Page 1 of 2 12 LastLast
Results 1 to 10 of 20
  1. #1
    Member
    Join Date
    Nov 2007
    Posts
    23
    Points
    0

    Default AdAware says win32.trojandownloader.Zlob (HJ Log posted)

    Hey guys and gals .... seems like my babysitter got a little mischevious with my computer and now AdAware finds win32.trojandownloader.Zlob in my registry but is unable to repair it. Looks like I need to buy NetNanny for the sitter !! Here is the HijackThis log .... thank you in advance for any and all help !!!

    Logfile of HijackThis v1.99.1
    Scan saved at 12:50:12 PM, on 11/18/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
    C:\WINDOWS\system32\RioMSC.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\setup\avast.setup
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
    C:\WINDOWS\system32\V0230Mon.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us6.hpwis.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us6.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us6.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us6.hpwis.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\otntdzjj.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
    O4 - HKLM\..\Run: [V0230Mon.exe] C:\WINDOWS\system32\V0230Mon.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [fc036492] rundll32.exe "C:\WINDOWS\system32\lrlwkegb.dll",b
    O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - Startup: Wallpaper Changer.lnk = C:\Program Files\WallpaperToy\Wallpapertoy.Exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommo...ad/tgctlcm.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by135fd.bay135.hotmail.msn.co...s/MsnPUpld.cab
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-e5113eb9cfac7b80.spaces.l...d/MsnPUpld.cab
    O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/40...02/Coupons.cab
    O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploa...loadClient.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D45635E8-833C-454A-A987-99504B4A01B1}: NameServer = 192.168.1.1
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs:
    O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\kovhuxkb.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
    O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

  2. #2
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    Hi

    Please download VundoFix.exe to your desktop.
    1. Double-click VundoFix.exe to run it.
    2. When VundoFix re-opens, click the Scan for Vundo button.
    3. Once it's done scanning, click the Remove Vundo button.
    4. You will receive a prompt asking if you want to remove the files, click "YES".
    5. Once you click yes, your desktop will go blank as it starts removing Vundo.
    6. When completed, it will prompt that it will reboot your computer, click "OK".

    7. Please post the contents of C:\vundofix.txt

    If vundofix cannot delete a file, it will try to delete it during a reboot, after the reboot vundofix will open again, you must run vundofix again, from "Click the Scan for Vundo button" ... and you must keep running vundofix until it does delete the file... I've known a stubborn vundo file take 5 or 6 reboots before it is deleted...

    Keep running vundofix untill it gives you the message "no infected files were found"


    THEN ...

    Download Superantispyware.

    http://www.superantispyware.com/

    Once downloaded and installed update the definitions
    and then run a full system scan quarantine what it finds!

    * Double-click SUPERAntiSypware.exe and use the default settings for installation.
    * An icon will be created on your desktop. Double-click that icon to launch the program.
    * If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)

    http://www.superantispyware.com/definitions.html

    * Under "Configuration and Preferences", click the Preferences button.
    * Click the Scanning Control tab.
    * Under Scanner Options make sure the following are checked (leave all others unchecked):
    o Close browsers before scanning.
    o Scan for tracking cookies.
    o Terminate memory threats before quarantining.
    * Click the "Close" button to leave the control center screen.
    * Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    * On the left, make sure you check C:\Fixed Drive.
    * On the right, under "Complete Scan", choose Perform Complete Scan.
    * Click "Next" to start the scan. Please be patient while it scans your computer.
    * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    * Make sure everything has a checkmark next to it and click "Next".
    * A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    * If asked if you want to reboot, click "Yes".
    * To retrieve the removal information after reboot, launch SUPERAntispyware again.
    o Click Preferences, then click the Statistics/Logs tab.
    o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    o Please copy and paste the Scan Log results in your next reply.
    * Click Close to exit the program.

    THEN ...

    Please download Combofix: http://download.bleepingcomputer.com...a/ComboFix.exe
    and save to the desktop.

    1. Double click on combo.exe & follow the prompts.
    2. When finished, it will produce a logfile located at C:\ComboFix.txt.
    3. Post the contents of that log in your next reply with a new hijackthis log.

    Notes:
    * Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.
    * Disable script blocking if you have NAV installed so it will not interfere with the fix. Trojan Hunter has been reported to detect combofix as Worm.Qiv.100.

    Please remember to post :-

    1. C:\vundofix.txt
    2. SUPERAntiSpyware Scan Log
    3. C:\ComboFix.txt
    4. a new hijackthis log.( run after everything else)

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  3. #3
    Member
    Join Date
    Nov 2007
    Posts
    23
    Points
    0

    Default

    Hi Steam !! You helped me before, that was my doing, this is someone elses doing. Anyway, I will try your methods tomorrow afternoon as the Mrs. is already annoyed with missing me for the day today. Will post results then ... thanks ... Pirate Morgan

  4. #4
    Member
    Join Date
    Nov 2007
    Posts
    23
    Points
    0

    Default

    Update ...
    Ran Vundofix ... found three files, cleaned files and rebooted. Vundofix did not start up again on reboot but I ran it again anyway ... No infected files detected. Currently running SuperAntispyware ... dang, I have so many files!!! But here is the Vundofix log at least ... will post the SuperA, CF, and HJ logs as I get them ... Thanks again Steam !!!!

    VundoFix V6.6.2

    Checking Java version...

    Java version is 1.5.0.8
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.10

    Scan started at 2:52:38 PM 11/19/2007

    Listing files found while scanning....

    C:\windows\system32\maxymyxx.dll
    C:\WINDOWS\system32\otntdzjj.dll
    C:\windows\system32\otntdzjj.dllbox

    Beginning removal...

    Attempting to delete C:\windows\system32\maxymyxx.dll
    C:\windows\system32\maxymyxx.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\otntdzjj.dll
    C:\WINDOWS\system32\otntdzjj.dll Has been deleted!

    Attempting to delete C:\windows\system32\otntdzjj.dllbox
    C:\windows\system32\otntdzjj.dllbox Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.6.2

    Checking Java version...

    Java version is 1.5.0.8
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.10

    Scan started at 3:07:05 PM 11/19/2007

    Listing files found while scanning....

    No infected files were found.

  5. #5
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    Keep 'em coming :wink:

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  6. #6
    Member
    Join Date
    Nov 2007
    Posts
    23
    Points
    0

    Default

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 11/19/2007 at 05:43 PM

    Application Version : 3.9.1008

    Core Rules Database Version : 3346
    Trace Rules Database Version: 1347

    Scan type : Complete Scan
    Total Scan Time : 02:23:31

    Memory items scanned : 409
    Memory threats detected : 4
    Registry items scanned : 5643
    Registry threats detected : 18
    File items scanned : 90959
    File threats detected : 160

    Adware.Vundo-Variant/Small
    C:\WINDOWS\SYSTEM32\LJJKLLL.DLL
    C:\WINDOWS\SYSTEM32\LJJKLLL.DLL
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{162C6BC2-E852-4D45-B139-E8A6737F1054}
    HKCR\CLSID\{162C6BC2-E852-4D45-B139-E8A6737F1054}
    HKCR\CLSID\{162C6BC2-E852-4D45-B139-E8A6737F1054}\InprocServer32
    HKCR\CLSID\{162C6BC2-E852-4D45-B139-E8A6737F1054}\InprocServer32#ThreadingModel
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{162C6BC2-E852-4D45-B139-E8A6737F1054}
    Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\ljjklll

    Adware.Vundo Variant
    C:\WINDOWS\SYSTEM32\MLLJH.DLL
    C:\WINDOWS\SYSTEM32\MLLJH.DLL
    HKLM\Software\Classes\CLSID\{6830B4CD-6956-473E-914F-DF22993CB343}
    HKCR\CLSID\{6830B4CD-6956-473E-914F-DF22993CB343}
    HKCR\CLSID\{6830B4CD-6956-473E-914F-DF22993CB343}\InprocServer32
    HKCR\CLSID\{6830B4CD-6956-473E-914F-DF22993CB343}\InprocServer32#ThreadingModel
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6830B4CD-6956-473E-914F-DF22993CB343}

    Adware.Vundo-Variant/Small-A
    C:\WINDOWS\SYSTEM32\LRLWKEGB.DLL
    C:\WINDOWS\SYSTEM32\LRLWKEGB.DLL
    HKLM\Software\Classes\CLSID\{2ef1a7fa-004d-4d93-8051-af87f645b579}
    HKCR\CLSID\{2EF1A7FA-004D-4D93-8051-AF87F645B579}
    HKCR\CLSID\{2EF1A7FA-004D-4D93-8051-AF87F645B579}\InprocServer32
    HKCR\CLSID\{2EF1A7FA-004D-4D93-8051-AF87F645B579}\InprocServer32#ThreadingModel
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2ef1a7fa-004d-4d93-8051-af87f645b579}

    Trojan.Downloader-NewJuan/VM
    C:\WINDOWS\SYSTEM32\GWDTFSKD.DLL
    C:\WINDOWS\SYSTEM32\GWDTFSKD.DLL

    Unclassified.Unknown Origin
    HKLM\Software\Microsoft\Internet Explorer\Toolbar#{11A69AE4-FBED-4832-A2BF-45AF82825583}
    HKU\S-1-5-21-1653462319-1434109735-2322020850-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{11A69AE4-FBED-4832-A2BF-45AF82825583}
    C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\APPS + IE DOWNLOADS\SOFTWARE\NERO BURNING ROM\NERO6600\KEYGEN 6.6.0.3.EXE

    Adware.Tracking Cookie
    C:\Documents and Settings\Owner\Cookies\owner@ads.cdfreaks[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@hurricanedigitalmedia[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@www.saratogaracetrack[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@tracking.foxnews[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@a.websponsors[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@adopt.hbmediapro[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@crossmediaservices[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@cgi-bin[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@admarketplace[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@ad.zanox[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@yieldmanager[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@server.cpmstar[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@adecn[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@kanoodle[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@dist.belnk[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@clicktorrent[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@www.poolclick[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@data3.perf.overture[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@indiads[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@icc.intellisrv[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@ads.sheknows[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@m1.webstats4u[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@data2.perf.overture[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@stats.crossmediaservices[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@centralmediaserver[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@counter.rewardsnetwork[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@www.dgm2[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@usenext[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@www.clickmanage[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@coolsavings[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@64571240[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@www.burstbeacon[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@pt.crossmediaservices[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@collective-media[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@adv.webmd[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@dcsgoplte64xo24eg5ijloz0x_4d4t[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@www.screensavers[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@cgi-bin[8].txt
    C:\Documents and Settings\Owner\Cookies\owner@nextag[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@hypertracker[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@adopt.specificclick[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@belnk[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@74613876[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@adknowledge[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@atwola[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@sav.coolsavings[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@track.bestbuy[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@itxt.vibrantmedia[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@aa[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@regalinteractive[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@media.sensis.com[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@mb[4].txt
    C:\Documents and Settings\Owner\Cookies\owner@euros4click[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@ads.cnn[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@cgi-bin[4].txt
    C:\Documents and Settings\Owner\Cookies\owner@try.screensavers[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@azjmp[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@ads.adbrite[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@48986480[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@www.dealtime[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@cgi-bin[3].txt
    C:\Documents and Settings\Owner\Cookies\owner@track.websitetrafficreport[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@2.go.globaladsales[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@ads.monster[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@cgi-bin[5].txt
    C:\Documents and Settings\Owner\Cookies\owner@ads.realcastmedia[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@hits.clickandtrack[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@serialz[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@ads.as4x.tmcs[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@4stats[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@cpvfeed[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@a[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@i.screensavers[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@anat.tacoda[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@ads.realtechnetwork[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@30348008[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@mtrcs.bizrate[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@ad[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@cz6.clickzs[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@partner2profit[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@ads.digitalmedianet[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@ads.as4x.tmcs.ticketmaster[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@ads1.speakeasy[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@ads.expedia[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@adobedigitalmediastore.overdrive[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@41409448[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@gittashomes.idxmedia[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@t4.trackalyzer[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@44153975[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@www.advertyz[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@ad1.clickhype[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@sitestat.mayoclinic[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@39919712[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@lw.cdmediaworld[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@cgi-bin[10].txt
    C:\Documents and Settings\Owner\Cookies\owner@1059650638[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@bannerspace[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@www.getstats[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@serialdevil[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@stats2.clicktracks[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@sales.liveperson[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@emarketmakers[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@media.hotels[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@click-411[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@qnsr[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@11906334[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@xiti[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@banners.nbcupromotes[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@3.adbrite[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@data1.perf.overture[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@1064918030[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@poolclick[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@ceedo.serialdevil[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@adsrevenue[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@track.searchignite[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@americanmedia.us.intellitxt[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@advert.seekwellness[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@bestsellerantivirus[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@media.jcarter[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@enhance[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@clicksor[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@4406519[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@analytics.clickpathmedia[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@screensavers[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@28856772[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@anad.tacoda[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@tase[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@ads.traderonline[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@ads.independis[1].txt
    C:\Documents and Settings\LocalService\Cookies\system@toplist[1].txt

    Trojan.Unknown Origin
    C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\ICO1.TMP
    C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\ICO2.TMP
    C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\ICO3.TMP
    C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\ICO4.TMP
    C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\ICO5.TMP
    C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\ICO50.TMP
    C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\ICO51.TMP
    C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\ICO52.TMP
    C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\ICO53.TMP
    C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\ICO54.TMP
    C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\ICO55.TMP
    C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\ICO56.TMP
    C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\ICO57.TMP
    C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\ICO58.TMP
    C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\ICO59.TMP
    C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\ICO5A.TMP
    C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\ICO5B.TMP
    C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\ICO5C.TMP
    C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\ICO5D.TMP
    C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\ICO5E.TMP

    Trojan.Downloader-Gen/DDC
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP473\A0053136.EXE

    Adware.Vundo-Variant
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP475\A0054244.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP476\A0054334.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP476\A0054335.DLL

    Adware.Vundo Variant/Rel
    C:\WINDOWS\SYSTEM32\MCRH.TMP

  7. #7
    Member
    Join Date
    Nov 2007
    Posts
    23
    Points
    0

    Default

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 11/19/2007 at 05:43 PM

    Application Version : 3.9.1008

    Core Rules Database Version : 3346
    Trace Rules Database Version: 1347

    Scan type : Complete Scan
    Total Scan Time : 02:23:31

    Memory items scanned : 409
    Memory threats detected : 4
    Registry items scanned : 5643
    Registry threats detected : 18
    File items scanned : 90959
    File threats detected : 160

    Adware.Vundo-Variant/Small
    C:\WINDOWS\SYSTEM32\LJJKLLL.DLL
    C:\WINDOWS\SYSTEM32\LJJKLLL.DLL
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{162C6BC2-E852-4D45-B139-E8A6737F1054}
    HKCR\CLSID\{162C6BC2-E852-4D45-B139-E8A6737F1054}
    HKCR\CLSID\{162C6BC2-E852-4D45-B139-E8A6737F1054}\InprocServer32
    HKCR\CLSID\{162C6BC2-E852-4D45-B139-E8A6737F1054}\InprocServer32#ThreadingModel
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{162C6BC2-E852-4D45-B139-E8A6737F1054}
    Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\ljjklll

    Adware.Vundo Variant
    C:\WINDOWS\SYSTEM32\MLLJH.DLL
    C:\WINDOWS\SYSTEM32\MLLJH.DLL
    HKLM\Software\Classes\CLSID\{6830B4CD-6956-473E-914F-DF22993CB343}
    HKCR\CLSID\{6830B4CD-6956-473E-914F-DF22993CB343}
    HKCR\CLSID\{6830B4CD-6956-473E-914F-DF22993CB343}\InprocServer32
    HKCR\CLSID\{6830B4CD-6956-473E-914F-DF22993CB343}\InprocServer32#ThreadingModel
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6830B4CD-6956-473E-914F-DF22993CB343}

    Adware.Vundo-Variant/Small-A
    C:\WINDOWS\SYSTEM32\LRLWKEGB.DLL
    C:\WINDOWS\SYSTEM32\LRLWKEGB.DLL
    HKLM\Software\Classes\CLSID\{2ef1a7fa-004d-4d93-8051-af87f645b579}
    HKCR\CLSID\{2EF1A7FA-004D-4D93-8051-AF87F645B579}
    HKCR\CLSID\{2EF1A7FA-004D-4D93-8051-AF87F645B579}\InprocServer32
    HKCR\CLSID\{2EF1A7FA-004D-4D93-8051-AF87F645B579}\InprocServer32#ThreadingModel
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2ef1a7fa-004d-4d93-8051-af87f645b579}

    Trojan.Downloader-NewJuan/VM
    C:\WINDOWS\SYSTEM32\GWDTFSKD.DLL
    C:\WINDOWS\SYSTEM32\GWDTFSKD.DLL

    Unclassified.Unknown Origin
    HKLM\Software\Microsoft\Internet Explorer\Toolbar#{11A69AE4-FBED-4832-A2BF-45AF82825583}
    HKU\S-1-5-21-1653462319-1434109735-2322020850-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{11A69AE4-FBED-4832-A2BF-45AF82825583}
    C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\APPS + IE DOWNLOADS\SOFTWARE\NERO BURNING ROM\NERO6600\KEYGEN 6.6.0.3.EXE

    Adware.Tracking Cookie
    C:\Documents and Settings\Owner\Cookies\owner@ads.cdfreaks[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@hurricanedigitalmedia[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@www.saratogaracetrack[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@tracking.foxnews[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@a.websponsors[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@adopt.hbmediapro[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@crossmediaservices[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@cgi-bin[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@admarketplace[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@ad.zanox[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@yieldmanager[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@server.cpmstar[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@adecn[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@kanoodle[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@dist.belnk[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@clicktorrent[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@www.poolclick[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@data3.perf.overture[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@indiads[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@icc.intellisrv[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@ads.sheknows[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@m1.webstats4u[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@data2.perf.overture[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@stats.crossmediaservices[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@centralmediaserver[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@counter.rewardsnetwork[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@www.dgm2[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@usenext[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@www.clickmanage[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@coolsavings[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@64571240[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@www.burstbeacon[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@pt.crossmediaservices[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@collective-media[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@adv.webmd[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@dcsgoplte64xo24eg5ijloz0x_4d4t[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@www.screensavers[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@cgi-bin[8].txt
    C:\Documents and Settings\Owner\Cookies\owner@nextag[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@hypertracker[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@adopt.specificclick[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@belnk[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@74613876[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@adknowledge[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@atwola[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@sav.coolsavings[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@track.bestbuy[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@itxt.vibrantmedia[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@aa[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@regalinteractive[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@media.sensis.com[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@mb[4].txt
    C:\Documents and Settings\Owner\Cookies\owner@euros4click[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@ads.cnn[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@cgi-bin[4].txt
    C:\Documents and Settings\Owner\Cookies\owner@try.screensavers[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@azjmp[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@ads.adbrite[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@48986480[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@www.dealtime[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@cgi-bin[3].txt
    C:\Documents and Settings\Owner\Cookies\owner@track.websitetrafficreport[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@2.go.globaladsales[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@ads.monster[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@cgi-bin[5].txt
    C:\Documents and Settings\Owner\Cookies\owner@ads.realcastmedia[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@hits.clickandtrack[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@serialz[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@ads.as4x.tmcs[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@4stats[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@cpvfeed[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@a[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@i.screensavers[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@anat.tacoda[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@ads.realtechnetwork[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@30348008[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@mtrcs.bizrate[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@ad[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@cz6.clickzs[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@partner2profit[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@ads.digitalmedianet[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@ads.as4x.tmcs.ticketmaster[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@ads1.speakeasy[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@ads.expedia[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@adobedigitalmediastore.overdrive[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@41409448[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@gittashomes.idxmedia[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@t4.trackalyzer[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@44153975[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@www.advertyz[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@ad1.clickhype[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@sitestat.mayoclinic[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@39919712[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@lw.cdmediaworld[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@cgi-bin[10].txt
    C:\Documents and Settings\Owner\Cookies\owner@1059650638[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@bannerspace[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@www.getstats[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@serialdevil[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@stats2.clicktracks[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@sales.liveperson[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@emarketmakers[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@media.hotels[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@click-411[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@qnsr[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@11906334[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@xiti[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@banners.nbcupromotes[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@3.adbrite[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@data1.perf.overture[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@1064918030[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@poolclick[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@ceedo.serialdevil[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@adsrevenue[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@track.searchignite[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@americanmedia.us.intellitxt[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@advert.seekwellness[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@bestsellerantivirus[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@media.jcarter[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@enhance[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@clicksor[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@4406519[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@analytics.clickpathmedia[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@screensavers[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@28856772[2].txt
    C:\Documents and Settings\Owner\Cookies\owner@anad.tacoda[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@tase[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@ads.traderonline[1].txt
    C:\Documents and Settings\Owner\Cookies\owner@ads.independis[1].txt
    C:\Documents and Settings\LocalService\Cookies\system@toplist[1].txt

    Trojan.Unknown Origin
    C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\ICO1.TMP
    C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\ICO2.TMP
    C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\ICO3.TMP
    C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\ICO4.TMP
    C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\ICO5.TMP
    C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\ICO50.TMP
    C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\ICO51.TMP
    C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\ICO52.TMP
    C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\ICO53.TMP
    C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\ICO54.TMP
    C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\ICO55.TMP
    C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\ICO56.TMP
    C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\ICO57.TMP
    C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\ICO58.TMP
    C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\ICO59.TMP
    C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\ICO5A.TMP
    C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\ICO5B.TMP
    C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\ICO5C.TMP
    C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\ICO5D.TMP
    C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\ICO5E.TMP

    Trojan.Downloader-Gen/DDC
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP473\A0053136.EXE

    Adware.Vundo-Variant
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP475\A0054244.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP476\A0054334.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP476\A0054335.DLL

    Adware.Vundo Variant/Rel
    C:\WINDOWS\SYSTEM32\MCRH.TMP

  8. #8
    Member
    Join Date
    Nov 2007
    Posts
    23
    Points
    0

    Default

    ComboFix 07-11-08.3 - Owner 2007-11-19 19:01:41.4 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.626 [GMT -5:00]
    Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
    * Created a new restore point
    .

    Unable to gain System Privileges

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
    C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
    C:\Documents and Settings\Owner\Favorites\Online Security Guide.lnk
    C:\WINDOWS\system32\hjllm.ini
    C:\WINDOWS\system32\hjllm.ini2
    C:\WINDOWS\system32\mlljh.dll

    .
    ((((((((((((((((((((((((( Files Created from 2007-10-20 to 2007-11-20 )))))))))))))))))))))))))))))))
    .

    2007-11-19 15:17 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2007-11-19 15:16 d-------- C:\Program Files\SUPERAntiSpyware
    2007-11-19 15:16 d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-11-19 15:16 d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
    2007-11-19 15:01 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
    2007-11-18 14:00 d-------- C:\WINDOWS\ERUNT
    2007-11-18 13:57 d-------- C:\Documents and Settings\Administrator\WINDOWS
    2007-11-18 13:57 d-------- C:\Documents and Settings\Administrator\Application Data\VERITAS
    2007-11-18 13:57 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
    2007-11-18 13:57 d-------- C:\Documents and Settings\Administrator\Application Data\Share-to-Web Upload Folder
    2007-11-18 13:57 d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust
    2007-11-18 11:05 d-------- C:\Program Files\Seagate
    2007-11-17 20:42 d-------- C:\Program Files\GetData
    2007-11-17 20:42 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2007-10-24 16:06 d-------- C:\Program Files\SupportSoft

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-20 00:07 32,396 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
    2007-11-20 00:07 2,600,992 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
    2007-11-18 16:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-11-17 21:16 --------- d-----w C:\Program Files\Java
    2007-11-17 13:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
    2007-11-12 21:06 --------- d-----w C:\Program Files\SecCopy
    2007-10-21 13:12 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
    2007-10-18 01:18 --------- d-----w C:\Program Files\PowerISO
    2007-10-13 13:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\SlySoft
    2007-10-12 10:13 --------- d-----w C:\Program Files\MediaMonkey
    2007-10-11 20:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
    2007-10-11 16:27 96,832 ----a-w C:\WINDOWS\system32\drivers\AnyDVD.sys
    2007-10-10 01:19 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
    2007-10-04 01:54 359,808 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
    2007-09-06 20:14 75,248 ----a-w C:\WINDOWS\zllsputility.exe
    2007-04-13 20:29 81,920 ----a-w C:\Documents and Settings\Owner\Application Data\ezpinst.exe
    2007-04-13 20:29 47,360 ----a-w C:\Documents and Settings\Owner\Application Data\pcouffin.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 18:04]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2001-12-19 01:39]
    "IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2002-05-15 05:29]
    "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2002-05-15 05:20]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-22 21:05]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-01-09 21:47]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
    "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2004-09-13 11:51]
    "KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 15:44]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
    "AVFX Engine"="C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 01:11]
    "V0230Mon.exe"="C:\WINDOWS\system32\V0230Mon.exe" [2006-07-19 12:00]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 05:06]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 15:14]
    "fc036492"="C:\WINDOWS\system32\lrlwkegb.dll" []

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Start WingMan Profiler"="" []
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-31 19:06]
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
    Wallpaper Changer.lnk - C:\Program Files\WallpaperToy\Wallpapertoy.Exe [2005-12-17 15:07:09]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 C:\WINDOWS\system32\mlljh.dll

    R2 AdobeActiveFileMonitor;Adobe Active File Monitor;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
    R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
    R3 V0230Vfx;V0230Vfx;C:\WINDOWS\system32\DRIVERS\V0230Vfx.sys
    R3 V0230VID;Live! Cam Video IM Pro;C:\WINDOWS\system32\DRIVERS\V0230VID.sys
    R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
    R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
    S3 ICAM5USB;Intel(r) PC Camera CS110;C:\WINDOWS\system32\Drivers\ICAM5D2.sys
    S3 RioS35;RioS35S driver;C:\WINDOWS\system32\Drivers\RioS35.sys
    S3 WmFilter;Logitech WingMan HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
    S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys

    .
    **************************************************************************

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-19 19:10:03
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-19 19:13:26 - machine was rebooted
    .
    --- E O F ---

  9. #9
    Member
    Join Date
    Nov 2007
    Posts
    23
    Points
    0

    Default

    Logfile of HijackThis v1.99.1
    Scan saved at 7:14:36 PM, on 11/19/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
    C:\WINDOWS\system32\RioMSC.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
    C:\WINDOWS\system32\V0230Mon.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    C:\Program Files\WallpaperToy\Wallpapertoy.Exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us6.hpwis.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us6.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us6.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us6.hpwis.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
    O4 - HKLM\..\Run: [V0230Mon.exe] C:\WINDOWS\system32\V0230Mon.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [fc036492] rundll32.exe "C:\WINDOWS\system32\lrlwkegb.dll",b
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Startup: Wallpaper Changer.lnk = C:\Program Files\WallpaperToy\Wallpapertoy.Exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommo...ad/tgctlcm.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by135fd.bay135.hotmail.msn.co...s/MsnPUpld.cab
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-e5113eb9cfac7b80.spaces.l...d/MsnPUpld.cab
    O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/40...02/Coupons.cab
    O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploa...loadClient.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D45635E8-833C-454A-A987-99504B4A01B1}: NameServer = 192.168.1.1
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs:
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
    O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
    O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

  10. #10
    Member
    Join Date
    Nov 2007
    Posts
    23
    Points
    0

    Default

    I am getting a windows error "Error Loading C:\WINDOWS\system32\lrlwkegb.dll ... The specific module could not be found" But things seem to be booting ok and running ok.

Page 1 of 2 12 LastLast