Results 1 to 3 of 3

Thread: Trojan Downloader

  1. 2009-01-19, 02:17 #1
    Baldington2
    Baldington2 is offline
    Junior Member
    Join Date
    Jan 2008
    Posts
    26

    Talking Trojan Downloader

    Hello,

    My mom's laptop seems to be infected with all sorts of trojans, causing the spybot resient teatimer to constantly deny the change of a "pokiliweki" startup item, based on my blacklist. Here's are my logs:

    Friday, January 16, 2009
    Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
    Kaspersky Online Scanner 7 version: 7.0.25.0
    Program database last update: Friday, January 16, 2009 10:08:20
    Records in database: 1630305
    Scan settings
    Scan using the following database extended
    Scan archives yes
    Scan mail databases yes
    Scan area My Computer
    C:\
    D:\
    E:\
    Scan statistics
    Files scanned 42141
    Threat name 8
    Infected objects 9
    Suspicious objects 0
    Duration of the scan 01:59:55

    File name Threat name Threats count
    C:\Documents and Settings\Wasilat Onaneye\Local Settings\Temporary Internet Files\Content.IE5\9TNFV949\klite_ath_cx[1] Infected: Trojan-Downloader.JS.Psyme.amg 1
    C:\Documents and Settings\Wasilat Onaneye\Local Settings\Temporary Internet Files\Content.IE5\9TNFV949\winsinstall[1].exe Infected: not-a-virus:FraudTool.Win32.VirusRemover.az 1
    C:\Documents and Settings\Wasilat Onaneye\Local Settings\Temporary Internet Files\Content.IE5\AET1513E\apstpldr.dll[1].htm Infected: Trojan.Win32.Monder.ankv 1
    C:\Documents and Settings\Wasilat Onaneye\Local Settings\Temporary Internet Files\Content.IE5\AET1513E\upd105320[1] Infected: Trojan.Win32.Monder.anir 1
    C:\Documents and Settings\Wasilat Onaneye\Local Settings\Temporary Internet Files\Content.IE5\AET1513E\VirusRemover2008_Setup_Free_en[1].exe Infected: not-a-virus:FraudTool.Win32.VirusRemover.ao 1
    C:\Documents and Settings\Wasilat Onaneye\Local Settings\Temporary Internet Files\Content.IE5\AET1513E\VirusRemover2008_Setup_Free_en[1].exe Infected: Trojan-Downloader.Win32.FraudLoad.cvm 1
    C:\Documents and Settings\Wasilat Onaneye\Local Settings\Temporary Internet Files\Content.IE5\TDY6OHWD\divx[1] Infected: Trojan.Win32.Monder.ankf 1
    C:\Documents and Settings\Wasilat Onaneye\Local Settings\Temporary Internet Files\Content.IE5\TDY6OHWD\index[1] Infected: not-a-virus:AdWare.Win32.SuperJuan.gcf 1
    C:\WINDOWS\system32\rqRIyARj.dll Infected: Trojan.Win32.Monder.ankv 1
    The selected area was scanned.


    Here are my HJT logs:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:13:15 AM, on 1/16/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\Program Files\Athan\Athan.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\TheSage\TheSage.exe
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\PROGRA~1\Mozilla Firefox\firefox.exe
    C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    F3 - REG:win.ini: load=
    F3 - REG:win.ini: run=
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {B10782AB-4D2C-49AE-8459-793C2B13BCBC} - C:\WINDOWS\system32\hgGyYOef.dll (file missing)
    O2 - BHO: (no name) - {D4CDC21D-43BE-4101-A1EF-E379F134771E} - (no file)
    O2 - BHO: (no name) - {d9b0577d-6a00-4f18-a430-e61487cd5a14} - C:\WINDOWS\system32\holuwuma.dll
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
    O4 - HKLM\..\Run: [pokiliweki] Rundll32.exe "C:\WINDOWS\system32\zayitala.dll",s
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [pokiliweki] Rundll32.exe "C:\WINDOWS\system32\zayitala.dll",s (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [pokiliweki] Rundll32.exe "C:\WINDOWS\system32\zayitala.dll",s (User 'NETWORK SERVICE')
    O4 - Startup: TheSage.lnk = C:\Program Files\TheSage\TheSage.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O20 - AppInit_DLLs: C:\WINDOWS\system32\keturige.dll
    O20 - Winlogon Notify: iifgGWME - iifgGWME.dll (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
    O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

    --
    End of file - 6833 bytes

    Thanks in advance.
  2. 2009-01-21, 00:43 #2
    Baldington2
    Baldington2 is offline
    Junior Member
    Join Date
    Jan 2008
    Posts
    26

    Default Don't Read This Topic!!!

    Hello,

    My mom's laptop seems to be infected with all sorts of trojans, causing the spybot resient teatimer to constantly deny the change of a "pokiliweki" startup item, based on my blacklist. Here's are my logs:

    Friday, January 16, 2009
    Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
    Kaspersky Online Scanner 7 version: 7.0.25.0
    Program database last update: Friday, January 16, 2009 10:08:20
    Records in database: 1630305
    Scan settings
    Scan using the following database extended
    Scan archives yes
    Scan mail databases yes
    Scan area My Computer
    C:\
    D:\
    E:\
    Scan statistics
    Files scanned 42141
    Threat name 8
    Infected objects 9
    Suspicious objects 0
    Duration of the scan 01:59:55

    File name Threat name Threats count
    C:\Documents and Settings\Wasilat Onaneye\Local Settings\Temporary Internet Files\Content.IE5\9TNFV949\klite_ath_cx[1] Infected: Trojan-Downloader.JS.Psyme.amg 1
    C:\Documents and Settings\Wasilat Onaneye\Local Settings\Temporary Internet Files\Content.IE5\9TNFV949\winsinstall[1].exe Infected: not-a-virus:FraudTool.Win32.VirusRemover.az 1
    C:\Documents and Settings\Wasilat Onaneye\Local Settings\Temporary Internet Files\Content.IE5\AET1513E\apstpldr.dll[1].htm Infected: Trojan.Win32.Monder.ankv 1
    C:\Documents and Settings\Wasilat Onaneye\Local Settings\Temporary Internet Files\Content.IE5\AET1513E\upd105320[1] Infected: Trojan.Win32.Monder.anir 1
    C:\Documents and Settings\Wasilat Onaneye\Local Settings\Temporary Internet Files\Content.IE5\AET1513E\VirusRemover2008_Setup_Free_en[1].exe Infected: not-a-virus:FraudTool.Win32.VirusRemover.ao 1
    C:\Documents and Settings\Wasilat Onaneye\Local Settings\Temporary Internet Files\Content.IE5\AET1513E\VirusRemover2008_Setup_Free_en[1].exe Infected: Trojan-Downloader.Win32.FraudLoad.cvm 1
    C:\Documents and Settings\Wasilat Onaneye\Local Settings\Temporary Internet Files\Content.IE5\TDY6OHWD\divx[1] Infected: Trojan.Win32.Monder.ankf 1
    C:\Documents and Settings\Wasilat Onaneye\Local Settings\Temporary Internet Files\Content.IE5\TDY6OHWD\index[1] Infected: not-a-virus:AdWare.Win32.SuperJuan.gcf 1
    C:\WINDOWS\system32\rqRIyARj.dll Infected: Trojan.Win32.Monder.ankv 1
    The selected area was scanned.


    Here are my HJT logs:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:13:15 AM, on 1/16/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\Program Files\Athan\Athan.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\TheSage\TheSage.exe
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\PROGRA~1\Mozilla Firefox\firefox.exe
    C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    F3 - REG:win.ini: load=
    F3 - REG:win.ini: run=
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {B10782AB-4D2C-49AE-8459-793C2B13BCBC} - C:\WINDOWS\system32\hgGyYOef.dll (file missing)
    O2 - BHO: (no name) - {D4CDC21D-43BE-4101-A1EF-E379F134771E} - (no file)
    O2 - BHO: (no name) - {d9b0577d-6a00-4f18-a430-e61487cd5a14} - C:\WINDOWS\system32\holuwuma.dll
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
    O4 - HKLM\..\Run: [pokiliweki] Rundll32.exe "C:\WINDOWS\system32\zayitala.dll",s
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [pokiliweki] Rundll32.exe "C:\WINDOWS\system32\zayitala.dll",s (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [pokiliweki] Rundll32.exe "C:\WINDOWS\system32\zayitala.dll",s (User 'NETWORK SERVICE')
    O4 - Startup: TheSage.lnk = C:\Program Files\TheSage\TheSage.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O20 - AppInit_DLLs: C:\WINDOWS\system32\keturige.dll
    O20 - Winlogon Notify: iifgGWME - iifgGWME.dll (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
    O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

    --
    End of file - 6833 bytes

    Thanks in advance.
    Last edited by tashi; 2009-01-21 at 02:43. Reason: Merged two topics
  3. 2009-01-21, 02:45 #3
    tashi
    tashi is offline
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,961

    Default

    Hello Baldington2,

    Four topics, this one http://forums.spybot.info/showthread.php?t=44272 will remain open unless you start a fifth showing that the forum stickied faqs have not been read.

    In which case all threads will be closed.

    "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)

    Please do not start more than one topic for the same computer, during the same period. It will either be removed, or merged with your original thread.
    The Waiting Room: Post here if waiting for help longer than four days

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016
« Previous Thread | Next Thread »

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules