SUPERAntiSpyware Scan Log
Generated 04/15/2006 at 10:25 PM
Core Rules Database Version : 2875
Trace Rules Database Version: 1033
Memory threats detected : 0
Registry threats detected : 34
File threats detected : 111
Adware.Tracking Cookie
C:\Documents and Settings\Morten\Cookies\morten@interclick[1].txt
C:\Documents and Settings\Morten\Cookies\morten@ads2.jubii[1].txt
C:\Documents and Settings\Morten\Cookies\morten@yieldmanager[2].txt
C:\Documents and Settings\Morten\Cookies\morten@xml.bravenetmedianetwork[2].txt
C:\Documents and Settings\Morten\Cookies\morten@rotator.adjuggler[1].txt
C:\Documents and Settings\Morten\Cookies\morten@zedo[1].txt
C:\Documents and Settings\Morten\Cookies\morten@1070501845[1].txt
C:\Documents and Settings\Morten\Cookies\morten@tribalfusion[2].txt
C:\Documents and Settings\Morten\Cookies\morten@adopt.hbmediapro[1].txt
C:\Documents and Settings\Morten\Cookies\morten@www.upspiral[2].txt
C:\Documents and Settings\Morten\Cookies\morten@80503492[1].txt
C:\Documents and Settings\Morten\Cookies\morten@overture[2].txt
C:\Documents and Settings\Morten\Cookies\morten@mb[1].txt
C:\Documents and Settings\Morten\Cookies\morten@ads.chellomedia[1].txt
C:\Documents and Settings\Morten\Cookies\morten@2o7[2].txt
C:\Documents and Settings\Morten\Cookies\morten@microsoftwga.112.2o7[1].txt
C:\Documents and Settings\Morten\Cookies\morten@ads.realtechnetwork[1].txt
C:\Documents and Settings\Morten\Cookies\morten@dist.belnk[2].txt
C:\Documents and Settings\Morten\Cookies\morten@cgi-bin[2].txt
C:\Documents and Settings\Morten\Cookies\morten@adlegend[1].txt
C:\Documents and Settings\Morten\Cookies\morten@burstnet[2].txt
C:\Documents and Settings\Morten\Cookies\morten@m1.webstats4u[1].txt
C:\Documents and Settings\Morten\Cookies\morten@c.goclick[1].txt
C:\Documents and Settings\Morten\Cookies\morten@adserv1[1].txt
C:\Documents and Settings\Morten\Cookies\morten@belnk[1].txt
C:\Documents and Settings\Morten\Cookies\morten@z1.adserver[1].txt
C:\Documents and Settings\Morten\Cookies\morten@e-2dj6wflychdpikp.stats.esomniture[2].txt
C:\Documents and Settings\Morten\Cookies\morten@casio-europe[1].txt
C:\Documents and Settings\Morten\Cookies\morten@partygaming.122.2o7[1].txt
C:\Documents and Settings\Morten\Cookies\morten@highbeam.122.2o7[1].txt
C:\Documents and Settings\Morten\Cookies\morten@clicktorrent[1].txt
C:\Documents and Settings\Morten\Cookies\morten@e-2dj6wjkowmd5mkp.stats.esomniture[2].txt
C:\Documents and Settings\Morten\Cookies\morten@upspiral[1].txt
C:\Documents and Settings\Morten\Cookies\morten@server.cpmstar[2].txt
C:\Documents and Settings\Morten\Cookies\morten@www.starware[1].txt
C:\Documents and Settings\Morten\Cookies\morten@ads.flooble[1].txt
C:\Documents and Settings\Morten\Cookies\morten@maxserving[2].txt
C:\Documents and Settings\Morten\Cookies\morten@e-2dj6wgmyuhdjmdo.stats.esomniture[2].txt
C:\Documents and Settings\Morten\Cookies\morten@stat.postdanmark[1].txt
C:\Documents and Settings\Morten\Cookies\morten@realmedia[1].txt
C:\Documents and Settings\Morten\Cookies\morten@adverticum[1].txt
C:\Documents and Settings\Morten\Cookies\morten@www.ticketcity[1].txt
C:\Documents and Settings\Morten\Cookies\morten@sexzool[2].txt
C:\Documents and Settings\Morten\Cookies\morten@ads.mininova[1].txt
C:\Documents and Settings\Morten\Cookies\morten@questionmarket[1].txt
C:\Documents and Settings\Morten\Cookies\morten@adknowledge[1].txt
C:\Documents and Settings\Morten\Cookies\morten@qnsr[1].txt
C:\Documents and Settings\Morten\Cookies\morten@ad.yieldmanager[2].txt
C:\Documents and Settings\Morten\Cookies\morten@azjmp[2].txt
