and then copy-and-paste the entire log here. Don't do anything yet with Malwarebytes and SUPERAntiSpyware. --------------------------------------------------------------- Last edited by flavallee; 05-Nov-2009 at 07:07 PM.. |
05-Nov-2009, 11:50 PM
#3 | ||||||
| flavallee, I did download the SpyDoctor...and wasn't able to do anything, since I don't want to have to purchase if not necessary!! will uninstall...asap!! Here is the log from HijackThis; I'll be waiting for your reply!! Thanks for your help!! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:40:51 PM, on 11/5/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\iolo\common\lib\ioloServiceManager.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\WINDOWS\system32\lxdicoms.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\AppStream\WindowsClient\bin\AppMgrService.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Gamevance\gamevance32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://isp.member.yahoo.com/regisp/...ster?.scrumb=0 O2 - BHO: (no name) - indows - (no file) O2 - BHO: (no name) - rsion - (no file) O2 - BHO: (no name) - WARE - (no file) O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn10\yt.dll O2 - BHO: Gamevance - {0ED403E8-470A-4a8a-85A4-D7688CFE39A3} - C:\Program Files\Gamevance\gamevancelib32.dll O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: ForceField Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll O2 - BHO: Gamevance Text - {BEAC7DC8-E106-4C6A-931E-5A42E7362883} - C:\Program Files\Gamevance\gvtl.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: (no name) - {CA0B9B71-C2AF-11D3-B376-0800460222F0} - (no file) O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn10\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: (no name) - {8EAB99C9-F9EC-4b64-A4BA-D9BCAE8779C2} - (no file) O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\system32\TwcToolbarIe7.dll O3 - Toolbar: ForceField Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [AppMgrGui] C:\Program Files\AppStream\WindowsClient\bin\exeForService.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [YMailAdvisor] "C:\Program Files\Yahoo!\Common\YMailAdvisor.exe" O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" O4 - HKLM\..\Run: [DivX Free Codec] C:\Program Files\DivX Free Codec\Divx Free Update.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe" O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [system tool] C:\Program Files\jvcpdk\xbimsysguard.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [Gamevance] C:\Program Files\Gamevance\gamevance32.exe a O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Global Startup: Event Reminder.lnk = C:\AppStreamCache\FltRoot\1810946759\PROGRAM FILES\PrintMaster Platinum 17\Remind.exe O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file) O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file) O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O12 - Plugin for .htm: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll O16 - DPF: Addiction by pogo - http://game3.pogo.com/v/9.0.1.10/app...tion-en_US.cab O16 - DPF: Bingo Luau by pogo - http://game1.pogo.com/v/8.1.7.44/app...ingo-en_US.cab O16 - DPF: Dominoes v2 by pogo - http://game1.pogo.com/v/8.1.7.44/app...ino2-en_US.cab O16 - DPF: First Class Solitaire by pogo - http://game3.pogo.com/v/8.1.7.44/app...ass2-en_US.cab O16 - DPF: Golf Solitaire by pogo - http://game3.pogo.com/v/9.0.1.7/appl...aire-en_US.cab O16 - DPF: Hog Heaven Slots by pogo - http://game1.pogo.com/applet-8.0.8.3...ancy-en_US.cab O16 - DPF: KenoPop! by pogo - http://game3.pogo.com/v/8.1.8.21/app...keno-en_US.cab O16 - DPF: Lottso by pogo - http://game3.pogo.com/v/9.1.7.20/app...ttso-en_US.cab O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/v/8.1.7.44/app...ong2-en_US.cab O16 - DPF: No-Limit Texas Hold'em by pogo - http://game3.pogo.com/v/8.1.9.1/appl...llin-en_US.cab O16 - DPF: Poppit by pogo - http://game1.pogo.com/v/8.1.6.21/app...pit2-en_US.cab O16 - DPF: Pseudoku by pogo - http://game3.pogo.com/v/8.2.0.13/app...doku-en_US.cab O16 - DPF: Shuffle Bump by pogo - http://game1.pogo.com/applet-8.0.8.3...puck-en_US.cab O16 - DPF: Spooky Slots - http://game1.pogo.com/v/8.1.1.35/app...ooky-en_US.cab O16 - DPF: Thousand Island Solitaire by pogo - http://game3.pogo.com/v/8.1.7.44/app...brae-en_US.cab O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-8.0.3.2...eaks-en_US.cab O16 - DPF: Vaults of Atlantis Slots by pogo - http://game1.pogo.com/applet-8.0.0.3...lots-en_US.cab O16 - DPF: Word Craft by pogo - http://game1.pogo.com/applet-6.9.4.3...bble-en_US.cab O16 - DPF: Word Search Daily by pogo - http://game1.pogo.com/applet-8.0.9.4...arch-en_US.cab O16 - DPF: World Class Solitaire by pogo - http://game3.pogo.com/v/9.1.7.20/app...lass-en_US.cab O16 - DPF: Yahtzee Party by pogo - http://game3.pogo.com/v/9.1.7.20/app...tzee-en_US.cab O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...up1.0.0.15.cab O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edg...ex-2.0.3.8.