 |  |  |  |  |  |  |  |
help, infected computer i think
 |
Help. My computer is running very slow and generating lots of errors. I have enclosed all logs requested except ESET or one of the others you recommended. Kaspersky Online Scanner , Panda Active Scan ,Trend Micro HouseCall, and F-Secure Online Virus Scanner all either failed to load, run or after 2 hours never finished.
Thank you for your help.
Malwarebytes' Anti-Malware 1.30
Database version: 1306
Windows 5.1.2600 Service Pack 2
11/24/2008 4:02:18 PM
mbam-log-2008-11-24 (16-02-18).txt
Scan type: Full Scan (C:\|)
Objects scanned: 258582
Time elapsed: 3 hour(s), 42 minute(s), 12 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 25
Registry Values Infected: 5
Registry Data Items Infected: 3
Folders Infected: 5
Files Infected: 16
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{497dddb6-6eee-4561-9621-b77dc82c1f84} (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4e980492-027b-47f1-a7ab-ab086dacbb9e} (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5ead8321-fcbb-4c3f-888c-ac373d366c3f} (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{31f3cf6e-a71a-4daa-852b-39ac230940b4} (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\GetModule (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\webHancer (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\SysRestore.dll (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Performance Center (Rogue.PCSpeedScan) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\netrax06 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\iCheck (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\GetModule (Trojan.Agent) -> Quarantined and deleted successfully.
Files Infected:
C:\Documents and Settings\Administrator\Desktop\Protector.Plus.2008.v8.0.C02.Incl.Keymaker-CORE\cr-xqq01\CORE10k.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\iCheck\iCheck.exe (Adware.ISM) -> Quarantined and deleted successfully.
C:\Program Files\iCheck\Uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080621-164541-543.dll (Adware.WebHancer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysRestore.dll (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\netrax06\netrax061083.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\0047D39C.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\GetModule\GetModule19.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\b.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\000070.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\000080.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\000090.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\results.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Yazzle1552OinAdmin.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
3DDreamBowl
Adobe Flash Player 10 ActiveX
Bejeweled 2 Deluxe 1.1
Bengal (remove only)
Bubble Shooter Premium Edition
DataPilot USB Driver Pack
Direct Show Ogg Vorbis Filter (remove only)
Dziobas Rar Player 0.008.23alfa
ESET Online Scanner
Google Earth
HijackThis 2.0.2
Lizardtech DjVu Control (autoinstall)
Mah Jong Quest II
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft Visual C++ 2005 Redistributable
Norton Internet Security
Norton Internet Security
Norton Internet Security
Panda ActiveScan 2.0
Saints & Sinners Bowling
SCRABBLE
Snood for Windows version 3.52-W
Super Bounce Out! from GameHouse
TallStick TS-AudioToMIDI 3.30 (remove only)
The Ultimate Troubleshooter
Trivial Pursuit Bring On The 90s
VideoLAN VLC media player 0.8.6h
Windows Media Format 11 runtime
Windows Media Player 11
WinPcap 4.0.2
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:17:37 PM, on 11/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DLD.EXE] C:\Program Files\Download Direct\DLD.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/v/8.1.5.27/app...aces-en_US.cab
O16 - DPF: Addiction by pogo - http://game3.pogo.com/v/8.2.1.19/app...tion-en_US.cab
O16 - DPF: Bingo Luau by pogo - http://game3.pogo.com/v/8.1.9.1/appl...ingo-en_US.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.com/v/8.1.7.44/app...jack-en_US.cab
O16 - DPF: Bowling by pogo - http://game3.pogo.com/v/9.0.2.1/appl...ling-en_US.cab
O16 - DPF: Cribbage by pogo - http://game3.pogo.com/v/9.0.1.7/appl...bage-en_US.cab
O16 - DPF: Dice City Roller by pogo - http://game3.pogo.com/v/9.0.1.7/appl.../ytz-en_US.cab
O16 - DPF: Dice Derby by pogo - http://game3.pogo.com/v/9.0.1.14/app...flag-en_US.cab
O16 - DPF: Dominoes v2 by pogo - http://game3.pogo.com/v/9.0.1.14/app...ino2-en_US.cab
