I did it! (patting self on back)
I downloaded all of the programs you wanted me to, and saved the logs successfully in .txt format.
I also verified that my Java was the current version.
Here is the SUPERAntiSpyware log:SUPERAntiSpyware Scan Log
http://www.superantispyware.comGenerated 10/19/2008 at 08:30 PM
Application Version : 4.21.1004
Core Rules Database Version : 3602
Trace Rules Database Version: 1588
Scan type : Complete Scan
Total Scan Time : 01:23:57
Memory items scanned : 398
Memory threats detected : 0
Registry items scanned : 5629
Registry threats detected : 13
File items scanned : 54534
File threats detected : 27
Adware.Tracking Cookie
C:\Documents and Settings\Default\Cookies\default@realmedia[1].txt
C:\Documents and Settings\Default\Cookies\
[email protected][1].txt
C:\Documents and Settings\Default\Cookies\default@zedo[2].txt
C:\Documents and Settings\Default\Cookies\default@coolsavings[2].txt
C:\Documents and Settings\Default\Cookies\default@tribalfusion[2].txt
C:\Documents and Settings\Default\Cookies\default@mediaplex[2].txt
C:\Documents and Settings\Default\Cookies\default@2o7[1].txt
C:\Documents and Settings\Default\Cookies\default@atdmt[2].txt
C:\Documents and Settings\Default\Cookies\default@revsci[1].txt
C:\Documents and Settings\Default\Cookies\
[email protected][1].txt
C:\Documents and Settings\Default\Cookies\default@bluestreak[1].txt
C:\Documents and Settings\Default\Cookies\default@apmebf[2].txt
C:\Documents and Settings\Default\Cookies\default@fastclick[1].txt
C:\Documents and Settings\Default\Cookies\
[email protected][1].txt
C:\Documents and Settings\Default\Cookies\default@directtrack[1].txt
C:\Documents and Settings\Default\Cookies\
[email protected][2].txt
C:\Documents and Settings\Default\Cookies\default@casalemedia[2].txt
C:\Documents and Settings\Default\Cookies\
[email protected][2].txt
C:\Documents and Settings\Default\Cookies\default@hypertracker[1].txt
C:\Documents and Settings\Default\Cookies\default@adrevolver[2].txt
C:\Documents and Settings\Default\Cookies\default@interclick[1].txt
C:\Documents and Settings\Default\Cookies\default@trafficmp[2].txt
C:\Documents and Settings\Default\Cookies\
[email protected][2].txt
C:\Documents and Settings\Default\Cookies\default@advertising[1].txt
C:\Documents and Settings\Default\Cookies\
[email protected][1].txt
C:\Documents and Settings\Default\Cookies\default@doubleclick[1].txt
Trojan.Unclassified/C00-WL
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C0078A2A
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C0078A2A#Asynchronous
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C0078A2A#DllName
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C0078A2A#Impersonate
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C0078A2A#Startup
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C0078A2A#Logon
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00ECE84
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00ECE84#Asynchronous
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00ECE84#DllName
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00ECE84#Impersonate
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00ECE84#Startup
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00ECE84#Logon
Rogue.XP AntiSpyware 2009
HKU\S-1-5-21-57989841-688789844-1343024091-1003\Control Panel\don't load#wscui.cpl [ No ]
C:\Program Files\XP_AntiSpyware
And, here is the mbam log:Malwarebytes' Anti-Malware 1.29
Database version: 1292
Windows 5.1.2600 Service Pack 3
10/19/2008 9:06:18 PM
mbam-log-2008-10-19 (21-06-18).txt
Scan type: Quick Scan
Objects scanned: 53246
Time elapsed: 8 minute(s), 1 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\APMFC1 (Rogue.AntiTrojanPro) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f68bd4e7.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\adwarepromfc (Rogue.Ad-WarePro) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
C:\WINDOWS\Ad-Ware Pro (Rogue.Ad-WarePro) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\Ad-Ware Pro\uninstall.exe (Rogue.Ad-WarePro) -> Quarantined and deleted successfully.
And, here is the HJT log:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:32:04 PM, on 10/19/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\ABCThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by @Home
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL =
http://proxy:8080O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [WUSB54Gv2] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Walgreens PhotoShow Media Manager] C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Resolution Assistant.lnk = C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe
O4 - Global Startup: Windows Media PowerPoint Helper.lnk = C:\Program Files\Windows Media Components\Tools\nsppthlp.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: @Home - {AD96D1C0-3FA0-11D9-94A1-00010326322D} -
http://home.excite.com (file missing) (HKCU)
O9 - Extra button: Dell Home - {C1B40280-B0C6-11D4-9482-00010326322D} -
http://www.my.delleworks.com (file missing) (HKCU)
O12 - Plugin for .mts: C:\Program Files\MetaCreations\MetaStream\npmetastream.dll
O16 - DPF: Blackjack Carnival by pogo -
http://game1.pogo.com/applet-8.0.1.23/vbjack2/vbjack2-en_US.cabO16 - DPF: First Class Solitaire by pogo -
http://game1.pogo.com/applet-6.8.4.51/firstclass2/firstclass2-en_US.cabO16 - DPF: Fortune Bingo by pogo -
http://game1.pogo.com/applet-6.8.3.35/superbingo/superbingo-en_US.cabO16 - DPF: Hog Heaven Slots by pogo -
http://game1.pogo.com/applet-8.0.3.20/fancy/fancy-en_US.cabO16 - DPF: Keno by pogo -
http://game1.pogo.com/applet-6.9.1.32/keno/keno-en_US.cabO16 - DPF: Lottso by pogo -
http://game1.pogo.com/applet-8.0.5.30/lottso/lottso-en_US.cabO16 - DPF: Payday FreeCell by pogo -
http://game1.pogo.com/applet-6.7.3.30/freecell/freecell-en_US.cabO16 - DPF: Perfect Pair Solitaire by pogo -
http://game1.pogo.com/applet-6.7.2.24/waterwheel/waterwheel-en_US.cabO16 - DPF: Quick Quack by pogo -
http://game1.pogo.com/applet-6.8.0.25/hotstreak/hotstreak-en_US.cabO16 - DPF: Spider Solitaire by pogo -
http://game1.pogo.com/applet-8.0.5.30/spider/spider-en_US.cabO16 - DPF: Tri-Peaks by pogo -
http://game1.pogo.com/applet-8.0.6.49/peaks/peaks-en_US.cabO16 - DPF: Turbo 21 v2 by pogo -
http://game1.pogo.com/applet-6.7.4.28/turbo22/turbo22-en_US.cabO16 - DPF: Vaults of Atlantis Slots by pogo -
http://game1.pogo.com/applet-8.0.6.49/mlslots/mlslots-en_US.cabO16 - DPF: Win32 Classes -
O16 - DPF: Word Craft by pogo -
http://game1.pogo.com/applet-6.8.3.35/babble/babble-en_US.cabO16 - DPF: Word Search Daily by pogo -
http://game1.pogo.com/applet-8.0.6.49/wordsearch/wordsearch-en_US.cabO16 - DPF: Word Whomp by pogo -
http://game1.pogo.com/applet-8.0.0.20/wordwhomp2/whomp2-en_US.cabO16 - DPF: World Class Solitaire by pogo -
http://game1.pogo.com/applet-8.0.5.30/worldclass/worldclass-en_US.cabO16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) -
http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CABO16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) -
http://photo.walgreens.com/WalgreensActivia.cabO16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) -
http://lads.myspace.com/upload/MySpaceUploader1006.cabO16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) -
http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cabO16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) -
http://www.worldwinner.com/games/shared/wwlaunch.cabO16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) -
http://www.worldwinner.com/games/v46/sol/sol.cabO16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) -
http://www.worldwinner.com/games/v47/familyfeud/familyfeud.cabO16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} -
http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exeO16 - DPF: {E2739AFF-FA40-4527-9A19-DE81795C2C03} (MSN Money Ticker) -
http://moneycentral.msn.com/cabs/ticker.cabO16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) -
http://www.auctiva.com/hostedimages/activex/xupload/XUpload.ocxO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: WUSB54Gv2SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
--
End of file - 10525 bytes
I did not 'fix' or 'delete' anything from the HJT scan. I'm going to just leave it open until you tell me what to do.
THANKS SO MUCH for all of your help (and patience with me) I really appreciate it!
Feelin' Like Tap Dancing New Granny[Saving space - attachment deleted by admin]