Solved AXWIN Frame Window: svchost.exe - Application Error

SuperAntiSpyware was installed, updated and run. Scanning of all drives is complete. No harmful software was detected. Malwarebytes updated and scan started at 7:30 A.M. I will post the log when finished. AXWIN came up again when I rebooted. Sallie

 

Malwarebytes' Anti-Malware 1.44
Database version: 3667
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/31/2010 10:25:30 AM
mbam-log-2010-01-31 (10-25-30).txt

Scan type: Full Scan (C:\|D:\|E:\|H:\|)
Objects scanned: 342109
Time elapsed: 2 hour(s), 49 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 15

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{0AAD7E78-FD8D-491F-9AAF-A07FBC28E939}\RP166\A0063428.COM (Adware.Swizzor) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0AAD7E78-FD8D-491F-9AAF-A07FBC28E939}\RP166\A0063437.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0AAD7E78-FD8D-491F-9AAF-A07FBC28E939}\RP166\A0064516.com (Adware.Swizzor) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0AAD7E78-FD8D-491F-9AAF-A07FBC28E939}\RP166\A0064524.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0AAD7E78-FD8D-491F-9AAF-A07FBC28E939}\RP166\A0064670.com (Adware.Swizzor) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0AAD7E78-FD8D-491F-9AAF-A07FBC28E939}\RP166\A0064677.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0AAD7E78-FD8D-491F-9AAF-A07FBC28E939}\RP167\A0065663.COM (Adware.Swizzor) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0AAD7E78-FD8D-491F-9AAF-A07FBC28E939}\RP167\A0065672.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0AAD7E78-FD8D-491F-9AAF-A07FBC28E939}\RP167\A0066715.com (Adware.Swizzor) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0AAD7E78-FD8D-491F-9AAF-A07FBC28E939}\RP167\A0066722.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0AAD7E78-FD8D-491F-9AAF-A07FBC28E939}\RP167\A0066802.com (Adware.Swizzor) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0AAD7E78-FD8D-491F-9AAF-A07FBC28E939}\RP167\A0066811.sys (Malware.Trace) -> Quarantined and deleted successfully.
E:\downloaded program files\RegistryEasy.exe (Rogue.Installer) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{0AAD7E78-FD8D-491F-9AAF-A07FBC28E939}\RP162\A0058973.exe (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
c:\documents and settings\sallie\favorites\cheap softwareOEM.url (Rogue.Link) -> Quarantined and deleted successfully.

