HIJACKTHIS
Logfile of HijackThis v1.99.1
Scan saved at 6:38:07 PM, on 2/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alias\Maya6.0\docs\Wrapper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\gearsec.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alias\Maya6.0\docs\jre\bin\java.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Adam\Programs\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://slickdeals.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://farm.thinktar...ams/r...&o=0&q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://farm.thinktar...ams/r...&o=0&q=
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ANR] C:\Program Files\voice_record\ANR.exe
O4 - HKCU\..\Run: [MySpaceIM] "C:\Program Files\MySpace\IM\MySpaceIM.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Alias Documentation Server (aliasdocserver) - Unknown owner - C:\Program Files\Alias\Maya6.0\docs\Wrapper.exe" -s "C:\Program Files\Alias\Maya6.0\docs/Wrapper.conf (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: gearsec - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plug and Play (PlugPlay) - Padus, Inc. - (no file)
------------------------------------------------------------------------------------------------------------------
Incident Status Location
Adware:adware/dollarrevenue Not disinfected c:\windows\keyboard1.dat
Adware:adware/azesearch Not disinfected Windows Registry
Adware:Adware/SearchAid Not disinfected C:\!KillBox\ms32.tmp
Virus:Bck/Webber.gen Not disinfected C:\!KillBox\x[1].chm[/explorer.exe]
Hacktool:Exploit/Codebase.gen Not disinfected C:\!KillBox\x[1].chm[/x.htm]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Adam\Cookies\[email protected][2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Adam\Cookies\adam@burstnet[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Adam\Cookies\[email protected][1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Adam\Desktop\SpyAxeFix\Process.exe
Virus:Trj/Zapchast.Z Not disinfected C:\Program Files\mIRC\download\DivXPlayerPro64-Setup.exe[Pixelbt32.exe]
Virus:Trj/Pakes.V Not disinfected C:\Program Files\mIRC\download\DivXPlayerPro64-Setup.exe[xpq.exe]
Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\mIRC\download\DivXPlayerPro64-Setup.exe[xpq.exe][mgrsts.exe]
Adware:Adware/Zango Not disinfected C:\Program Files\mIRC\download\Spy Sweeper 5 Final\keygen\keygen.exe
Adware:Adware/Zango Not disinfected C:\Program Files\mIRC\download\Webroot_Spy_Sweeper_5_Final.rar[Spy Sweeper 5 Final\keygen\keygen.exe]
Adware:Adware/PurityScan Not disinfected C:\WINDOWS\ac3_0008.exe[PSCastor.exe]
----------------------------------------------------------------------------------------------------------------------
SUPERAntiSpyware Scan Log
Generated 02/02/2007 at 04:19 PM
Application Version : 3.5.1016
Core Rules Database Version : 3177
Trace Rules Database Version: 1187
Scan type : Complete Scan
Total Scan Time : 02:24:43
Memory items scanned : 334
Memory threats detected : 0
Registry items scanned : 4775
Registry threats detected : 9
File items scanned : 195664
File threats detected : 14
Adware.Tracking Cookie
C:\Documents and Settings\Adam\Cookies\[email protected][1].txt
C:\Documents and Settings\Adam\Cookies\[email protected][1].txt
C:\Documents and Settings\Adam\Cookies\[email protected][1].txt
C:\Documents and Settings\Adam\Cookies\adam@burstnet[2].txt
Trojan.Windows Overlay Components/SysMon
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS\0000#DeviceDesc
Trojan.Security Toolbar
C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url
Trojan.DollarRevenue
C:\WINDOWS\keyboard1.dat
Adware.AdSponsor
C:\Program Files\AdSponsor
Trojan.Rustock/HUY32
C:\WINDOWS\system32:huy32.sys
BearShare File Sharing Client
C:\PROGRAM FILES\MIRC\DOWNLOAD\BEARSHARE_PRO_V5.0.2.3_+_CRACK\BEARSHARE.EXE
Adware.180solutions/Search Assistant
C:\PROGRAM FILES\MIRC\DOWNLOAD\SPY SWEEPER 5 FINAL\KEYGEN\KEYGEN.EXE
Trojan.Downloader-AC3/Gen
C:\WINDOWS\AC3_0008.EXE
Trojan.Downloader-PMTLauncher
C:\WINDOWS\SYSTEM32\PFBO0YJ.EXE
Trace.Known Threat Sources
C:\Documents and Settings\Adam\Local Settings\Temporary Internet Files\Content.IE5\OPWNKVCD\index[1].htm
C:\Documents and Settings\Adam\Local Settings\Temporary Internet Files\Content.IE5\KLQNWX67\spacer[1].gif