WiredWX Hobby Weather ToolsLog in

 


descriptionSpyware Protect 2009 EmptySpyware Protect 2009

more_horiz
We have Spyware Protect 2009 on our computer. We did have antivirus/spyware on the computer, but it wasn't on (it is now). Here is the hijack info - please help me! Thanks

Hmm, when I try to post the hijack info, it tells me "The posted message is too big." Any ideas?

descriptionSpyware Protect 2009 EmptyRe: Spyware Protect 2009

more_horiz
Split it up into more than one post.

descriptionSpyware Protect 2009 EmptyRe: Spyware Protect 2009

more_horiz
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:21:28 PM, on 2/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\sysguard.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\eFax Messenger 4.3\J2GTray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Owner\Desktop\hijackgpthis(2).exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

descriptionSpyware Protect 2009 EmptyRe: Spyware Protect 2009

more_horiz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: 72.36.180.42www.tyrsown.com
O1 - Hosts: 195.245.119.131 browser-security.microsoft.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: TTB000000 - {62960D20-6D0D-1AB4-4BF1-95B0B5B8783A} - C:\WINDOWS\COUPON~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: BHO - {C9C42510-9B21-41c1-9DCD-8382A2D07C61} - C:\WINDOWS\system32\iehelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: CouponBar - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - C:\WINDOWS\CouponBarIE.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [Cake Wipe Inside Wma] C:\Documents and Settings\All Users\Application Data\flag barb cake wipe\Internet Mp3.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [TestSoft] C:\DOCUME~1\Owner\APPLIC~1\BAGSHO~1\default gram book.exe
O4 - HKCU\..\Run: [system tool] C:\WINDOWS\sysguard.exe
O4 - HKCU\..\Policies\Explorer\Run: [svcho] C:\WINDOWS\svcho.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: eFax 4.3.lnk = C:\Program Files\eFax Messenger 4.3\J2GTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

