Windows, Operating System, Security, Networking, Malware, Support, Forum, Help Site Check Our Facebook Page!
Notices

Register your FREE account to unlock additional features at WindowsBBS.com
 
 
LinkBack Thread Tools
Old 1st February 2010   #31
Senior Member
THREAD STARTER
 
sallnjackn's Avatar
 
Profile:
Join Date: Feb 2005
Location: Minneapolis, MN
Posts: 134
Computer Experience:
intermediate
sallnjackn Reputation Level

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, February 1, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, January 31, 2010 21:11:43
Records in database: 3392905
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan statistics:
Objects scanned: 195592
Threats found: 6
Infected objects found: 11
Suspicious objects found: 10
Scan duration: 12:18:13


File name / Threat / Threats count
C:\Documents and Settings\sallie\Application Data\Identities\{95A6BE00-E5F5-11D7-A03F-E285DD5C3607}\Microsoft\Outlook Express\save1.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1
D:\my documents\OE copy acct 2 24 08\Inbox.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1
D:\my documents\OE copy acct 2 24 08\save1.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1
D:\my documents\OE copy acct 2 24 08\save.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1
E:\Documents and Settings\backup outlook express\save.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1
E:\Documents and Settings\backup outlook express\Inbox.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1
E:\Documents and Settings\backup outlook express\save1.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1
E:\Documents and Settings\backup outlook express 2 95A6\Inbox.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1
E:\Documents and Settings\backup outlook express 2 95A6\save1.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1
E:\my documents\Outlook express backed up\saved1.dbx Infected: Trojan-Spy.HTML.Bayfraud.hn 1
E:\my documents\outlook express .dbx\saved1.dbx Infected: Trojan-Spy.HTML.Bayfraud.hn 1
H:\desktop dowloads\downloads\keyfinder.zip Infected: not-a-virus:PSWTool.Win32.RAS.a 2
H:\My Documents\outlook express folders copied 7 29 07\save1.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1
H:\backed up sallnjackn1 1025\saved1.dbx Infected: Trojan-Spy.HTML.Usbankfraud.i 1
H:\downloaded program files\vnc-4_1_2-x86_win32.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 4
H:\downloaded program files\mirc617.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.617 1
H:\files from e drive\downloaded program files\mirc617.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.617 1

Selected area has been scanned.

sallnjackn is offline  
Old 1st February 2010   #32
Malware Analyst
 
broni's Avatar
 
Profile:
Join Date: Aug 2002
Location: Daly City, CA
Posts: 19,910
Computer Experience:
intermediate
broni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Level

My System
If you have any important mail in your Outlook Express, please read it/save it to some other location, because we'll need to remove some OE folders. They'll be rebuilt on OE restart.

====================================================================

Please download OTM
  • Save it to your desktop.
  • Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

Code:
:Processes

:Services

:Reg

:Files
C:\Documents and Settings\sallie\Application Data\Identities\{95A6BE00-E5F5-11D7-A03F-E285DD5C3607}\Microsoft\Outlook Express\save1.dbx 
D:\my documents\OE copy acct 2 24 08\Inbox.dbx 
D:\my documents\OE copy acct 2 24 08\save1.dbx 
D:\my documents\OE copy acct 2 24 08\save.dbx 
E:\Documents and Settings\backup outlook express\save.dbx 
E:\Documents and Settings\backup outlook express\Inbox.dbx 
E:\Documents and Settings\backup outlook express\save1.dbx 
E:\Documents and Settings\backup outlook express 2 95A6\Inbox.dbx 
E:\Documents and Settings\backup outlook express 2 95A6\save1.dbx 
E:\my documents\Outlook express backed up\saved1.dbx 
E:\my documents\outlook express .dbx\saved1.dbx 
H:\desktop dowloads\downloads\keyfinder.zip 
H:\My Documents\outlook express folders copied 7 29 07\save1.dbx 
H:\backed up sallnjackn1 1025\saved1.dbx 
H:\downloaded program files\vnc-4_1_2-x86_win32.exe 
H:\downloaded program files\mirc617.exe 
H:\files from e drive\downloaded program files\mirc617.exe
      
:Commands
[purity]
[resethosts]
[emptytemp]
[Reboot]
  • Return to OTM, right click in the Paste Instructions for Items to be Movedwindow (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM and reboot your PC.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

broni is offline  
Old 1st February 2010   #33
Senior Member
THREAD STARTER
 
sallnjackn's Avatar
 
Profile:
Join Date: Feb 2005
Location: Minneapolis, MN
Posts: 134
Computer Experience:
intermediate
sallnjackn Reputation Level

Error: Unable to interpret <--------------------------------------------------------------------------------> in the current context!
Error: Unable to interpret <KASPERSKY ONLINE SCANNER 7.0: scan report> in the current context!
Error: Unable to interpret < Monday, February 1, 2010> in the current context!
Error: Unable to interpret < Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)> in the current context!
Error: Unable to interpret < Kaspersky Online Scanner version: 7.0.26.13> in the current context!
Error: Unable to interpret < Last database update: Sunday, January 31, 2010 21:11:43> in the current context!
Error: Unable to interpret < Records in database: 3392905> in the current context!
Error: Unable to interpret <--------------------------------------------------------------------------------> in the current context!
Error: Unable to interpret <Scan settings:> in the current context!
Error: Unable to interpret < scan using the following database: extended> in the current context!
Error: Unable to interpret < Scan archives: yes> in the current context!
Error: Unable to interpret < Scan e-mail databases: yes> in the current context!
Error: Unable to interpret <Scan area - My Computer:> in the current context!
Error: Unable to interpret < A:\> in the current context!
Error: Unable to interpret < C:\> in the current context!
Error: Unable to interpret < D:\> in the current context!
Error: Unable to interpret < E:\> in the current context!
Error: Unable to interpret < F:\> in the current context!
Error: Unable to interpret < G:\> in the current context!
Error: Unable to interpret < H:\> in the current context!
Error: Unable to interpret < I:\> in the current context!
Error: Unable to interpret <Scan statistics:> in the current context!
Error: Unable to interpret < Objects scanned: 195592> in the current context!
Error: Unable to interpret < Threats found: 6> in the current context!
Error: Unable to interpret < Infected objects found: 11> in the current context!
Error: Unable to interpret < Suspicious objects found: 10> in the current context!
Error: Unable to interpret < Scan duration: 12:18:13> in the current context!
Error: Unable to interpret <File name / Threat / Threats count> in the current context!
Error: Unable to interpret <C:\Documents and Settings\sallie\Application Data\Identities\{95A6BE00-E5F5-11D7-A03F-E285DD5C3607}\Microsoft\Outlook Express\save1.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1> in the current context!
Error: Unable to interpret <D:\my documents\OE copy acct 2 24 08\Inbox.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1> in the current context!
Error: Unable to interpret <D:\my documents\OE copy acct 2 24 08\save1.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1> in the current context!
Error: Unable to interpret <D:\my documents\OE copy acct 2 24 08\save.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1> in the current context!
Error: Unable to interpret <E:\Documents and Settings\backup outlook express\save.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1> in the current context!
Error: Unable to interpret <E:\Documents and Settings\backup outlook express\Inbox.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1> in the current context!
Error: Unable to interpret <E:\Documents and Settings\backup outlook express\save1.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1> in the current context!
Error: Unable to interpret <E:\Documents and Settings\backup outlook express 2 95A6\Inbox.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1> in the current context!
Error: Unable to interpret <E:\Documents and Settings\backup outlook express 2 95A6\save1.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1> in the current context!
Error: Unable to interpret <E:\my documents\Outlook express backed up\saved1.dbx Infected: Trojan-Spy.HTML.Bayfraud.hn 1> in the current context!
Error: Unable to interpret <E:\my documents\outlook express .dbx\saved1.dbx Infected: Trojan-Spy.HTML.Bayfraud.hn 1> in the current context!
Error: Unable to interpret <H:\desktop dowloads\downloads\keyfinder.zip Infected: not-a-virus:PSWTool.Win32.RAS.a 2> in the current context!
Error: Unable to interpret <H:\My Documents\outlook express folders copied 7 29 07\save1.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1> in the current context!
Error: Unable to interpret <H:\backed up sallnjackn1 1025\saved1.dbx Infected: Trojan-Spy.HTML.Usbankfraud.i 1> in the current context!
Error: Unable to interpret <H:\downloaded program files\vnc-4_1_2-x86_win32.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 4> in the current context!
Error: Unable to interpret <H:\downloaded program files\mirc617.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.617 1> in the current context!
Error: Unable to interpret <H:\files from e drive\downloaded program files\mirc617.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.617 1> in the current context!
Error: Unable to interpret <Selected area has been scanned.> in the current context!

