I must have an email infection. Help!
Avast warns me every 15 seconds or something similar to the following:
I must have an email infection. Help!
Avast warns me every 15 seconds or something similar to the following:
Now Avast says:
The iframe tag is a powerful tool and one usually used on web pages to deliver dynamic content, not normally in emails though and then usually for the delivery of adverts.
It is also the means being used by the latest site hacks to run malicious code when you arrive at a site which has been hacked, so it is easy to do this in an email as well.
This does appear that you have a hidden/unidentified trojan spambot on your system.
If you haven’t already got this software (freeware), download, install, update and run it and report the findings (it should product a log file).
Don’t worry about reported tracking cookies they are a minor issue and not one of securty, allow SAS to deal with them though. - See http://en.wikipedia.org/wiki/HTTP_cookie.
If any files are found infected relating to trojan spambots, etc. before letting these programs deal with them send a copy to the chest and then email to Alwil software as possible undetected malware to help improve detections.
Add the file to the User Files (File, Add) section of the avast chest (if it isn’t already there) where it can do no harm and send it from there. A copy of the file/s will remain in the original location, so you will need to take further action and can remove/rename that.
Send it from the User Files section of the chest (select the file, right click, email to Alwil Software). It will be uploaded (not actually emailed) to avast when the next avast auto (or manual) update is done.
DavidR,
Thanks for the info. I have downloadand and started a scan with MalwareBytes. I will post the results.
Cards1
Hi 1 cards,
You should not place live links here. Break it in a way it cannot be clicked, for instance:
invitations at hi5 dot com etc.
This is an example: http://securitytracker.com/alerts/2006/Feb/1015665.html
How to remove it from a website: http://mycodings.blogspot.com/2009/05/remove-malwareiframeinf-virus-from-your.html
polonus
polonus,
I have edited the so there are no live links. Thanks!
1cards
I successfully downloaded and removed the spambot with MalewareBytes.
Thanks!
1cards
That’s good, though it would have been nice to first have posted the log and if possible saved a copy to send to avast to improve detection of this spambot.
It is quarantined. I do not know if I can retrieve it. Log follows:
Malwarebytes’ Anti-Malware 1.38
Database version: 2309
Windows 6.0.6001 Service Pack 1
6/19/2009 7:21:53 PM
mbam-log-2009-06-19 (19-21-53).txt
Scan type: Full Scan (C:|H:|J:|)
Objects scanned: 563854
Time elapsed: 2 hour(s), 45 minute(s), 2 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 56
Memory Processes Infected:
C:\Users\admin\AppData\Local\Temp\Temp1_Postcard.zip\document.pdf .exe (Trojan.Dropper) → Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) → Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows audio server (Trojan.Dropper) → Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Users\admin\AppData\Local\Temp\Temp1_Postcard.zip\document.pdf .exe (Trojan.Dropper) → Quarantined and deleted successfully.
C:\Users\admin\AppData\Local\Temp\sndmixer32.exe (Trojan.Dropper) → Quarantined and deleted successfully.
c:\downloads\Absolute Video Converter 6.2.exe (Trojan.Dropper) → Quarantined and deleted successfully.
c:\downloads\Ad-aware 2009.exe (Trojan.Dropper) → Quarantined and deleted successfully.
c:\downloads\Adobe Acrobat Reader keygen.exe (Trojan.Dropper) → Quarantined and deleted successfully.
c:\downloads\Adobe Photoshop CS4 crack.exe (Trojan.Dropper) → Quarantined and deleted successfully.
c:\downloads\Alcohol 120 v1.9.7.exe (Trojan.Dropper) → Quarantined and deleted successfully.
c:\downloads\AnyDVD HD v.6.3.1.8 Beta incl crack.exe (Trojan.Dropper) → Quarantined and deleted successfully.
c:\downloads\Avast 4.8 Professional.exe (Trojan.Dropper) → Quarantined and deleted successfully.
c:\downloads\AVS video converter6.exe (Trojan.Dropper) → Quarantined and deleted successfully.
c:\downloads\Smart Draw 2008 keygen.exe (Trojan.Dropper) → Quarantined and deleted successfully.
c:\downloads\Sony Vegas Pro 8 0b Build 219.exe (Trojan.Dropper) → Quarantined and deleted successfully.
c:\downloads\Sophos antivirus updater bypass.exe (Trojan.Dropper) → Quarantined and deleted successfully.
c:\downloads\Super Utilities Pro 2009 11.0.exe (Trojan.Dropper) → Quarantined and deleted successfully.
c:\downloads\Motorola, nokia, ericsson mobil phone tools.exe (Trojan.Dropper) → Quarantined and deleted successfully.
c:\downloads\Myspace theme collection.exe (Trojan.Dropper) → Quarantined and deleted successfully.
c:\downloads\Nero 9 9.2.6.0 keygen.exe (Trojan.Dropper) → Quarantined and deleted successfully.
c:\downloads\Norton Anti-Virus 2009 Enterprise Crack.exe (Trojan.Dropper) → Quarantined and deleted successfully.
c:\downloads\G-Force Platinum v3.7.5.exe (Trojan.Dropper) → Quarantined and deleted successfully.
c:\downloads\Google Earth Pro 4.2. with Maps and crack.exe (Trojan.Dropper) → Quarantined and deleted successfully.
c:\downloads\Grand Theft Auto IV (Offline Activation).exe (Trojan.Dropper) → Quarantined and deleted successfully.
c:\downloads\Internet Download Manager V5.exe (Trojan.Dropper) → Quarantined and deleted successfully.
c:\downloads\K-Lite codec pack 3.10 full.exe (Trojan.Dropper) → Quarantined and deleted successfully.
c:\downloads\K-Lite codec pack 4.0 gold.exe (Trojan.Dropper) → Quarantined and deleted successfully.
c:\downloads\Total Commander7 license+keygen.exe (Trojan.Dropper) → Quarantined and deleted successfully.
c:\downloads\Tuneup Ultilities 2008.exe (Trojan.Dropper) → Quarantined and deleted successfully.
c:\downloads\Ultimate ring tones package1 (Beethoven,Bach, Baris Manco,Lambada,Chopin, Greensleves).exe (Trojan.Dropper) → Quarantined and deleted successfully.
c:\downloads\Ultimate ring tones package2 (Lil Wayne - Way Of Life,Khia - My Neck My Back Like My Pussy And My Crack,Mario - Let Me Love You,R. Kelly - The Worlds Greatest).exe (Trojan.Dropper) → Quarantined and deleted successfully.
c:\downloads\Ultimate ring tones package3 (Crazy In Love, U Got It Bad, 50 Cent - P.I.M.P, Jennifer Lopez Feat. Ll Cool J - All I Have, 50 Cent - 21 Question).exe (Trojan.Dropper) → Quarantined and deleted successfully.
c:\downloads\BitDefender AntiVirus 2009 Keygen.exe (Trojan.Dropper) → Quarantined and deleted successfully.
c:\downloads\Opera 9.62 International.exe (Trojan.Dropper) → Quarantined and deleted successfully.
c:\downloads\PDF password remover (works with all acrobat reader).exe (Trojan.Dropper) → Quarantined and deleted successfully.
c:\downloads\Perfect keylogger family edition with crack.exe (Trojan.Dropper) → Quarantined and deleted successfully.
c:\downloads\Power ISO v4.2 + keygen axxo.exe (Trojan.Dropper) → Quarantined and deleted successfully.
c:\downloads\CheckPoint ZoneAlarm And AntiSpy.exe (Trojan.Dropper) → Quarantined and deleted successfully.
c:\downloads\CleanMyPC Registry Cleaner v6.02.exe (Trojan.Dropper) → Quarantined and deleted successfully.
c:\downloads\Daemon Tools Pro 4.11.exe (Trojan.Dropper) → Quarantined and deleted successfully.
c:\downloads\Divx Pro 6.8.0.19 + keymaker.exe (Trojan.Dropper) → Quarantined and deleted successfully.
c:\downloads\Download Accelerator Plus v8.7.5.exe (Trojan.Dropper) → Quarantined and deleted successfully.
c:\downloads\Download Boost 2.0.exe (Trojan.Dropper) → Quarantined and deleted successfully.
c:\downloads\DVD Tools Nero 9 2 6 0.exe (Trojan.Dropper) → Quarantined and deleted successfully.
c:\downloads\Kaspersky Internet Security 2009 keygen.exe (Trojan.Dropper) → Quarantined and deleted successfully.
c:\downloads\LimeWire Pro v4.18.3.exe (Trojan.Dropper) → Quarantined and deleted successfully.
c:\downloads\Magic Video Converter 8 0 2 18.exe (Trojan.Dropper) → Quarantined and deleted successfully.
c:\downloads\Microsoft Office 2007 Home and Student keygen.exe (Trojan.Dropper) → Quarantined and deleted successfully.
c:\downloads\Microsoft Visual Studio 2008 KeyGen.exe (Trojan.Dropper) → Quarantined and deleted successfully.
c:\downloads\Microsoft.Windows 7 Beta1 Build 7000 x86.exe (Trojan.Dropper) → Quarantined and deleted successfully.
c:\downloads\VmWare keygen.exe (Trojan.Dropper) → Quarantined and deleted successfully.
c:\downloads\Winamp.Pro.v6.53.PowerPack.Portable+installer.exe (Trojan.Dropper) → Quarantined and deleted successfully.
c:\downloads\Windows 2008 Enterprise Server VMWare Virtual Machine.exe (Trojan.Dropper) → Quarantined and deleted successfully.
c:\downloads\Windows XP PRO Corp SP3 valid-key generator.exe (Trojan.Dropper) → Quarantined and deleted successfully.
c:\downloads\Windows2008 keygen and activator.exe (Trojan.Dropper) → Quarantined and deleted successfully.
c:\downloads\WinRAR v3.x keygen RaZoR.exe (Trojan.Dropper) → Quarantined and deleted successfully.
c:\downloads\Youtube Music Downloader 1.0.exe (Trojan.Dropper) → Quarantined and deleted successfully.
c:\Users\admin\downloads\Setup.exe (Adware.Zango) → Quarantined and deleted successfully.
c:\Users\admin\AppData\Local\Temp\CD18.tmp (Heuristics.Malware) → Quarantined and deleted successfully.
Your MBAM log is full of cracks and keygens. People like you do not deserve help.What is the mentality of a person who ,in order to protect their pc , uses a keygen. In my eyes, you are no better than a common thief. You even have what looks like a crack for Avast ( c:\downloads\Avast 4.8 Professional.exe (Trojan.Dropper) → Quarantined and deleted successfully. ) Yet you have audacity to come here asking for help.
People that like cracks and keygens deserve all the malware that comes along with them.
-= By the way, a free version of malwarebytes & avast is available so you wont have the need for cracks… There are lots of freewares that can act as good as the paid…
-= Those cracked sort of things might cause greater damage so it would be better to uninstall them at once…
I do not know what a keygen or crack is. Why would one need a keygen or a crack for Adobe Acrobat Reader? It is free. Are these part of the spam bot? I do not have most of these programs on my computer, Norton Anti-Virus 2009 Enterprise, for example. I dislike Norton that is why I bought Avast Professional. Likewise I have no ringtones. Most of these I do not recoginize. Please explain this to me micky77, YoKenny and -= Fenrir =-
I would not post the quarantine log if I were stealing something!
-= The log showed that you actually downloaded lots of cracks & keygens… Kaspersky, BitDefender, avast, MBAM, etc… If you are not really sure who/what did this… Better check installed softwares on your pc… or see if you have any active torrents or a P2P process… Still, I doubt it, processes like those are initiated by the user…
Download HijackThis, when you run the program, choose ’ scan and save a log file '. Copy/paste the txt log that appears. You may need to split the log into several posts, if it is very large.
micky77, here is the logfile, page 1:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:40:33 PM, on 6/26/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\sttray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\Siber Systems\RoboForm\robotaskbaricon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Windows\System32\mobsync.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
\Pmc-server-2005\d\Avimark\avimark.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\Windows\MSAgent\agentsvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Intuit\QuickBooks 2008\qbw32.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go dot microsoft dot com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.iwon dot com/iwon-homepage/home.jhtml
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway dot com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GM5424
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go dot microsoft dot com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft dot com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway dot com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GM5424
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway dot com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GM5424
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\RoboForm\roboform.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\Windows\System32\TwcToolbarIe7.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM..\Run: [auditadmin] C:\windows\temp\auditadmin.cmd
O4 - HKLM..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM..\Run: [NMSSupport] “C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe” /startup
O4 - HKLM..\Run: [IAAnotif] “C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe”
O4 - HKLM..\Run: [Google Desktop Search] “C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe” /startup
O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM..\Run: [BigFix] c:\program files\Bigfix\bigfix.exe /atstartup
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe”
O4 - HKLM..\Run: [Adobe Photo Downloader] “C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe”
O4 - HKLM..\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 - HKLM..\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
page 2 of the logfile:
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKCU..\Run: [DW6] “C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe”
O4 - HKCU..\Run: [updateMgr] “C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe” AcRdB7_1_0 -reboot 1
O4 - HKCU..\Run: [RoboForm] “C:\Program Files\Siber Systems\RoboForm\RoboTaskBarIcon.exe”
O4 - HKCU..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU..\Run: [PCMagSurfSpeed2] C:\Program Files\PC Magazine Utilities\SurfSpeed 2\SurfSpeed.exe
O4 - HKCU..\Run: [msnmsgr] “C:\Program Files\Windows Live\Messenger\msnmsgr.exe” /background
O4 - HKUS\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-21-3637895357-2911223082-889988628-1000..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘IUSR_NMPR’)
O4 - HKUS\S-1-5-21-3637895357-2911223082-889988628-1005..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘QBDataServiceUser18’)
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra ‘Tools’ menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra ‘Tools’ menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\RoboForm\RoboFormComFillForms.html
O9 - Extra ‘Tools’ menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\RoboForm\RoboFormComSavePass.html
O9 - Extra ‘Tools’ menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\RoboForm\RoboFormComShowToolbar.html
O9 - Extra ‘Tools’ menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra ‘Tools’ menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail dot com/mail/w3/resources/VistaMSNPUplden-us.cab
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://www.onlineregister dot com/gateway/serial/gwCID.cab
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Intel(R) Viiv™ Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: QuickBooksDB18 - iAnywhere Solutions, Inc. - C:\PROGRA~1\Intuit\QUICKB~2\QBDBMgrN.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
–
End of file - 16188 bytes
By the way here is my order for Avast Professional
share-it! Order number: #########
This e-mail was generated by a mail handling system. Please do not reply
to the address listed in the “From” field.
Please read the CUSTOMER SERVICE section for answers to your questions.
We recommend that you make a backup copy of this e-mail (e.g. print out a
hard copy).
Dear Customer,
Thank you for placing an order with share-it!. You have purchased a product
by ALWIL Software a.s…
Contents:
A. Brief information on product delivery
B. Details for product delivery for avast! 4 Professional Edition, 3
years
C. Technical Support
D. Customer service
A. Brief information on product delivery
Use the license key to unlock the product (see below).
Please note that you will not receive a delivery by postal mail.
B. Details for product delivery for avast! 4 Professional Edition, 3
years
The product is licensed to “NAME”.
The license key is valid for 13 license(s).
The license key for “avast! 4 Professional Edition, 3 years” is listed
below. You will need this license key to complete the process and activate
the product. The license key and the text below originate from the software
publisher and may be written in another language.
Dear customer,
thank You very much for Your purchase. You were successfully registered for
using avast! 4 Professional Edition antivirus program on 13 PC(s). Your
license allows you to update/upgrade avast! 4 Professional for 3 (three)
years from the date of purchase. Your license key is
----cut here----
License Key here
----cut here----
Print this mail and save it for future usage, please.
Follow the instructions below for entering your new key into installed
Avast! program:
It is recommended to update your virus database via the iAVS service. Just
click on the “flash” icon in Simple user interface or “flash” icon with
iAVS description in Enhanced user interface.
C. Technical Support
If you have any content-related or technical questions about the product,
please contact ALWIL Software a.s. directly.
You can contact the publisher at the Website http://forum.avast dot com for
technical support.
D. Customer service
Questions about your order, payment, or delivery?
Answers to the most frequently asked questions / Contact:
http://ccc.shareit dot com/ccc/?languageid=1&pid=196317285
Your order data:
https://ccc.shareit dot com/ccc/my_account.html?languageid=1&pid=#########
General terms and conditions of business:
http://www.shareit dot com/termsconditions.html?p=1963172858890fd3f476c77
Sincerely,
Your share-it! team
share-it! - a service of digital river - www.shareit dot com
Digital River GmbH
Vogelsanger Str. 78, D-50823 Cologne, Germany
CEO: John Strosahl
Corporate Headquarters: Cologne / HRB 56188 / Cologne Local Court
And this is a copy of the charge going to my credit card for Avast.
share-it! Order number: #########
This e-mail was generated by a mail handling system. Please do not reply
to the address listed in the “From” field.
Please read the CUSTOMER SERVICE section for answers to your questions.
Dear Customer,
This e-mail is not a new bill; it is meant to help you to identify the
charge that will appear on your credit card statement shortly.
On 31-MAR-2008 you purchased the following product by ALWIL Software a.s.
from share-it! and paid by credit card:
avast! 4 Professional Edition, 3 years
The order stored in our system under order no. ######### was paid with your
American Express card. The total amount of the order is USD 444.16.
Please note that “DRI*www.avast.com”, rather than the name of the
publisher, ALWIL Software a.s., will appear on your card statement.
CUSTOMER SERVICE
Questions about your order, payment, or delivery?
Answers to the most frequently asked questions / Contact:
http://ccc.shareit dot com/ccc/?languageid=1&pid=196317285
Your order data:
https://ccc.shareit dot com/ccc/my_account.html?languageid=1&pid=196317285
General terms and conditions of business:
http://www.shareit dot com/termsconditions.html?p=1963172858890fd3f476c77
Sincerely,
Your share-it! team
share-it! - a service of digital river - www.shareit dotcom
Digital River GmbH
Vogelsanger Str. 78, D-50823 Cologne, Germany
CEO: John Strosahl
Corporate Headquarters: Cologne / HRB 56188 / Cologne Local Court