descriptionSpyware Protect 2009 EmptyRe: Spyware Protect 2009

more_horiz
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.com/applet-6.2.4.32/omaha/omaha-ob-assets.cab
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-8.0.6.49/aces/aces-en_US.cab
O16 - DPF: Ali Baba Slots TM by pogo - http://game1.pogo.com/applet-6.3.0.53/slots/alibaba-ob-assets.cab
O16 - DPF: Animal Ark by pogo - http://www.pogo.com/applet-6.9.3.49/animal/animal-en_US.cab
O16 - DPF: Backgammon by pogo - http://game1.pogo.com/applet-8.0.3.36/backgammon/backgammon-en_US.cab
O16 - DPF: Battle Phlinx by pogo - http://game1.pogo.com/applet-8.0.1.23/battlephlinx/battlephlinx-en_US.cab
O16 - DPF: Bingo Luau by pogo - http://game1.pogo.com/applet-8.0.6.59/freebingo/freebingo-en_US.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-8.0.1.32/blackjack/blackjack-en_US.cab
O16 - DPF: Blackjack Carnival by pogo - http://game1.pogo.com/applet-6.8.1.38/vbjack2/vbjack2-en_US.cab
O16 - DPF: Blooop by pogo - http://game1.pogo.com/applet-6.9.4.41/cascade/cascade-en_US.cab
O16 - DPF: Buckaroo Blackjack TM by pogo - http://game1.pogo.com/applet-6.4.0.41/videoblackjack/videoblackjack-ob-assets.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-8.0.5.30/canasta/canasta-en_US.cab
O16 - DPF: Checkers by pogo - http://game1.pogo.com/applet-6.9.4.34/checkers2/checkers-en_US.cab
O16 - DPF: Cribbage by pogo - http://game1.pogo.com/applet-6.4.0.48/cribbage/cribbage-ob-assets.cab
O16 - DPF: Dice City Roller by pogo - http://game1.pogo.com/applet-8.0.6.49/ytz/ytz-en_US.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-8.0.1.23/checkeredflag/checkeredflag-en_US.cab
O16 - DPF: Dominoes by pogo - http://game1.pogo.com/applet-8.0.0.30/domino/domino-en_US.cab
O16 - DPF: Double Deuce Poker by pogo - http://game1.pogo.com/applet-6.4.0.34/videopoker2/doubledeuce-ob-assets.cab
O16 - DPF: Euchre by pogo - http://game1.pogo.com/applet-6.3.3.27/euchre/euchre-ob-assets.cab
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.com/applet-8.0.5.30/firstclass2/firstclass2-en_US.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.com/applet-6.9.4.34/superbingo/superbingo-en_US.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-6.5.0.45/greenback/greenback-ob-assets.cab
O16 - DPF: Hangman Hijinks by pogo - http://game1.pogo.com/applet-6.9.3.39/hangman/hangman-en_US.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.2.5.28/harvest/harvest-ob-assets.cab
O16 - DPF: Hearts by pogo - http://game1.pogo.com/applet-8.0.7.27/hearts/hearts-en_US.cab
O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.com/applet-8.0.2.40/drawpoker/drawpoker-en_US.cab
O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.com/applet-8.0.5.48/pool2/pool-en_US.cab
O16 - DPF: Hog Heaven Slots by pogo - http://game1.pogo.com/applet-8.0.6.49/fancy/fancy-en_US.cab
O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.com/applet-6.9.4.41/jigsaw/jigsaw-en_US.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-8.0.6.49/gin2/gin2-en_US.cab
O16 - DPF: Lost Temple Poker by pogo - http://game1.pogo.com/applet-8.0.6.59/mhpoker/mhpoker-en_US.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.9.3.39/lottso/lottso-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-8.0.6.49/mahjong2/mahjong2-en_US.cab
O16 - DPF: Makeover Madness by pogo - http://game1.pogo.com/applet-8.0.4.41/shoes/shoes-en_US.cab
O16 - DPF: Multiline Slots by pogo - http://game1.pogo.com/applet-6.3.3.27/mlslots/mlslots-ob-assets.cab
O16 - DPF: Pai Gow by pogo - http://game1.pogo.com/applet-6.9.4.41/paigow/paigow-en_US.cab
O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.com/applet-6.4.1.53/freecell/freecell-ob-assets.cab
O16 - DPF: Payday Freecell Solitaire by pogo - http://game1.pogo.com/applet-8.0.1.23/freecell2/freecell2-en_US.cab
O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.com/applet-8.0.5.30/penguins/penguins-en_US.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.com/applet-8.0.1.23/waterwheel/waterwheel-en_US.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-8.0.0.30/flinger/flinger-en_US.cab
O16 - DPF: Pinochle by pogo - http://game1.pogo.com/applet-6.9.4.41/pinochle/pinochle-en_US.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.9.3.49/popfu/popfu-en_US.cab
O16 - DPF: PoppaZoppa by pogo - http://game1.pogo.com/applet-6.3.0.53/poppazoppa/poppazoppa-ob-assets.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.2.4.23/poppit2/poppit2-ob-assets.cab
O16 - DPF: Quick Quack by pogo - http://game1.pogo.com/applet-6.4.2.30/hotstreak/hotstreak-ob-assets.cab
O16 - DPF: QWERTY by pogo - http://game1.pogo.com/applet-6.9.2.33/squares/squares-en_US.cab
O16 - DPF: Shuffle Bump by pogo - http://game1.pogo.com/applet-6.9.4.41/puck/puck-en_US.cab
O16 - DPF: Spades by pogo - http://game1.pogo.com/applet-6.3.2.32/spades/spades-ob-assets.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-8.0.6.59/spider/spider-en_US.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-8.0.6.49/squelchies/squelchies-en_US.cab
O16 - DPF: Stax by pogo - http://game1.pogo.com/applet-6.9.3.39/stax/stax-en_US.cab
O16 - DPF: Stellar Sweeper by pogo - http://game1.pogo.com/applet-8.0.6.49/sweeper/sweeper-en_US.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.com/applet-8.0.3.20/sweettooth/sweettooth-en_US.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.3.4.49/holdem/holdem-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-8.0.5.30/peaks/peaks-en_US.cab
O16 - DPF: Tumble Bees by pogo - http://game1.pogo.com/applet-8.0.2.40/tumbee2/tumbee2-en_US.cab
O16 - DPF: Turbo 21 TM by pogo - http://game1.pogo.com/applet-6.3.3.27/turbo21/turbo21-ob-assets.cab
O16 - DPF: Turbo 21 v2 by pogo - http://game1.pogo.com/applet-8.0.1.23/turbo22/turbo22-en_US.cab
O16 - DPF: Vaults of Atlantis Slots by pogo - http://game1.pogo.com/applet-6.9.4.34/mlslots/mlslots-en_US.cab
O16 - DPF: Wonderland Memories by pogo - http://game1.pogo.com/applet-6.5.2.26/memories/memories-en_US.cab
O16 - DPF: Word Craft by pogo - http://game1.pogo.com/applet-6.9.4.34/babble/babble-en_US.cab
O16 - DPF: Word Search Daily by pogo - http://game1.pogo.com/applet-8.0.5.48/wordsearch/wordsearch-en_US.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.3.4.64/wordwhomp2/whomp2-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-8.0.6.59/whackdown/whackdown-en_US.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.com/applet-8.0.5.30/wordjong/wordjong-en_US.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.9.3.29/worldclass/worldclass-en_US.cab
O16 - DPF: Yahoo! Canasta - http://download.games.yahoo.com/games/clients/y/yt1_x.cab
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {40F8967E-34A6-474A-837A-CEC1E7DAC54C} (QuickBooks Online Edition Utilities Class v9) - https://accounting.quickbooks.com/c1/v16.558/qboax9.cab
O16 - DPF: {823AA622-D72B-42D4-905D-FDD9FC9600FC} (QuickBooks Online Edition Import Utilities Class v5) - https://accounting.quickbooks.com/c5/v16.558/qboimax5.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/1452/ftp.coupons.com/r3302/cpbrkpie.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveca04.rightnowtech.com/7020-b369h/rnl/java/RntX.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 19101 bytes

descriptionSpyware Protect 2009 EmptyRe: Spyware Protect 2009

more_horiz
Hello. Did you install Messenger Plus! with sponsors? because you have TWO infections.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O1 - Hosts: 72.36.180.42www.tyrsown.com
    O1 - Hosts: 195.245.119.131 browser-security.microsoft.com
    O2 - BHO: TTB000000 - {62960D20-6D0D-1AB4-4BF1-95B0B5B8783A} - C:\WINDOWS\COUPON~1.DLL
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: BHO - {C9C42510-9B21-41c1-9DCD-8382A2D07C61} - C:\WINDOWS\system32\iehelper.dll
    O3 - Toolbar: CouponBar - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - C:\WINDOWS\CouponBarIE.dll
    O4 - HKLM\..\Run: [Cake Wipe Inside Wma] C:\Documents and Settings\All Users\Application Data\flag barb cake wipe\Internet Mp3.exe
    O4 - HKCU\..\Run: [system tool] C:\WINDOWS\sysguard.exe
    O4 - HKCU\..\Policies\Explorer\Run: [svcho] C:\WINDOWS\svcho.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
    O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/1452/ftp.coupons.com/r3302/cpbrkpie.cab


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.

descriptionSpyware Protect 2009 EmptyRe: Spyware Protect 2009

more_horiz
Mbam log

Malwarebytes' Anti-Malware 1.34
Database version: 1813
Windows 5.1.2600 Service Pack 3

2/28/2009 8:25:00 PM
mbam-log-2009-02-28 (20-25-00).txt

Scan type: Quick Scan
Objects scanned: 78505
Time elapsed: 18 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 12

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\toolband.ttb000000 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolband.ttb000000.1 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{62960d20-6d0d-1ab4-4bf1-95b0b5b8783a} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c9c42510-9b21-41c1-9dcd-8382a2d07c61} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ttb000001.ttb000001toolbar (Adware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Owner\Desktop\WebfettiSetup2.3.50.22.ZKfox000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\sysguard.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\bng2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\bng3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\bng4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\bng5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\bng6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\bng7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\bng8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\bng9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\bngB.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\gos25A.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.

descriptionSpyware Protect 2009 EmptyRe: Spyware Protect 2009

more_horiz
Hello.
Lets have a look around.

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    Link 1
    Link 2
    Link 3
  • Double click DDS.scr to run
  • When complete, DDS.txt will open.
  • Save the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.

descriptionSpyware Protect 2009 EmptyRe: Spyware Protect 2009

more_horiz
DDS (Ver_09-02-01.01) - NTFSx86
Run by Owner at 20:35:58.13 on Sat 02/28/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.98 [GMT -5:00]

AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated)
FW: Norton Internet Worm Protection *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\eFax Messenger 4.3\J2GTray.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.gatewaybiz.com
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar4.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: NoExplorer - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar4.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: CouponBar: {5bed3930-2e9e-76d8-bacc-80df2188d455} - c:\windows\CouponBarIE.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [TestSoft] c:\docume~1\owner\applic~1\bagsho~1\default gram book.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: []
mRun: [Verizon_McciTrayApp] c:\program files\verizon\McciTrayApp.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [eFax 4.3] "c:\program files\efax messenger 4.3\J2GDllCmd.exe" /R
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.0\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bigfix.lnk - c:\program files\bigfix\BigFix.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\efax43~1.lnk - c:\program files\efax messenger 4.3\J2GTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
IE: &eBay Search - c:\program files\ebay\ebay toolbar2\eBayTb.dll/RCSearch.html
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

descriptionSpyware Protect 2009 EmptyRe: Spyware Protect 2009

more_horiz
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: 6th Street Omaha Poker by pogo - hxxp://game1.pogo.com/applet-6.2.4.32/omaha/omaha-ob-assets.cab
DPF: Aces Up! by pogo - hxxp://game1.pogo.com/applet-8.0.6.49/aces/aces-en_US.cab
DPF: Ali Baba Slots TM by pogo - hxxp://game1.pogo.com/applet-6.3.0.53/slots/alibaba-ob-assets.cab
DPF: Animal Ark by pogo - hxxp://www.pogo.com/applet-6.9.3.49/animal/animal-en_US.cab
DPF: Backgammon by pogo - hxxp://game1.pogo.com/applet-8.0.3.36/backgammon/backgammon-en_US.cab
DPF: Battle Phlinx by pogo - hxxp://game1.pogo.com/applet-8.0.1.23/battlephlinx/battlephlinx-en_US.cab
DPF: Bingo Luau by pogo - hxxp://game1.pogo.com/applet-8.0.6.59/freebingo/freebingo-en_US.cab
DPF: Blackjack by pogo - hxxp://game1.pogo.com/applet-8.0.1.32/blackjack/blackjack-en_US.cab
DPF: Blackjack Carnival by pogo - hxxp://game1.pogo.com/applet-6.8.1.38/vbjack2/vbjack2-en_US.cab
DPF: Blooop by pogo - hxxp://game1.pogo.com/applet-6.9.4.41/cascade/cascade-en_US.cab
DPF: Buckaroo Blackjack TM by pogo - hxxp://game1.pogo.com/applet-6.4.0.41/videoblackjack/videoblackjack-ob-assets.cab
DPF: Canasta by pogo - hxxp://game1.pogo.com/applet-8.0.5.30/canasta/canasta-en_US.cab
DPF: Checkers by pogo - hxxp://game1.pogo.com/applet-6.9.4.34/checkers2/checkers-en_US.cab
DPF: Cribbage by pogo - hxxp://game1.pogo.com/applet-6.4.0.48/cribbage/cribbage-ob-assets.cab
DPF: Dice City Roller by pogo - hxxp://game1.pogo.com/applet-8.0.6.49/ytz/ytz-en_US.cab
DPF: Dice Derby by pogo - hxxp://game1.pogo.com/applet-8.0.1.23/checkeredflag/checkeredflag-en_US.cab
DPF: Dominoes by pogo - hxxp://game1.pogo.com/applet-8.0.0.30/domino/domino-en_US.cab
DPF: Double Deuce Poker by pogo - hxxp://game1.pogo.com/applet-6.4.0.34/videopoker2/doubledeuce-ob-assets.cab
DPF: Euchre by pogo - hxxp://game1.pogo.com/applet-6.3.3.27/euchre/euchre-ob-assets.cab
DPF: First Class Solitaire by pogo - hxxp://game1.pogo.com/applet-8.0.5.30/firstclass2/firstclass2-en_US.cab
DPF: Fortune Bingo by pogo - hxxp://game1.pogo.com/applet-6.9.4.34/superbingo/superbingo-en_US.cab
DPF: Greenback Bayou by pogo - hxxp://game1.pogo.com/applet-6.5.0.45/greenback/greenback-ob-assets.cab
DPF: Hangman Hijinks by pogo - hxxp://game1.pogo.com/applet-6.9.3.39/hangman/hangman-en_US.cab
DPF: Harvest Mania by pogo - hxxp://game1.pogo.com/applet-6.2.5.28/harvest/harvest-ob-assets.cab
DPF: Hearts by pogo - hxxp://game1.pogo.com/applet-8.0.7.27/hearts/hearts-en_US.cab
DPF: High Stakes Poker by pogo - hxxp://game1.pogo.com/applet-8.0.2.40/drawpoker/drawpoker-en_US.cab
DPF: High Stakes Pool by pogo - hxxp://game1.pogo.com/applet-8.0.5.48/pool2/pool-en_US.cab
DPF: Hog Heaven Slots by pogo - hxxp://game1.pogo.com/applet-8.0.6.49/fancy/fancy-en_US.cab
DPF: Jigsaw Detective by pogo - hxxp://game1.pogo.com/applet-6.9.4.41/jigsaw/jigsaw-en_US.cab
DPF: Jungle Gin by pogo - hxxp://game1.pogo.com/applet-8.0.6.49/gin2/gin2-en_US.cab
DPF: Lost Temple Poker by pogo - hxxp://game1.pogo.com/applet-8.0.6.59/mhpoker/mhpoker-en_US.cab
DPF: Lottso by pogo - hxxp://game1.pogo.com/applet-6.9.3.39/lottso/lottso-en_US.cab
DPF: Mah Jong Garden by pogo - hxxp://game1.pogo.com/applet-8.0.6.49/mahjong2/mahjong2-en_US.cab
DPF: Makeover Madness by pogo - hxxp://game1.pogo.com/applet-8.0.4.41/shoes/shoes-en_US.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: Multiline Slots by pogo - hxxp://game1.pogo.com/applet-6.3.3.27/mlslots/mlslots-ob-assets.cab
DPF: Pai Gow by pogo - hxxp://game1.pogo.com/applet-6.9.4.41/paigow/paigow-en_US.cab
