SUPERAntiSpyware Scan Log
Generated 09/08/2006 at 10:23 PM
Core Rules Database Version : 3077
Trace Rules Database Version: 1113
Memory threats detected : 0
Registry threats detected : 19
File threats detected : 36
Adware.Tracking Cookie
D:\Documents and Settings\Emil\Cookies\emil@adbrite[2].txt
D:\Documents and Settings\Emil\Cookies\emil@adverts.loadedinc[1].txt
D:\Documents and Settings\Emil\Cookies\emil@partypoker[1].txt
D:\Documents and Settings\Emil\Cookies\emil@614779[1].txt
D:\Documents and Settings\Emil\Cookies\emil@directtrack[1].txt
D:\Documents and Settings\Emil\Cookies\emil@rapidresponse.directtrack[2].txt
D:\Documents and Settings\Emil\Cookies\emil@xiti[1].txt
D:\Documents and Settings\Emil\Cookies\emil@atdmt[1].txt
D:\Documents and Settings\Emil\Cookies\emil@tacoda[1].txt
D:\Documents and Settings\Emil\Cookies\emil@www.sexnoveller[2].txt
D:\Documents and Settings\Emil\Cookies\emil@ad1.emediate[2].txt
D:\Documents and Settings\Emil\Cookies\emil@clicktorrent[1].txt
D:\Documents and Settings\Emil\Cookies\emil@checkstat[1].txt
D:\Documents and Settings\Emil\Cookies\emil@ad.ofir[2].txt
D:\Documents and Settings\Emil\Cookies\emil@cgi-bin[2].txt
D:\Documents and Settings\Emil\Cookies\emil@www.sexdating[2].txt
D:\Documents and Settings\Emil\Cookies\emil@adopt.euroclick[2].txt
D:\Documents and Settings\Emil\Cookies\emil@ads.realtechnetwork[1].txt
D:\Documents and Settings\Emil\Cookies\emil@stats[1].txt
D:\Documents and Settings\Emil\Cookies\emil@toplist[1].txt
D:\Documents and Settings\Emil\Cookies\emil@burstnet[1].txt
D:\Documents and Settings\Emil\Cookies\emil@e2.emediate[2].txt
D:\Documents and Settings\Emil\Cookies\emil@admarketplace[1].txt
D:\Documents and Settings\Emil\Cookies\emil@track.adform[2].txt
D:\Documents and Settings\Emil\Cookies\emil@ads2.jubii[1].txt
D:\Documents and Settings\Emil\Cookies\emil@1068632757[1].txt
D:\Documents and Settings\Emil\Cookies\emil@sexnoveller[2].txt
D:\Documents and Settings\Emil\Cookies\emil@sexdating[1].txt
D:\Documents and Settings\Emil\Cookies\emil@adfair[2].txt
Trojan.cmdService
HKLM\SYSTEM\CurrentControlSet\Services\cmdService
HKLM\SYSTEM\CurrentControlSet\Services\cmdService#Type
HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum
HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum#0
HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum#Count
HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#DeviceDesc
Browser Hijacker.Deskbar
HKCR\DBTB00001.DeskbarEnabler
HKCR\DBTB00001.DeskbarEnabler\CLSID
HKCR\DBTB00001.DeskbarEnabler.1
HKCR\DBTB00001.DeskbarEnabler.1\CLSID
Trojan.WinSysBan
D:\Documents and Settings\Emil\Lokale indstillinger\Temporary Internet Files\Content.IE5\C9YHUF8N\kybrdff_16[1].exe
Adware.NicTech Networks
D:\WINDOWS\system32\djvacm.#ll
D:\WINDOWS\system32\fpjm0311e.#ll
D:\WINDOWS\system32\maimsg.#ll
D:\WINDOWS\system32\nptui2.#ll
D:\WINDOWS\system32\uhhisapi.#ll
Trojan.Unknown Origin
D:\WINDOWS\system32\taa03017.#ll
outlook.exe;d:\programmer\outlook;Trojan.MulDrop.3290;Deleted.;
winlog.exe;D:\WINDOWS\System32;Win32.HLLW.MyBot;Deleted.;
w002f8cd.dll;D:\WINDOWS\System32;Trojan.DownLoader.10919;Deleted.;
Update.exe;D:\Programmer\Fælles filer\{B80B7071-0A63-1030-1028-04060204002d};Trojan.DownLoader.12291;Deleted.;
Dc2.exe;C:\RECYCLER\S-1-5-21-1004336348-839522115-1441588008-1003;Adware.DollarRevenue;Renamed.;
Dc4.exe;C:\RECYCLER\S-1-5-21-1004336348-839522115-1441588008-1003;Trojan.Click.1408;Deleted.;
Gorillaz - Demon Days - (Retail) - 2005 - AutoExtract.exe;C:\RECYCLER\S-1-5-21-57989841-179605362-682003330-1003\Df14;Trojan.DownLoader.2667;Incurable.Moved.;
A0043168.exe;C:\System Volume Information\_restore{796E85CB-12B4-4300-BCE1-CB49EB733878}\RP158;Trojan.DownLoader.10918;Deleted.;
A0043227.exe;C:\System Volume Information\_restore{796E85CB-12B4-4300-BCE1-CB49EB733878}\RP159;Adware.DollarRevenue;Renamed.;