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.com/v/8.1.7.44/app...ass2-en_US.cab
O16 - DPF: Golf Solitaire by pogo - http://game3.pogo.com/v/9.0.1.7/appl...aire-en_US.cab
O16 - DPF: High Stakes Pool by pogo - http://game3.pogo.com/v/8.1.9.1/appl...pool-en_US.cab
O16 - DPF: Hog Heaven Slots by pogo - http://game3.pogo.com/v/8.1.9.1/appl...ancy-en_US.cab
O16 - DPF: KenoPop! by pogo - http://game3.pogo.com/v/8.2.1.12/app...keno-en_US.cab
O16 - DPF: Lottso by pogo - http://game3.pogo.com/v/9.0.1.7/appl...ttso-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/v/8.1.6.21/app...ong2-en_US.cab
O16 - DPF: Mahjong Safari by Pogo - http://game3.pogo.com/v/8.2.1.23/app...fari-en_US.cab
O16 - DPF: Makeover Madness by pogo - http://game1.pogo.com/v/8.1.7.44/app...hoes-en_US.cab
O16 - DPF: No-Limit Texas Hold'em by pogo - http://game1.pogo.com/v/8.1.2.24/app...llin-en_US.cab
O16 - DPF: Pebble Beach 3 Hole Challenge by pogo - http://game1.pogo.com/v/8.1.7.44/app...hole-en_US.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.com/v/8.1.7.44/app...heel-en_US.cab
O16 - DPF: Phlinx by pogo - http://game3.pogo.com/v/9.0.1.7/appl...nger-en_US.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/v/8.1.5.27/app...opfu-en_US.cab
O16 - DPF: PoppaZoppa by pogo - http://game3.pogo.com/v/9.0.1.7/appl...oppa-en_US.cab
O16 - DPF: Poppit by pogo - http://game3.pogo.com/v/8.1.9.11/app...pit2-en_US.cab
O16 - DPF: Pseudoku by pogo - http://game3.pogo.com/v/9.0.1.7/appl...doku-en_US.cab
O16 - DPF: Quick Quack by pogo - http://game1.pogo.com/v/8.1.7.44/app...reak-en_US.cab
O16 - DPF: QWERTY by pogo - http://game3.pogo.com/v/9.0.1.14/app...ares-en_US.cab
O16 - DPF: Ricochet by pogo - http://game3.pogo.com/v/8.1.9.1/appl...chet-en_US.cab
O16 - DPF: Shuffle Bump by pogo - http://game3.pogo.com/v/8.1.9.1/appl...puck-en_US.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/v/8.1.9.1/appl...ider-en_US.cab
O16 - DPF: Squelchies by pogo - http://game3.pogo.com/v/8.1.9.1/appl...hies-en_US.cab
O16 - DPF: Stax by pogo - http://game3.pogo.com/v/8.1.9.1/appl...stax-en_US.cab
O16 - DPF: The Sims Pinball by pogo - http://game1.pogo.com/v/8.1.7.44/app...ball-en_US.cab
O16 - DPF: Thousand Island Solitaire by pogo - http://game1.pogo.com/v/8.1.7.44/app...brae-en_US.cab
O16 - DPF: Tornado 21 - http://origin.games.yahoo.net/games/.../y/t21t0_x.cab
O16 - DPF: Tri-Peaks by pogo - http://game3.pogo.com/v/9.0.1.7/appl...eaks-en_US.cab
O16 - DPF: Turbo 21 v2 by pogo - http://game1.pogo.com/v/8.1.9.7/appl...bo22-en_US.cab
O16 - DPF: Vaults of Atlantis Slots by pogo - http://game1.pogo.com/v/8.1.1.1/appl...lots-en_US.cab
O16 - DPF: Word Search Daily by pogo - http://game1.pogo.com/v/8.1.8.23/app...arch-en_US.cab
O16 - DPF: Word Whomp by pogo - http://game3.pogo.com/v/9.0.1.7/appl...omp2-en_US.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/v/8.1.9.1/appl...down-en_US.cab
O16 - DPF: World Class Solitaire by pogo - http://game3.pogo.com/v/9.0.1.7/appl...lass-en_US.cab
O16 - DPF: Yahoo! Cribbage - http://download2.games.yahoo.com/gam...ts/y/it1_x.cab
O16 - DPF: Yahoo! Graffiti - http://origin.games.yahoo.net/games/...s/y/grt5_x.cab
O16 - DPF: Yahoo! Pinochle - http://download2.games.yahoo.com/gam...ts/y/ut2_x.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite....x/qtplugin.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab55579.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.celartem.com/en/download/...trol_en_US.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/actives.../as2stubie.cab
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/Pog...rInstaller.CAB
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab55579.cab
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.com/Genoogle/C...ngineQuery.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1184354038137
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://pogoclub.oberon-media.com/onl...jolauncher.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.com/activex/Veriz...oadControl.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames...l.cab56649.cab
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - http://www.worldwinner.com/games/v47...familyfeud.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10...y.cab55579.cab
O20 - AppInit_DLLs: WIKI.DLL
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe (file missing)
O23 - Service: gmxfwsvc - FTDI Ltd. - (no file)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
--
End of file - 10949 bytes
Again, thank you in advance
ladytracey
Thank you for your help.