DPF: Payday FreeCell by pogo - hxxp://game1.pogo.com/applet-6.4.1.53/freecell/freecell-ob-assets.cab
DPF: Payday Freecell Solitaire by pogo - hxxp://game1.pogo.com/applet-8.0.1.23/freecell2/freecell2-en_US.cab
DPF: Penguin Blocks by pogo - hxxp://game1.pogo.com/applet-8.0.5.30/penguins/penguins-en_US.cab
DPF: Perfect Pair Solitaire by pogo - hxxp://game1.pogo.com/applet-8.0.1.23/waterwheel/waterwheel-en_US.cab
DPF: Phlinx by pogo - hxxp://game1.pogo.com/applet-8.0.0.30/flinger/flinger-en_US.cab
DPF: Pinochle by pogo - hxxp://game1.pogo.com/applet-6.9.4.41/pinochle/pinochle-en_US.cab
DPF: Pop Fu by pogo - hxxp://game1.pogo.com/applet-6.9.3.49/popfu/popfu-en_US.cab
DPF: PoppaZoppa by pogo - hxxp://game1.pogo.com/applet-6.3.0.53/poppazoppa/poppazoppa-ob-assets.cab
DPF: Poppit by pogo - hxxp://game1.pogo.com/applet-6.2.4.23/poppit2/poppit2-ob-assets.cab
DPF: Quick Quack by pogo - hxxp://game1.pogo.com/applet-6.4.2.30/hotstreak/hotstreak-ob-assets.cab
DPF: QWERTY by pogo - hxxp://game1.pogo.com/applet-6.9.2.33/squares/squares-en_US.cab
DPF: Shuffle Bump by pogo - hxxp://game1.pogo.com/applet-6.9.4.41/puck/puck-en_US.cab
DPF: Spades by pogo - hxxp://game1.pogo.com/applet-6.3.2.32/spades/spades-ob-assets.cab
DPF: Spider Solitaire by pogo - hxxp://game1.pogo.com/applet-8.0.6.59/spider/spider-en_US.cab
DPF: Squelchies by pogo - hxxp://game1.pogo.com/applet-8.0.6.49/squelchies/squelchies-en_US.cab
DPF: Stax by pogo - hxxp://game1.pogo.com/applet-6.9.3.39/stax/stax-en_US.cab
DPF: Stellar Sweeper by pogo - hxxp://game1.pogo.com/applet-8.0.6.49/sweeper/sweeper-en_US.cab
DPF: Sweet Tooth TM by pogo - hxxp://game1.pogo.com/applet-8.0.3.20/sweettooth/sweettooth-en_US.cab
DPF: Texas Hold'em Poker by pogo - hxxp://game1.pogo.com/applet-6.3.4.49/holdem/holdem-ob-assets.cab
DPF: Tri-Peaks by pogo - hxxp://game1.pogo.com/applet-8.0.5.30/peaks/peaks-en_US.cab
DPF: Tumble Bees by pogo - hxxp://game1.pogo.com/applet-8.0.2.40/tumbee2/tumbee2-en_US.cab
DPF: Turbo 21 TM by pogo - hxxp://game1.pogo.com/applet-6.3.3.27/turbo21/turbo21-ob-assets.cab
DPF: Turbo 21 v2 by pogo - hxxp://game1.pogo.com/applet-8.0.1.23/turbo22/turbo22-en_US.cab
DPF: Vaults of Atlantis Slots by pogo - hxxp://game1.pogo.com/applet-6.9.4.34/mlslots/mlslots-en_US.cab
DPF: Wonderland Memories by pogo - hxxp://game1.pogo.com/applet-6.5.2.26/memories/memories-en_US.cab
DPF: Word Craft by pogo - hxxp://game1.pogo.com/applet-6.9.4.34/babble/babble-en_US.cab
DPF: Word Search Daily by pogo - hxxp://game1.pogo.com/applet-8.0.5.48/wordsearch/wordsearch-en_US.cab
DPF: Word Whomp by pogo - hxxp://game1.pogo.com/applet-6.3.4.64/wordwhomp2/whomp2-ob-assets.cab
DPF: Word Whomp Whackdown by pogo - hxxp://game1.pogo.com/applet-8.0.6.59/whackdown/whackdown-en_US.cab
DPF: WordJong by pogo - hxxp://game1.pogo.com/applet-8.0.5.30/wordjong/wordjong-en_US.cab
DPF: World Class Solitaire by pogo - hxxp://game1.pogo.com/applet-6.9.3.29/worldclass/worldclass-en_US.cab
DPF: Yahoo! Canasta - hxxp://download.games.yahoo.com/games/clients/y/yt1_x.cab
DPF: Yahoo! Spades - hxxp://download.games.yahoo.com/games/clients/y/st2_x.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/viewers/ipixx.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - hxxp://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {40F8967E-34A6-474A-837A-CEC1E7DAC54C} - hxxps://accounting.quickbooks.com/c1/v16.558/qboax9.cab
DPF: {823AA622-D72B-42D4-905D-FDD9FC9600FC} - hxxps://accounting.quickbooks.com/c5/v16.558/qboimax5.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E7D2588A-7FB5-47DC-8830-832605661009} - hxxp://liveca04.rightnowtech.com/7020-b369h/rnl/java/RntX.cab
DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} - hxxp://cvs.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - hxxp://chat.msn.com/controls/msnchat45.cab
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\luhxpev0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1418455&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?flightopt=out
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\luhxpev0.default\extensions\{231ac525-91f7-422a-9d9b-660344ea2abc}\components\FFAlert.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\luhxpev0.default\extensions\{0c7e3f01-99e9-4095-9bdc-f84724960b57}\plugins\NPCpnMgr.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\luhxpev0.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol305.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npImgCtl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2007-11-24 40840]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2009-2-28 51520]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009-2-28 38208]
R1 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2007-11-24 66952]
R1 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2007-11-24 81288]
R1 pctfw2;pctfw2;c:\windows\system32\drivers\pctfw2.sys [2008-6-17 160792]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2009-2-28 33088]
S2 mrtRate;mrtRate; [x]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [2007-8-15 39048]