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/Pog...rInstaller.CAB O16 - DPF: {3356DB7C-58A7-11D4-AA5C-006097314BF8} (LaunchObj Class) - http://smartdownload.riverdeep.net/launcher.cab O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.4.1.cab O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - http://webiq001.webiqonline.com/WebIQ/bin/WebIQ.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/19492462...p/RdxIE601.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab O16 - DPF: {63DF43C2-469A-41F3-B119-17B1ACE8BB34} (Sony SNC-RZ30 Image Viewer) - http://209.208.13.215/home/SonySncRz30View.cab O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://www.sidestep.com/get/k42037/sb02d.cab O16 - DPF: {670821E0-76D1-11D4-9F60-009027A966BF} (YouBet Secure Data Transfer Control) - http://racing.youbet.com/wr_6_2/controls/ybrequest.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1181267150822 O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} - http://cc.iwon.com/ct/pm3/iWonPMSetup_12_1,0,2,5.exe O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/produc...ed/mvt/mvt.cab O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/pro...anner37590.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://floridakeysmedia.tv/axiscam/C...CamControl.ocx O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/40...on/Coupons.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab O16 - DPF: {BE71A78B-77DB-451C-A761-59B37022D544} (AOL Newport Downloader Ctrl) - http://o.aolcdn.com/pictures/ap/Reso...s.10.4.0.4.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../installer.exe O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab57176.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.gamehouse.com/realarcade-...pcaploader.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://atlantis9.bigfishgames.com/Re...meLauncher.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O20 - Winlogon Notify: ASWLNDLL - C:\WINDOWS\SYSTEM32\ASWLNDLL.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: AWE 5.1.0 Application Manager (AppMgrService) - AppStream Inc. - C:\Program Files\AppStream\WindowsClient\bin\AppMgrService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Update Service (gupdate1c9f746a4794192) (gupdate1c9f746a4794192) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe O23 - Service: ForceField IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: lxdi_device - - C:\WINDOWS\system32\lxdicoms.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 21791 bytes |
06-Nov-2009, 04:12 AM
#4 | ||||||
| Uninstall PC Tools Spyware Doctor, restart your computer, then go into the C:\Program Files folder and delete the PC Tools or Spyware Doctor folder - if it's still there. ---------------------------------------------------------------- Your computer is infected - which doesn't surprise me, based on your online activities. I don't see a full-time antivirus program installed and running in the background. Download the 2 programs that I gave you links to. Just download and save them for now and don't do anything else with them yet. I've reported your thread to the "Malware Removal & HijackThis Logs" section for assistance by a yellow shield malware expert. ---------------------------------------------------------------- |
06-Nov-2009, 02:10 PM
#5 | ||||||
| I have Zone Alarm running...well, supposed to be running, the icon is in the system tray at bottom of screen. I have uninstalled the Spyware Doctor, and awaiting further instruction. FYI: my 'deep scan' from zone alarm anti virus found nothing (it took over 10hrs for the scan!!) have not run the spyware scan from zone alarm. another email was sent out this morning....ugh!! Thanks again for your help!! |
06-Nov-2009, 04:53 PM
#6 | ||||||
| Gamevance is malware. Go to add/remove programs and remove it. http://vil.nai.com/vil/content/v_144428.htm ask-toolbar is malware. Go to add/remove programs and remove it. http://www.benedelman.org/spyware/ask-toolbars/ Run HJT again and put a check in the following: O2 - BHO: (no name) - indows - (no file) O2 - BHO: (no name) - rsion - (no file) O2 - BHO: (no name) - WARE - (no file) O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...up1.0.0.15.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/19492462...p/RdxIE601.cab O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} - http://cc.iwon.com/ct/pm3/iWonPMSetup_12_1,0,2,5.exe O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/40...on/Coupons.cab Close all applications and browser windows before you click "fix checked". Please run Malwarebytes Anti-Malware 1.41 and SUPERAntiSpyware 4.29.0.1004. Directions are in post #2. Post those logs here + a new hijackthis log. |
06-Nov-2009, 07:13 PM
#7 | ||||||
| Quote:
Here are specific instructions to follow: Install Malwarebytes Anti-Malware 1.41 and SUPERAntiSpyware 4.29.0.1004. Make sure to update their definition files during the install process. Restart your computer after they're both installed. Start Malwarebytes and run a "quick scan". When the scan is finished, select and allow it to fix EVERYTHING it finds. Restart your computer, if prompted to. Start SUPERAntiSpyware and run a "quick scan". When the scan is finished, select and allow it to fix EVERYTHING it finds. Restart your computer, if prompted to. Start Malwarebytes and go to Logs(tab). Select the scan log entry, then click Open. When the scan log appears in Notepad, copy-and-paste it here. Start SUPERAntiSpyware and go to Preferences - Statistics/Logs(tab). Select the scan log entry, then click View Log. When the scan log appears in Notepad, copy-and-paste it here. Don't forget to also post a new HijackThis log. --------------------------------------------------------------- |
06-Nov-2009, 09:17 PM
#8 | ||||||
| flavallee & CyberTech, Here is the Mawarebytes & SuperAntiSpyware logs. will be posting the HijackThis momentarily!! Thanks again for your help!! Malwarebytes' Anti-Malware 1.41 Database version: 3112 Windows 5.1.2600 Service Pack 3 11/6/2009 6:54:02 PM mbam-log-2009-11-06 (18-54-02).txt Scan type: Quick Scan Objects scanned: 118130 Time elapsed: 17 minute(s), 36 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 19 Registry Values Infected: 5 Registry Data Items Infected: 2 Folders Infected: 5 Files Infected: 16 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\Interface\{10125c2d-6821-4070-b24e-2e992501ad55} (Adware.iWon) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{10125c2f-6821-4070-b24e-2e992501ad55} (Adware.iWon) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{277e1fe0-cf65-11d3-b377-0800460222f0} (Adware.iWon) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{6d54a7c0-c379-11d3-b377-0800460222f0} (Adware.iWon) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{d714a94f-123a-45cc-8f03-040bcaf82ad6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{78429873-f771-11d3-ae1d-0050dac24e8f} (Adware.iWon) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0ed4 03e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4e7b d74f-2b8d-469e-86bd-fd60bb9aae3a} (Adware.OneToolBar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d714 a94f-123a-45cc-8f03-040bcaf82ad6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c298 fb42-e3e2-11d3-adcd-0050dac24e8f} (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\AvScan (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weat her Services (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{ca0b9b71-c2af-11d3-b376-0800460222f0} (Adware.iWon) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4e7bd74f-2b8d-469e-86bd-fd60bb9aae3a} (Adware.OneToolBar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{ca0b9b71-c2af-11d3-b376-0800460222f0} (Adware.iWon) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\System tool (Rogue.SysGuard) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Fold ers\c:\program files\registrysmart\(default) (Rogue.RegistrySmart) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully. Folders Infected: C:\Documents and Settings\Donna Murphy\Application Data\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully. C:\Documents and Settings\Donna Murphy\Application Data\RegistrySmart\Log (Rogue.RegistrySmart) -> Quarantined and deleted successfully. C:\Documents and Settings\Donna Murphy\Application Data\RegistrySmart\Registry Backups (Rogue.RegistrySmart) -> Quarantined and deleted successfully. C:\Program Files\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully. C:\Program Files\SelectRebates (Adware.SelectRebates) -> Quarantined and deleted successfully. Files Infected: C:\Documents and Settings\Donna Murphy\Application Data\RegistrySmart\Log\2008 Apr 09 - 07_12_01 PM_078.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully. C:\Documents and Settings\Donna Murphy\Application Data\RegistrySmart\Log\2008 Apr 09 - 07_12_18 PM_109.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully. C:\Documents and Settings\Donna Murphy\Application Data\RegistrySmart\Registry Backups\2008-02-08_10-55-21.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully. C:\Documents and Settings\Donna Murphy\Application Data\RegistrySmart\Registry Backups\2008-02-09_10-01-29.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully. C:\Documents and Settings\Donna Murphy\Application Data\RegistrySmart\Registry Backups\2008-02-10_10-46-27.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully. C:\Documents and Settings\Donna Murphy\Application Data\RegistrySmart\Registry Backups\2008-02-12_10-35-07.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully. C:\Documents and Settings\Donna Murphy\Application Data\RegistrySmart\Registry Backups\2008-02-13_11-41-29.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully. C:\Documents and Settings\Donna Murphy\Application Data\RegistrySmart\Registry Backups\2008-02-19_12-07-43.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully. C:\Documents and Settings\Donna Murphy\Application Data\RegistrySmart\Registry Backups\2008-03-01_12-24-05.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully. C:\Documents and Settings\Donna Murphy\Application Data\RegistrySmart\Registry Backups\2008-03-15_10-51-51.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully. C:\Documents and Settings\Donna Murphy\Application Data\RegistrySmart\Registry Backups\2008-03-21_08-59-52.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully. C:\Documents and Settings\Donna Murphy\Application Data\RegistrySmart\Registry Backups\2008-03-30_11-45-28.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully. C:\Documents and Settings\Donna Murphy\Application Data\RegistrySmart\Registry Backups\2008-04-06_18-23-47.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully. C:\Program Files\RegistrySmart\TCL.dll.vzr (Rogue.RegistrySmart) -> Quarantined and deleted successfully. C:\Program Files\SelectRebates\SelectRebatesDownload.exe (Adware.SelectRebates) -> Quarantined and deleted successfully. C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job (Rogue.RegistrySmart) -> Quarantined and deleted successfully. SUPERANTISPYWARE SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 11/06/2009 at 06:45 PM Application Version : 4.29.1004 Core Rules Database Version : 4239 Trace Rules Database Version: 2135 Scan type : Quick Scan Total Scan Time : 01:15:49 Memory items scanned : 563 Memory threats detected : 0 Registry items scanned : 772 Registry threats detected : 62 File items scanned : 15587 File threats detected : 57 Adware.Gamevance HKU\S-1-5-21-1010553979-3580224116-4264976939-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0ED403E8-470A-4A8A-85A4-D7688CFE39A3} Adware.SideStep Toolbar HKU\S-1-5-21-1010553979-3580224116-4264976939-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D714A94F-123A-45CC-8F03-040BCAF82AD6} HKCR\CLSID\{D714A94F-123A-45CC-8F03-040BCAF82AD6} HKCR\CLSID\{83B28A74-640D-48F4-9F51-E80EED7CC7E0} HKCR\CLSID\{83B28A74-640D-48F4-9F51-E80EED7CC7E0}\Implemented Categories HKCR\CLSID\{83B28A74-640D-48F4-9F51-E80EED7CC7E0}\Implemented Categories\{00021493-0000-0000-C000-000000000046} Adware.Tracking Cookie C:\Documents and Settings\Donna Murphy\Cookies\donna_murphy@richmedia.yahoo[4].txt C:\Documents and Settings\Donna Murphy\Cookies\donna_murphy@ad.yieldmanager[4].txt C:\Documents and Settings\Donna Murphy\Cookies\donna_murphy@realmedia[2].txt C:\Documents and Settings\Donna Murphy\Cookies\donna_murphy@mediaplex[1].txt C:\Documents and Settings\Donna Murphy\Cookies\donna_murphy@azjmp[2].txt C:\Documents and Settings\Donna Murphy\Cookies\donna_murphy@content.yieldmanager[6].txt C:\Documents and Settings\Donna Murphy\Cookies\donna_murphy@casalemedia[2].txt C:\Documents and Settings\Donna Murphy\Cookies\donna_murphy@cdn4.specificclick[2].txt C:\Documents and Settings\Donna Murphy\Cookies\donna_murphy@fastclick[1].txt C:\Documents and Settings\Donna Murphy\Cookies\donna_murphy@doubleclick[1].txt C:\Documents and Settings\Donna Murphy\Cookies\donna_murphy@admarketplace[1].txt C:\Documents and Settings\Donna Murphy\Cookies\donna_murphy@247realmedia[3].txt C:\Documents and Settings\Donna Murphy\Cookies\donna_murphy@ecomtracker[2].txt C:\Documents and Settings\Donna Murphy\Cookies\donna_murphy@media.expedia[2].txt C:\Documents and Settings\Donna Murphy\Cookies\donna_murphy@specificmedia[3].txt C:\Documents and Settings\Donna Murphy\Cookies\donna_murphy@www.linktrack66[1].txt C:\Documents and Settings\Donna Murphy\Cookies\donna_murphy@zedo[2].txt C:\Documents and Settings\Donna Murphy\Cookies\donna_murphy@publishers.clickbooth[2].txt C:\Documents and Settings\Donna Murphy\Cookies\donna_murphy@ads.slingo[2].txt C:\Documents and Settings\Donna Murphy\Cookies\donna_murphy@pro-market[2].txt C:\Documents and Settings\Donna Murphy\Cookies\donna_murphy@www.incentaclick[3].txt C:\Documents and Settings\Donna Murphy\Cookies\donna_murphy@login.tracking101[2].txt C:\Documents and Settings\Donna Murphy\Cookies\donna_murphy@interclick[4].txt C:\Documents and Settings\Donna Murphy\Cookies\donna_murphy@ads.nascar[3].txt C:\Documents and Settings\Donna Murphy\Cookies\donna_murphy@revsci[4].txt C:\Documents and Settings\Donna Murphy\Cookies\donna_murphy@www.socialtrack[1].txt C:\Documents and Settings\Donna Murphy\Cookies\donna_murphy@incentaclick[3].txt C:\Documents and Settings\Donna Murphy\Cookies\donna_murphy@www.rmllctrack[1].txt C:\Documents and Settings\Donna Murphy\Cookies\donna_murphy@invitemedia[2].txt C:\Documents and Settings\Donna Murphy\Cookies\donna_murphy@roiservice[1].txt C:\Documents and Settings\Donna Murphy\Cookies\donna_murphy@collective-media[2].txt C:\Documents and Settings\Donna Murphy\Cookies\donna_murphy@toseeka[2].txt C:\Documents and Settings\Donna Murphy\Cookies\donna_murphy@media6degrees[1].txt C:\Documents and Settings\Donna Murphy\Cookies\donna_murphy@burstnet[2].txt C:\Documents and Settings\Donna Murphy\Cookies\donna_murphy@eleadztracks[2].txt C:\Documents and Settings\Donna Murphy\Cookies\donna_murphy@trafficregenerator[2].txt C:\Documents and Settings\Donna Murphy\Cookies\donna_murphy@tracking.vampmarketing[1].txt C:\Documents and Settings\Donna Murphy\Cookies\donna_murphy@trafficmp[1].txt C:\Documents and Settings\Donna Murphy\Cookies\donna_murphy@enhance[2].txt C:\Documents and Settings\Donna Murphy\Cookies\donna_murphy@bridge2.admarketplace[1].txt C:\Documents and Settings\Donna Murphy\Cookies\donna_murphy@tribalfusion[2].txt C:\Documents and Settings\Donna Murphy\Cookies\donna_murphy@questionmarket[2].txt C:\Documents and Settings\Donna Murphy\Cookies\donna_murphy@www.tracklead[1].txt C:\Documents and Settings\Donna Murphy\Cookies\donna_murphy@advertising[3].txt C:\Documents and Settings\Donna Murphy\Cookies\donna_murphy@specificclick[1].txt C:\Documents and Settings\Donna Murphy\Cookies\donna_murphy@apmebf[2].txt C:\Documents and Settings\Donna Murphy\Cookies\donna_murphy@atdmt[2].txt C:\Documents and Settings\Donna Murphy\Cookies\donna_murphy@adbrite[1].txt C:\Documents and Settings\Donna Murphy\Cookies\donna_murphy@popcapgames.122.2o7[1].txt C:\Documents and Settings\Donna Murphy\Cookies\donna_murphy@lynxtrack[2].txt C:\Documents and Settings\Donna Murphy\Cookies\donna_murphy@ads.financialcontent[2].txt C:\Documents and Settings\Donna Murphy\Cookies\donna_murphy@adv.dmv[1].txt C:\Documents and Settings\Donna Murphy\Cookies\donna_murphy@telefloracom.112.2o7[1].txt Registry Cleaner Trial HKCR\Install.Install HKCR\Install.Install\CLSID HKCR\Install.Install\CurVer HKCR\Install.Install.1 HKCR\Install.Install.1\CLSID Adware.MyWebSearch/FunWebProducts HKLM\SOFTWARE\FunWebProducts HKLM\SOFTWARE\FunWebProducts\Installer HKLM\SOFTWARE\FunWebProducts\Installer#CurInstall HKLM\SOFTWARE\FunWebProducts\Installer#sr HKLM\SOFTWARE\FunWebProducts\Installer#pl HKLM\SOFTWARE\FunWebProducts\Installer#CheckForConnection HKLM\SOFTWARE\FunWebProducts\Installer\downloaded HKLM\SOFTWARE\FunWebProducts\PopSwatter HKLM\SOFTWARE\FunWebProducts\PopSwatter#backedUp HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}\TreatAs HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}\TreatAs Adware.SysGuard/FakeAlert HKLM\Software\Microsoft\Windows\CurrentVersion\Run#system tool [ C:\Program Files\jvcpdk\xbimsysguard.exe ] Rogue.Agent/Gen HKU\S-1-5-21-1010553979-3580224116-4264976939-1006\SOFTWARE\AVSCAN HKU\S-1-5-21-1010553979-3580224116-4264976939-1006\SOFTWARE\AVSCAN#aazalirt HKU\S-1-5-21-1010553979-3580224116-4264976939-1006\SOFTWARE\AVSCAN#skaaanret HKU\S-1-5-21-1010553979-3580224116-4264976939-1006\SOFTWARE\AVSCAN#jungertab HKU\S-1-5-21-1010553979-3580224116-4264976939-1006\SOFTWARE\AVSCAN#zibaglertz HKU\S-1-5-21-1010553979-3580224116-4264976939-1006\SOFTWARE\AVSCAN#iddqdops HKU\S-1-5-21-1010553979-3580224116-4264976939-1006\SOFTWARE\AVSCAN#ronitfst HKU\S-1-5-21-1010553979-3580224116-4264976939-1006\SOFTWARE\AVSCAN#tobmygers HKU\S-1-5-21-1010553979-3580224116-4264976939-1006\SOFTWARE\AVSCAN#jikglond HKU\S-1-5-21-1010553979-3580224116-4264976939-1006\SOFTWARE\AVSCAN#tobykke HKU\S-1-5-21-1010553979-3580224116-4264976939-1006\SOFTWARE\AVSCAN#klopnidret HKU\S-1-5-21-1010553979-3580224116-4264976939-1006\SOFTWARE\AVSCAN#jiklagka HKU\S-1-5-21-1010553979-3580224116-4264976939-1006\SOFTWARE\AVSCAN#salrtybek HKU\S-1-5-21-1010553979-3580224116-4264976939-1006\SOFTWARE\AVSCAN#seeukluba HKU\S-1-5-21-1010553979-3580224116-4264976939-1006\SOFTWARE\AVSCAN#jrjakdsd HKU\S-1-5-21-1010553979-3580224116-4264976939-1006\SOFTWARE\AVSCAN#krkdkdkee HKU\S-1-5-21-1010553979-3580224116-4264976939-1006\SOFTWARE\AVSCAN#dkewiizkjdks HKU\S-1-5-21-1010553979-3580224116-4264976939-1006\SOFTWARE\AVSCAN#dkekkrkska HKU\S-1-5-21-1010553979-3580224116-4264976939-1006\SOFTWARE\AVSCAN#rkaskssd HKU\S-1-5-21-1010553979-3580224116-4264976939-1006\SOFTWARE\AVSCAN#kuruhccdsdd HKU\S-1-5-21-1010553979-3580224116-4264976939-1006\SOFTWARE\AVSCAN#krujmmwlrra HKU\S-1-5-21-1010553979-3580224116-4264976939-1006\SOFTWARE\AVSCAN#kkwknrbsggeg HKU\S-1-5-21-1010553979-3580224116-4264976939-1006\SOFTWARE\AVSCAN#ktknamwerr HKU\S-1-5-21-1010553979-3580224116-4264976939-1006\SOFTWARE\AVSCAN#iqmcnoeqz HKU\S-1-5-21-1010553979-3580224116-4264976939-1006\SOFTWARE\AVSCAN#ienotas HKU\S-1-5-21-1010553979-3580224116-4264976939-1006\SOFTWARE\AVSCAN#krkmahejdk HKU\S-1-5-21-1010553979-3580224116-4264976939-1006\SOFTWARE\AVSCAN#otpeppggq HKU\S-1-5-21-1010553979-3580224116-4264976939-1006\SOFTWARE\AVSCAN#krtawefg HKU\S-1-5-21-1010553979-3580224116-4264976939-1006\SOFTWARE\AVSCAN#oranerkka HKU\S-1-5-21-1010553979-3580224116-4264976939-1006\SOFTWARE\AVSCAN#kitiiwhaas HKU\S-1-5-21-1010553979-3580224116-4264976939-1006\SOFTWARE\AVSCAN#otowjdseww HKU\S-1-5-21-1010553979-3580224116-4264976939-1006\SOFTWARE\AVSCAN#otnnbektre HKU\S-1-5-21-1010553979-3580224116-4264976939-1006\SOFTWARE\AVSCAN#oropbbsee HKU\S-1-5-21-1010553979-3580224116-4264976939-1006\SOFTWARE\AVSCAN#irprokwks HKU\S-1-5-21-1010553979-3580224116-4264976939-1006\SOFTWARE\AVSCAN#ooorjaas HKU\S-1-5-21-1010553979-3580224116-4264976939-1006\SOFTWARE\AVSCAN#id HKU\S-1-5-21-1010553979-3580224116-4264976939-1006\SOFTWARE\AVSCAN#ready Adware.SelectRebates C:\Program Files\SELECTREBATES\SelectRebatesDownload.exe C:\Program Files\SELECTREBATES Trojan.Dropper/Gen C:\DOCUMENTS AND SETTINGS\DONNA MURPHY\LOCAL SETTINGS\APPLICATION DATA\YAHOO\WIDGET ENGINE\UNZIPPED\TIVONAVIGATOR.WIDGET\TIVONAVIGATOR.WIDGET\CONTENTS\RESOURCE S\WGET.EXE Adware.CouponBar C:\WINDOWS\SYSTEM32\CPNPRT2.CID |
