SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 02/10/2008 at 09:12 PM
Application Version : 3.9.1008
Core Rules Database Version : 3399
Trace Rules Database Version: 1391
Scan type : Complete Scan
Total Scan Time : 00:16:54
Memory items scanned : 301
Memory threats detected : 7
Registry items scanned : 3238
Registry threats detected : 97
File items scanned : 14462
File threats detected : 144
Trojan.Unclassifed/AffiliateBundle
C:\WINDOWS\SYSTEM32\RQRPMJG.DLL
C:\WINDOWS\SYSTEM32\RQRPMJG.DLL
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\rqrpmjg
C:\WINDOWS\SYSTEM32\IIFCDEC.DLL
C:\WINDOWS\SYSTEM32\LJJIFEB.DLL
Adware.Vundo Variant/Resident
C:\WINDOWS\SYSTEM32\NNNKH.DLL
C:\WINDOWS\SYSTEM32\NNNKH.DLL
Unclassified.Unknown Origin
C:\WINDOWS\AG9TZQ\COMMAND.EXE
C:\WINDOWS\AG9TZQ\COMMAND.EXE
HKLM\Software\Classes\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}
HKCR\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}
HKCR\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}
HKCR\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}\InprocServer32
HKCR\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\PVGJRNCU.DLL
HKLM\System\ControlSet001\Services\cmdService
HKLM\System\ControlSet002\Services\cmdService
HKLM\System\CurrentControlSet\Services\cmdService
C:\WINDOWS\Prefetch\COMMAND.EXE-1748B1D0.pf
Trojan.NetMon/DNSChange
C:\PROGRAM FILES\NETWORK MONITOR\NETMON.EXE
C:\PROGRAM FILES\NETWORK MONITOR\NETMON.EXE
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor#Type
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor#Start
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor#ErrorControl
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor#ImagePath
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor#DisplayName
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor#ObjectName
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Security
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Security#Security
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Enum
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Enum#0
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Enum#Count
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Enum#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#DeviceDesc
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000\Control
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000\Control#ActiveService
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#Contact
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#DisplayVersion
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#NoModify
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#NoRemove
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#NoRepair
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#UninstallString
C:\Program Files\Network Monitor
C:\WINDOWS\Prefetch\NETMON.EXE-09C9CC43.pf
Adware.Adservs
C:\WINDOWS\AG9TZQ\ASAPPSRV.DLL
C:\WINDOWS\AG9TZQ\ASAPPSRV.DLL
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\SYSTEM32\Z2\LIAMDLL2.EXE
C:\WINDOWS\Prefetch\LIAMDLL2.EXE-1F8B25E5.pf
Adware.Vundo-Variant/Small-A
C:\WINDOWS\SYSTEM32\JBLLWCAH.DLL
C:\WINDOWS\SYSTEM32\JBLLWCAH.DLL
HKLM\Software\Classes\CLSID\{67693af6-6e6d-44e4-8069-e429042d5129}
HKCR\CLSID\{67693AF6-6E6D-44E4-8069-E429042D5129}
HKCR\CLSID\{67693AF6-6E6D-44E4-8069-E429042D5129}\InprocServer32
HKCR\CLSID\{67693AF6-6E6D-44E4-8069-E429042D5129}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\BKDVUNAH.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{67693af6-6e6d-44e4-8069-e429042d5129}
Trojan.Downloader-Gen/MROFIN
C:\WINDOWS\MROFINU572.EXE
C:\WINDOWS\MROFINU572.EXE
C:\WINDOWS\MROFINU1000106.EXE
C:\WINDOWS\MROFINU572.EXE.TMP
C:\WINDOWS\Prefetch\MROFINU572.EXE-16B9FCA5.pf
Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}
HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}
HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}\InprocServer32
HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{E180F496-8A4B-44E2-9FE0-0364E345DB7F}
HKCR\CLSID\{E180F496-8A4B-44E2-9FE0-0364E345DB7F}
HKCR\CLSID\{E180F496-8A4B-44E2-9FE0-0364E345DB7F}\InprocServer32
HKCR\CLSID\{E180F496-8A4B-44E2-9FE0-0364E345DB7F}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E180F496-8A4B-44E2-9FE0-0364E345DB7F}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{E180F496-8A4B-44E2-9FE0-0364E345DB7F}
HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}
HKCR\CLSID\{E180F496-8A4B-44E2-9FE0-0364E345DB7F}
Adware.Vundo-Variant
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5F90013B-95DF-4C60-80C9-923328D27D70}
HKCR\CLSID\{5F90013B-95DF-4C60-80C9-923328D27D70}
HKCR\CLSID\{5F90013B-95DF-4C60-80C9-923328D27D70}\InprocServer32
HKCR\CLSID\{5F90013B-95DF-4C60-80C9-923328D27D70}\InprocServer32#ThreadingModel
Adware.Tracking Cookie
C:\Documents and Settings\Home\Cookies\[email protected][2].txt
C:\Documents and Settings\Home\Cookies\home@systemerrorfixer[1].txt
C:\Documents and Settings\Home\Cookies\home@2o7[1].txt
C:\Documents and Settings\Home\Cookies\home@atdmt[2].txt
C:\Documents and Settings\Home\Cookies\[email protected][1].txt
C:\Documents and Settings\Home\Cookies\home@73500804[2].txt
C:\Documents and Settings\Home\Cookies\[email protected][1].txt
C:\Documents and Settings\Home\Cookies\[email protected][1].txt
C:\Documents and Settings\Home\Cookies\home@adrevolver[3].txt
C:\Documents and Settings\Home\Cookies\[email protected][1].txt
C:\Documents and Settings\Home\Cookies\[email protected][1].txt
C:\Documents and Settings\Home\Cookies\[email protected][1].txt
C:\Documents and Settings\Home\Cookies\[email protected][2].txt
C:\Documents and Settings\Home\Cookies\home@fastclick[1].txt
C:\Documents and Settings\Home\Cookies\home@tribalfusion[2].txt
C:\Documents and Settings\Home\Cookies\home@avsystemcare[2].txt
C:\Documents and Settings\Home\Cookies\home@neocounter2[1].txt
C:\Documents and Settings\Home\Cookies\[email protected][1].txt
C:\Documents and Settings\Home\Cookies\home@advertising[1].txt
C:\Documents and Settings\Home\Cookies\[email protected][1].txt
C:\Documents and Settings\Home\Cookies\[email protected][2].txt
C:\Documents and Settings\Home\Cookies\[email protected][2].txt
C:\Documents and Settings\Home\Cookies\home@adtech[1].txt
C:\Documents and Settings\Home\Cookies\home@doubleclick[1].txt
C:\Documents and Settings\Home\Cookies\home@mediaplex[1].txt
C:\Documents and Settings\Home\Cookies\home@specificclick[2].txt
C:\Documents and Settings\Home\Cookies\[email protected][1].txt
C:\Documents and Settings\Home\Cookies\[email protected][1].txt
C:\Documents and Settings\Home\Cookies\[email protected][2].txt
C:\Documents and Settings\Home\Cookies\[email protected][1].txt
C:\Documents and Settings\Home\Cookies\home@adecn[2].txt
C:\Documents and Settings\Home\Cookies\home@adserver[1].txt
C:\Documents and Settings\Home\Cookies\home@statcounter[2].txt
C:\Documents and Settings\Home\Cookies\home@clickbank[1].txt
C:\Documents and Settings\Home\Cookies\home@gomyhit[1].txt
C:\Documents and Settings\Home\Cookies\[email protected][1].txt
C:\Documents and Settings\Home\Cookies\[email protected][1].txt
C:\Documents and Settings\Home\Cookies\home@apmebf[1].txt
C:\Documents and Settings\Home\Cookies\home@zedo[1].txt
C:\Documents and Settings\Home\Cookies\[email protected][1].txt
C:\Documents and Settings\Home\Cookies\home@ex=1_[2].txt
C:\Documents and Settings\Home\Cookies\home@cgi-bin[2].txt
C:\Documents and Settings\Home\Cookies\[email protected][1].txt
C:\Documents and Settings\Home\Cookies\home@linksynergy[1].txt
C:\Documents and Settings\Home\Cookies\[email protected][1].txt
C:\Documents and Settings\Home\Cookies\home@adbrite[2].txt
C:\Documents and Settings\Home\Cookies\[email protected][2].txt
C:\Documents and Settings\Home\Cookies\home@advancedcleaner[2].txt
C:\Documents and Settings\Home\Cookies\home@trafficmp[1].txt
C:\Documents and Settings\Home\Cookies\home@winanonymous[2].txt
C:\Documents and Settings\Home\Cookies\home@bestsellerantivirus[1].txt
C:\Documents and Settings\Home\Cookies\[email protected][1].txt
C:\Documents and Settings\Home\Cookies\home@casalemedia[2].txt
C:\Documents and Settings\Home\Cookies\home@888ladies[1].txt
C:\Documents and Settings\Home\Cookies\home@revsci[2].txt
C:\Documents and Settings\Home\Cookies\[email protected][1].txt
C:\Documents and Settings\Home\Cookies\home@bizadverts[2].txt
C:\Documents and Settings\Home\Cookies\home@yadro[2].txt
C:\Documents and Settings\Home\Cookies\home@tradedoubler[1].txt
C:\Documents and Settings\Home\Cookies\home@adrevolver[2].txt
C:\Documents and Settings\Home\Cookies\home@288_[2].txt
C:\Documents and Settings\Home\Cookies\[email protected][2].txt
C:\Documents and Settings\Home\Cookies\home@cassava[1].txt
C:\Documents and Settings\Home\Cookies\home@288_[3].txt
C:\Documents and Settings\Home\Cookies\home@atwola[1].txt
C:\Documents and Settings\Home\Cookies\[email protected][1].txt
C:\Documents and Settings\Home\Cookies\home@247realmedia[1].txt
C:\Documents and Settings\Home\Cookies\[email protected][2].txt
C:\Documents and Settings\Home\Cookies\[email protected][1].txt
Adware.ClickSpring
HKLM\Software\ClickSpring
HKLM\Software\ClickSpring#UBWKR
Trojan.cmdService
HKLM\SYSTEM\CurrentControlSet\Services\cmdService#Type
HKLM\SYSTEM\CurrentControlSet\Services\cmdService#Start
HKLM\SYSTEM\CurrentControlSet\Services\cmdService#ErrorControl
HKLM\SYSTEM\CurrentControlSet\Services\cmdService#ImagePath
HKLM\SYSTEM\CurrentControlSet\Services\cmdService#DisplayName
HKLM\SYSTEM\CurrentControlSet\Services\cmdService#ObjectName
HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Security
HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Security#Security
HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum
HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum#0
HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum#Count
HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum#NextInstance
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}#Contact
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}#DisplayVersion
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}#NoModify
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}#NoRemove
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}#NoRepair
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}#UninstallString
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#DeviceDesc
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000\Control
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000\Control#ActiveService
Trojan.Downloader-Gen/RetAd
HKLM\Software\Microsoft\Windows\CurrentVersion\Run#runner1 [ C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139 ]
Adware.OuterInfo-Installer
C:\DOCUMENTS AND SETTINGS\HOME\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\PTOMTFAB\OIUNINSTALLER[1].EXE
Trojan.Unknown Origin
C:\WINDOWS\AG9TZQ\U36QTK.VBS
C:\WINDOWS\UNINSTALL_NMON.VBS
Malware.LocusSoftware Inc-Installer
C:\WINDOWS\DOWNLOADED PROGRAM FILES\UGA6P_0001_N122M0611NETINSTALLER.EXE
C:\WINDOWS\Prefetch\UGA6P_0001_N122M0611NETINSTAL-15F19D6C.pf
Adware.ClickSpring/Yazzle
C:\WINDOWS\PREFETCH\YAZZLE1281OINADMIN.EXE-2D8F7800.PF
C:\WINDOWS\PREFETCH\YAZZLE1281OINUNINSTALLER.EXE-2B4D86B8.PF
Trace.Known Threat Sources
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\8I18UVKI\errorhandler[1].htm
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\6VT6V5US\index[3].htm
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\8I18UVKI\crypt[1].htm
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\6VT6V5US\index[2].htm
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\8I18UVKI\ajax[1].htm
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\PTOMTFAB\flash_detect[1].htm
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\PTOMTFAB\errorhandler[1].htm
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\8I18UVKI\spacer[1].gif
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\6VT6V5US\feat_bg[1].gif
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\PTOMTFAB\logo[1].jpg
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\PTOMTFAB\managers[1].htm
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\8I18UVKI\spacer[2].gif
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\6VT6V5US\ico_1[1].gif
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\UY534ZRA\ico_5[1].gif
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\UY534ZRA\c21_bg[1].gif
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\UY534ZRA\g-left[1].gif
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\PTOMTFAB\flash[1].swf
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\8I18UVKI\feat_top[1].gif
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\PTOMTFAB\c11_bg[1].gif
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\PTOMTFAB\ico_4[1].gif
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\PTOMTFAB\body_bg[1].gif
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\8I18UVKI\window[1].js
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\6VT6V5US\clean[1].htm
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\6VT6V5US\AC_RunActiveContent[1].htm
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\8I18UVKI\g-bottomleft[1].gif
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\6VT6V5US\g-top[1].gif
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\PTOMTFAB\scan_bot[1].gif
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\8I18UVKI\footer_bg[2].gif
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\8I18UVKI\scans_top[1].gif
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\6VT6V5US\styles[1].css
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\UY534ZRA\feat_bot[1].gif
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\6VT6V5US\g-topleft[1].gif
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\6VT6V5US\feat_li[1].gif
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\8I18UVKI\g-bottom[1].gif
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\UY534ZRA\c12_bg[1].gif
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\UY534ZRA\AC_ActiveX[1].htm
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\PTOMTFAB\logo_bot[1].gif
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\8I18UVKI\fullresize[1].htm
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\UY534ZRA\bar[1].gif
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\6VT6V5US\c22_bg[1].gif
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\6VT6V5US\ajax[1].htm
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\6VT6V5US\scans_bg[1].gif
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\8I18UVKI\[1].htm
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\PTOMTFAB\g-bottomright[1].gif
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\UY534ZRA\g-topright[1].gif
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\UY534ZRA\3_swp[1].htm
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\6VT6V5US\scan_now[1].gif
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:22:07, on 10/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\STDSB.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\wltray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Belkin\F5D7011\Belkinwcui.exe
C:\Program Files\Belkin\F5D7011\ChkDev.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\RABCO\X_RABCOse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: RabioBHO - {1C2E5D27-A17C-4D89-85DD-3553C189380D} - C:\Program Files\RABCO\RABCO.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {E900D4D1-88C3-4396-85E2-8F64391F1C5A} - C:\Program Files\MSN\sacuhy89104.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [STDSB] C:\WINDOWS\system32\STDSB.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AutoConnect] "C:\Documents and Settings\Home\Local Settings\Temp\{0B6FFDCF-58CF-49EF-805E-D320748F06AB}\{80CD64AA-7406-4508-BFDF-2DFE7F1F8EF0}\AutoConnect.exe" BCMALL
O4 - HKLM\..\Run: [wltray.exe] C:\WINDOWS\system32\wltray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [fc3d2809] rundll32.exe "C:\WINDOWS\system32\jbllwcah.dll",b
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: RABCO - Auto Update.lnk = C:\Program Files\RABCO\RABCOse.exe
O4 - Global Startup: Belkin Wireless Utility.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: pvgjrncu - pvgjrncu.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
--
End of file - 4199 bytes