=============== Created Last 30 ================

2009-02-28 20:02 --d----- c:\docume~1\owner\applic~1\Malwarebytes
2009-02-28 20:01 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-28 20:01 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-28 20:01 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-28 20:01 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-28 15:43 --d----- C:\3198bd685d691a83874b
2009-02-28 15:39 --d----- C:\d01cc41608e1232c92
2009-02-28 13:56 73,728 a------- c:\windows\system32\javacpl.cpl
2009-02-28 12:50 0 -------- c:\documents and settings\owner\jre-6u11-windows-i586-p.exe
2009-02-28 12:48 --d----- c:\documents and settings\owner\.SunDownloadManager
2009-02-28 09:14 38,208 a------- c:\windows\system32\drivers\TfSysMon.sys
2009-02-28 09:14 33,088 a------- c:\windows\system32\drivers\TfNetMon.sys
2009-02-28 09:14 51,520 a------- c:\windows\system32\drivers\TfFsMon.sys
2009-02-28 09:14 12,608 a------- c:\windows\system32\drivers\TfKbMon.sys
2009-02-28 08:30 16,896 a------- c:\windows\syssvc.exe
2009-02-22 17:27 244 a---h--- C:\sqmnoopt04.sqm
2009-02-22 17:27 232 a---h--- C:\sqmdata04.sqm
2009-02-22 17:27 148 a---h--- C:\sqmdata05.sqm
2009-02-22 17:27 136 a---h--- C:\sqmnoopt05.sqm
2009-02-10 21:46 --d----- c:\program files\BagsHopeWeb
2009-02-05 16:17 --d----- C:\ff48db1b5368128a6e70c358537042a4
2009-02-05 14:31 --d----- c:\docume~1\owner\applic~1\GetRightToGo