06-Nov-2009, 09:20 PM
#9 | ||||||
| Here is the HijackThis log...as promised!! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:18:15 PM, on 11/6/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\iolo\common\lib\ioloServiceManager.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\WINDOWS\system32\lxdicoms.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\AppStream\WindowsClient\bin\AppMgrService.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\AppStream\WindowsClient\Bin\AppMgrGui.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://isp.member.yahoo.com/regisp/...ster?.scrumb=0 O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn10\yt.dll O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: ForceField Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn10\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: (no name) - {8EAB99C9-F9EC-4b64-A4BA-D9BCAE8779C2} - (no file) O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\system32\TwcToolbarIe7.dll O3 - Toolbar: ForceField Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [AppMgrGui] C:\Program Files\AppStream\WindowsClient\bin\exeForService.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [YMailAdvisor] "C:\Program Files\Yahoo!\Common\YMailAdvisor.exe" O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" O4 - HKLM\..\Run: [DivX Free Codec] C:\Program Files\DivX Free Codec\Divx Free Update.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe" O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Global Startup: Event Reminder.lnk = C:\AppStreamCache\FltRoot\1810946759\PROGRAM FILES\PrintMaster Platinum 17\Remind.exe O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file) O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file) O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O12 - Plugin for .htm: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll O16 - DPF: Addiction by pogo - http://game3.pogo.com/v/9.0.1.10/app...tion-en_US.cab O16 - DPF: Bingo Luau by pogo - http://game1.pogo.com/v/8.1.7.44/app...ingo-en_US.cab O16 - DPF: Dominoes v2 by pogo - http://game1.pogo.com/v/8.1.7.44/app...ino2-en_US.cab O16 - DPF: First Class Solitaire by pogo - http://game3.pogo.com/v/8.1.7.44/app...ass2-en_US.cab O16 - DPF: Golf Solitaire by pogo - http://game3.pogo.com/v/9.0.1.7/appl...aire-en_US.cab O16 - DPF: Hog Heaven Slots by pogo - http://game1.pogo.com/applet-8.0.8.3...ancy-en_US.cab O16 - DPF: KenoPop! by pogo - http://game3.pogo.com/v/8.1.8.21/app...keno-en_US.cab O16 - DPF: Lottso by pogo - http://game3.pogo.com/v/9.1.7.20/app...ttso-en_US.cab O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/v/8.1.7.44/app...ong2-en_US.cab O16 - DPF: No-Limit Texas Hold'em by pogo - http://game3.pogo.com/v/8.1.9.1/appl...llin-en_US.cab O16 - DPF: Poppit by pogo - http://game1.pogo.com/v/8.1.6.21/app...pit2-en_US.cab O16 - DPF: Pseudoku by pogo - http://game3.pogo.com/v/8.2.0.13/app...doku-en_US.cab O16 - DPF: Shuffle Bump by pogo - http://game1.pogo.com/applet-8.0.8.3...puck-en_US.cab O16 - DPF: Spooky Slots - http://game1.pogo.com/v/8.1.1.35/app...ooky-en_US.cab O16 - DPF: Thousand Island Solitaire by pogo - http://game3.pogo.com/v/8.1.7.44/app...brae-en_US.cab O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-8.0.3.2...eaks-en_US.cab O16 - DPF: Vaults of Atlantis Slots by pogo - http://game1.pogo.com/applet-8.0.0.3...lots-en_US.cab O16 - DPF: Word Craft by pogo - http://game1.pogo.com/applet-6.9.4.3...bble-en_US.cab O16 - DPF: Word Search Daily by pogo - http://game1.pogo.com/applet-8.0.9.4...arch-en_US.cab O16 - DPF: World Class Solitaire by pogo - http://game3.pogo.com/v/9.1.7.20/app...lass-en_US.cab O16 - DPF: Yahtzee Party by pogo - http://game3.pogo.com/v/9.1.7.20/app...tzee-en_US.cab O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edg...ex-2.0.3.8.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/Pog...rInstaller.CAB O16 - DPF: {3356DB7C-58A7-11D4-AA5C-006097314BF8} (LaunchObj Class) - http://smartdownload.riverdeep.net/launcher.cab O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.4.1.cab O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - http://webiq001.webiqonline.com/WebIQ/bin/WebIQ.