C:\Documents and Settings\Morten\Cookies\morten@ads.realcastmedia[1].txt
C:\Documents and Settings\Morten\Cookies\morten@xiti[1].txt
C:\Documents and Settings\Morten\Cookies\morten@revsci[2].txt
C:\Documents and Settings\Morten\Cookies\morten@hurricanedigitalmedia[2].txt
C:\Documents and Settings\Morten\Cookies\morten@tacoda[1].txt
C:\Documents and Settings\Morten\Cookies\morten@revenue[2].txt
C:\Documents and Settings\Morten\Cookies\morten@www.screensavers[2].txt
C:\Documents and Settings\Morten\Cookies\morten@ads1.megaupload[1].txt
C:\Documents and Settings\Morten\Cookies\morten@kanoodle[2].txt
C:\Documents and Settings\Morten\Cookies\morten@adtags[1].txt
C:\Documents and Settings\Morten\Cookies\morten@1071427968[1].txt
C:\Documents and Settings\Morten\Cookies\morten@adopt.euroclick[1].txt
C:\Documents and Settings\Morten\Cookies\morten@banner[2].txt
C:\Documents and Settings\Morten\Cookies\morten@adecn[1].txt
C:\Documents and Settings\Morten\Cookies\morten@c.enhance[1].txt
C:\Documents and Settings\Morten\Cookies\morten@www.smartadserver[2].txt
C:\Documents and Settings\Morten\Cookies\morten@adserver.filefront[2].txt
C:\Documents and Settings\Morten\Cookies\morten@as-eu.falkag[2].txt
C:\Documents and Settings\Morten\Cookies\morten@track.adform[1].txt
C:\Documents and Settings\Morten\Cookies\morten@h.starware[1].txt
C:\Documents and Settings\Morten\Cookies\morten@atwola[2].txt
C:\Documents and Settings\Morten\Cookies\morten@data3.perf.overture[1].txt
C:\Documents and Settings\Morten\Cookies\morten@c5.zedo[2].txt
C:\Documents and Settings\Morten\Cookies\morten@adbrite[1].txt
C:\Documents and Settings\Morten\Cookies\morten@sel.as-eu.falkag[1].txt
C:\Documents and Settings\Morten\Cookies\morten@findwhat[1].txt
C:\Documents and Settings\Morten\Cookies\morten@buildabear.122.2o7[1].txt
C:\Documents and Settings\Morten\Cookies\morten@metacafe.122.2o7[1].txt
C:\Documents and Settings\Morten\Cookies\morten@www.counter-gratis[2].txt
C:\Documents and Settings\Morten\Cookies\morten@adfair[1].txt
C:\Documents and Settings\Morten\Cookies\morten@microsofteup.112.2o7[1].txt
C:\Documents and Settings\Morten\Cookies\morten@ad1.emediate[2].txt
C:\Documents and Settings\Morten\Cookies\morten@serving-sys[2].txt
C:\Documents and Settings\Morten\Cookies\morten@perf.overture[1].txt
C:\Documents and Settings\Morten\Cookies\morten@fcstats.bcentral[2].txt
C:\Documents and Settings\Morten\Cookies\morten@ad1.clickhype[2].txt
C:\Documents and Settings\Morten\Cookies\morten@banner.cdpoker[1].txt
C:\Documents and Settings\Morten\Cookies\morten@mb[2].txt
C:\Documents and Settings\Morten\Cookies\morten@stats[1].txt
C:\Documents and Settings\Morten\Cookies\morten@adtech[2].txt
C:\Documents and Settings\Morten\Cookies\morten@advertiser[1].txt
C:\Documents and Settings\Morten\Cookies\morten@stats[3].txt
C:\Documents and Settings\Morten\Local Settings\Temp\Cookies\morten@ad.yieldmanager[2].txt
C:\Documents and Settings\Morten\Local Settings\Temp\Cookies\morten@xiti[1].txt
C:\Documents and Settings\Morten\Local Settings\Temp\Cookies\morten@yieldmanager[1].txt
Adware.180solutions/Search Assistant
HKCR\LMgr180.WMDRMAx
HKCR\LMgr180.WMDRMAx\CLSID
HKCR\LMgr180.WMDRMAx\CurVer
HKCR\LMgr180.WMDRMAx.1
HKCR\LMgr180.WMDRMAx.1\CLSID
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs#C:\WINDOWS\Downloaded Program Files\MediaGatewayX.dll
C:\Documents and Settings\Morten\Local Settings\Temp\Del2.tmp
C:\System Volume Information\_restore{79BE0FAC-630F-48BD-86F7-67E34E846B36}\RP83\A0295551.exe
C:\System Volume Information\_restore{79BE0FAC-630F-48BD-86F7-67E34E846B36}\RP96\A0320371.exe
Adware.180solutions/ZangoSearch
HKCR\CLSID\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6}
HKCR\CLSID\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6}\InprocServer32
HKCR\CLSID\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6}\InprocServer32#ThreadingModel
HKCR\CLSID\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6}\ProgID
HKCR\CLSID\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6}\Programmable
HKCR\CLSID\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6}\TypeLib
HKCR\CLSID\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6}\VersionIndependentProgID
HKCR\Interface\{A16650A9-B065-40EC-BBD1-F8D370D17FB1}
HKCR\Interface\{A16650A9-B065-40EC-BBD1-F8D370D17FB1}\ProxyStubClsid
HKCR\Interface\{A16650A9-B065-40EC-BBD1-F8D370D17FB1}\ProxyStubClsid32
HKCR\Interface\{A16650A9-B065-40EC-BBD1-F8D370D17FB1}\TypeLib
HKCR\Interface\{A16650A9-B065-40EC-BBD1-F8D370D17FB1}\TypeLib#Version
HKCR\Interface\{BDDDF1A5-51A9-4F51-B38D-4CD0AD831B31}
HKCR\Interface\{BDDDF1A5-51A9-4F51-B38D-4CD0AD831B31}\ProxyStubClsid
HKCR\Interface\{BDDDF1A5-51A9-4F51-B38D-4CD0AD831B31}\ProxyStubClsid32
HKCR\Interface\{BDDDF1A5-51A9-4F51-B38D-4CD0AD831B31}\TypeLib
HKCR\Interface\{BDDDF1A5-51A9-4F51-B38D-4CD0AD831B31}\TypeLib#Version
HKCR\Interface\{E43DFAA6-8C16-4519-B022-8792408505A4}
HKCR\Interface\{E43DFAA6-8C16-4519-B022-8792408505A4}\ProxyStubClsid
HKCR\Interface\{E43DFAA6-8C16-4519-B022-8792408505A4}\ProxyStubClsid32
HKCR\Interface\{E43DFAA6-8C16-4519-B022-8792408505A4}\TypeLib
HKCR\Interface\{E43DFAA6-8C16-4519-B022-8792408505A4}\TypeLib#Version
HKCR\Interface\{E775C662-85D0-438E-82F0-6BCE20A8E154}
HKCR\Interface\{E775C662-85D0-438E-82F0-6BCE20A8E154}\ProxyStubClsid
HKCR\Interface\{E775C662-85D0-438E-82F0-6BCE20A8E154}\ProxyStubClsid32
HKCR\Interface\{E775C662-85D0-438E-82F0-6BCE20A8E154}\TypeLib
HKCR\Interface\{E775C662-85D0-438E-82F0-6BCE20A8E154}\TypeLib#Version
HKCR\AppId\{D28CD14C-50BE-4CFA-951E-B37F25DA3472}
Browser Hijacker.Favorites
C:\Documents and Settings\All Users\Favorites\Download Free Spyware Remover.url
C:\Documents and Settings\All Users\Favorites\NEW VIAGRA at Half Price!.url
C:\Documents and Settings\All Users\Favorites\Online Chat With Nude Girls.url
C:\Documents and Settings\All Users\Favorites\Order CIALIS online without leaving home..url
C:\Documents and Settings\All Users\Favorites\PC protection in under 2 minutes!.url
C:\Documents and Settings\All Users\Favorites\SEX Dating - Real Girls For Real SEX.url
C:\Documents and Settings\All Users\Favorites\Stop PopUps On Your Computer.url
C:\Documents and Settings\All Users\Favorites\VIAGRA at incredible low price. Bonus Pills!.url
C:\Documents and Settings\All Users\Favorites\View ADULT photos of REAL GIRLS!.url
Trojan.UnSpyPC Spyware Scanner
C:\System Volume Information\_restore{79BE0FAC-630F-48BD-86F7-67E34E846B36}\RP71\A0242905.exe
Adware.SBSoft
C:\System Volume Information\_restore{79BE0FAC-630F-48BD-86F7-67E34E846B36}\RP71\A0242907.dll
Trojan.Unknown Origin
C:\System Volume Information\_restore{79BE0FAC-630F-48BD-86F7-67E34E846B36}\RP97\A0321465.exe
C:\System Volume Information\_restore{79BE0FAC-630F-48BD-86F7-67E34E846B36}\RP97\A0321466.exe
Adware.Direct Revenue
C:\WINDOWS\wwzuykprwab.exe
-----
Logfile of HijackThis v1.99.1
Scan saved at 22:43:21, on 15-04-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Morten\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.dk/O2 - BHO: Internet Explorer Hot Fix - {02DDA184-F4AB-49BE-8BF8-ECA073605250} - C:\WINDOWS\system32\zyspa.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
