Logfile of HijackThis v1.99.1
Scan saved at 11:21:20 AM, on 2/20/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\User\Desktop\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: VBA Object - {0D0917D5-C9B5-2E51-253F-7FCB08E4DF38} - C:\WINDOWS\system\mpsctl32.dll
O2 - BHO: (no name) - {36645342-9475-2663-166A-466739207346} - C:\WINDOWS\System32\ipv6mote.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5B463030-B018-479A-A2E0-82A81E24C596} - C:\WINDOWS\system32\clmgclm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-36.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installen...gine/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zone...ctor/WebAAS.cab
O16 - DPF: {D7208880-9B7A-43E1-AABB-8C888A5704F9} (NetCamPlayerWeb11gv2 Control) - http://snowdonhouse....yerWeb11gv2.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: dundopoh - C:\WINDOWS\SYSTEM32\clmgclm.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
SUPERAntiSpyware Scan Log
Generated 02/20/2007 at 00:26 AM
Application Version : 3.5.1016
Core Rules Database Version : 3186
Trace Rules Database Version: 1196
Scan type : Complete Scan
Total Scan Time : 00:56:14
Memory items scanned : 342
Memory threats detected : 0
Registry items scanned : 4568
Registry threats detected : 3
File items scanned : 70355
File threats detected : 2
Adware.Tracking Cookie
C:\Documents and Settings\User\Cookies\user@questionmarket[1].txt
Adware.180solutions/ZangoSearch
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SAIX.dll
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SAIX.dll#.Owner
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SAIX.dll#{DECEAAA2-370A-49BB-9362-68C3A58DDC62}
Kontiki Download Manager Browser Helper Object
C:\PROGRAM FILES\KONTIKI\BIN\BH309190.DLL
uninstall list:
Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Flash Player 9 ActiveX
Adobe Photoshop Elements 3.0
AdWare & SpyWare
ALPS Touch Pad Driver
Atheros Client Utility
AVG 7.5
AVG Anti-Spyware 7.5
Bridge Builder
CCleaner (remove only)
C-Dilla Licence Management System
Drag'n Drop CD+DVD
DVD-RAM Driver
EndItAll 2.0
First Step Guide
Google Toolbar for Internet Explorer
HijackThis 1.99.1
Image Transfer
ImageMixer for Sony
ImageMixer VCD2
Internet Explorer Q832894
InterVideo WinDVD 4
LiveUpdate 1.80 (Symantec Corporation)
Macromedia Flash Player
Macromedia Shockwave Player
Media Downloader
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft Office 2000 SR-1 Disc 2
Microsoft Office 2000 SR-1 Small Business
Microsoft Works 7.0
MicroStaff WINASPI
MouseWorks
MSXML 4.0 SP2 Parser and SDK
Notebook Maximizer
NVIDIA Windows 2000/XP Display Drivers
Outlook Express Q837009
Panda ActiveScan
Picture Package
PokerStars
Punch! Home Design - Platinum
Quicken 2003 New User Edition
QuickTime
RealPlayer Basic
Realtek AC'97 Audio
Realtek Fast Ethernet Adapter Driver
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB901214)
Shockwave
SMSC IrCC Driver V5.1.2462.0 (WinXP)
Software Suite
Sony USB Driver
Spybot - Search & Destroy 1.4
SUPERAntiSpyware Free Edition
TOSHIBA Access
TOSHIBA ConfigFree
TOSHIBA Console
TOSHIBA Hotkey Utility
TOSHIBA Power Management Utility
Toshiba Registration
TOSHIBA SD Memory Card Format
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
Toshiba Tbiosdrv Driver
TouchPad On/Off Utility
TurboTax Deluxe 2005
TurboTax Deluxe Deduction Maximizer 2006
TurboTax ItsDeductible 2006
TVUPlayer 2.2.0
Update for Windows XP (KB898461)
Version 1.03 Lite (Free)
Viewpoint Media Player
WexTech AnswerWorks
Windows Installer 3.1 (KB893803)
Windows Media Player Hotfix [See Q828026 for more information]
Windows XP Hotfix - KB822603
Windows XP Hotfix - KB823182
Windows XP Hotfix - KB824105
Windows XP Hotfix - KB824141
Windows XP Hotfix - KB825119
Windows XP Hotfix - KB826939
Windows XP Hotfix - KB828035
Windows XP Hotfix - KB828741
Windows XP Hotfix - KB835732
Windows XP Hotfix - KB837001
Windows XP Hotfix - KB842773
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix (SP2) [See q329112 for more information]
Windows XP Hotfix (SP2) Q327979
Windows XP Hotfix (SP2) q329623
Windows XP Hotfix (SP2) Q810583
Windows XP Hotfix (SP2) Q811048
Windows XP Hotfix (SP2) Q815485
Windows XP Hotfix (SP2) Q816843
ZoneAlarm
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 11:16:28 PM 2/19/2007
+ Scan result:
C:\WINDOWS\system32\70tovmto.ini -> Adware.Sahat : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ipv6mote.dll -> Logger.BZub.hx : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\RECYCLER\S-4649~1\Dc151.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\RECYCLER\S-4649~1\Dc1672.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\RECYCLER\S-4649~1\Dc57.txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\RECYCLER\S-4649~1\Dc188.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\RECYCLER\S-4649~1\Dc2.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\RECYCLER\S-4649~1\Dc58.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\RECYCLER\S-4649~1\Dc115.txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\RECYCLER\S-4649~1\Dc11.txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\RECYCLER\S-4649~1\Dc124.txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\RECYCLER\S-4649~1\Dc125.txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\RECYCLER\S-4649~1\Dc22.txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\RECYCLER\S-4649~1\Dc132.txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\RECYCLER\S-4649~1\Dc55.txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\RECYCLER\S-4649~1\Dc171.txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\RECYCLER\S-4649~1\Dc39.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\RECYCLER\S-4649~1\Dc179.txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\RECYCLER\S-4649~1\Dc83.txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\RECYCLER\S-4649~1\Dc190.txt -> TrackingCookie.Targetnet : Cleaned.
::Report end
Incident Status Location
Virus:Bck/Murbac.A Disinfected Operating system
Adware:adware/wupd Not disinfected Windows Registry
Dialer:dialer.ok Not disinfected HKEY_CLASSES_ROOT\Interface\{66BD1BD0-3655-42E4-8CE9-16D3613B0B25}
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\All Users\Documents\My Music\Sample Music\RECYCLER\S-4649~1\Dc119.txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\All Users\Documents\My Music\Sample Music\RECYCLER\S-4649~1\Dc140.txt
Dialer:Dialer.OK Not disinfected C:\Documents and Settings\User\Desktop\backups\backup-20050222-210211-469.inf
Virus:Trj/Bzub.S Disinfected C:\WINDOWS\system32\arrrcjca.exe
Adware:Adware/MyDailyHoroscope Not disinfected C:\WINDOWS\system32\patch.exe
Edited by ponz, 20 February 2007 - 10:56 AM.