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab O16 - DPF: {63DF43C2-469A-41F3-B119-17B1ACE8BB34} (Sony SNC-RZ30 Image Viewer) - http://209.208.13.215/home/SonySncRz30View.cab O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://www.sidestep.com/get/k42037/sb02d.cab O16 - DPF: {670821E0-76D1-11D4-9F60-009027A966BF} (YouBet Secure Data Transfer Control) - http://racing.youbet.com/wr_6_2/controls/ybrequest.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1181267150822 O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/produc...ed/mvt/mvt.cab O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/pro...anner37590.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://floridakeysmedia.tv/axiscam/C...CamControl.ocx O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab O16 - DPF: {BE71A78B-77DB-451C-A761-59B37022D544} (AOL Newport Downloader Ctrl) - http://o.aolcdn.com/pictures/ap/Reso...s.10.4.0.4.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../installer.exe O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab57176.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.gamehouse.com/realarcade-...pcaploader.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://atlantis9.bigfishgames.com/Re...meLauncher.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: ASWLNDLL - C:\WINDOWS\SYSTEM32\ASWLNDLL.dll O23 - Service: AWE 5.1.0 Application Manager (AppMgrService) - AppStream Inc. - C:\Program Files\AppStream\WindowsClient\bin\AppMgrService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Update Service (gupdate1c9f746a4794192) (gupdate1c9f746a4794192) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe O23 - Service: ForceField IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: lxdi_device - - C:\WINDOWS\system32\lxdicoms.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 19400 bytes |
07-Nov-2009, 08:13 AM
#10 | ||||||
| dlmurphy13: Thanks for posting the 3 logs. Now you need to wait for cybertech's next instructions. -------------------------------------------------------------- You appear to have Logitech Desktop Messenger installed. Get rid of it. After you've uninstalled it, go into the C:\Program Files\Logitech folder and delete the Desktop Messenger folder - if it's still there. --------------------------------------------------------------- |
07-Nov-2009, 11:43 AM
#11 | ||||||
| Thanks flavallee, I have deleted the Logitech Desktop Messenger (I don't even know what that does with my camera!! have never used it!) Thanks again and will await further instruction from CyberTech!! Have a great weekend and thanks again for your expert knowledge!!! |
07-Nov-2009, 03:27 PM
#12 | ||||||
| Run HJT again and put a check in the following: O3 - Toolbar: (no name) - {8EAB99C9-F9EC-4b64-A4BA-D9BCAE8779C2} - (no file) O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file) O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file) O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll Close all applications and browser windows before you click "fix checked". Are you having any problems now? |
08-Nov-2009, 12:07 AM
#13 | ||||||
| cybertech, Ran hijack again an fixed the above, except for 018...deleted the logitech desktop manager earlier. ran another HJT after and here is the log. I have been away today, and turned off my computer, hoping that would help to not send out any emails...so will leave on tonight to see if any are sent by tomorrow morning. Thanks again!! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:02:53 PM, on 11/7/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\iolo\common\lib\ioloServiceManager.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\WINDOWS\system32\lxdicoms.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\AppStream\WindowsClient\bin\AppMgrService.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://isp.member.yahoo.com/regisp/...ster?.scrumb=0 O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn10\yt.dll O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: ForceField Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn10\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\system32\TwcToolbarIe7.dll O3 - Toolbar: ForceField Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [AppMgrGui] C:\Program Files\AppStream\WindowsClient\bin\exeForService.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [YMailAdvisor] "C:\Program Files\Yahoo!\Common\YMailAdvisor.exe" O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" O4 - HKLM\..\Run: [DivX Free Codec] C:\Program Files\DivX Free Codec\Divx Free Update.