I will add the active scan log, uninstall, superantispyware and Malwarebytes log too.
I look forward to any help you can offer.
Thanks in advance
HIJACK THIS
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:49:45, on 30/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\AppleOSSMgr.exe
C:\WINDOWS\system32\AppleTimeSrv.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\IRW.exe
C:\Program Files\Boot Camp\KbdMgr.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\SM1BG.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.....co.uk/ig?hl=en
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IRW] C:\WINDOWS\system32\IRW.exe
O4 - HKLM\..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\KbdMgr.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {C0B8E968-6A2B-4825-8029-A92874CA6BD5} (VPlayer Control) - http://video.vividas...player_ocx.jpeg
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = bel.local
O17 - HKLM\Software\..\Telephony: DomainName = bel.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = bel.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = bel.local
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Apple OS Switch Manager (AppleOSSMgr) - Unknown owner - C:\WINDOWS\system32\AppleOSSMgr.exe
O23 - Service: Apple Time Service (AppleTimeSrv) - Apple Inc. - C:\WINDOWS\system32\AppleTimeSrv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 10641 bytes
Uninstall List
AC3Filter (remove only)
Ad-Aware 2007
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.2
Adobe Shockwave Player
Apple Mobile Device Support
Apple Software Update
AutoCAD 2008 - English
Autodesk DWF Viewer 7
Boot Camp Services
Browser Optimizer Dcads
CutePDF Writer 2.7
Cypress USB Mass Storage Driver Installation
DivX Author 1.5
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Enhancement Browser Tools Superiorads
EPSON TWAIN 5
FlashFXP v3
Free DWG Viewer 6.0
Google Earth
GPL MPEG-1/2 DirectShow Decoder Filter
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915800)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
igLoader
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
Java 6 Update 2
Java 6 Update 3
Java 6 Update 5
LimeWire 4.16.6
Macromedia Flash Player 8
Malwarebytes' Anti-Malware
McAfee VirusScan Enterprise
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (2.0.0.14)
MSVC80_x86
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
MySidesearch Search Assistant Bfinding
neroxml
Next Generation Visualisations
NVIDIA Drivers
OpenAL
Panda ActiveScan 2.0
PC Connectivity Solution
QuickTime
Realtek High Definition Audio Driver
Roxio Easy Media Creator 7
Safari
Security Update for Excel 2007 (KB946974)
Security Update for Office 2007 (KB934062)
Security Update for Office 2007 (KB947801)
Security Update for Outlook 2007 (KB946983)
Security Update for Publisher 2007 (KB936646)
Security Update for the 2007 Microsoft Office System (KB936960)
Security Update for Visio 2007 (KB947590)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Skype™ 3.6
Sothink Movie DVD Maker
SUPERAntiSpyware Free Edition
Trials 2
Trials 2 Second Edition
Trials Construction Yard (remove only)
Update for Office 2007 (KB932080)
Update for Office 2007 (KB934391)
Update for Office 2007 (KB934393)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb949037)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Word 2007 (KB934173)
USB Storage Adapter FX (SM1)
VCRedistSetup
VideoLAN VLC media player 0.8.6d
Windows Defender
Windows Desktop Search 3.01
Windows Driver Package - Apple Inc. (applebt) Bluetooth (06/27/2007 2.0.0.1)
Windows Driver Package - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1)
Windows Driver Package - Apple Inc. Apple Built-in iSight (04/09/2007 1.3.0.0)
Windows Driver Package - Apple Inc. Apple IR Receiver (07/16/2007 2.0.0.1)
Windows Driver Package - Apple Inc. Apple Keyboard (08/30/2007 2.0.1.4)
Windows Driver Package - Apple Inc. Apple Trackpad (08/28/2007 2.0.1.4)
Windows Driver Package - Apple Inc. Apple Trackpad Enabler (08/28/2007 2.0.1.4)
Windows Driver Package - Apple Inc. System (06/21/2007 2.0.0.0)
Windows Driver Package - Atheros (AR5211) Net (04/05/2007 5.3.0.35)
Windows Driver Package - Atheros (AR5416) Net (06/26/2007 6.0.3.94)
Windows Driver Package - Broadcom (BCM43XX) Net (01/08/2007 4.80.75.0)
Windows Driver Package - Intel (E1000) Net (01/06/2006 8.6.17.0)
Windows Driver Package - Intel (e1express) Net (04/03/2006 9.3.39.0)
Windows Driver Package - Marvell (yukonwxp) Net (03/23/2007 10.12.7.3)
Windows Driver Package - Nokia Modem (08/03/2007 3.2)
Windows Driver Package - Nokia Modem (10/12/2007 3.6)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
Xvid 1.1.3 final uninstall
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar
Malwarebytes' Anti-Malware 1.11
Database version: 700
Scan type: Quick Scan
Objects scanned: 42982
Time elapsed: 14 minute(s), 8 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 13
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 8
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\{a5779a34-e3dd-7d9d-6c2c-ed93c3d20c9b}.dll (Trojan.Agent) -> Unloaded module successfully.
Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{8d71eeb8-a1a7-4733-8fa2-1cac015c967d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adslice.slice (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adslice.slice.1 (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\rotator.gizmo3 (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\rotator.gizmo3.1 (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mysidesearchsearchassistant (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gooochi (Adware.Rotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3acf6146-a401-eaf6-0cb8-a4ea16e09103} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3acf6146-a401-eaf6-0cb8-a4ea16e09103} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\Sidebar.DLL (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MySidesearch (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Screensavers.com (Adware.Comet) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\spa_start (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\QdrDrive (Adware.AdBand) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\{a5779a34-e3dd-7d9d-6c2c-ed93c3d20c9b}.dll-uninst.exe (Adware.Rotator) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kelvin.BEL\Local Settings\Temp\SSSInstaller.dll (Adware.Comet) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\{a5779a34-e3dd-7d9d-6c2c-ed93c3d20c9b}.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\rwwnw64d.exe (Adware.Zenosearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msnav32.ax (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zxdnt3d.cfg (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kelvin.BEL\Start Menu\Programs\Startup\DW_Start.lnk (Trojan.Agent) -> Quarantined and deleted successfully.
Active Scan
;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-04-30 14:08:16
PROTECTIONS: 1
MALWARE: 12
SUSPECTS: 0
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
McAfee VirusScan Enterprise 8.5.0.781 Yes Yes
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00162220 Adware/BHO Adware No 0 Yes No C:\Documents and Settings\Kelvin.BEL\Local Settings\Temp\tmp27A.tmp.exe
00352595 Trj/Banker.FTI Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{E9E03A7E-1D20-4B6E-A13D-9F9511BE7D3B}\RP66\A0012692.dll
02886535 Adware/TrafficSol Adware No 0 No No C:\System Volume Information\_restore{E9E03A7E-1D20-4B6E-A13D-9F9511BE7D3B}\RP97\A0022491.exe[²ÜÇ\bann.exe][■%%\spads.dll]
02886551 Adware/TrafficSol Adware No 0 No No C:\System Volume Information\_restore{E9E03A7E-1D20-4B6E-A13D-9F9511BE7D3B}\RP97\A0022491.exe[²ÜÇ\bann.exe]
02886557 Adware/AdRotator Adware No 0 No No C:\System Volume Information\_restore{E9E03A7E-1D20-4B6E-A13D-9F9511BE7D3B}\RP97\A0022491.exe[²ÜÇ\adw.exe][²ªÇ]
02886559 Adware/AdRotator Adware No 0 No No C:\System Volume Information\_restore{E9E03A7E-1D20-4B6E-A13D-9F9511BE7D3B}\RP97\A0022491.exe[²ÜÇ\adw.exe][²ÜÇ\nsBrowserOpt.dll]
02886559 Adware/AdRotator Adware No 0 Yes No C:\System Volume Information\_restore{E9E03A7E-1D20-4B6E-A13D-9F9511BE7D3B}\RP137\A0027429.dll
02886560 Adware/AdRotator Adware No 0 No No C:\System Volume Information\_restore{E9E03A7E-1D20-4B6E-A13D-9F9511BE7D3B}\RP97\A0022491.exe[²ÜÇ\adw.exe]
02886561 Adware/TrafficSol Adware No 0 Yes No C:\System Volume Information\_restore{E9E03A7E-1D20-4B6E-A13D-9F9511BE7D3B}\RP97\A0022491.exe
02907959 Adware/BHO Adware No 0 No No C:\Documents and Settings\Kelvin.BEL\Local Settings\Temp\tmp27A.tmp.exe[²òÇ\dcads_sidebar.dll]
02913340 Adware/InternetSpeedMonitor Adware No 0 No No C:\System Volume Information\_restore{E9E03A7E-1D20-4B6E-A13D-9F9511BE7D3B}\RP114\A0026210.exe[ism.exe]
02913340 Adware/InternetSpeedMonitor Adware No 0 No No C:\WINDOWS\b3423423.exe[ism.exe]
02913340 Adware/InternetSpeedMonitor Adware No 0 Yes No C:\System Volume Information\_restore{E9E03A7E-1D20-4B6E-A13D-9F9511BE7D3B}\RP114\A0026211.exe
02913340 Adware/InternetSpeedMonitor Adware No 0 No No C:\System Volume Information\_restore{E9E03A7E-1D20-4B6E-A13D-9F9511BE7D3B}\RP116\A0026255.exe[ism.exe]
02913340 Adware/InternetSpeedMonitor Adware No 0 Yes No C:\System Volume Information\_restore{E9E03A7E-1D20-4B6E-A13D-9F9511BE7D3B}\RP116\A0026256.exe
02913916 Adware/Zenosearch Adware No 0 Yes No C:\System Volume Information\_restore{E9E03A7E-1D20-4B6E-A13D-9F9511BE7D3B}\RP137\A0027427.exe
02913916 Adware/Zenosearch Adware No 0 Yes No C:\System Volume Information\_restore{E9E03A7E-1D20-4B6E-A13D-9F9511BE7D3B}\RP137\A0027426.exe
02913916 Adware/Zenosearch Adware No 0 Yes No C:\System Volume Information\_restore{E9E03A7E-1D20-4B6E-A13D-9F9511BE7D3B}\RP137\A0027425.exe
02917237 Adware/AdRotator Adware No 0 No No C:\Documents and Settings\Kelvin.BEL\Local Settings\Temp\s1s0[■%%\sprt_ads.dll]
02917237 Adware/AdRotator Adware No 0 Yes No C:\System Volume Information\_restore{E9E03A7E-1D20-4B6E-A13D-9F9511BE7D3B}\RP97\A0022483.dll
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location @
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description @
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
SUPERAntiSpyware Scan Log
Generated 04/30/2008 at 12:15 PM
Application Version : 3.6.1000
Core Rules Database Version : 3450
Trace Rules Database Version: 1442
Scan type : Complete Scan
Total Scan Time : 01:35:59
Memory items scanned : 553
Memory threats detected : 1
Registry items scanned : 7911
Registry threats detected : 1
File items scanned : 67880
File threats detected : 32
Trojan.Unclassified/BrowserDriver
C:\WINDOWS\SYSTEM32\RWWNW64D.EXE
C:\WINDOWS\SYSTEM32\RWWNW64D.EXE
[{78-8F-F3-34-DW}] C:\WINDOWS\SYSTEM32\RWWNW64D.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E9E03A7E-1D20-4B6E-A13D-9F9511BE7D3B}\RP114\A0026209.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E9E03A7E-1D20-4B6E-A13D-9F9511BE7D3B}\RP116\A0026254.EXE
C:\WINDOWS\B8987677.EXE
C:\WINDOWS\SYSTEM32\JJWNW64R.EXE
C:\WINDOWS\Prefetch\RWWNW64D.EXE-1B918897.pf
Trojan.ZenoSearch
C:\WINDOWS\system32\msnav32.ax
Adware.Tracking Cookie
C:\Documents and Settings\Kelvin.BEL\Cookies\[email protected][2].txt
C:\Documents and Settings\Kelvin.BEL\Cookies\kelvin@atdmt[1].txt
C:\Documents and Settings\Kelvin.BEL\Cookies\[email protected][1].txt
C:\Documents and Settings\Kelvin.BEL\Cookies\kelvin@pro-market[1].txt
C:\Documents and Settings\Kelvin.BEL\Cookies\[email protected][2].txt
C:\Documents and Settings\Kelvin.BEL\Cookies\[email protected][1].txt
C:\Documents and Settings\Kelvin.BEL\Cookies\kelvin@serving-sys[2].txt
Adware.AdRotator/AdsSite
C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS\NSBROWSEROPT.DLL
Adware.DeeWoo/ThinkAdz
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E9E03A7E-1D20-4B6E-A13D-9F9511BE7D3B}\RP114\A0026207.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E9E03A7E-1D20-4B6E-A13D-9F9511BE7D3B}\RP116\A0026251.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E9E03A7E-1D20-4B6E-A13D-9F9511BE7D3B}\RP118\A0026806.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E9E03A7E-1D20-4B6E-A13D-9F9511BE7D3B}\RP119\A0026872.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E9E03A7E-1D20-4B6E-A13D-9F9511BE7D3B}\RP121\A0026935.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E9E03A7E-1D20-4B6E-A13D-9F9511BE7D3B}\RP123\A0027025.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E9E03A7E-1D20-4B6E-A13D-9F9511BE7D3B}\RP126\A0027110.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E9E03A7E-1D20-4B6E-A13D-9F9511BE7D3B}\RP127\A0027148.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E9E03A7E-1D20-4B6E-A13D-9F9511BE7D3B}\RP129\A0027215.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E9E03A7E-1D20-4B6E-A13D-9F9511BE7D3B}\RP131\A0027279.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E9E03A7E-1D20-4B6E-A13D-9F9511BE7D3B}\RP136\A0027401.EXE
Adware.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E9E03A7E-1D20-4B6E-A13D-9F9511BE7D3B}\RP134\A0027385.CFG
C:\WINDOWS\SYSTEM32\ZXDNT3D.CFG
Trojan.Downloader-Gen/FotoMoto
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E9E03A7E-1D20-4B6E-A13D-9F9511BE7D3B}\RP97\A0022480.DLL
Trojan.Downloader-SysMon
C:\ZIP\KEYGEN\NERO-8-ULTRA-EDITION-8.3.2.1--KEYGEN.EXE
C:\ZIP\KEYGEN\NERO-8-ULTRA-EDITION-8.3.2.1KEYMAKERS-AND-PLUGIN-SERIALS-SHAREA.EXE
C:\ZIP\NERO-8-ULTRA-EDITION-8.3.2.1--KEYGEN.EXE