SUPERAntiSpyware Scan Log
Generated 01/17/2007 at 01:22 PM
Application Version : 3.4.1000
Core Rules Database Version : 3165
Trace Rules Database Version: 1176
Scan type : Complete Scan
Total Scan Time : 00:10:10
Memory items scanned : 204
Memory threats detected : 0
Registry items scanned : 2727
Registry threats detected : 2
File items scanned : 11920
File threats detected : 6
n-CASE (SongSpy)
[msbb] C:\PROGRAM FILES\180SOLUTIONS\MSBB.EXE
C:\PROGRAM FILES\180SOLUTIONS\MSBB.EXE
Adware.Tracking Cookie
C:\WINDOWS\Cookies\steve kissinger@2o7[1].txt
C:\WINDOWS\Cookies\steve [email protected][2].txt
C:\WINDOWS\Cookies\steve kissinger@overture[1].txt
C:\WINDOWS\Cookies\steve [email protected][1].txt
C:\WINDOWS\Cookies\steve [email protected][2].txt
Adware.WebNexus
HKLM\Software\Microsoft\Windows\CurrentVersion\Run#Win Server Updt [ C:\WINDOWS\wupdt.exe ]
ActiveScan
Incident Status Location
Adware:adware/cws.yexe Not disinfected c:\web.exe
Adware:adware/ncase Not disinfected c:\windows\msbbi.exe
Adware:adware/exact.bargainbuddy Not disinfected c:\windows\bargain.exe
Spyware:spyware/clipgenie Not disinfected c:\windows\clipg.exe
Dialer:dialer generic Not disinfected c:\program files\dialers
Adware:adware/sidesearch Not disinfected c:\program files\Lycos
Adware:adware/plook Not disinfected c:\program files\Wink
Adware:adware/ist.istbar Not disinfected Windows Registry
Adware:adware/dyfuca Not disinfected Windows Registry
Spyware:spyware/betterinet Not disinfected Windows Registry
Adware:adware/toprebates Not disinfected Windows Registry
Virus:Trj/Ruins.FO Disinfected C:\WINDOWS\SYSTEM\csgfm.exe
Virus:Trj/Ruins.GF Disinfected C:\WINDOWS\SYSTEM\dmppu.exe
Adware:Adware/SpyMarshal Not disinfected C:\WINDOWS\SYSTEM\{8C75BAF5-90E7-4F95-B4C6-AFCD39F5302E}.exe
Virus:Trj/Ruins.FO Disinfected C:\WINDOWS\SYSTEM\cslhv.exe
Virus:Trj/Ruins.FO Disinfected C:\WINDOWS\SYSTEM\csvqj.exe
Virus:Trj/Cimuz.BM Disinfected C:\WINDOWS\x0dvl1d0.exe
Virus:Trj/Downloader.LRW Disinfected C:\WINDOWS\lfed4t06.exe
Virus:Trj/Cimuz.BM Disinfected C:\WINDOWS\2zexdyju.exe
HJT Log
Logfile of HijackThis v1.99.1
Scan saved at 2:26:22 PM, on 1/17/07
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\DANTZ\RETROSPECT\WDSVC.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE
C:\WINDOWS\SYSTEM\NVSVC.EXE
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\USBMONIT.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\DISK REMOVAL UTILITY - WD\WD2507MON.EXE
C:\WINDOWS\SYSTEM\WDBTNMGR.EXE
C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MANAGER\VIEWMGR.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\PHOTOSMART\PHOTO IMAGING\HPI_MONITOR.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.EXE
C:\WINDOWS\SYSTEM\CARPSERV.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\SUPERANTISPYWARE\SUPERANTISPYWARE.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOBNZ08.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOSOL08.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOEVM08.EXE
C:\PROGRAM FILES\IOMEGA\TOOLS\IMGICON.EXE
C:\PROGRAM FILES\AOL COMPANION\COMPANION.EXE
C:\WINDOWS\SYSTEM\HPZIPM12.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOSTS08.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\DESKTOP\SPYWARE SCANNERS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YT.DLL
F1 - win.ini: run=C:\WINDOWS\..\PROGRA~1\COMMON~1\MICROS~1\MSINFO\info32.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YT.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: FPBrowserHelperObject Class - {6427806D-3820-11D5-9939-00B0D0522EB5} - C:\PROGRAM FILES\PALMONE\FIRECONVERTERBROWSERHELPEROBJECT.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YT.DLL
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINDOWS\SYSTEM\USBMonit.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Winkjx] C:\WINDOWS\SYSTEM\Winkjx.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [WD2507MON] C:\Program Files\Disk Removal Utility - WD\WD2507Mon.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [Winklgz] C:\WINDOWS\SYSTEM\Winklgz.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Winkur] C:\WINDOWS\SYSTEM\Winkur.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [DSS] C:\WINDOWS\BBStore\DSS\dssagent.exe
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [Bargains] C:\Program Files\Bargain Buddy\bin\bargains.exe
O4 - HKLM\..\Run: [ADH] C:\WINDOWS\ADH.exe
O4 - HKLM\..\Run: [BELT] C:\WINDOWS\BELT.exe
O4 - HKLM\..\Run: [WebSavingsfromEbates] wjview /cp:p "C:\Program Files\WebSavingsfromEbates\System\Code" Main lp: "C:\Program Files\WebSavingsfromEbates"
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Retrospect WD Service] C:\PROGRAM FILES\DANTZ\RETROSPECT\WDSVC.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE"
O4 - HKLM\..\RunServices: [NVSvc] C:\WINDOWS\SYSTEM\nvsvc.exe -runservice
O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\PROGRAM FILES\SUPERANTISPYWARE\SUPERANTISPYWARE.EXE
O4 - Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMREMIND.EXE
O4 - Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Startup: officejet 6100.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
O4 - Startup: Desktop Application Director 9.LNK = C:\Program Files\Corel\WordPerfect Family Pack 3\programs\dad9.exe
O4 - Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0d\aoltray.exe
O4 - Startup: IomegaWare.lnk = C:\Program Files\Iomega\IomegaWare\Commander.exe
O4 - Startup: Iomega QuikSync.lnk = C:\Program Files\Iomega\QuikSync\QuikSync.exe
O4 - Startup: Iomega Icons.lnk = C:\Program Files\Iomega\Tools\imgicon.exe
O4 - Startup: Iomega Startup Options.lnk = C:\Program Files\Iomega\Tools\imgstart.exe
O4 - Startup: PowerReg Scheduler.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\COMPANION\MODULES\MESSMOD2\V4\YHEXBMES.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\COMPANION\MODULES\MESSMOD2\V4\YHEXBMES.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: Yahoo! Literati - http://download2.gam...nts/y/tt5_x.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab53083.cab
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt3_x.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://leeannedisel....ad/MsnPUpld.cab
O16 - DPF: Yahoo! Spelldown - http://download.game...ts/y/sdt1_x.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: Yahoo! Word Racer - http://download2.gam...nts/y/wt1_x.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 85.255.115.157,85.255.112.97
O20 - Winlogon Notify: !SASWinLogon - C:\PROGRAM FILES\SUPERANTISPYWARE\SASWINLO.DLL
So what do i do now??