So, apparently "I" sent out an email to all of my yahoo contacts, suggesting that they buy Viagra and Cialis. I changed my password and deleted my contact list to hopefully ensure that this wouldn't happen again...also, in effort to remove the spyware/trojan/virus/whatever causes this, I downloaded and ran malwarebyte, etc... Any help would be greatly appreciated!! DDS (Ver_10-03-17.01) - NTFSx86 Run by Matt at 10:29:09.80 on Tue 07/27/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.248 [GMT -7:00] AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\WINDOWS\System32\Ati2evxx.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\BCMSMMSG.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Java\jre6\bin\javaws.exe C:\Program Files\Java\jre6\bin\javaw.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Java\jre6\bin\javaws.exe C:\Program Files\Java\jre6\bin\javaw.exe C:\Program Files\Opera\opera.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Documents and Settings\Matt\Local Settings\Application Data\Opera\Opera\temporary_downloads\Defogger.exe C:\Documents and Settings\Matt\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.facebook.com/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local mSearchAssistant = hxxp://www.google.com/ie BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: CPrintEnhancer Object: {ae84a6aa-a333-4b92-b276-c11e2212e4fe} - c:\program files\hp\smart web printing\SmartWebPrinting.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [sonic RecordNow!] uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [synTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [storageGuard] "c:\program files\common files\sonic\update manager\sgtray.exe" /r mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe" mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [bCMSMMSG] BCMSMMSG.exe mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe mRun: [ATIModeChange] Ati2mdxx.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {41564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\matt\applic~1\mozilla\firefox\profiles\7wncmwuw.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.facebook.com FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query= FF - component: c:\program files\mozilla firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll FF - plugin: c:\documents and settings\matt\application data\move networks\plugins\npqmp071503000010.dll FF - plugin: c:\documents and settings\matt\application data\move networks\plugins\npqmp071505000011.dll FF - plugin: c:\documents and settings\matt\application data\mozilla\firefox\profiles\7wncmwuw.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll FF - plugin: c:\program files\mozilla firefox\plugins\npigl.dll FF - plugin: c:\program files\mozilla firefox\plugins\npvbplayer.dll FF - plugin: c:\program files\opera\program\plugins\np_gp.dll FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-7-27 11608] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-7-27 135336] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-7-27 267432] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-7-27 60936] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-7-27 304464] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-12-15 24652] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-7-27 20952] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-7-27 38224] =============== Created Last 30 ================ 2010-07-27 17:25:58 0 ----a-w- c:\documents and settings\matt\defogger_reenable 2010-07-27 17:08:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-07-27 17:08:15 0 d-----w- c:\program files\Avira 2010-07-27 17:08:15 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira 2010-07-27 13:59:36 0 d-----w- c:\docume~1\matt\applic~1\Malwarebytes 2010-07-27 13:59:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-07-27 13:59:22 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-07-27 13:59:22 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-07-27 13:59:22 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-07-24 04:08:29 0 d-----w- c:\windows\ie8updates 2010-07-23 04:46:23 0 d-----w- c:\program files\iPod 2010-07-23 04:45:51 0 d-----w- c:\program files\iTunes 2010-07-23 04:45:51 0 d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2010-07-23 04:35:30 0 d-----w- c:\program files\Bonjour 2010-07-23 01:00:08 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2010-07-23 01:00:08 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2010-07-23 01:00:07 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2010-07-23 01:00:06 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2010-07-23 01:00:06 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2010-07-23 01:00:05 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll 2010-07-23 00:59:58 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll 2010-07-21 23:03:01 0 d-sh--w- c:\documents and settings\matt\IETldCache 2010-07-21 22:57:48 0 dc-h--w- c:\windows\ie8 2010-07-14 04:42:28 743936 -c----w- c:\windows\system32\dllcache\helpsvc.exe ==================== Find3M ==================== 2010-07-21 02:14:45 28256 ----a-w- c:\windows\system32\drivers\MxlW2k.sys 2010-05-18 23:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll 2010-05-18 23:35:16 197920 ----a-w- c:\windows\system32\dnssdX.dll 2010-05-18 23:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe 2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-02 05:56:34 1850880 ----a-w- c:\windows\system32\win32k.sys ============= FINISH: 10:30:34.76 =============== ark.zip