OTM by OldTimer - Version 3.1.7.1 log created on 02012010_155903

sallnjackn is offline  
Old 1st February 2010   #34
Malware Analyst
 
broni's Avatar
 
Profile:
Join Date: Aug 2002
Location: Daly City, CA
Posts: 19,910
Computer Experience:
intermediate
broni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Level

My System
You didn't paste my script, but a whole Kaspersky report. It won't work.
Please, re-do.

broni is offline  
Old 1st February 2010   #35
Senior Member
THREAD STARTER
 
sallnjackn's Avatar
 
Profile:
Join Date: Feb 2005
Location: Minneapolis, MN
Posts: 134
Computer Experience:
intermediate
sallnjackn Reputation Level

All processes killed
========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Documents and Settings\sallie\Application Data\Identities\{95A6BE00-E5F5-11D7-A03F-E285DD5C3607}\Microsoft\Outlook Express\save1.dbx moved successfully.
D:\my documents\OE copy acct 2 24 08\Inbox.dbx moved successfully.
D:\my documents\OE copy acct 2 24 08\save1.dbx moved successfully.
D:\my documents\OE copy acct 2 24 08\save.dbx moved successfully.
E:\Documents and Settings\backup outlook express\save.dbx moved successfully.
E:\Documents and Settings\backup outlook express\Inbox.dbx moved successfully.
E:\Documents and Settings\backup outlook express\save1.dbx moved successfully.
E:\Documents and Settings\backup outlook express 2 95A6\Inbox.dbx moved successfully.
E:\Documents and Settings\backup outlook express 2 95A6\save1.dbx moved successfully.
E:\my documents\Outlook express backed up\saved1.dbx moved successfully.
E:\my documents\outlook express .dbx\saved1.dbx moved successfully.
H:\desktop dowloads\downloads\keyfinder.zip moved successfully.
H:\My Documents\outlook express folders copied 7 29 07\save1.dbx moved successfully.
H:\backed up sallnjackn1 1025\saved1.dbx moved successfully.
H:\downloaded program files\vnc-4_1_2-x86_win32.exe moved successfully.
H:\downloaded program files\mirc617.exe moved successfully.
H:\files from e drive\downloaded program files\mirc617.exe moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: sallie
->Temp folder emptied: 92649863 bytes
->Temporary Internet Files folder emptied: 34154 bytes
->Java cache emptied: 129289 bytes
->FireFox cache emptied: 38283070 bytes
->Google Chrome cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 0 bytes

User: microsoft

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 150319 bytes
Session Manager Temp folder emptied: 109592 bytes
Session Manager Tmp folder emptied: 109592 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 125.00 mb


OTM by OldTimer - Version 3.1.7.1 log created on 02012010_162907

Files moved on Reboot...
File C:\WINDOWS\temp\logishrd\LVPrcInj01.dll not found!
File C:\WINDOWS\temp\ZLT00835.TMP not found!
File C:\WINDOWS\temp\ZLT0081e.TMP not found!

Registry entries deleted on Reboot...

sallnjackn is offline  
Old 1st February 2010   #36
Senior Member
THREAD STARTER
 
sallnjackn's Avatar
 
Profile:
Join Date: Feb 2005
Location: Minneapolis, MN
Posts: 134
Computer Experience:
intermediate
sallnjackn Reputation Level

When I rebooted after OTM I had a mess. Couldn't get on line. Zone Alarm kept flashing on my screen. Finally manually rebooted again and everything is back.

sallnjackn is offline  
Old 2nd February 2010   #37
Malware Analyst
 
broni's Avatar
 
Profile:
Join Date: Aug 2002
Location: Daly City, CA
Posts: 19,910
Computer Experience:
intermediate
broni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Level

My System
Good

Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

=================================================================

Unless you installed Viewpoint Manager knowledgeably...
Go Start>Control Panel>Add\Remove (Programs and Features in Vista), and...
Uninstall any of the following programs associated with Viewpoint:
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar
This program does not do anything bad such as deliver ads or spy on you, but it is considered foistware ("drive-by-install") as it is installed without your consent through programs like AOl, AIM, Compuserve, etc.

================================================================

Disable TeaTimer, as it'll interfere with the cleaning process:
Right click Spybot's TeaTimer System Tray Icon.
Click Exit Spybot-S&D Resident.
TeaTimer closes.
NOTE. If on re-boot, Spybot inquires about registry change(s), allow it.

================================================================

Disable Windows Defender, as it'll interfere with cleaning process:
- Open Windows Defender by clicking the Start, clicking All Programs, and then clicking Windows Defender.
- Click Tools
then...

++ Windows XP:
- Click General Settings
- Scroll down to Real Time Protection Options
- Uncheck Turn on Real Time Protection
- After you uncheck this, click on the Save button
- Close Windows Defender

++ Windows Vista:
- Click Options
- Under Administrator options, clear the Use Windows Defender check box, and then click Save.

Enable Windows Defender, when all cleaning is done.

================================================================

Print this post out, since you won't have an access to it, at some point.

1. Open HijackThis.

2. Close all windows, except for HijackThis.

3. Put checkmarks next to the following HijackThis entries:

- O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - (no file)
- O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
- O2 - BHO: (no name) - {656EC4B7-072B-4698-B504-2A414C1F0037} - (no file)
- O4 - Global Startup: McAfee Security Scan.lnk = ?


4. You should also checkmark following entries (these are unnecessary startups; no actual programs will be removed):

- O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
- O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
- O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
- O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe
- O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
- O4 - HKUS\S-1-5-18\..\RunOnce: [Printing Migration] rundll32.exe C:\WINDOWS\System32\spool\migrate.dll,ProcessWin9xNetworkPrinters (User 'SYSTEM')
- O4 - HKUS\.DEFAULT\..\RunOnce: [Printing Migration] rundll32.exe C:\WINDOWS\System32\spool\migrate.dll,ProcessWin9xNetworkPrinters (User 'Default user')
- O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
- O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll



5. Click on Fix checked button.

6. Restart computer.

7. Post new HijackThis log.

broni is offline  
Old 2nd February 2010   #38
Senior Member
THREAD STARTER
 
sallnjackn's Avatar
 
Profile:
Join Date: Feb 2005
Location: Minneapolis, MN
Posts: 134
Computer Experience:
intermediate
sallnjackn Reputation Level

Well, I finally got to Hijack This. Do you want me to open a Hijack This log?

sallnjackn is offline  
Old 2nd February 2010   #39
Malware Analyst
 
broni's Avatar
 
Profile:
Join Date: Aug 2002
Location: Daly City, CA
Posts: 19,910
Computer Experience:
intermediate
broni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Level

My System
After applying all steps from my previous reply, yes.

broni is offline  
Old 2nd February 2010   #40
Senior Member
THREAD STARTER
 
sallnjackn's Avatar
 
Profile:
Join Date: Feb 2005
Location: Minneapolis, MN
Posts: 134
Computer Experience:
intermediate
sallnjackn Reputation Level

I've done all the other steps but still wonder if I should open the last log or run a new scan and then check the affected entries?

sallnjackn is offline  
Old 2nd February 2010   #41
Malware Analyst
 
broni's Avatar
 
Profile:
Join Date: Aug 2002
Location: Daly City, CA
Posts: 19,910
Computer Experience:
intermediate
broni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Level

My System
Yes, reopen HJT, checkmark indicated entries, click "Fix checked" and post fresh log.

broni is offline  
Old 2nd February 2010   #42
Senior Member
THREAD STARTER
 
sallnjackn's Avatar
 
Profile:
Join Date: Feb 2005
Location: Minneapolis, MN
Posts: 134
Computer Experience:
intermediate
sallnjackn Reputation Level

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:56:40 PM, on 2/1/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead2\InCD\InCDsrv.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Portrait Displays\MagicTune\dtsrvc.exe
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
H:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\Fomine Net Send GUI\NetSendGUI.exe
C:\Program Files\MSWorks\Calendar\Wkcalrem.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
E:\downloaded program files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TOOLBAR\ElnkPub.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TOOLBAR\ProtctIE.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TOOLBAR\uninsttb.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TOOLBAR\Toolbar.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [WinPatrol] H:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe /hide
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Secunia PSI.lnk = D:\program files\Secunia\PSI\psi.exe
O4 - Global Startup: Net Send GUI.lnk = C:\Program Files\Fomine Net Send GUI\NetSendGUI.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\MSWorks\Calendar\WKCALREM.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: EarthLink Google Search - res://C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TOOLBAR\SearchUI.dll/search.html
O8 - Extra context menu item: Send Image to Photo Library - file://C:\Documents and Settings\sallie\Application Data\MGI\PhotoSuite4\Temp\MGI00000.html
O8 - Extra context menu item: ShaPlus Google Translator - res://E:\Program Files\ShaPlus Google Translator\GoogleTranslator.dll/ie.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://a248.e.akamai.net
O15 - Trusted Zone: http://www.bitdefender.com
O15 - Trusted Zone: start.earthlink.net
O15 - Trusted Zone: scgi.ebay.com
O15 - Trusted Zone: messenger.hotmail.com
O15 - Trusted Zone: www.matchmaker.com
O15 - Trusted Zone: www.msphometour.com
O15 - Trusted Zone: http://ssl-hints.netflame.cc
O15 - Trusted Zone: www.nwa.com
O15 - Trusted Zone: *.officemax.com
O15 - Trusted Zone: loginnet.passport.com
O15 - Trusted Zone: login.passport.net
O15 - Trusted Zone: memberservicesnet.passport.net
O15 - Trusted Zone: http://www.vanishingpointgame.com
O15 - Trusted Zone: *.verisign
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/OneClickFix/tgctlsr.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {14578416-1111-1111-1111-111111411123} -
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175...at-no-eula.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase5483.cab
O16 - DPF: {638AF6A2-81A1-4655-9FFA-9FC09CDE22CF} (CScanner Object) - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1123999976890
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {66C643AB-AF09-438E-B1BB-F0B79955CCBA} - http://www.wsel.net/imcupdatefiles/whistlesilent615.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1123999962031
O16 - DPF: {72770C4F-967D-4517-982B-92D6B9015649} (DigWebHelper Class) - http://photos.msn.com/resources/neut....cab?9,0,712,0
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/pro...tor/WebAAS.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab27513.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole...rcadeRdxIE.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://www.imgag.com/cp/install/Crusher.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {BF116476-3238-4EDA-A2D7-6D6814EF0DEC} (Quicksilver Class) - http://scpwba.ops.placeware.com/etc/...uicksilver.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...a/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/tech...ActiveData.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.com/resources/neut...cab?10,0,910,0
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: jpip - {B92DD248-E3D5-4A92-B311-C9B841681455} - D:\Program Files\LizardTech\Express View\expressview.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: sidlet - {B92DD248-E3D5-4A92-B311-C9B841681455} - D:\Program Files\LizardTech\Express View\expressview.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\MagicTune\dtsrvc.exe
O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
O23 - Service: Google Update Service (gupdate1c8ea92b33f0c3c) (gupdate1c8ea92b33f0c3c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead2\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Retrospect Helper - EMC Corporation - C:\Program Files\Retrospect\Retrospect 7.5\rthlpsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe

--
End of file - 18570 bytes

sallnjackn is offline  
Old 2nd February 2010   #43
Senior Member
THREAD STARTER
 
sallnjackn's Avatar
 
Profile:
Join Date: Feb 2005
Location: Minneapolis, MN
Posts: 134
Computer Experience:
intermediate
sallnjackn Reputation Level

Sorry it posted twice. I get an error saying I have to wait 15 seconds between posts and to try again when it has actually been at least 15 minutes.

sallnjackn is offline  
Old 2nd February 2010   #44
Malware Analyst
 
broni's Avatar
 
Profile:
Join Date: Aug 2002
Location: Daly City, CA
Posts: 19,910
Computer Experience:
intermediate
broni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Level

My System
Your computer is clean

1. Turn off System Restore:

- Windows XP:
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore".
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
- Windows Vista:
1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK

2. Restart computer.

3. Turn System Restore on.

4. Make sure, Windows Updates are current.

5. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run defrag at your convenience.

8. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

9. Please, let me know, how is your computer doing.

broni is offline  
Old 2nd February 2010   #45
Senior Member
THREAD STARTER
 
sallnjackn's Avatar
 
Profile:
Join Date: Feb 2005
Location: Minneapolis, MN
Posts: 134
Computer Experience:
intermediate
sallnjackn Reputation Level

I will certainly do all of your recommendations right away. I'm so surprised that I was infected. I keep my computer up to date and have anti virus but I guess it doesn't catch everything. I got the "survey" page when I rebooted and opened Firefox. I copied the address. It might be of help to you. "http://server2.mediajmp.com/surveys/cpv-index.html?sub=earthlink.net" without quotes. The Axwin error still comes up also. AVG said it found tracking cookies but when I tried to have it heal or quarantine it didn't work. I found them and deleted them. This 75 year old lady is pretty tired about now but I really appreciate all you have done for me and the hours spent. I'm so proud that XP is clean and hope I can keep it that way. My husband has a 2000 professional computer and I'm running Kaspersky on that right now. We use Avast on his machine. I have a 2 year old laptop that came with Vista and I upgraded it to 7 in October. I ran Kaspersky and found 1 infected object and 1 suspicious object. I have AVG on it but have a free year of Kaspersky that I haven't used yet.. I should probably install it. I will keep on top of the computers and take all of your advice. Tried to check for Windows updates but there was a problem. The tracking cookies were in IE. My computer is faster and not dragging it's heels like it was. Thanks again Broni and when you and I have time I will probably looking for help again. Sallie

sallnjackn is offline  


 

THIS THREAD HAS EXPIRED.

Are you having the same problem? Please post a new thread, but first you'll have to join us by Registering (FREE).



Discussion Forums
Operating Systems
Windows 8 Windows 8
Windows 7 Windows 7
Windows Vista Windows Vista
Windows XP Windows XP
Windows Server System Windows Server System
Legacy Windows OS Legacy Windows OS
Internet & Networking
Networking (Hardware & Software) Networking
Internet Explorer Internet Explorer
Microsoft Mail Microsoft Mail
Firefox, Thunderbird & SeaMonkey Firefox, Thunderbird
      & SeaMonkey

Web Applications & Cloud Web Applications & Cloud
General Internet
Security
Malware and Virus Removal Malware and Virus
     Removal

Security and Privacy Security and Privacy

Other
Other PC Software Other PC Software
Test Posts Test Posts
Hardware
PC Hardware PC Hardware
Mobile Devices Mobile Devices
Community
Introductions Introductions
General Discussions General Discussions
Site Comments & Suggestions Site Comments
      & Suggestions

News News @ WindowsBBS

Thread Tools


Find us on Facebook   Web Of Trust Rating

All times are GMT. The time now is 11:48.


Recent Discussions
login bypass (4)
BSOD computer crash (2)
Windows 7 notifies a large number o.. (5)
Windows 7 Live Mail settings. (4)
explorer.exe Application Error (6)
How set Restore Point to auto Creat.. (5)
Start up problem. (4)
A blue screen I have never seen! (7)
Can't delete folder (9)
Administrative events/errors and so.. (4)
Legacy SATA HD vs new style SATA in.. (10)
IE 9 Proxy in Vista Strange Setting (16)
BSOD, NTFS.sys (1)
suspicious.cloud.9 trojan (4)
Windows Explorer Shuts Down (1)
New SpywareBlaster updates availabl.. (0)
XP repair needed on old system (16)
pin/unpin to start menu and taskbar (15)
Enhance Windows' online security wi.. (3)
[Destroy data on 3.5 inch floppy di.. (4)


Donate!
Support Windows BBS!



Powered by vBulletin® Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO
Copyright 2002 - 2013 WindowsBBS.com. All rights reserved.
FDMA Media LLC
Terms of Use, Legal Information & Privacy Policy
Page generated in 0.36958 seconds with 7 queries