Malwarebytes' Anti-Malware 1.30
Database version: 1306
Windows 5.1.2600 Service Pack 2
11/24/2008 4:02:18 PM
mbam-log-2008-11-24 (16-02-18).txt
Scan type: Full Scan (C:\|)
Objects scanned: 258582
Time elapsed: 3 hour(s), 42 minute(s), 12 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 25
Registry Values Infected: 5
Registry Data Items Infected: 3
Folders Infected: 5
Files Infected: 16
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{497dddb6-6eee-4561-9621-b77dc82c1f84} (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4e980492-027b-47f1-a7ab-ab086dacbb9e} (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5ead8321-fcbb-4c3f-888c-ac373d366c3f} (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{31f3cf6e-a71a-4daa-852b-39ac230940b4} (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\GetModule (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\webHancer (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\SysRestore.dll (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Performance Center (Rogue.PCSpeedScan) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\netrax06 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\iCheck (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\GetModule (Trojan.Agent) -> Quarantined and deleted successfully.
Files Infected:
C:\Documents and Settings\Administrator\Desktop\Protector.Plus.2008.v8.0.C02.Incl.Keymaker-CORE\cr-xqq01\CORE10k.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\iCheck\iCheck.exe (Adware.ISM) -> Quarantined and deleted successfully.
C:\Program Files\iCheck\Uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080621-164541-543.dll (Adware.WebHancer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysRestore.dll (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\netrax06\netrax061083.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\0047D39C.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\GetModule\GetModule19.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\b.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\000070.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\000080.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\000090.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\results.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Yazzle1552OinAdmin.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
3DDreamBowl
Adobe Flash Player 10 ActiveX
Bejeweled 2 Deluxe 1.1
Bengal (remove only)
Bubble Shooter Premium Edition
DataPilot USB Driver Pack
Direct Show Ogg Vorbis Filter (remove only)
Dziobas Rar Player 0.008.23alfa
ESET Online Scanner
Google Earth
HijackThis 2.0.2
Lizardtech DjVu Control (autoinstall)
Mah Jong Quest II
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft Visual C++ 2005 Redistributable
Norton Internet Security
Norton Internet Security
Norton Internet Security
Panda ActiveScan 2.0
Saints & Sinners Bowling
SCRABBLE
Snood for Windows version 3.52-W
Super Bounce Out! from GameHouse
TallStick TS-AudioToMIDI 3.30 (remove only)
The Ultimate Troubleshooter
Trivial Pursuit Bring On The 90s
VideoLAN VLC media player 0.8.6h
Windows Media Format 11 runtime
Windows Media Player 11
WinPcap 4.0.2
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:17:37 PM, on 11/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DLD.EXE] C:\Program Files\Download Direct\DLD.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/v/8.1.5.27/app...aces-en_US.cab
O16 - DPF: Addiction by pogo - http://game3.pogo.com/v/8.2.1.19/app...tion-en_US.cab
O16 - DPF: Bingo Luau by pogo - http://game3.pogo.com/v/8.1.9.1/appl...ingo-en_US.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.com/v/8.1.7.44/app...jack-en_US.cab
