[Lovelyeyes]

ComboFix 08-12-18.03 - CMS 2008-12-19 12:00:58.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.424 [GMT -8:00]
Running from: c:\documents and settings\CMS\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\CMS\Application Data\FunWebProducts
c:\documents and settings\CMS\Application Data\FunWebProducts\Data\CMS\avatar.dat
c:\program files\Internet Explorer\msimg32.dll
c:\windows\IE4 Error Log.txt
c:\windows\system32\spool.exe

.
((((((((((((((((((((((((( Files Created from 2008-11-19 to 2008-12-19 )))))))))))))))))))))))))))))))
.

2008-12-19 11:48 . 2008-12-19 11:48 <DIR> d-------- c:\documents and settings\CMS\Application Data\Uniblue
2008-12-19 11:47 . 2008-12-19 11:56 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\~0
2008-12-18 14:05 . 2008-12-12 12:20 850,209 --a------ c:\windows\system32\LSSMON.EXE
2008-12-18 14:05 . 2008-12-16 11:26 17,920 --a------ c:\windows\system32\LSASSMGR.EXE
2008-12-17 13:03 . 2008-12-17 13:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\SecTaskMan
2008-12-17 13:02 . 2008-12-17 13:08 <DIR> d-------- c:\program files\Security Task Manager
2008-12-17 09:01 . 2008-12-19 11:57 <DIR> d-------- c:\program files\Crawler
2008-12-16 13:30 . 2008-12-16 13:30 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-12-16 13:30 . 2008-12-16 13:30 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-16 13:30 . 2008-12-16 13:30 <DIR> d-------- c:\documents and settings\CMS\Application Data\SUPERAntiSpyware.com
2008-12-16 13:30 . 2008-12-16 13:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-16 13:11 . 2008-12-16 13:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\PrevxCSI
2008-12-16 12:08 . 2008-12-16 12:08 <DIR> d-------- c:\documents and settings\LocalService\Application Data\Yahoo!
2008-12-16 12:04 . 2008-12-16 12:04 <DIR> d-------- c:\documents and settings\CMS\Application Data\Yahoo!
2008-12-16 11:26 . 2008-12-16 11:26 17,920 --a------ c:\windows\system32\srtsrv32.exe
2008-12-16 09:44 . 2008-12-16 09:44 230 --a------ c:\windows\system32\spupdsvc.inf
2008-12-16 09:32 . 2008-12-16 09:46 1,393 --a------ c:\windows\imsins.BAK
2008-12-16 08:38 . 2008-11-10 03:39 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-15 10:08 . 2008-12-15 10:08 <DIR> d-------- c:\documents and settings\CMS\Application Data\Malwarebytes
2008-12-15 10:06 . 2008-12-15 10:08 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-15 10:06 . 2008-12-15 10:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-15 10:06 . 2008-12-03 19:54 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-15 10:06 . 2008-12-03 19:54 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-15 08:34 . 2008-12-15 13:40 <DIR> d-------- c:\windows\system32\whSLD02
2008-12-15 08:34 . 2008-12-15 08:34 <DIR> d-------- c:\temp\REX81
2008-12-15 08:34 . 2008-12-15 08:35 <DIR> d-------- C:\Temp
2008-12-12 15:40 . 2007-05-30 04:10 10,872 --a------ c:\windows\system32\drivers\AvgAsCln.sys
2008-12-12 13:42 . 2008-12-12 13:42 <DIR> d---s---- c:\documents and settings\LocalService\UserData
2008-12-12 13:38 . 2008-12-16 08:25 <DIR> d-------- c:\documents and settings\LocalService\Application Data\AVGTOOLBAR
2008-12-12 12:57 . 2008-12-12 12:57 <DIR> d-------- c:\documents and settings\CMS\Application Data\GameInvest
2008-12-12 12:21 . 2008-12-19 11:52 25,600 --a------ c:\windows\system32\msupd32.exe
2008-12-12 12:21 . 2008-12-19 11:52 2,401 --a------ c:\windows\system32\mssc32.dll
2008-12-12 12:20 . 2008-12-12 12:20 850,209 --a------ c:\windows\divx32.dll
2008-12-12 12:20 . 2008-12-19 11:52 2,401 --a------ c:\windows\system32\bsc32.dll
2008-12-12 09:35 . 2008-11-10 05:43 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-05 13:23 . 2008-12-05 13:23 <DIR> d-------- c:\program files\Wondershare
2008-12-01 15:53 . 2008-12-01 15:53 78,336 --a------ c:\windows\pysoft_uninstaller.exe
2008-11-27 02:34 . 2008-11-27 02:36 <DIR> d-------- c:\documents and settings\CMS\Application Data\gtk-2.0
2008-11-27 02:30 . 2008-11-27 02:52 <DIR> d-------- c:\documents and settings\CMS\.gimp-2.6
2008-11-27 02:29 . 2008-11-27 02:30 <DIR> d-------- c:\documents and settings\CMS\.gegl-0.0
2008-11-27 01:10 . 2008-11-27 01:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\FLEXnet