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe" O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Global Startup: Event Reminder.lnk = C:\AppStreamCache\FltRoot\1810946759\PROGRAM FILES\PrintMaster Platinum 17\Remind.exe O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O12 - Plugin for .htm: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll O16 - DPF: Addiction by pogo - http://game3.pogo.com/v/9.0.1.10/app...tion-en_US.cab O16 - DPF: Bingo Luau by pogo - http://game1.pogo.com/v/8.1.7.44/app...ingo-en_US.cab O16 - DPF: Dominoes v2 by pogo - http://game1.pogo.com/v/8.1.7.44/app...ino2-en_US.cab O16 - DPF: First Class Solitaire by pogo - http://game3.pogo.com/v/8.1.7.44/app...ass2-en_US.cab O16 - DPF: Golf Solitaire by pogo - http://game3.pogo.com/v/9.0.1.7/appl...aire-en_US.cab O16 - DPF: Hog Heaven Slots by pogo - http://game1.pogo.com/applet-8.0.8.3...ancy-en_US.cab O16 - DPF: KenoPop! by pogo - http://game3.pogo.com/v/8.1.8.21/app...keno-en_US.cab O16 - DPF: Lottso by pogo - http://game3.pogo.com/v/9.1.7.20/app...ttso-en_US.cab O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/v/8.1.7.44/app...ong2-en_US.cab O16 - DPF: No-Limit Texas Hold'em by pogo - http://game3.pogo.com/v/8.1.9.1/appl...llin-en_US.cab O16 - DPF: Poppit by pogo - http://game1.pogo.com/v/8.1.6.21/app...pit2-en_US.cab O16 - DPF: Pseudoku by pogo - http://game3.pogo.com/v/8.2.0.13/app...doku-en_US.cab O16 - DPF: Shuffle Bump by pogo - http://game1.pogo.com/applet-8.0.8.3...puck-en_US.cab O16 - DPF: Spooky Slots - http://game1.pogo.com/v/8.1.1.35/app...ooky-en_US.cab O16 - DPF: Thousand Island Solitaire by pogo - http://game3.pogo.com/v/8.1.7.44/app...brae-en_US.cab O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-8.0.3.2...eaks-en_US.cab O16 - DPF: Vaults of Atlantis Slots by pogo - http://game1.pogo.com/applet-8.0.0.3...lots-en_US.cab O16 - DPF: Word Craft by pogo - http://game1.pogo.com/applet-6.9.4.3...bble-en_US.cab O16 - DPF: Word Search Daily by pogo - http://game1.pogo.com/applet-8.0.9.4...arch-en_US.cab O16 - DPF: World Class Solitaire by pogo - http://game3.pogo.com/v/9.1.7.20/app...lass-en_US.cab O16 - DPF: Yahtzee Party by pogo - http://game3.pogo.com/v/9.1.7.20/app...tzee-en_US.cab O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edg...ex-2.0.3.8.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/Pog...rInstaller.CAB O16 - DPF: {3356DB7C-58A7-11D4-AA5C-006097314BF8} (LaunchObj Class) - http://smartdownload.riverdeep.net/launcher.cab O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.4.1.cab O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - http://webiq001.webiqonline.com/WebIQ/bin/WebIQ.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab O16 - DPF: {63DF43C2-469A-41F3-B119-17B1ACE8BB34} (Sony SNC-RZ30 Image Viewer) - http://209.208.13.215/home/SonySncRz30View.cab O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://www.sidestep.com/get/k42037/sb02d.cab O16 - DPF: {670821E0-76D1-11D4-9F60-009027A966BF} (YouBet Secure Data Transfer Control) - http://racing.youbet.com/wr_6_2/controls/ybrequest.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1181267150822 O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/produc...ed/mvt/mvt.cab O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/pro...anner37590.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://floridakeysmedia.tv/axiscam/C...CamControl.ocx O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab O16 - DPF: {BE71A78B-77DB-451C-A761-59B37022D544} (AOL Newport Downloader Ctrl) - http://o.aolcdn.com/pictures/ap/Reso...s.10.4.0.4.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../installer.exe O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab57176.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.gamehouse.com/realarcade-...pcaploader.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://atlantis9.bigfishgames.com/Re...meLauncher.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: ASWLNDLL - C:\WINDOWS\SYSTEM32\ASWLNDLL.dll O23 - Service: AWE 5.1.0 Application Manager (AppMgrService) - AppStream Inc. - C:\Program Files\AppStream\WindowsClient\bin\AppMgrService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Update Service (gupdate1c9f746a4794192) (gupdate1c9f746a4794192) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe O23 - Service: ForceField IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: lxdi_device - - C:\WINDOWS\system32\lxdicoms.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 18665 bytes |
08-Nov-2009, 02:07 PM
#14 | ||||||
| I don't see any anti-virus software running. Look in the TSG Library of Knowledge for suggestions. Some are purchased and some are free. Pick one and get your system protected. |
08-Nov-2009, 02:24 PM
#15 | ||||||
| I'm supposed to have Zone Alarm running...it shows in my system try that it is on and running...is there a way to check it?? Hell...I paid for it, i want it to work!! will check it's settings...and also check the link you gave me! It seems my problem is gone...no new mail has gone out!! |
|
| |
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
| Thread Tools | |
| |
| You Are Using:  |
Advertisements do not imply our endorsement of that product or service. All times are GMT -4. The time now is 03:26 PM. Copyright © 1996 - 2011 TechGuy, Inc. All rights reserved. |  |
Facebook
Twitter
TechGuy.tv
TSG Mobile