O16 - DPF: Bowling by pogo - http://game3.pogo.com/v/9.0.2.1/appl...ling-en_US.cab
O16 - DPF: Cribbage by pogo - http://game3.pogo.com/v/9.0.1.7/appl...bage-en_US.cab
O16 - DPF: Dice City Roller by pogo - http://game3.pogo.com/v/9.0.1.7/appl.../ytz-en_US.cab
O16 - DPF: Dice Derby by pogo - http://game3.pogo.com/v/9.0.1.14/app...flag-en_US.cab
O16 - DPF: Dominoes v2 by pogo - http://game3.pogo.com/v/9.0.1.14/app...ino2-en_US.cab
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.com/v/8.1.7.44/app...ass2-en_US.cab
O16 - DPF: Golf Solitaire by pogo - http://game3.pogo.com/v/9.0.1.7/appl...aire-en_US.cab
O16 - DPF: High Stakes Pool by pogo - http://game3.pogo.com/v/8.1.9.1/appl...pool-en_US.cab
O16 - DPF: Hog Heaven Slots by pogo - http://game3.pogo.com/v/8.1.9.1/appl...ancy-en_US.cab
O16 - DPF: KenoPop! by pogo - http://game3.pogo.com/v/8.2.1.12/app...keno-en_US.cab
O16 - DPF: Lottso by pogo - http://game3.pogo.com/v/9.0.1.7/appl...ttso-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/v/8.1.6.21/app...ong2-en_US.cab
O16 - DPF: Mahjong Safari by Pogo - http://game3.pogo.com/v/8.2.1.23/app...fari-en_US.cab
O16 - DPF: Makeover Madness by pogo - http://game1.pogo.com/v/8.1.7.44/app...hoes-en_US.cab
O16 - DPF: No-Limit Texas Hold'em by pogo - http://game1.pogo.com/v/8.1.2.24/app...llin-en_US.cab
O16 - DPF: Pebble Beach 3 Hole Challenge by pogo - http://game1.pogo.com/v/8.1.7.44/app...hole-en_US.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.com/v/8.1.7.44/app...heel-en_US.cab
O16 - DPF: Phlinx by pogo - http://game3.pogo.com/v/9.0.1.7/appl...nger-en_US.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/v/8.1.5.27/app...opfu-en_US.cab
O16 - DPF: PoppaZoppa by pogo - http://game3.pogo.com/v/9.0.1.7/appl...oppa-en_US.cab
O16 - DPF: Poppit by pogo - http://game3.pogo.com/v/8.1.9.11/app...pit2-en_US.cab
O16 - DPF: Pseudoku by pogo - http://game3.pogo.com/v/9.0.1.7/appl...doku-en_US.cab
O16 - DPF: Quick Quack by pogo - http://game1.pogo.com/v/8.1.7.44/app...reak-en_US.cab
O16 - DPF: QWERTY by pogo - http://game3.pogo.com/v/9.0.1.14/app...ares-en_US.cab
O16 - DPF: Ricochet by pogo - http://game3.pogo.com/v/8.1.9.1/appl...chet-en_US.cab
O16 - DPF: Shuffle Bump by pogo - http://game3.pogo.com/v/8.1.9.1/appl...puck-en_US.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/v/8.1.9.1/appl...ider-en_US.cab
O16 - DPF: Squelchies by pogo - http://game3.pogo.com/v/8.1.9.1/appl...hies-en_US.cab
O16 - DPF: Stax by pogo - http://game3.pogo.com/v/8.1.9.1/appl...stax-en_US.cab
O16 - DPF: The Sims Pinball by pogo - http://game1.pogo.com/v/8.1.7.44/app...ball-en_US.cab
O16 - DPF: Thousand Island Solitaire by pogo - http://game1.pogo.com/v/8.1.7.44/app...brae-en_US.cab
O16 - DPF: Tornado 21 - http://origin.games.yahoo.net/games/.../y/t21t0_x.cab
O16 - DPF: Tri-Peaks by pogo - http://game3.pogo.com/v/9.0.1.7/appl...eaks-en_US.cab
O16 - DPF: Turbo 21 v2 by pogo - http://game1.pogo.com/v/8.1.9.7/appl...bo22-en_US.cab
O16 - DPF: Vaults of Atlantis Slots by pogo - http://game1.pogo.com/v/8.1.1.1/appl...lots-en_US.cab
O16 - DPF: Word Search Daily by pogo - http://game1.pogo.com/v/8.1.8.23/app...arch-en_US.cab
O16 - DPF: Word Whomp by pogo - http://game3.pogo.com/v/9.0.1.7/appl...omp2-en_US.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/v/8.1.9.1/appl...down-en_US.cab
O16 - DPF: World Class Solitaire by pogo - http://game3.pogo.com/v/9.0.1.7/appl...lass-en_US.cab
O16 - DPF: Yahoo! Cribbage - http://download2.games.yahoo.com/gam...ts/y/it1_x.cab
O16 - DPF: Yahoo! Graffiti - http://origin.games.yahoo.net/games/...s/y/grt5_x.cab