A0043653.exe;C:\System Volume Information\_restore{796E85CB-12B4-4300-BCE1-CB49EB733878}\RP164;Adware.DollarRevenue;Renamed.;
A0043654.exe;C:\System Volume Information\_restore{796E85CB-12B4-4300-BCE1-CB49EB733878}\RP164;Trojan.Click.1408;Deleted.;
A0043655.exe;C:\System Volume Information\_restore{796E85CB-12B4-4300-BCE1-CB49EB733878}\RP164;Trojan.DownLoader.2667;Incurable.Moved.;
temp.fr04AC;D:\Documents and Settings\Emil\Lokale indstillinger\Temp;Adware.Look2me;Renamed.;
temp.fr1B7C;D:\Documents and Settings\Emil\Lokale indstillinger\Temp;Adware.Look2me;Renamed.;
ac3[1].txt;D:\Documents and Settings\Emil\Lokale indstillinger\Temporary Internet Files\Content.IE5\CLUH6V4X;Adware.Runk;Renamed.;
dfndrff_16[1].exe;D:\Documents and Settings\Emil\Lokale indstillinger\Temporary Internet Files\Content.IE5\YLOXKF23;Trojan.Click.1408;Deleted.;
nwnmff_16[1].exe;D:\Documents and Settings\Emil\Lokale indstillinger\Temporary Internet Files\Content.IE5\YLOXKF23;Adware.DollarRevenue;Renamed.;
v.tmp;D:\Programmer\outlook;Trojan.MulDrop.3290;Deleted.;
A0040957.exe;D:\System Volume Information\_restore{796E85CB-12B4-4300-BCE1-CB49EB733878}\RP156;Adware.SaveNow;Renamed.;
A0042054.exe;D:\System Volume Information\_restore{796E85CB-12B4-4300-BCE1-CB49EB733878}\RP157;Adware.Surfside;Renamed.;
A0042056.dll;D:\System Volume Information\_restore{796E85CB-12B4-4300-BCE1-CB49EB733878}\RP157;Adware.Surfside;Renamed.;
A0042077.dll;D:\System Volume Information\_restore{796E85CB-12B4-4300-BCE1-CB49EB733878}\RP157;Adware.Look2me;Renamed.;
A0042125.dll;D:\System Volume Information\_restore{796E85CB-12B4-4300-BCE1-CB49EB733878}\RP157;Adware.Look2me;Renamed.;
A0042136.dll;D:\System Volume Information\_restore{796E85CB-12B4-4300-BCE1-CB49EB733878}\RP157;Adware.Look2me;Renamed.;
A0043142.dll;D:\System Volume Information\_restore{796E85CB-12B4-4300-BCE1-CB49EB733878}\RP158;Adware.Look2me;Renamed.;
A0043148.dll;D:\System Volume Information\_restore{796E85CB-12B4-4300-BCE1-CB49EB733878}\RP158;Adware.Look2me;Renamed.;
A0043159.dll;D:\System Volume Information\_restore{796E85CB-12B4-4300-BCE1-CB49EB733878}\RP158;Adware.Look2me;Renamed.;
A0043170.dll;D:\System Volume Information\_restore{796E85CB-12B4-4300-BCE1-CB49EB733878}\RP158;Adware.Softomate;Renamed.;
A0043245.dll;D:\System Volume Information\_restore{796E85CB-12B4-4300-BCE1-CB49EB733878}\RP161;Adware.Look2me;Renamed.;
A0043476.dll;D:\System Volume Information\_restore{796E85CB-12B4-4300-BCE1-CB49EB733878}\RP161;Adware.Look2me;Renamed.;
A0043481.dll;D:\System Volume Information\_restore{796E85CB-12B4-4300-BCE1-CB49EB733878}\RP161;Adware.Look2me;Renamed.;
A0043491.dll;D:\System Volume Information\_restore{796E85CB-12B4-4300-BCE1-CB49EB733878}\RP162;Adware.Look2me;Renamed.;
A0043496.dll;D:\System Volume Information\_restore{796E85CB-12B4-4300-BCE1-CB49EB733878}\RP162;Adware.Look2me;Renamed.;
A0043504.dll;D:\System Volume Information\_restore{796E85CB-12B4-4300-BCE1-CB49EB733878}\RP163;Adware.Look2me;Renamed.;
A0043509.dll;D:\System Volume Information\_restore{796E85CB-12B4-4300-BCE1-CB49EB733878}\RP163;Adware.Look2me;Renamed.;
A0043543.dll;D:\System Volume Information\_restore{796E85CB-12B4-4300-BCE1-CB49EB733878}\RP163;Adware.Look2me;Renamed.;
A0043548.dll;D:\System Volume Information\_restore{796E85CB-12B4-4300-BCE1-CB49EB733878}\RP163;Adware.Look2me;Renamed.;
A0043550.dll;D:\System Volume Information\_restore{796E85CB-12B4-4300-BCE1-CB49EB733878}\RP163;Adware.Look2me;Renamed.;
A0043555.dll;D:\System Volume Information\_restore{796E85CB-12B4-4300-BCE1-CB49EB733878}\RP163;Adware.Look2me;Renamed.;
A0043560.dll;D:\System Volume Information\_restore{796E85CB-12B4-4300-BCE1-CB49EB733878}\RP163;Adware.Look2me;Renamed.;
A0043634.dll;D:\System Volume Information\_restore{796E85CB-12B4-4300-BCE1-CB49EB733878}\RP164;Adware.Look2me;Renamed.;
