Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:32:44 AM, on 2/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\dllhost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\DAEMON Tools\daemon .exe
C:\WINDOWS\system32\?ecurity\t?skmgr.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Folding@Home\winFAH.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Folding@Home\FahCore_78.exe
C:\WINDOWS\PPATCH~1\spoolsv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon........&bm=ms_home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F3 - REG:win.ini: load=C:\WINDOWS\system32\awvvs.exe
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1145415281\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [BM970cc1f8] Rundll32.exe "C:\WINDOWS\system32\jrbjqlcn.dll",s
O4 - HKCU\..\Run: [Chckup] C:\WINDOWS\system32\Netverchk.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] /L:ENG
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Knmvxw] C:\WINDOWS\system32\?ecurity\t?skmgr.exe
O4 - HKCU\..\Run: [Uaol] "C:\WINDOWS\PPATCH~1\spoolsv.exe" -vt ndrv
O4 - Startup: Folding@Home 5.03.lnk = ?
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.p0rt2.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyds...DSL/tgctlcm.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\SCRABBLE\Images\stg_drm.ocx
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplane...DC_2.3.1.99.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...83/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O22 - SharedTaskScheduler: eitheror - {2016a466-91a2-43c6-97d8-2fd380f065ef} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
--
End of file - 11577 bytes
Incident Status Location
Adware:Adware/InternetSpeedMonitor Not disinfected C:\Program Files\QdrDrive\QdrDrive10.dll
Spyware:spyware/surfsidekick Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Ssk.log
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\cookies.txt[.com.com/]
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\cookies.txt[.target.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\cookies.txt[.go.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@adrevolver[2].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/Revenue Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@adsrevenue[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@advertising[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@apmebf[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@burstnet[2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@enhance[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@fastclick[2].txt
Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@findwhat[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@overture[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@realmedia[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@serving-sys[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@statcounter[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@zedo[2].txt
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Administrator\Desktop\ComboFix.exe[327882R2FWJFW\nircmd.com]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Administrator\Desktop\ComboFix.exe[327882R2FWJFW\nircmd.cfexe]
Adware:Adware/Popadd Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\MDL9D.tmp[QdrModule12.exe]
Adware:Adware/Popadd Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\TMPBC.tmp
Adware:Adware/Popadd Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\AXK9E34D\ismtpa10[1].exe[QdrModule12.exe]
Adware:Adware/Matcash Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MNUJQVWB\2c1dbeb1361cce3acfbbca0488dfd6ee[1].zip[b151.exe]
Adware:Adware/VideoActiveXObject Not disinfected C:\Documents and Settings\Administrator\My Documents\My Downloads\myspace.exe
Adware:Adware/Yazzle Not disinfected C:\Program Files\Common Files\Yazzle1552OinAdmin.exe
Adware:Adware/Yazzle Not disinfected C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe
Possible Virus. Not disinfected C:\Program Files\FaxTools\Install\Setup.exe
Virus:Generic Malware Disinfected C:\Program Files\GameSpy Arcade\Services\_common\PortraitLoader.dll