==================== Find3M ====================

2009-02-28 13:58 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-05 17:33 3,751,995 a------- c:\windows\system32\GPhotos.scr
2008-12-20 18:15 826,368 a------- c:\windows\system32\wininet.dll
2008-12-02 22:11 2,069,260 a------- c:\documents and settings\owner\PPPlus-Stacey-Briggs-20081202-2210.dat
2008-09-29 14:58 2,003,441 a------- c:\documents and settings\owner\PPPlus-Stacey-Briggs.dat
2008-02-07 15:06 1,821,698 a------- c:\documents and settings\owner\PPPlus.dat
2007-03-31 12:38 5,685,248 a------- c:\program files\~GLH0030.TMP
2006-09-19 14:55 155,648 a------- c:\program files\~GLH002e.TMP
2006-06-30 19:49 5,482 a------- c:\docume~1\owner\applic~1\wklnhst.dat
2005-11-15 16:02 32 a----r-- c:\documents and settings\all users\hash.dat
2008-08-02 11:40 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080220080803\index.dat

============= FINISH: 20:38:06.52 ===============

descriptionSpyware Protect 2009 EmptyRe: Spyware Protect 2009

more_horiz
Hello.

Please see HERE for instructions on disabling Spyware Doctor, because it might interfere with this next tool we have to use to clean up the leftovers.
Spyware Doctor is listed in the third post of that thread.

Please download the OTMoveIt3 by OldTimer.

  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :files
    C:\Documents and Settings\Owner\Desktop\dds.scr
    c:\windows\syssvc.exe
    C:\sqmnoopt*.sqm
    C:\sqmdata*.sqm


  • Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.

descriptionSpyware Protect 2009 EmptyRe: Spyware Protect 2009

more_horiz
========== FILES ==========
C:\Documents and Settings\Owner\Desktop\dds.scr moved successfully.
c:\windows\syssvc.exe moved successfully.
C:\sqmnoopt00.sqm moved successfully.
C:\sqmnoopt01.sqm moved successfully.
C:\sqmnoopt02.sqm moved successfully.
C:\sqmnoopt03.sqm moved successfully.
C:\sqmnoopt04.sqm moved successfully.
C:\sqmnoopt05.sqm moved successfully.
C:\sqmdata00.sqm moved successfully.
C:\sqmdata01.sqm moved successfully.
C:\sqmdata02.sqm moved successfully.
C:\sqmdata03.sqm moved successfully.
C:\sqmdata04.sqm moved successfully.
C:\sqmdata05.sqm moved successfully.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02282009_210143

descriptionSpyware Protect 2009 EmptyRe: Spyware Protect 2009

more_horiz
Hello.
Please en-able Spyware Doctor now.

How is the machine running now?

descriptionSpyware Protect 2009 EmptyRe: Spyware Protect 2009

more_horiz
seems to be working great - thanks so much

descriptionSpyware Protect 2009 EmptyRe: Spyware Protect 2009

more_horiz

  • Please double-click OTMoveIt3.exe to run it again.
  • Press the green CleanUp! button.
  • Press Yes cleanup process prompt.
  • It will start cleaning now, and will want to reboot after, please allow it to do so.
  • It will make a log of what it has removed, but I don't need to see the log.


We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
https://addons.mozilla.org/en-US/firefox/addon/722
https://addons.mozilla.org/en-US/firefox/addon/1865
https://addons.mozilla.org/en-US/firefox/addon/433

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
Update Checker

5) Finally, consider maintaining a firewall. Some good free firewalls are Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found here.

Hopefully this should take care of your problems! Good luck. Big Grin

descriptionSpyware Protect 2009 EmptyRe: Spyware Protect 2009

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum