Troj_zlob Removal Assistance

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

wdb

Thread Starter
Joined
Feb 12, 2007
Messages
8
I was following this thread: http://forums.techguy.org/security/542583-how-can-i-remove-troj_zlob.html and thought I'd ask for additional assistance. I'm using Windows XP. I've been experiencing false warnings in the Systray that say I have a Trojan virus and open IE windows to removal programs.

This is the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 11:33:29 PM, on 02/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.imperial-fleet.com/BBC/BBCforum/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.imperial-fleet.com/BBC/BBCforum/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136928673640
O17 - HKLM\System\CCS\Services\Tcpip\..\{7D344088-2F7F-409D-BBFE-B9D5C5FDDEF0}: NameServer = 68.94.156.1 68.94.157.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{7D344088-2F7F-409D-BBFE-B9D5C5FDDEF0}: NameServer = 68.94.156.1 68.94.157.1
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS




This is the Smitfraudfix Log:

SmitFraudFix v2.141

Scan done at 23:45:21.09, 02/11/2007
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts



»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
Hi and welcome :)

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.

The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning: running option #2 on a non infected computer will remove your Desktop background.
 

wdb

Thread Starter
Joined
Feb 12, 2007
Messages
8
I still believe I'm infected. When I first restarted, a SuperAntiSpyware pop-up informed me that another attempt to change my home page had been detected in IE. I don't use IE, but I still have it.

SmitFraudFix v2.141

Scan done at 14:19:01.89, 02/12/2007
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts



»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
Run ActiveScan online virus scan:
http://www.pandasoftware.com/products/activescan.htm

Once you are on the Panda site click the Scan your PC button.
A new window will open...click the Check Now button.
Enter your Country.
Enter your State/Province.
Enter your e-mail address and click send.
Select either Home User or Company.
Click the big Scan Now button.
If it wants to install an ActiveX component allow it.
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on My Computer to start the scan.
When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the ActiveScan report.
 

wdb

Thread Starter
Joined
Feb 12, 2007
Messages
8
Incident Status Location

Adware:adware/zango Not disinfected Windows Registry
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[.go.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[.overture.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[.overture.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[.advertising.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[.spylog.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[.ehg-dig.hitbox.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[.ehg-dig.hitbox.com/]
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[counter.hitslink.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[.com.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[.ehg.hitbox.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[.bfast.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[data.coremetrics.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[stats1.reliablestats.com/]
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[.errorsafe.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[citi.bridgetrack.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[server.iad.liveperson.net/hc/57934806]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lqw1r8wj.default\cookies.txt[server.iad.liveperson.net/]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Owner\Desktop\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\AlphaZIP-1869843\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/SpyReaper Not disinfected C:\Program Files\NoSpyware Full\AppRestart.exe
Spyware:Cookie/Advertising Not disinfected C:\Program Files\NoSpyware Full\quarantine\[email protected][2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Program Files\NoSpyware Full\quarantine\[email protected][1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Program Files\NoSpyware Full\quarantine\[email protected][2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Program Files\NoSpyware Full\quarantine\[email protected][1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Program Files\NoSpyware Full\quarantine\[email protected][2].txt
Spyware:Cookie/FastClick Not disinfected C:\Program Files\NoSpyware Full\quarantine\[email protected][2].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Program Files\NoSpyware Full\quarantine\[email protected][1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Program Files\NoSpyware Full\quarantine\[email protected][1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Program Files\NoSpyware Full\quarantine\[email protected][2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Program Files\NoSpyware Full\quarantine\[email protected][2].txt
Spyware:Cookie/Serving-sys Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[bs.serving-sys.com/]
Spyware:Cookie/Doubleclick Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.doubleclick.net/]
Spyware:Cookie/Atlas DMT Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.atdmt.com/]
Spyware:Cookie/Bluestreak Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.bluestreak.com/]
Spyware:Cookie/Mediaplex Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.mediaplex.com/]
Spyware:Cookie/CentrPort Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.centrport.net/]
Spyware:Cookie/PointRoll Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.ads.pointroll.com/]
Spyware:Cookie/QuestionMarket Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.questionmarket.com/]
Spyware:Cookie/2o7 Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.2o7.net/]
Spyware:Cookie/Atwola
 

wdb

Thread Starter
Joined
Feb 12, 2007
Messages
8
Spyware:Cookie/Advertising Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.advertising.com/]
Spyware:Cookie/Advertising Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.servedby.advertising.com/]
Spyware:Cookie/Advertising Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.advertising.com/]
Spyware:Cookie/Advertising Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.servedby.advertising.com/]
Spyware:Cookie/Advertising Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.advertising.com/]
Spyware:Cookie/Advertising Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.servedby.advertising.com/]
Spyware:Cookie/Tribalfusion Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.tribalfusion.com/]
Spyware:Cookie/FastClick Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.fastclick.net/]
Spyware:Cookie/Hitbox Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.hitbox.com/]
Spyware:Cookie/Maxserving Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.maxserving.com/]
Spyware:Cookie/Falkag Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.as-us.falkag.net/]
Spyware:Cookie/Linksynergy Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.linksynergy.com/]
Spyware:Cookie/Tradedoubler Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.tradedoubler.com/]
Spyware:Cookie/Bridgetrack Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[citi.bridgetrack.com/]
Spyware:Cookie/QkSrv Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.qksrv.net/]
Spyware:Cookie/onestat.com Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[stat.onestat.com/]
Spyware:Cookie/Adtech Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.adtech.de/]
Spyware:Cookie/Zedo Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.zedo.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.trafficmp.com/]
Spyware:Cookie/Statcounter Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.statcounter.com/]
Spyware:Cookie/BurstNet Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.burstnet.com/]
Spyware:Cookie/BurstBeacon Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[www.burstbeacon.com/]
Spyware:Cookie/Overture Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.overture.com/]
Spyware:Cookie/2o7 Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.112.2o7.net/]
Spyware:Cookie/Adrevolver Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.adrevolver.com/]
Spyware:Cookie/YieldManager Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[ad.yieldmanager.com/]
Spyware:Cookie/RealMedia Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.realmedia.com/]
Spyware:Cookie/Casalemedia Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.casalemedia.com/]
Spyware:Cookie/Overture Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.perf.overture.com/]
Spyware:Cookie/Falkag Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.as-eu.falkag.net/]
Spyware:Cookie/web-stat Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[www.web-stat.com/]
Spyware:Cookie/2o7 Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.microsofteup.112.2o7.net/]
Spyware:Cookie/Adserver Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.z1.adserver.com/]
Spyware:Cookie/bravenetA Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.bravenet.com/]
Spyware:Cookie/Hitbox Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.hg1.hitbox.com/]
Spyware:Cookie/Hitslink Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[counter.hitslink.com/]
Spyware:Cookie/Toplist Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.toplist.cz/]
Spyware:Cookie/DomainSponsor Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[landing.domainsponsor.com/]
Spyware:Cookie/Humanclick Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[hc2.humanclick.com/hc/50255095]
Spyware:Cookie/Humanclick Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[hc2.humanclick.com/]
Spyware:Cookie/WUpd Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.revenue.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[server.iad.liveperson.net/hc/42435556]
Spyware:Cookie/Com.com Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.com.com/]
Spyware:Cookie/Bfast Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.bfast.com/]
Spyware:Cookie/Apmebf Not disinfected J:\Documents and Settings\Wuher\Application Data\Mozilla\Firefox\Profiles\1f2u1fuf.default\COOKIES.TXT[.apmebf.com/]
Spyware:Cookie/Doubleclick Not disinfected J:\Orig Frive Files\WINDOWS\Application Data\Mozilla\Profiles\DEFAULT\Y3E3A7PM.SLT\COOKIES.TXT[.doubleclick.net/]
Spyware:Cookie/Mediaplex Not disinfected J:\Orig Frive Files\WINDOWS\Application Data\Mozilla\Profiles\DEFAULT\Y3E3A7PM.SLT\COOKIES.TXT[.mediaplex.com/]
Spyware:Cookie/Atlas DMT Not disinfected J:\Orig Frive Files\WINDOWS\Application Data\Mozilla\Profiles\DEFAULT\Y3E3A7PM.SLT\COOKIES.TXT[.atdmt.com/]
Spyware:Cookie/QuestionMarket Not disinfected J:\Orig Frive Files\WINDOWS\Application Data\Mozilla\Profiles\DEFAULT\Y3E3A7PM.SLT\COOKIES.TXT[.questionmarket.com/]
Spyware:Cookie/Valueclick Not disinfected J:\Orig Frive Files\WINDOWS\Application Data\Mozilla\Profiles\DEFAULT\Y3E3A7PM.SLT\COOKIES.TXT[.valueclick.com/]
Spyware:Cookie/Bfast Not disinfected J:\Orig Frive Files\WINDOWS\Application Data\Mozilla\Profiles\DEFAULT\Y3E3A7PM.SLT\COOKIES.TXT[.bfast.com/]
Spyware:Cookie/QkSrv Not disinfected J:\Orig Frive Files\WINDOWS\Application Data\Mozilla\Profiles\DEFAULT\Y3E3A7PM.SLT\COOKIES.TXT[.qksrv.net/]
Spyware:Cookie/Adserver Not disinfected J:\Orig Frive Files\WINDOWS\Application Data\Mozilla\Profiles\DEFAULT\Y3E3A7PM.SLT\COOKIES.TXT[.z1.adserver.com/]
Spyware:Cookie/Advertising Not disinfected J:\Orig Frive Files\WINDOWS\Application Data\Mozilla\Profiles\DEFAULT\Y3E3A7PM.SLT\COOKIES.TXT[.servedby.advertising.com/]
Spyware:Cookie/Adserver Not disinfected J:\Orig Frive Files\WINDOWS\Application Data\Mozilla\Profiles\DEFAULT\Y3E3A7PM.SLT\COOKIES.TXT[.z1.adserver.com/]
Spyware:Cookie/Advertising Not disinfected J:\Orig Frive Files\WINDOWS\Application Data\Mozilla\Profiles\DEFAULT\Y3E3A7PM.SLT\COOKIES.TXT[.advertising.com/]
Spyware:Cookie/Maxserving Not disinfected J:\Orig Frive Files\WINDOWS\Application Data\Mozilla\Profiles\DEFAULT\Y3E3A7PM.SLT\COOKIES.TXT[.maxserving.com/]
Spyware:Cookie/Hitbox Not disinfected J:\Orig Frive Files\WINDOWS\Application Data\Mozilla\Profiles\DEFAULT\Y3E3A7PM.SLT\COOKIES.TXT[.hg1.hitbox.com/]
Spyware:Cookie/SpyLog Not disinfected J:\Orig Frive Files\WINDOWS\Application Data\Mozilla\Profiles\DEFAULT\Y3E3A7PM.SLT\COOKIES.TXT[.spylog.com/]
Spyware:Cookie/Hitbox Not disinfected J:\Orig Frive Files\WINDOWS\Application Data\Mozilla\Profiles\DEFAULT\Y3E3A7PM.SLT\COOKIES.TXT[.hitbox.com/]
Spyware:Cookie/Atwola Not disinfected J:\Orig Frive Files\WINDOWS\Application Data\Mozilla\Profiles\DEFAULT\Y3E3A7PM.SLT\COOKIES.TXT[.atwola.com/]
Spyware:Cookie/2o7 Not disinfected J:\Orig Frive Files\WINDOWS\Application Data\Mozilla\Profiles\DEFAULT\Y3E3A7PM.SLT\COOKIES.TXT[.2o7.net/]
Spyware:Cookie/Internetfuel Not disinfected J:\Orig Frive Files\WINDOWS\Application Data\Mozilla\Profiles\DEFAULT\Y3E3A7PM.SLT\COOKIES.TXT[.internetfuel.com/]
Spyware:Cookie/FastClick Not disinfected J:\Orig Frive Files\WINDOWS\Application Data\Mozilla\Profiles\DEFAULT\Y3E3A7PM.SLT\COOKIES.TXT[.fastclick.net/]
Spyware:Cookie/CentrPort Not disinfected J:\Orig Frive Files\WINDOWS\Application Data\Mozilla\Profiles\DEFAULT\Y3E3A7PM.SLT\COOKIES.TXT[.centrport.net/]
Spyware:Cookie/Traffic Marketplace Not disinfected J:\Orig Frive Files\WINDOWS\Application Data\Mozilla\Profiles\DEFAULT\Y3E3A7PM.SLT\COOKIES.TXT[.trafficmp.com/]
Spyware:Cookie/Falkag Not disinfected J:\Orig Frive Files\WINDOWS\Application Data\Mozilla\Profiles\DEFAULT\Y3E3A7PM.SLT\COOKIES.TXT[.as-us.falkag.net/]
Spyware:Cookie/Falkag Not disinfected J:\Orig Frive Files\WINDOWS\Application Data\Mozilla\Profiles\DEFAULT\Y3E3A7PM.SLT\COOKIES.TXT[a.as-us.falkag.net/]
Spyware:Cookie/Casalemedia Not disinfected J:\Orig Frive Files\WINDOWS\Application Data\Mozilla\Profiles\DEFAULT\Y3E3A7PM.SLT\COOKIES.TXT[.casalemedia.com/]
Spyware:Cookie/onestat.com Not disinfected J:\Orig Frive Files\WINDOWS\Application Data\Mozilla\Profiles\DEFAULT\Y3E3A7PM.SLT\COOKIES.TXT[stat.onestat.com/]
Spyware:Cookie/Bluestreak Not disinfected J:\Orig Frive Files\WINDOWS\Application Data\Mozilla\Profiles\DEFAULT\Y3E3A7PM.SLT\COOKIES.TXT[.bluestreak.com/]
Spyware:Cookie/Tribalfusion Not disinfected J:\Orig Frive Files\WINDOWS\Application Data\Mozilla\Profiles\DEFAULT\Y3E3A7PM.SLT\COOKIES.TXT[.tribalfusion.com/]
Spyware:Cookie/WUpd Not disinfected J:\Orig Frive Files\WINDOWS\Application Data\Mozilla\Profiles\DEFAULT\Y3E3A7PM.SLT\COOKIES.TXT[.revenue.net/]
Spyware:Cookie/BurstNet Not disinfected J:\Orig Frive Files\WINDOWS\Application Data\Mozilla\Profiles\DEFAULT\Y3E3A7PM.SLT\COOKIES.TXT[.burstnet.com/]
Spyware:Cookie/BurstBeacon Not disinfected J:\Orig Frive Files\WINDOWS\Application Data\Mozilla\Profiles\DEFAULT\Y3E3A7PM.SLT\COOKIES.TXT[www.burstbeacon.com/]
 

wdb

Thread Starter
Joined
Feb 12, 2007
Messages
8
If someone doesn't answer soon, I'll have to give another report. I accidentally left the computer connected for four hours while I was gone and it downloaded more crap onto it.
 

wdb

Thread Starter
Joined
Feb 12, 2007
Messages
8
Logfile of HijackThis v1.99.1
Scan saved at 9:59:26 PM, on 02/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.imperial-fleet.com/BBC/BBCforum/index.php
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136928673640
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7D344088-2F7F-409D-BBFE-B9D5C5FDDEF0}: NameServer = 68.94.156.1 68.94.157.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{7D344088-2F7F-409D-BBFE-B9D5C5FDDEF0}: NameServer = 68.94.156.1 68.94.157.1
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top