Possible Virus. Not disinfected C:\Program Files\InstallShield Installation Information\{F45298E5-0083-426F-A668-1A2C5F04B8A0}\Setup.exe
Adware:Adware/Zenosearch Not disinfected C:\Program Files\Outerinfo\FF\components\FF.dll
Possible Virus. Not disinfected C:\Program Files\Shadow Tool.exe
Virus:Generic Trojan Disinfected C:\WINDOWS\b104.exe
Virus:Trj/Downloader.SLD Disinfected C:\WINDOWS\b116.exe
Virus:Trj/Downloader.PLQ Disinfected C:\WINDOWS\b138.exe
Adware:Adware/Matcash Not disinfected C:\WINDOWS\b151.exe
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\Nircmd.exe
Adware:Adware/Yazzle Not disinfected C:\WINDOWS\system32\L3B9A.tmp
Adware:Adware/Yazzle Not disinfected C:\WINDOWS\system32\L6141.tmp
Adware:Adware/InternetSpeedMonitor Not disinfected C:\WINDOWS\system32\L633F.tmp[ism.exe]
Adware:Adware/InternetSpeedMonitor Not disinfected C:\WINDOWS\system32\L633F.tmp[QdrDrive10.dll]
Adware:Adware/Popadd Not disinfected C:\WINDOWS\system32\L633F.tmp[QdrModule12.exe]
Adware:Adware/InternetSpeedMonitor Not disinfected C:\WINDOWS\system32\L6BF1.tmp[ism.exe]
Adware:Adware/InternetSpeedMonitor Not disinfected C:\WINDOWS\system32\L6BF1.tmp[QdrDrive10.dll]
Adware:Adware/Popadd Not disinfected C:\WINDOWS\system32\L6BF1.tmp[QdrModule12.exe]
Adware:Adware/Yazzle Not disinfected C:\WINDOWS\system32\L92CE.tmp
Adware:Adware/InternetSpeedMonitor Not disinfected C:\WINDOWS\system32\LCB81.tmp[ism.exe]
Adware:Adware/InternetSpeedMonitor Not disinfected C:\WINDOWS\system32\LCB81.tmp[QdrDrive10.dll]
Adware:Adware/Popadd Not disinfected C:\WINDOWS\system32\LCB81.tmp[QdrModule12.exe]
Adware:Adware/InternetSpeedMonitor Not disinfected C:\WINDOWS\system32\LCEFF.tmp[ism.exe]
Adware:Adware/InternetSpeedMonitor Not disinfected C:\WINDOWS\system32\LCEFF.tmp[QdrDrive10.dll]
Adware:Adware/Popadd Not disinfected C:\WINDOWS\system32\LCEFF.tmp[QdrModule12.exe]
Adware:Adware/Yazzle Not disinfected C:\WINDOWS\system32\LE1CB.tmp
SUPERAntiSpyware Scan Log
Generated 02/16/2008 at 08:12 PM
Application Version : 3.6.1000
Core Rules Database Version : 3404
Trace Rules Database Version: 1396
Scan type : Complete Scan
Total Scan Time : 01:43:50
Memory items scanned : 516
Memory threats detected : 0
Registry items scanned : 7409
Registry threats detected : 37
File items scanned : 112549
File threats detected : 78
Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{4865F155-CE00-4E93-A414-147844D7C81A}
HKCR\CLSID\{4865F155-CE00-4E93-A414-147844D7C81A}
HKCR\CLSID\{4865F155-CE00-4E93-A414-147844D7C81A}
HKCR\CLSID\{4865F155-CE00-4E93-A414-147844D7C81A}\InprocServer32
HKCR\CLSID\{4865F155-CE00-4E93-A414-147844D7C81A}\InprocServer32#ThreadingModel
HKCR\CLSID\{4865F155-CE00-4E93-A414-147844D7C81A}\ProgID
HKCR\CLSID\{4865F155-CE00-4E93-A414-147844D7C81A}\Programmable
HKCR\CLSID\{4865F155-CE00-4E93-A414-147844D7C81A}\TypeLib
HKCR\CLSID\{4865F155-CE00-4E93-A414-147844D7C81A}\VersionIndependentProgID
C:\WINDOWS\SYSTEM32\TCBLROHK.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4865F155-CE00-4E93-A414-147844D7C81A}
Adware.Mirar/NetNucleus
HKU\S-1-5-21-861567501-117609710-725345543-500\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser#{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}#SystemComponent
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}#Installer
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\Contains
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\Contains\Files
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\Contains\Files#C:\WINDOWS\system32\WinATS.dll
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\DownloadInformation
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\DownloadInformation#CODEBASE
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\DownloadInformation#INF
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\InstalledVersion
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\InstalledVersion#LastModified
C:\WINDOWS\Downloaded Program Files\WinATS.inf
C:\WINDOWS\MIRAR_DISTRO_876088.EXE
Adware.Tracking Cookie
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@media6degrees[3].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adbrite[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@specificclick[2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adrevolver[5].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][3].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adrevolver[4].txt
C:\Documents and Settings\Administrator\Cookies\administrator@cgi-bin[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adecn[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@interclick[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@findwhat[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][4].txt
C:\Documents and Settings\Administrator\Cookies\administrator@questionmarket[1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][5].txt
C:\Documents and Settings\Administrator\Cookies\administrator@cpvfeed[2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@trafficmp[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@burstnet[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@fastclick[2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@advertising[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@findology[2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@zedo[1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@mediatraffic[2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@hitbox[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@directtrack[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@realmedia[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adserver[1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adecn[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adrevolver[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adrevolver[2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@findology[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@interclick[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@media6degrees[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@specificclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@specificclick[3].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
Trojan.Malware
C:\asdf.txt
Trojan.Media-Codec
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad#eitheror [ {2016a466-91a2-43c6-97d8-2fd380f065ef} ]
Malware.SpyDawn
HKCR\CLSID\{C1DF2728-8510-0773-96D8-5D0C1F27821B}
HKCR\CLSID\{C1DF2728-8510-0773-96D8-5D0C1F27821B}\bTyayp
HKCR\CLSID\{C1DF2728-8510-0773-96D8-5D0C1F27821B}\eocVJvFv
HKCR\CLSID\{C1DF2728-8510-0773-96D8-5D0C1F27821B}\fwOqszla
HKCR\CLSID\{C1DF2728-8510-0773-96D8-5D0C1F27821B}\InprocServer32
HKCR\CLSID\{C1DF2728-8510-0773-96D8-5D0C1F27821B}\InprocServer32#ThreadingModel
HKCR\CLSID\{C1DF2728-8510-0773-96D8-5D0C1F27821B}\ProgID
HKCR\CLSID\{C1DF2728-8510-0773-96D8-5D0C1F27821B}\Programmable
HKCR\CLSID\{C1DF2728-8510-0773-96D8-5D0C1F27821B}\pzYiyqtaijpi
HKCR\CLSID\{C1DF2728-8510-0773-96D8-5D0C1F27821B}\TypeLib
HKCR\CLSID\{C1DF2728-8510-0773-96D8-5D0C1F27821B}\VersionIndependentProgID
HKCR\CLSID\{C1DF2728-8510-0773-96D8-5D0C1F27821B}\vllgntfpHdzd
HKCR\CLSID\{C1DF2728-8510-0773-96D8-5D0C1F27821B}\Wedqu
HKCR\CLSID\{C1DF2728-8510-0773-96D8-5D0C1F27821B}\zaxVxkhdeIz
Adware.ClickSpring-Variant
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\DOCTORWEB\QUARANTINE\MSHTA.EXE
Browser Hijacker.Favorites
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\FAVORITES\ONLINE SECURITY TEST.URL
Adware.Unknown Origin
C:\PROGRAM FILES\COMMON FILES\ZZIW\ZZIWD\CLASS-BARREL
Adware.WhenU
C:\PROGRAM FILES\DAEMON TOOLS\SETUPDTSB.EXE
Adware.Vundo Variant
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\DDABB.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\MXKNQ.DLL.VIR
Trojan.Unknown Origin
C:\QOOBOX\QUARANTINE\C\WINDOWS\UNINST2.HTM.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\UNIST1.HTM.VIR
C:\WINDOWS\TEMPF.TXT
Adware.BusMaster/SafeSurfing
C:\SYSTEM VOLUME INFORMATION\_RESTORE{242BB971-8C79-46B4-8933-9DD17654A863}\RP726\A0149549.DLL
Unclassified.Unknown Origin/System
C:\SYSTEM VOLUME INFORMATION\_RESTORE{242BB971-8C79-46B4-8933-9DD17654A863}\RP726\A0149550.EXE
Trojan.Downloader-Gen/MROFIN
C:\WINDOWS\MROFINU72.EXE.TMP
Thanks agine!