O16 - DPF: Yahoo! Pinochle - http://download2.games.yahoo.com/gam...ts/y/ut2_x.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite....x/qtplugin.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab55579.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.celartem.com/en/download/...trol_en_US.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/actives.../as2stubie.cab
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/Pog...rInstaller.CAB
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab55579.cab
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.com/Genoogle/C...ngineQuery.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1184354038137
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://pogoclub.oberon-media.com/onl...jolauncher.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.com/activex/Veriz...oadControl.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames...l.cab56649.cab
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - http://www.worldwinner.com/games/v47...familyfeud.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10...y.cab55579.cab
O20 - AppInit_DLLs: WIKI.DLL
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe (file missing)
O23 - Service: gmxfwsvc - FTDI Ltd. - (no file)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
--
End of file - 10949 bytes
Again, thank you in advance
ladytracey
•
•
Join Date: Jul 2008
Posts: 2,923
Reputation: 
Solved Threads: 167
Hi ladytracey and welcome to daniweb. Great job performing the scans you were able to perform. Looks like MBA-M did a lot of removal. Question: Where is your anti-virus program? Norton shows in the Uninstall list but doesn't show on your HJT log?
Now for your log.
One program I see should be removed, though there may be others is located in C:\Program Files\Download Direc I don't see it in the Uninstall list so you will probably have to go directly to C:\Program Files\ to find it and see if it has an uninstall option.
MBA-M doesn't need to be starting up with the computer. But certainly keep the program, as you can see it does a super job, just remember to update it each time before you run it, which should be done at least once a week.
Now run HJT again and place check marks next to the following entries;
O4 - HKCU\..\Run: [DLD.EXE] C:\Program Files\Download Direct\DLD.exe
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/v/8.1.5.27/app...aces-en_US.cab
O16 - DPF: Addiction by pogo - http://game3.pogo.com/v/8.2.1.19/app...tion-en_US.cab
O16 - DPF: Bingo Luau by pogo - http://game3.pogo.com/v/8.1.9.1/appl...ingo-en_US.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.com/v/8.1.7.44/app...jack-en_US.cab
O16 - DPF: Bowling by pogo - http://game3.pogo.com/v/9.0.2.1/appl...ling-en_US.cab
O16 - DPF: Cribbage by pogo - http://game3.pogo.com/v/9.0.1.7/appl...bage-en_US.cab
O16 - DPF: Dice City Roller by pogo - http://game3.pogo.com/v/9.0.1.7/appl.../ytz-en_US.cab
O16 - DPF: Dice Derby by pogo - http://game3.pogo.com/v/9.0.1.14/app...flag-en_US.cab
O16 - DPF: Dominoes v2 by pogo - http://game3.pogo.com/v/9.0.1.14/app...ino2-en_US.cab
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.com/v/8.1.7.44/app...ass2-en_US.cab
O16 - DPF: Golf Solitaire by pogo - http://game3.pogo.com/v/9.0.1.7/appl...aire-en_US.cab
O16 - DPF: High Stakes Pool by pogo - http://game3.pogo.com/v/8.1.9.1/appl...pool-en_US.cab
O16 - DPF: Hog Heaven Slots by pogo - http://game3.pogo.com/v/8.1.9.1/appl...ancy-
O16 - DPF: KenoPop! by pogo - http://game3.pogo.com/v/8.2.1.12/app...keno-en_US.cab
O16 - DPF: Lottso by pogo - http://game3.pogo.com/v/9.0.1.7/appl...ttso-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/v/8.1.6.21/app...ong2-en_US.cab
O16 - DPF: Mahjong Safari by Pogo - http://game3.pogo.com/v/8.2.1.23/app...fari-en_US.cab
O16 - DPF: Makeover Madness by pogo - http://game1.pogo.com/v/8.1.7.44/app...hoes-en_US.cab
O16 - DPF: No-Limit Texas Hold'em by pogo - http://game1.pogo.com/v/8.1.2.24/app...llin-en_US.cab
O16 - DPF: Pebble Beach 3 Hole Challenge by pogo - http://game1.pogo.com/v/8.1.7.44/app...hole-en_US.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.com/v/8.1.7.44/app...heel-en_US.cab
O16 - DPF: Phlinx by pogo - http://game3.pogo.com/v/9.0.1.7/appl...nger-en_US.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/v/8.1.5.27/app...opfu-en_US.cab
O16 - DPF: PoppaZoppa by pogo - http://game3.pogo.com/v/9.0.1.7/appl...oppa-en_US.cab
O16 - DPF: Poppit by pogo - http://game3.pogo.com/v/8.1.9.11/app...pit2-en_US.cab
O16 - DPF: Pseudoku by pogo - http://game3.pogo.com/v/9.0.1.7/appl...doku-en_US.cab
O16 - DPF: Quick Quack by pogo - http://game1.pogo.com/v/8.1.7.44/app...reak-en_US.cab
O16 - DPF: QWERTY by pogo - http://game3.pogo.com/v/9.0.1.14/app...ares-en_US.cab
O16 - DPF: Ricochet by pogo - http://game3.pogo.com/v/8.1.9.1/appl...chet-en_US.cab
O16 - DPF: Shuffle Bump by pogo - http://game3.pogo.com/v/8.1.9.1/appl...puck-en_US.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/v/8.1.9.1/appl...ider-en_US.cab
O16 - DPF: Squelchies by pogo - http://game3.pogo.com/v/8.1.9.1/appl...hies-en_US.cab
O16 - DPF: Stax by pogo - http://game3.pogo.com/v/8.1.9.1/appl...stax-en_US.cab
O16 - DPF: The Sims Pinball by pogo - http://game1.pogo.com/v/8.1.7.44/app...ball-en_US.cab
O16 - DPF: Thousand Island Solitaire by pogo - http://game1.pogo.com/v/8.1.7.44/app...brae-en_US.cab
O16 - DPF: Tornado 21 - http://origin.games.yahoo.net/games/.../y/t21t0_x.cab
O16 - DPF: Tri-Peaks by pogo - http://game3.pogo.com/v/9.0.1.7/appl...eaks-en_US.cab
O16 - DPF: Turbo 21 v2 by pogo - http://game1.pogo.com/v/8.1.9.7/appl...bo22-en_US.cab
O16 - DPF: Vaults of Atlantis Slots by pogo - http://game1.pogo.com/v/8.1.1.1/appl...lots-en_US.cab
O16 - DPF: Word Search Daily by pogo - http://game1.pogo.com/v/8.1.8.23/app...arch-en_US.cab
O16 - DPF: Word Whomp by pogo - http://game3.pogo.com/v/9.0.1.7/appl...omp2-en_US.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/v/8.1.9.1/appl...down-en_US.cab
O16 - DPF: World Class Solitaire by pogo - http://game3.pogo.com/v/9.0.1.7/appl...lass-en_US.cab
O16 - DPF: Yahoo! Cribbage - http://download2.games.yahoo.com/gam...ts/y/it1_x.cab
O16 - DPF: Yahoo! Graffiti - http://origin.games.yahoo.net/games/...s/y/grt5_x.cab
O16 - DPF: Yahoo! Pinochle - http://download2.games.yahoo.com/gam...ts/y/ut2_x.cab
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/Pog...rInstaller.CAB
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://pogoclub.oberon-media.com/onl...jolauncher.cab
O20 - AppInit_DLLs: WIKI.DLL
O23 - Service: gmxfwsvc - FTDI Ltd. - (no file)
Once you have placed the check marks then click the Fix Checked button.
Exit HJT.
Reboot and run HJT again and post that new log.
You will note I am having you remove all those Pogo games. There were many infected game folders and references in your log. To be safe this is why I am having you remove them. As long as your anti-virus is active and turned on you can always download those you wish to continue playing.
Judy
Now for your log.
One program I see should be removed, though there may be others is located in C:\Program Files\Download Direc I don't see it in the Uninstall list so you will probably have to go directly to C:\Program Files\ to find it and see if it has an uninstall option.
MBA-M doesn't need to be starting up with the computer. But certainly keep the program, as you can see it does a super job, just remember to update it each time before you run it, which should be done at least once a week.
Now run HJT again and place check marks next to the following entries;
O4 - HKCU\..\Run: [DLD.EXE] C:\Program Files\Download Direct\DLD.exe
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/v/8.1.5.27/app...aces-en_US.cab
O16 - DPF: Addiction by pogo - http://game3.pogo.com/v/8.2.1.19/app...tion-en_US.cab
O16 - DPF: Bingo Luau by pogo - http://game3.pogo.com/v/8.1.9.1/appl...ingo-en_US.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.com/v/8.1.7.44/app...jack-en_US.cab
O16 - DPF: Bowling by pogo - http://game3.pogo.com/v/9.0.2.1/appl...ling-en_US.cab
O16 - DPF: Cribbage by pogo - http://game3.pogo.com/v/9.0.1.7/appl...bage-en_US.cab
O16 - DPF: Dice City Roller by pogo - http://game3.pogo.com/v/9.0.1.7/appl.../ytz-en_US.cab
O16 - DPF: Dice Derby by pogo - http://game3.pogo.com/v/9.0.1.14/app...flag-en_US.cab
O16 - DPF: Dominoes v2 by pogo - http://game3.pogo.com/v/9.0.1.14/app...ino2-en_US.cab
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.com/v/8.1.7.44/app...ass2-en_US.cab
O16 - DPF: Golf Solitaire by pogo - http://game3.pogo.com/v/9.0.1.7/appl...aire-en_US.cab
O16 - DPF: High Stakes Pool by pogo - http://game3.pogo.com/v/8.1.9.1/appl...pool-en_US.cab
O16 - DPF: Hog Heaven Slots by pogo - http://game3.pogo.com/v/8.1.9.1/appl...ancy-
O16 - DPF: KenoPop! by pogo - http://game3.pogo.com/v/8.2.1.12/app...keno-en_US.cab
O16 - DPF: Lottso by pogo - http://game3.pogo.com/v/9.0.1.7/appl...ttso-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/v/8.1.6.21/app...ong2-en_US.cab
O16 - DPF: Mahjong Safari by Pogo - http://game3.pogo.com/v/8.2.1.23/app...fari-en_US.cab
O16 - DPF: Makeover Madness by pogo - http://game1.pogo.com/v/8.1.7.44/app...hoes-en_US.cab
O16 - DPF: No-Limit Texas Hold'em by pogo - http://game1.pogo.com/v/8.1.2.24/app...llin-en_US.cab
O16 - DPF: Pebble Beach 3 Hole Challenge by pogo - http://game1.pogo.com/v/8.1.7.44/app...hole-en_US.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.com/v/8.1.7.44/app...heel-en_US.cab
O16 - DPF: Phlinx by pogo - http://game3.pogo.com/v/9.0.1.7/appl...nger-en_US.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/v/8.1.5.27/app...opfu-en_US.cab
O16 - DPF: PoppaZoppa by pogo - http://game3.pogo.com/v/9.0.1.7/appl...oppa-en_US.cab
O16 - DPF: Poppit by pogo - http://game3.pogo.com/v/8.1.9.11/app...pit2-en_US.cab
O16 - DPF: Pseudoku by pogo - http://game3.pogo.com/v/9.0.1.7/appl...doku-en_US.cab
O16 - DPF: Quick Quack by pogo - http://game1.pogo.com/v/8.1.7.44/app...reak-en_US.cab
O16 - DPF: QWERTY by pogo - http://game3.pogo.com/v/9.0.1.14/app...ares-en_US.cab
O16 - DPF: Ricochet by pogo - http://game3.pogo.com/v/8.1.9.1/appl...chet-en_US.cab
O16 - DPF: Shuffle Bump by pogo - http://game3.pogo.com/v/8.1.9.1/appl...puck-en_US.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/v/8.1.9.1/appl...ider-en_US.cab
O16 - DPF: Squelchies by pogo - http://game3.pogo.com/v/8.1.9.1/appl...hies-en_US.cab
O16 - DPF: Stax by pogo - http://game3.pogo.com/v/8.1.9.1/appl...stax-en_US.cab
O16 - DPF: The Sims Pinball by pogo - http://game1.pogo.com/v/8.1.7.44/app...ball-en_US.cab
O16 - DPF: Thousand Island Solitaire by pogo - http://game1.pogo.com/v/8.1.7.44/app...brae-en_US.cab
O16 - DPF: Tornado 21 - http://origin.games.yahoo.net/games/.../y/t21t0_x.cab
O16 - DPF: Tri-Peaks by pogo - http://game3.pogo.com/v/9.0.1.7/appl...eaks-en_US.cab
O16 - DPF: Turbo 21 v2 by pogo - http://game1.pogo.com/v/8.1.9.7/appl...bo22-en_US.cab
O16 - DPF: Vaults of Atlantis Slots by pogo - http://game1.pogo.com/v/8.1.1.1/appl...lots-en_US.cab
O16 - DPF: Word Search Daily by pogo - http://game1.pogo.com/v/8.1.8.23/app...arch-en_US.cab
O16 - DPF: Word Whomp by pogo - http://game3.pogo.com/v/9.0.1.7/appl...omp2-en_US.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/v/8.1.9.1/appl...down-en_US.cab
O16 - DPF: World Class Solitaire by pogo - http://game3.pogo.com/v/9.0.1.7/appl...lass-en_US.cab
O16 - DPF: Yahoo! Cribbage - http://download2.games.yahoo.com/gam...ts/y/it1_x.cab
O16 - DPF: Yahoo! Graffiti - http://origin.games.yahoo.net/games/...s/y/grt5_x.cab
O16 - DPF: Yahoo! Pinochle - http://download2.games.yahoo.com/gam...ts/y/ut2_x.cab
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/Pog...rInstaller.CAB
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://pogoclub.oberon-media.com/onl...jolauncher.cab
O20 - AppInit_DLLs: WIKI.DLL
O23 - Service: gmxfwsvc - FTDI Ltd. - (no file)
Once you have placed the check marks then click the Fix Checked button.
Exit HJT.
Reboot and run HJT again and post that new log.
You will note I am having you remove all those Pogo games. There were many infected game folders and references in your log. To be safe this is why I am having you remove them. As long as your anti-virus is active and turned on you can always download those you wish to continue playing.
Judy
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:27:38 PM, on 11/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite....x/qtplugin.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab55579.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.celartem.com/en/download/...trol_en_US.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/actives.../as2stubie.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab55579.cab
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.com/Genoogle/C...ngineQuery.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1184354038137
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.com/activex/Veriz...oadControl.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames...l.cab56649.cab
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - http://www.worldwinner.com/games/v47...familyfeud.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10...y.cab55579.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe (file missing)
O23 - Service: gmxfwsvc - FTDI Ltd. - (no file)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
--
End of file - 5883 bytes
thanks for your help so far. i tried to remove 923 FTDI Ltd. several times and it wont go away. what am i doing wrong?
thanks again,
ladytracey
Scan saved at 9:27:38 PM, on 11/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite....x/qtplugin.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab55579.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.celartem.com/en/download/...trol_en_US.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/actives.../as2stubie.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab55579.cab
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.com/Genoogle/C...ngineQuery.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1184354038137
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.com/activex/Veriz...oadControl.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames...l.cab56649.cab
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - http://www.worldwinner.com/games/v47...familyfeud.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10...y.cab55579.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe (file missing)
O23 - Service: gmxfwsvc - FTDI Ltd. - (no file)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
--
End of file - 5883 bytes
thanks for your help so far. i tried to remove 923 FTDI Ltd. several times and it wont go away. what am i doing wrong?
thanks again,
ladytracey
|
Similar Threads
- Infected computer (Viruses, Spyware and other Nasties)
- Winlogon.exe infected or not? (Viruses, Spyware and other Nasties)
- Stupid Red X "Your Computer has been infected" (Viruses, Spyware and other Nasties)
- Infected. (Viruses, Spyware and other Nasties)
- seriously infected computer (Viruses, Spyware and other Nasties)
- Im infected with the Hotoffers.info bug (Viruses, Spyware and other Nasties)
- Crackers for Christmas (or, How Did My Brand New Computer Get Infected Already?) (Viruses, Spyware and other Nasties)
- computer turns off by itself (Windows NT / 2000 / XP)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: need help? post here.. easier for me to see
- Next Thread: Slow PC
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-virussitesaccessissue antivirus apple attack audio avg backtoschoolspeech bar blackhat botnet censorship china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia education email europe exam exploit facebook fake gaming gtaiv gumblar halloween hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirecting reliability report research risk rogueantivirus samhain sans scareware school search security sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted usa virus viruses war warning windows worm yahoo zeroday