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:57:15 AM, on 1/31/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead2\InCD\InCDsrv.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Portrait Displays\MagicTune\dtsrvc.exe
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
H:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\Fomine Net Send GUI\NetSendGUI.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSWorks\Calendar\Wkcalrem.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRAM FILES\VIEWPOINT\Common\ViewpointService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe
E:\downloaded program files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TOOLBAR\ElnkPub.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {656EC4B7-072B-4698-B504-2A414C1F0037} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TOOLBAR\ProtctIE.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TOOLBAR\uninsttb.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TOOLBAR\Toolbar.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
O4 - HKLM\..\Run: [WinPatrol] H:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe "
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe "
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe /hide
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Printing Migration] rundll32.exe C:\WINDOWS\System32\spool\migrate.dll,ProcessWin9xNetworkPrinters (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Printing Migration] rundll32.exe C:\WINDOWS\System32\spool\migrate.dll,ProcessWin9xNetworkPrinters (User 'Default user')
O4 - Startup: Secunia PSI.lnk = D:\program files\Secunia\PSI\psi.exe
O4 - Global Startup: Net Send GUI.lnk = C:\Program Files\Fomine Net Send GUI\NetSendGUI.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\MSWorks\Calendar\WKCALREM.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: McAfee Security Scan.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: EarthLink Google Search - res://C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TOOLBAR\SearchUI.dll/search.html
O8 - Extra context menu item: Send Image to Photo Library - file://C:\Documents and Settings\sallie\Application Data\MGI\PhotoSuite4\Temp\MGI00000.html
O8 - Extra context menu item: ShaPlus Google Translator - res://E:\Program Files\ShaPlus Google Translator\GoogleTranslator.dll/ie.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://a248.e.akamai.net
O15 - Trusted Zone: http://www.bitdefender.com
O15 - Trusted Zone: start.earthlink.net
O15 - Trusted Zone: scgi.ebay.com
O15 - Trusted Zone: messenger.hotmail.com
O15 - Trusted Zone: www.matchmaker.com
O15 - Trusted Zone: www.msphometour.com
O15 - Trusted Zone: http://ssl-hints.netflame.cc
O15 - Trusted Zone: www.nwa.com
O15 - Trusted Zone: *.officemax.com
O15 - Trusted Zone: loginnet.passport.com
O15 - Trusted Zone: login.passport.net
O15 - Trusted Zone: memberservicesnet.passport.net
O15 - Trusted Zone: http://www.vanishingpointgame.com
O15 - Trusted Zone: *.verisign
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/OneClickFix/tgctlsr.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {14578416-1111-1111-1111-111111411123} -
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
O16 - DPF: {638AF6A2-81A1-4655-9FFA-9FC09CDE22CF} (CScanner Object) - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123999976890
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {66C643AB-AF09-438E-B1BB-F0B79955CCBA} - http://www.wsel.net/imcupdatefiles/whistlesilent615.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123999962031
O16 - DPF: {72770C4F-967D-4517-982B-92D6B9015649} (DigWebHelper Class) - http://photos.msn.com/resources/neutral/controls/DigWebX.cab?9,0,712,0
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://www.imgag.com/cp/install/Crusher.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {BF116476-3238-4EDA-A2D7-6D6814EF0DEC} (Quicksilver Class) - http://scpwba.ops.placeware.com/etc/place/6000-zr/pws-pw01/lib/quicksilver.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.com/resources/neutral/controls/DigWebX2.cab?10,0,910,0
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: jpip - {B92DD248-E3D5-4A92-B311-C9B841681455} - D:\Program Files\LizardTech\Express View\expressview.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: sidlet - {B92DD248-E3D5-4A92-B311-C9B841681455} - D:\Program Files\LizardTech\Express View\expressview.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\MagicTune\dtsrvc.exe
O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
O23 - Service: Google Update Service (gupdate1c8ea92b33f0c3c) (gupdate1c8ea92b33f0c3c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead2\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Retrospect Helper - EMC Corporation - C:\Program Files\Retrospect\Retrospect 7.5\rthlpsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\PROGRAM FILES\VIEWPOINT\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe

--
End of file - 20445 bytes

 

Firefox is my default browser.

 

The Kaspersky scan is extremely slow. It's been scanning for almost 3 hours and it's only at 15%. Would it be worth doing in safe mode? I have disabled AVG according to the instructions on the link in your instructions. Thank you for your patience and expertise during this laborious process. Sallie

 

Shall do, thanks!

 

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, February 1, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, January 31, 2010 21:11:43
Records in database: 3392905
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan statistics:
Objects scanned: 195592
Threats found: 6
Infected objects found: 11
Suspicious objects found: 10
Scan duration: 12:18:13


File name / Threat / Threats count
C:\Documents and Settings\sallie\Application Data\Identities\{95A6BE00-E5F5-11D7-A03F-E285DD5C3607}\Microsoft\Outlook Express\save1.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1
D:\my documents\OE copy acct 2 24 08\Inbox.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1
D:\my documents\OE copy acct 2 24 08\save1.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1
D:\my documents\OE copy acct 2 24 08\save.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1
E:\Documents and Settings\backup outlook express\save.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1
E:\Documents and Settings\backup outlook express\Inbox.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1
E:\Documents and Settings\backup outlook express\save1.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1
E:\Documents and Settings\backup outlook express 2 95A6\Inbox.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1
E:\Documents and Settings\backup outlook express 2 95A6\save1.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1
E:\my documents\Outlook express backed up\saved1.dbx Infected: Trojan-Spy.HTML.Bayfraud.hn 1
E:\my documents\outlook express .dbx\saved1.dbx Infected: Trojan-Spy.HTML.Bayfraud.hn 1
H:\desktop dowloads\downloads\keyfinder.zip Infected: not-a-virusSWTool.Win32.RAS.a 2
H:\My Documents\outlook express folders copied 7 29 07\save1.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1
H:\backed up sallnjackn1 1025\saved1.dbx Infected: Trojan-Spy.HTML.Usbankfraud.i 1
H:\downloaded program files\vnc-4_1_2-x86_win32.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 4
H:\downloaded program files\mirc617.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.617 1
H:\files from e drive\downloaded program files\mirc617.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.617 1

Selected area has been scanned.

 

Error: Unable to interpret <--------------------------------------------------------------------------------> in the current context!
Error: Unable to interpret <KASPERSKY ONLINE SCANNER 7.0: scan report> in the current context!
Error: Unable to interpret < Monday, February 1, 2010> in the current context!
Error: Unable to interpret < Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)> in the current context!
Error: Unable to interpret < Kaspersky Online Scanner version: 7.0.26.13> in the current context!
Error: Unable to interpret < Last database update: Sunday, January 31, 2010 21:11:43> in the current context!
Error: Unable to interpret < Records in database: 3392905> in the current context!
Error: Unable to interpret <--------------------------------------------------------------------------------> in the current context!
Error: Unable to interpret <Scan settings:> in the current context!
Error: Unable to interpret < scan using the following database: extended> in the current context!
Error: Unable to interpret < Scan archives: yes> in the current context!
Error: Unable to interpret < Scan e-mail databases: yes> in the current context!
Error: Unable to interpret <Scan area - My Computer:> in the current context!
Error: Unable to interpret < A:\> in the current context!
Error: Unable to interpret < C:\> in the current context!
Error: Unable to interpret < D:\> in the current context!
Error: Unable to interpret < E:\> in the current context!
Error: Unable to interpret < F:\> in the current context!
Error: Unable to interpret < G:\> in the current context!
Error: Unable to interpret < H:\> in the current context!
Error: Unable to interpret < I:\> in the current context!
Error: Unable to interpret <Scan statistics:> in the current context!
Error: Unable to interpret < Objects scanned: 195592> in the current context!
Error: Unable to interpret < Threats found: 6> in the current context!
Error: Unable to interpret < Infected objects found: 11> in the current context!
Error: Unable to interpret < Suspicious objects found: 10> in the current context!
Error: Unable to interpret < Scan duration: 12:18:13> in the current context!
Error: Unable to interpret <File name / Threat / Threats count> in the current context!
Error: Unable to interpret <C:\Documents and Settings\sallie\Application Data\Identities\{95A6BE00-E5F5-11D7-A03F-E285DD5C3607}\Microsoft\Outlook Express\save1.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1> in the current context!
Error: Unable to interpret <D:\my documents\OE copy acct 2 24 08\Inbox.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1> in the current context!
Error: Unable to interpret <D:\my documents\OE copy acct 2 24 08\save1.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1> in the current context!
Error: Unable to interpret <D:\my documents\OE copy acct 2 24 08\save.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1> in the current context!
Error: Unable to interpret <E:\Documents and Settings\backup outlook express\save.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1> in the current context!
Error: Unable to interpret <E:\Documents and Settings\backup outlook express\Inbox.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1> in the current context!
Error: Unable to interpret <E:\Documents and Settings\backup outlook express\save1.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1> in the current context!
Error: Unable to interpret <E:\Documents and Settings\backup outlook express 2 95A6\Inbox.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1> in the current context!
Error: Unable to interpret <E:\Documents and Settings\backup outlook express 2 95A6\save1.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1> in the current context!
Error: Unable to interpret <E:\my documents\Outlook express backed up\saved1.dbx Infected: Trojan-Spy.HTML.Bayfraud.hn 1> in the current context!
Error: Unable to interpret <E:\my documents\outlook express .dbx\saved1.dbx Infected: Trojan-Spy.HTML.Bayfraud.hn 1> in the current context!
Error: Unable to interpret <H:\desktop dowloads\downloads\keyfinder.zip Infected: not-a-virusSWTool.Win32.RAS.a 2> in the current context!
Error: Unable to interpret <H:\My Documents\outlook express folders copied 7 29 07\save1.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1> in the current context!
Error: Unable to interpret <H:\backed up sallnjackn1 1025\saved1.dbx Infected: Trojan-Spy.HTML.Usbankfraud.i 1> in the current context!
Error: Unable to interpret <H:\downloaded program files\vnc-4_1_2-x86_win32.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 4> in the current context!
Error: Unable to interpret <H:\downloaded program files\mirc617.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.617 1> in the current context!
Error: Unable to interpret <H:\files from e drive\downloaded program files\mirc617.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.617 1> in the current context!
Error: Unable to interpret <Selected area has been scanned.> in the current context!

OTM by OldTimer - Version 3.1.7.1 log created on 02012010_155903

 

All processes killed
========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Documents and Settings\sallie\Application Data\Identities\{95A6BE00-E5F5-11D7-A03F-E285DD5C3607}\Microsoft\Outlook Express\save1.dbx moved successfully.
D:\my documents\OE copy acct 2 24 08\Inbox.dbx moved successfully.
D:\my documents\OE copy acct 2 24 08\save1.dbx moved successfully.
D:\my documents\OE copy acct 2 24 08\save.dbx moved successfully.
E:\Documents and Settings\backup outlook express\save.dbx moved successfully.
E:\Documents and Settings\backup outlook express\Inbox.dbx moved successfully.
E:\Documents and Settings\backup outlook express\save1.dbx moved successfully.
E:\Documents and Settings\backup outlook express 2 95A6\Inbox.dbx moved successfully.
E:\Documents and Settings\backup outlook express 2 95A6\save1.dbx moved successfully.
E:\my documents\Outlook express backed up\saved1.dbx moved successfully.
E:\my documents\outlook express .dbx\saved1.dbx moved successfully.
H:\desktop dowloads\downloads\keyfinder.zip moved successfully.
H:\My Documents\outlook express folders copied 7 29 07\save1.dbx moved successfully.
H:\backed up sallnjackn1 1025\saved1.dbx moved successfully.
H:\downloaded program files\vnc-4_1_2-x86_win32.exe moved successfully.
H:\downloaded program files\mirc617.exe moved successfully.
H:\files from e drive\downloaded program files\mirc617.exe moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: sallie
->Temp folder emptied: 92649863 bytes
->Temporary Internet Files folder emptied: 34154 bytes
->Java cache emptied: 129289 bytes
->FireFox cache emptied: 38283070 bytes
->Google Chrome cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 0 bytes

User: microsoft

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 150319 bytes
Session Manager Temp folder emptied: 109592 bytes
Session Manager Tmp folder emptied: 109592 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 125.00 mb


OTM by OldTimer - Version 3.1.7.1 log created on 02012010_162907

Files moved on Reboot...
File C:\WINDOWS\temp\logishrd\LVPrcInj01.dll not found!
File C:\WINDOWS\temp\ZLT00835.TMP not found!
File C:\WINDOWS\temp\ZLT0081e.TMP not found!

Registry entries deleted on Reboot...

 

When I rebooted after OTM I had a mess. Couldn't get on line. Zone Alarm kept flashing on my screen. Finally manually rebooted again and everything is back.

 

Well, I finally got to Hijack This. Do you want me to open a Hijack This log?

 

I've done all the other steps but still wonder if I should open the last log or run a new scan and then check the affected entries?