A0043638.dll;D:\System Volume Information\_restore{796E85CB-12B4-4300-BCE1-CB49EB733878}\RP164;Adware.Look2me;Renamed.;
A0043642.dll;D:\System Volume Information\_restore{796E85CB-12B4-4300-BCE1-CB49EB733878}\RP164;Adware.Look2me;Renamed.;
A0043646.dll;D:\System Volume Information\_restore{796E85CB-12B4-4300-BCE1-CB49EB733878}\RP164;Adware.Look2me;Renamed.;
A0043649.exe;D:\System Volume Information\_restore{796E85CB-12B4-4300-BCE1-CB49EB733878}\RP164;Trojan.MulDrop.3290;Deleted.;
A0043650.exe;D:\System Volume Information\_restore{796E85CB-12B4-4300-BCE1-CB49EB733878}\RP164;Win32.HLLW.MyBot;Deleted.;
A0043651.dll;D:\System Volume Information\_restore{796E85CB-12B4-4300-BCE1-CB49EB733878}\RP164;Trojan.DownLoader.10919;Deleted.;
A0043652.exe;D:\System Volume Information\_restore{796E85CB-12B4-4300-BCE1-CB49EB733878}\RP164;Trojan.DownLoader.12291;Deleted.;
djvacm.dll;D:\WINDOWS\system32;Adware.Look2me;Renamed.;
fpjm0311e.dll;D:\WINDOWS\system32;Adware.Look2me;Renamed.;
maimsg.dll;D:\WINDOWS\system32;Adware.Look2me;Renamed.;
nptui2.dll;D:\WINDOWS\system32;Adware.Look2me;Renamed.;
taa03017.dll;D:\WINDOWS\system32;Adware.Runk;Renamed.;
uhhisapi.dll;D:\WINDOWS\system32;Adware.Look2me;Renamed.;
mirc.exe;E:\mIRC;Program.mIRC.616;Renamed.;
Logfile of HijackThis v1.99.1
Scan saved at 22:32:43, on 08-09-2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\RunDll32.exe
D:\Programmer\Winamp\winampa.exe
D:\Programmer\Logitech\iTouch\iTouch.exe
D:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
D:\Programmer\DAEMON Tools\daemon.exe
D:\programmer\powerstrip\pstrip.exe
D:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
D:\WINDOWS\System32\RUNDLL32.EXE
D:\Programmer\MSN Messenger\MsnMsgr.Exe
D:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\PROGRA~1\MOZILL~1\FIREFOX.EXE
D:\WINDOWS\system32\NOTEPAD.EXE
D:\WINDOWS\System32\notepad.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\Documents and Settings\Emil\Skrivebord\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://ofir.dk/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [WinampAgent] D:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [zBrowser Launcher] D:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [RemoteControl] D:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Programmer\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PowerStrip] d:\programmer\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [SmcService] D:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [taa03017] RUNDLL32.EXE w002f8cd.dll,n 004030130000000a002f8cd
O4 - HKCU\..\Run: [MsnMsgr] "D:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: &Google Search -
res://d:\programmer\google\GoogleToolbar1.dll/cmsearch.htmlO8 - Extra context menu item: &Translate English Word -
res://d:\programmer\google\GoogleToolbar1.dll/cmwordtrans.htmlO8 - Extra context menu item: Backward Links -
res://d:\programmer\google\GoogleToolbar1.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page -
res://d:\programmer\google\GoogleToolbar1.dll/cmcache.htmlO8 - Extra context menu item: Similar Pages -
res://d:\programmer\google\GoogleToolbar1.dll/cmsimilar.htmlO8 - Extra context menu item: Translate Page into English -
res://d:\programmer\google\GoogleToolbar1.dll/cmtrans.htmlO16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) -
http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cabO16 - DPF: {A89551E8-992E-48D0-A90C-3E78CF66B217} -
http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMessengerSetupDownloader.cabO16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697517} (NsvPlayX Control) -
http://www.mmradio.org/embed22/nsvplayx_vp3_aac.cabO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Group Policy - D:\WINDOWS\system32\j8n20i5oe8.dll
O20 - Winlogon Notify: SASWinLogon - D:\Programmer\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - D:\Programmer\Sygate\SPF\smc.exe