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-12-19 19:47 --------- d-----w c:\program files\Winamp Remote
2008-12-19 19:12 --------- d-----w c:\program files\WinClamAVShield
2008-12-17 20:57 --------- d-----w c:\program files\Spyware Terminator
2008-12-17 20:57 --------- d-----w c:\documents and settings\All Users\Application Data\Spyware Terminator
2008-12-17 20:55 --------- d-----w c:\documents and settings\CMS\Application Data\Spyware Terminator
2008-12-16 21:31 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-16 20:04 --------- d-----w c:\program files\Yahoo!
2008-12-16 20:04 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2008-12-16 16:38 --------- d-----w c:\program files\Java
2008-11-27 11:20 --------- d-----w c:\program files\Common Files\Adobe
2008-11-14 22:37 --------- d-----w c:\program files\NOS
2008-11-14 22:37 --------- d-----w c:\documents and settings\All Users\Application Data\NOS
2008-11-14 20:38 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-11-12 17:47 --------- d-----w c:\documents and settings\CMS\Application Data\ErrorRepairTool
2008-11-12 16:56 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-11-11 16:41 --------- d-----w c:\program files\Windows Live
2008-11-11 16:41 --------- d-----w c:\program files\Microsoft Office Outlook Connector
2008-11-11 16:38 --------- d-----w c:\program files\Microsoft
2008-11-11 16:28 --------- d-----w c:\program files\Common Files\Windows Live
2008-11-10 13:49 --------- d-----w c:\documents and settings\CMS\Application Data\AdobeUM
2008-11-10 12:53 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_motmodem_0 1005.Wdf
2008-11-10 12:52 --------- d-----w c:\program files\Common Files\Motorola Shared
2008-11-09 06:18 --------- d-----w c:\program files\Oberon Media
2008-11-07 19:23 --------- d-----w c:\program files\ezt
2008-10-24 19:40 --------- d-----w c:\program files\Sun
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 22:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 22:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 22:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 22:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 22:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 22:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 22:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 22:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 22:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 22:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-16 10:37 659,456 ----a-w c:\windows\system32\wininet.dll
2008-10-03 10:15 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-01 00:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2006-10-03 09:43 2,402,550 ----a-w c:\windows\inf\SET14.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
2008-11-20 13:21 160496 --a------ c:\program files\Yahoo!\Companion\Installs\cpn0\YTSingleInsta nce.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-03-31 507904]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2007-12-30 1365504]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-11-06 3810544]
"ares"="c:\program files\Ares\Ares.exe" [2008-02-20 963072]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-09-09 3513344]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-04 1809648]
"SetDefaultMIDI"="MIDIDef.exe" [2007-12-17 c:\windows\system32\MIDIDEF.EXE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-01-10 472776]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-01-19 1236992]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86 \3\hpztsb10.exe" [2004-03-04 172032]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.ex e" [2008-02-15 131072]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"SpywareTerminator"="c:\progra~1\SPYWAR~1\SpywareT erminatorShield.exe" [2008-11-13 1783808]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-23 185896]
"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"Layersecurity Servicemonitor"="c:\windows\system32\LSSMON.EXE" [2008-12-12 850209]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-12-17 c:\windows\system32\CTXFIHLP.EXE]
"AsioReg"="CTASIO.DLL" [2007-12-17 c:\windows\system32\CTASIO.DLL]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-05-06 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
PrintFile.lnk - c:\program files\PrintFile\PRFILE32.EXE [2008-04-22 180224]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-03 14:56 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\firefox.exe]
"Debugger"=c:\program files\Mozilla Firefox\firefoxe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iexplore.exe]
"Debugger"=c:\program files\Internet Explorer\iexplor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\spoolsv.exe]
"Debugger"=c:\windows\system32\spool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\ntvdm.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-06-26 97928]
R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-12-04 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-12-04 55024]
R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\c:\windows\system32\drivers\sp_rsdrv2.sys [2008-06-26 141312]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-06-26 875288]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-06-26 231704]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-06-26 76040]
R2 fssfltr;FssFltr;c:\windows\system32\DRIVERS\fssflt r.sys [2008-11-11 56344]
R2 YahooAUService;Yahoo! Updater;"c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe" [2008-11-09 602392]
R3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408]
S3 fsssvc;Windows Live Family Safety;"c:\program files\Windows Live\Family Safety\fsssvc.exe" [2008-09-04 512536]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system3 2\drivers\mbamswissarmy.sys [2008-12-15 38496]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{4db4a434-2625-11dd-8bc8-001a73c4209a}]
\Shell\AutoRun\command - F:\xyw9tmdj.com
\Shell\explore\Command - F:\xyw9tmdj.com
\Shell\open\Command - F:\xyw9tmdj.com

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{6cae5f22-1dfd-11dd-8bb6-001a73c4209a}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{96b51f8e-114a-11dd-8b7a-001b3883aa03}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{96b51f8f-114a-11dd-8b7a-001b3883aa03}]
\Shell\AutoRun\command - G:\xyw9tmdj.com
\Shell\explore\Command - G:\xyw9tmdj.com
\Shell\open\Command - G:\xyw9tmdj.com

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-11-29 c:\windows\Tasks\ErrorRepairTool Scheduled Scan.job
- c:\program files\ErrorRepairTool\ErrorRepairTool.exe []

2008-11-29 c:\windows\Tasks\ErrorRepairTool Scheduled Scan.job
- c:\program files\ErrorRepairTool []
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\CMS\Start Menu\Programs\IMVU\Run IMVU.lnk
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\CMS\Start Menu\Programs\IMVU\Run IMVU.lnk -
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\ctbr.dll
FF - ProfilePath - c:\documents and settings\CMS\Application Data\Mozilla\Firefox\Profiles\g77arijd.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\CMS\Application Data\Mozilla\Firefox\Profiles\g77arijd.default\ext ensions\bkmrksync@nokia.com\components\BkMrkExt.dl l
FF - component: c:\program files\Crawler\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\firefox\components\xwsg.dll
FF - plugin: c:\documents and settings\CMS\Application Data\Mozilla\Firefox\Profiles\g77arijd.default\ext ensions\firefox@tvunetworks.com\plugins\npTVUAx.dl l
FF - plugin: c:\program files\Mozilla Firefox\plugins\npclntax_ZangoSA.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dl l
FF - plugin: c:\program files\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll
.

************************************************** ************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-19 12:03:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(824)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2008-12-19 12:04:33
ComboFix-quarantined-files.txt 2008-12-19 20:04:15

Pre-Run: 85,902,602,240 bytes free
Post-Run: 89,174,573,056 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Professional" /noexecute=optin /fastdetect

258 --- E O F --- 2008-12-19 19:00:33

[Hybr!d]

Have you read and followed this> > http://www.computer-juice.com/forums...-posting-7476/

[Lovelyeyes]

These are the logs from the 3 different scans, the spyware dection balloon is still popping up and a number of eb pages are opening on its own, also in my task manager the lsassmgr.exe and lssmon.exe can be seen a number of times and when the their progress is ended the pop up baloon saying spyware detected disappears but pops back up after about 10 minutes.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/21/2008 at 07:23 AM

Application Version : 4.23.1006

Core Rules Database Version : 3680
Trace Rules Database Version: 1659

Scan type : Complete Scan
Total Scan Time : 00:58:51

Memory items scanned : 409
Memory threats detected : 0
Registry items scanned : 6849
Registry threats detected : 1
File items scanned : 61771
File threats detected : 212

Trojan.Dropper/Sys-NV
[Layersecurity Servicemonitor] C:\WINDOWS\SYSTEM32\LSSMON.EXE
C:\WINDOWS\SYSTEM32\LSSMON.EXE
C:\WINDOWS\SYSTEM32\LSASSMGR.EXE

Adware.Tracking Cookie
C:\Documents and Settings\CMS\Cookies\cms@ak[2].txt
C:\Documents and Settings\CMS\Cookies\cms@msnportal.112.2o7[1].txt
C:\Documents and Settings\CMS\Cookies\cms@advertising[1].txt
C:\Documents and Settings\CMS\Cookies\system@mediaplex[2].txt
C:\Documents and Settings\CMS\Cookies\system@msnportal.112.2o7[1].txt
C:\Documents and Settings\CMS\Cookies\cms@content.yieldmanager.edge suite[1].txt
C:\Documents and Settings\CMS\Cookies\system@ad.yieldmanager[2].txt
C:\Documents and Settings\CMS\Cookies\system@atdmt[2].txt
C:\Documents and Settings\CMS\Cookies\cms@ronnoagraug[2].txt
C:\Documents and Settings\CMS\Cookies\system@pcprivacycleanerpro[1].txt
C:\Documents and Settings\CMS\Cookies\cms@gomyron[2].txt
C:\Documents and Settings\CMS\Cookies\cms@pcprivacycleanerpro[2].txt
C:\Documents and Settings\CMS\Cookies\system@dynamic.media.adrevolv er[2].txt
C:\Documents and Settings\CMS\Cookies\cms@atdmt[1].txt
C:\Documents and Settings\CMS\Cookies\system@apmebf[1].txt
C:\Documents and Settings\CMS\Cookies\system@media.adrevolver[1].txt
C:\Documents and Settings\CMS\Cookies\system@adrevolver[1].txt
C:\Documents and Settings\CMS\Cookies\cms@media6degrees[1].txt
C:\Documents and Settings\CMS\Cookies\cms@2o7[1].txt
C:\Documents and Settings\CMS\Cookies\cms@ad.yieldmanager[1].txt
C:\Documents and Settings\LocalService\Cookies\system@ad.yieldmanag er[1].txt
C:\Documents and Settings\LocalService\Cookies\system@content.yield manager.edgesuite[1].txt
C:\Documents and Settings\LocalService\Cookies\system@content.yield manager[1].txt
C:\Documents and Settings\LocalService\Cookies\system@media6degrees[2].txt
C:\Documents and Settings\LocalService\Cookies\system@msnportal.112 .2o7[1].txt
C:\Documents and Settings\LocalService\Cookies\system@pcprivacyclea nerpro[1].txt

Trace.Known Threat Sources
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\QX8GQ1C0\overlay[1].gif
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\ZB7BWAZE\CAY3CP2Z.htm
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\KX6ZWLAB\CAYVO5I3.htm
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\KX6ZWLAB\body_bg[1].gif
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\ZB7BWAZE\res_left[1].gif
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\KX6ZWLAB\res_right[1].gif
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\QX8GQ1C0\CA2GHFQ0.htm
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\HSJXP1OO\managers[2].js
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\ZB7BWAZE\CA7EPDNV.htm
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\KX6ZWLAB\CAM0A2RU.htm
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\HSJXP1OO\scanning[2].js
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\KX6ZWLAB\CAQROXEV.htm
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\ZB7BWAZE\settings[2].js
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\HSJXP1OO\button[1].gif
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\HSJXP1OO\styles[2].css
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\ZB7BWAZE\index[2].js
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\QX8GQ1C0\crypt[2].js
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\QX8GQ1C0\line[1].gif
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\ZB7BWAZE\res2_bg[1].gif
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\ZB7BWAZE\midl_bg[1].gif
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\ZB7BWAZE\CAQVY1WJ.htm
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\KX6ZWLAB\res_bg[1].gif
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\QX8GQ1C0\res2_left[1].gif
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\QX8GQ1C0\piece[1].gif
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\QX8GQ1C0\CAI5C9K9.htm
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\ZB7BWAZE\CAGNFE8N.htm
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\KX6ZWLAB\CABJZB26.htm
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\KX6ZWLAB\CAX20O1C.htm
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\HSJXP1OO\CAYBWXYB.htm
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\HSJXP1OO\CAO14HAD.htm
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\HSJXP1OO\CAMR8LY3.htm
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\HSJXP1OO\CA2VCXQ7.htm
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\HSJXP1OO\CA0LQNK5.htm
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\HSJXP1OO\CACLY3S1.htm
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\ZB7BWAZE\CASB8TXN.htm
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\ZB7BWAZE\CAGMCGC6.htm
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\QX8GQ1C0\CA4R9E8Z.htm
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\KX6ZWLAB\CAEJ8LEB.htm
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\QX8GQ1C0\CA1NVXKQ.htm
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\HSJXP1OO\CAWWJQWL.htm
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\HSJXP1OO\CAIUGZLK.htm
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\QX8GQ1C0\CA0N2N2R.htm
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\HSJXP1OO\CAEGJLGS.htm
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\HSJXP1OO\CAWSQD1B.htm
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\ZB7BWAZE\CAX9AXB8.htm
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\HSJXP1OO\CACLARST.htm
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\QX8GQ1C0\CAGTCLGR.htm
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\KX6ZWLAB\CA6JWD2R.htm
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\KX6ZWLAB\CAPXZEF2.htm
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\ZB7BWAZE\CAEX02FN.htm
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\KX6ZWLAB\CAU3IT71.htm
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\QX8GQ1C0\CAGVCTGV.htm
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\HSJXP1OO\CA6E3NTD.htm
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\ZB7BWAZE\CA8XIZGD.htm
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\HSJXP1OO\CAUJC5E3.htm
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\KX6ZWLAB\CAO0FZM3.htm
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\KX6ZWLAB\CAZNAT98.htm
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\ZB7BWAZE\CA5R5CAC.htm
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\ZB7BWAZE\CADRZWR3.htm
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\HSJXP1OO\CAGFSJAT.htm
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\QX8GQ1C0\CA27C167.htm
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\QX8GQ1C0\CAOP3Y8I.htm
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\KX6ZWLAB\CAAF036Z.htm
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\ZB7BWAZE\CAJ4WHGO.htm
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\KX6ZWLAB\CA7W6Q42.htm
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\ZB7BWAZE\CAPX1VK4.htm
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\KX6ZWLAB\CAJKDGGJ.htm
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\QX8GQ1C0\CAIVG1IZ.htm
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\HSJXP1OO\CAXMQN8Z.htm
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\HSJXP1OO\CA11SAZW.htm
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\ZB7BWAZE\CARUAQPD.htm
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\HSJXP1OO\CAD13B8G.htm
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\KX6ZWLAB\CAEGTQW5.htm
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\KX6ZWLAB\CAS9MR4L.htm
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\HSJXP1OO\CAYT4JI9.htm
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\KX6ZWLAB\CAWHU3WD.htm
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\HSJXP1OO\CA3DV2GJ.htm
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\ZB7BWAZE\CA4D6VOD.htm
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\QX8GQ1C0\CATQ1V2B.htm
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\HSJXP1OO\CAM5SZUN.htm
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\ZB7BWAZE\CA5S7HVS.htm
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\KX6ZWLAB\CAEVO9IZ.htm
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\ZB7BWAZE\CAM9PSLK.htm
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\HSJXP1OO\CAYIHTA6.htm
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\HSJXP1OO\CA2RU7WJ.htm
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\ZB7BWAZE\CAIN4DMB.htm
C:\Documents and Settings\CMS\Local Settings\Temporary Internet Files\Content.IE5\IQQTD50M\CAKH2NKL.htm
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\C1QRGH6V\overlay[1].gif
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CDERS567\body_bg[1].gif
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\C1QRGH6V\res_left[1].gif
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\C1QRGH6V\res_right[1].gif
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\C1QRGH6V\managers[1].js
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\G5UV8XAN\scanning[1].js
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\C1QRGH6V\settings[1].js
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8XYZOD2F\button[1].gif
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\G5UV8XAN\styles[1].css
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CDERS567\index[1].js
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CDERS567\crypt[1].js
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\C1QRGH6V\line[1].gif
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\C1QRGH6V\res2_bg[1].gif
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\G5UV8XAN\midl_bg[1].gif
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8XYZOD2F\res_bg[1].gif
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\G5UV8XAN\res2_left[1].gif
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CDERS567\piece[1].gif
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CDERS567\CA4D6RCL.htm
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8XYZOD2F\CAOPQBOP.htm
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\G5UV8XAN\CAOXAB49.htm
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8XYZOD2F\CA14YPP3.htm
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\G5UV8XAN\CADOG75P.htm
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\C1QRGH6V\CALWWZD9.htm
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\C1QRGH6V\CAXW4ZHD.htm
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\C1QRGH6V\CARMUL73.htm
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\G5UV8XAN\CA14SFPX.htm
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\G5UV8XAN\CAENO5MZ.htm
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CDERS567\CAFEUHVN.htm
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\G5UV8XAN\CA7QE97R.htm
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\C1QRGH6V\CAU76FAX.htm
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CDERS567\CADC4FT5.htm
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CDERS567\CAIFQJI9.htm
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8XYZOD2F\CAYRW5UN.htm
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\G5UV8XAN\CAY70TAJ.htm
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CDERS567\CAEB89AV.htm
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CDERS567\CAW9CXCR.htm
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\C1QRGH6V\CAK5EL38.htm
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8XYZOD2F\CAPWM9DV.htm
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8XYZOD2F\CAAVA7UX.htm
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CDERS567\CALG6PXB.htm
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\G5UV8XAN\CAFMAH7R.htm
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\C1QRGH6V\CAM749AB.htm
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\G5UV8XAN\CAN2EPJJ.htm
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8XYZOD2F\CATCQHXZ.htm
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\G5UV8XAN\CA32YPN7.htm
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CDERS567\CAAZ41G1.htm
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CDERS567\CA270DAR.htm
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\C1QRGH6V\CATGWJX5.htm
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\G5UV8XAN\CASTUF0L.htm
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\C1QRGH6V\CAFEULVN.htm
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\G5UV8XAN\CARYGBFT.htm
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\C1QRGH6V\CAVYM5JR.htm
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CDERS567\CA2BSRTU.htm
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\C1QRGH6V\CAABK1AF.htm
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8XYZOD2F\CAM7AJA1.htm
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8XYZOD2F\CAY32N2L.htm
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CDERS567\CA01K903.htm
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\C1QRGH6V\CAIN8VH2.htm
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CDERS567\CA9GSV19.htm
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\C1QRGH6V\CARMCV31.htm
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\G5UV8XAN\CA9WELDZ.htm
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8XYZOD2F\CAPW0Z55.htm
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\C1QRGH6V\CAWDUJCT.htm
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\C1QRGH6V\CA8TM7SL.htm
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8XYZOD2F\CASHYBKP.htm
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\G5UV8XAN\CALSGB9D.htm
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8XYZOD2F\CA9SETDF.htm
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\C1QRGH6V\CAOTEBSH.htm
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\G5UV8XAN\CAPCCFXP.htm
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\C1QRGH6V\CAQFQJM5.htm
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\C1QRGH6V\CAZ2Y5NZ.htm
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CDERS567\CAE3YR61.htm
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\G5UV8XAN\CAH0K3HT.htm
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CDERS567\CA8DY1BK.htm
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8XYZOD2F\CAM7YZ61.htm
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\C1QRGH6V\CAVM0B7H.htm
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8XYZOD2F\CAX0G7H9.htm
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\G5UV8XAN\CA0TG1SF.htm
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\G5UV8XAN\CAN28NJT.htm
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\G5UV8XAN\CAHGCNL5.htm
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\C1QRGH6V\CAZME537.htm
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CDERS567\CAZIETVJ.htm
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CDERS567\CA7Q8Z7L.htm
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\C1QRGH6V\CALWMLDJ.htm
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CDERS567\CAW5OT4Z.htm
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CDERS567\CA4LGDOJ.htm
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CDERS567\CAR247J1.htm
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CDERS567\CAX0MHLZ.htm
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CDERS567\CA232729.htm
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CDERS567\CANUQ1JN.htm
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\C1QRGH6V\CAFUWZBT.htm
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\G5UV8XAN\CARQ6T7F.htm
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CDERS567\CA0TQZMZ.htm
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\G5UV8XAN\CACX4L0V.htm
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\G5UV8XAN\CAVAQPVJ.htm
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8XYZOD2F\CAGT6LL6.htm
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\G5UV8XAN\CAXO6L5V.htm




Malwarebytes' Anti-Malware 1.31
Database version: 1456
Windows 5.1.2600 Service Pack 2

21/12/08 9:42:17 AM
mbam-log-2008-12-21 (09-42-17).txt

Scan type: Quick Scan
Objects scanned: 58417
Time elapsed: 8 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)









Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:14:49 AM, on 21/12/08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LSASSMGR.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\LSSMON.EXE
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PrintFile\PRFILE32.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\LSASSMGR.EXE
C:\PROGRA~1\Crawler\CToolbar.exe
C:\Program Files\trend micro\sniper.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Beta - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInsta nce.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Windows Live Toolbar Beta - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32 /S CTASIO.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Layersecurity Servicemonitor] C:\WINDOWS\system32\LSSMON.EXE
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: PrintFile.lnk = C:\Program Files\PrintFile\PRFILE32.EXE
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\CMS\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 10642 bytes

[Lovelyeyes]

i also run spyware terminator and it showed me that it removed small-8586 Trojan but then the spyware ballon still pops up and wen the spyware trminator is run again it comes with the same problem


Logfile of Spyware Terminator v2.3.0.507 (db:2.012.019.000)
Scan Time: 21/12/08 10:23:37 AM length: 677 s
Platform: WXP (5.1.0.2600)
User: Admin
Boot Mode: Normal
Scan type: %Custom_Scan%
Scanned Objects: 1646 (Critical:4)
Filter: No System items, No Safe items, No Invalid items

Running Processes
WLTRYSVC.EXE : C:\WINDOWS\system32\WLTRYSVC.EXE
bcmwltry.exe [Broadcom Corporation] : C:\WINDOWS\system32\bcmwltry.exe
LSASSMGR.EXE : C:\WINDOWS\system32\LSASSMGR.EXE
jqs.exe [Sun Microsystems, Inc.] : C:\Program Files\Java\jre6\bin\jqs.exe
LSSMON.EXE : C:\WINDOWS\system32\LSSMON.EXE
YahooAUService.exe [Yahoo! Inc.] : C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
hpqwmiex.exe [Hewlett-Packard Development Company, L.P.] : C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
WLTRAY.exe [Broadcom Corporation] : C:\WINDOWS\system32\WLTRAY.exe
hpztsb10.exe [HP] : C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe
igfxpers.exe [Intel Corporation] : C:\WINDOWS\system32\igfxpers.exe
igfxsrvc.exe [Intel Corporation] : C:\WINDOWS\system32\igfxsrvc.exe
Rainlendar2.exe : C:\Program Files\Rainlendar2\Rainlendar2.exe
HpqToaster.exe : C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
msnmsgr.exe [Microsoft Corporation] : C:\Program Files\Windows Live\Messenger\msnmsgr.exe
PRFILE32.EXE : C:\Program Files\PrintFile\PRFILE32.EXE
ServiceLayer.exe [Nokia.] : C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
NclUSBSrv.exe : C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
NclRSSrv.exe : C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
LSASSMGR.EXE : C:\WINDOWS\system32\LSASSMGR.EXE

Internet Settings
R - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page = http://www.yahoo.com
R - HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R - HKLM\Software\Microsoft\Internet Explorer\Search, CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
R - HKLM\System\CurrentControlSet\Services\Tcpip\Param eters, Domain =
R - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Tel ephony, DomainName =

BHO
02 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - [Yahoo! Inc.] : C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
02 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - [Adobe Systems Incorporated] : C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
02 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - [Microsoft Corp.] : C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
02 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - [Sun Microsystems, Inc.] : C:\Program Files\Java\jre6\bin\jp2ssv.dll
02 - BHO: Windows Live Toolbar Beta - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - [Microsoft Corporation] : C:\Program Files\Windows Live\Toolbar\wltcore.dll
02 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - [Sun Microsystems, Inc.] : C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
02 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - [Yahoo! Inc] : C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInsta nce.dll

Toolbars
03 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - [Yahoo! Inc.] : C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
03 - Toolbar: &Windows Live Toolbar Beta - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - [Microsoft Corporation] : C:\Program Files\Windows Live\Toolbar\wltcore.dll

StartUps
04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run , Orb : [Orb Networks] : C:\Program Files\WINAMP REMOTE\BIN\ORBTRAY.EXE
04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run , Rainlendar2 : : C:\Program Files\Rainlendar2\Rainlendar2.exe
04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run , SetDefaultMIDI : [Creative Technology Ltd] : C:\WINDOWS\system32\MIDIDef.exe
04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run , msnmsgr : [Microsoft Corporation] : C:\Program Files\Windows Live\Messenger\msnmsgr.exe
04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run , Nokia.PCSync : [Time Information Services Ltd.] : C:\Program Files\NOKIA\NOKIA PC SUITE 7\PCSYNC2.EXE
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run , Broadcom Wireless Manager UI : [Broadcom Corporation] : C:\WINDOWS\system32\WLTRAY.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run , HPDJ Taskbar Utility : [HP] : C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run , CTxfiHlp : [Creative Technology Ltd] : C:\WINDOWS\system32\CTXFIHLP.EXE
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run , AsioReg : [Creative Technology Ltd] : C:\WINDOWS\system32\CTASIO.DLL
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run , Persistence : [Intel Corporation] : C:\WINDOWS\system32\igfxpers.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run , !AVG Anti-Spyware : [GRISOFT s.r.o.] : C:\Program Files\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run , Layersecurity Servicemonitor : : C:\WINDOWS\system32\LSSMON.EXE
04 - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs : [AVG Technologies CZ, s.r.o.] : C:\WINDOWS\system32\avgrsstx.dll
04 - Startup: : C:\Documents and Settings\CMS\Start Menu\Programs\Startup\desktop.ini
04 - Startup: : C:\Documents and Settings\CMS\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
04 - Startup: : C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
04 - Startup: : C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
04 - Startup: : C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
04 - Startup: : C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PrintFile.lnk
04 - Startup: %STARTUPALL%\PrintFile.lnk : C:\Program Files\PrintFile\PRFILE32.EXE

Shell Extensions
Microsoft Office Outlook - {00020D75-0000-0000-C000-000000000046} - [Microsoft Corporation] : C:\Program Files\Microsoft Office\OFFICE11\MLSHEXT.DLL
Outlook File Icon Extension - {0006F045-0000-0000-C000-000000000046} - [Microsoft Corporation] : C:\Program Files\Microsoft Office\OFFICE11\OLKFSTUB.DLL
WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} - : C:\Program Files\WinRAR\rarext.dll
RealOne Player Context Menu Class - {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - [RealNetworks, Inc.] : C:\Program Files\Real\RealPlayer\rpshell.dll
Nokia Phone Browser - {416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} - [Nokia] : C:\Program Files\Nokia\Nokia PC Suite 7\phonebrowser.dll
CLSID_WLMCMimeFilter - {0563DB41-F538-4B37-A92D-4659049B7766} - [Microsoft Corporation] : C:\Program Files\Windows Live\Mail\mailcomm.dll
- {06A2568A-CED6-4187-BB20-400B8C02BE5A} - [Microsoft Corporation] : C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe
Windows Live Photo Gallery Viewer Autoplay Shim - {00F33137-EE26-412F-8D71-F84E4C2C6625} - [Microsoft Corporation] : C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
Windows Live Photo Gallery Autoplay Drop Target - {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} - [Microsoft Corporation] : C:\Program Files\WINDOWS LIVE\PHOTO GALLERY\WLXPHOTOGALLERY.EXE
Windows Live Photo Gallery Editor Drop Target - {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} - [Microsoft Corporation] : C:\Program Files\WINDOWS LIVE\PHOTO GALLERY\WLXPHOTOGALLERY.EXE
Windows Live Photo Gallery Viewer Drop Target - {00F374B7-B390-4884-B372-2FC349F2172B} - [Microsoft Corporation] : C:\Program Files\WINDOWS LIVE\PHOTO GALLERY\WLXPHOTOGALLERY.EXE
Windows Live Photo Gallery Viewer Shim - {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} - [Microsoft Corporation] : C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
Windows Live Photo Gallery Editor Shim - {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} - [Microsoft Corporation] : C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
Windows Live Photo Gallery Viewer Autoplay Shim - {00F30F90-3E96-453B-AFCD-D71989ECC2C7} - [Microsoft Corporation] : C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll

Shell Extecute Hooks
CShellExecuteHookImpl Object - {{57B86673-276A-48B2-BAE7-C6DBB3020EB8}} - [GRISOFT s.r.o.] : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
SABShellExecuteHook Class - {{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}} - [SuperAdBlocker.com] : C:\Program Files\SUPERAntiSpyware\SASSEH.DLL

Protocol Handler
- {828030A1-22C1-4009-854F-8E305202313F} - [Microsoft Corporation] : C:\Program Files\Windows Live\Messenger\msgrapp.14.0.5027.0908.dll
- {828030A1-22C1-4009-854F-8E305202313F} - [Microsoft Corporation] : C:\Program Files\Windows Live\Messenger\msgrapp.14.0.5027.0908.dll
Data Page Pluggable Protocol mso-offdap Handler - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - [Microsoft Corporation] : C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
Windows Live Mail HTML Asynchronous Pluggable Protocol Handler - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - [Microsoft Corporation] : C:\Program Files\Windows Live\Mail\mailcomm.dll

Services
23 - : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
23 - [GRISOFT, s.r.o.] : C:\WINDOWS\system32\DRIVERS\AvgAsCln.sys
23 - [Broadcom Corporation] : C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
23 - [Microsoft Corporation] : C:\WINDOWS\system32\DRIVERS\fssfltr.sys
23 - [Conexant Systems Inc.] : C:\WINDOWS\system32\drivers\CHDAud.sys
23 - [Hewlett-Packard Development Company, L.P.] : C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
23 - [Conexant Systems, Inc.] : C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
23 - [Conexant Systems, Inc.] : C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
23 - [Intel Corporation] : C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
23 - [Sun Microsystems, Inc.] : C:\Program Files\Java\jre6\bin\jqs.exe
23 - [SUPERAdBlocker.com and SUPERAntiSpyware.com] : C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
23 - [SUPERAdBlocker.com and SUPERAntiSpyware.com] : C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
23 - [Nokia.] : C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
23 - [Conexant Systems, Inc.] : C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
23 - [Yahoo! Inc.] : C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

Winlogon Notify
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon, DLLName : [SUPERAntiSpyware.com] : C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui, DLLName : [Intel Corporation] : C:\WINDOWS\system32\igfxdev.dll

File Execution Options
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe, Debugger : : C:\Program Files\Mozilla Firefox\firefoxe.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe, Debugger : : C:\Program Files\Internet Explorer\iexplor.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe, Debugger : : C:\WINDOWS\system32\spool.exe

IE URL Search Hooks
Yahoo! Toolbar - {{EF99BD32-C1FB-11D2-892F-0090271D4F88}} - [Yahoo! Inc.] : C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

Threat Files
<Small-8586> : C:\WINDOWS\system32\LSASSMGR.EXE
<Trojan.Small-8586> : C:\WINDOWS\system32\LSASSMGR.EXE
<Small-8586> : C:\Program Files\Mozilla Firefox\firefoxe.exe
<Trojan.Small-8586> : C:\Program Files\Mozilla Firefox\firefoxe.exe
<Small-8586> : C:\Program Files\Internet Explorer\iexplor.exe
<Trojan.Small-8586> : C:\Program Files\Internet Explorer\iexplor.exe
<Small-8586> : C:\WINDOWS\system32\spool.exe
<Trojan.Small-8586> : C:\WINDOWS\system32\spool.exe

Advanced Files Report
%PROGRAMFILES%\SUPERAntiSpyware\SASWINLO.dll [SUPERAntiSpyware.com] [SUPERAntiSpyware WinLogon Processor] MD5=EDC730A6F345C01D9A12F09621665C5A SIZE=352256
%SYSDIR%\WLTRYSVC.EXE MD5=61E71BC3CD3530444000A9B68F7EE931 SIZE=18944
%SYSDIR%\bcmwltry.exe [Broadcom Corporation] [Broadcom 802.11 Network Adapter Wireless Network Controller] MD5=9A0CE1DB25F1CDD3ED11236884800538 SIZE=1093632
%SYSDIR%\bcm1xsup.dll MD5=DFFE021DD998826C9BC400954A62F368 SIZE=757760
%SYSDIR%\bcmwlpkt.dll [CACE Technologies] [WinPcap low level packet library] MD5=4DF537A09034434EA9481B88AB1D3C25 SIZE=69632
%SYSDIR%\wltrynt.dll [Broadcom Corporation] [Wireless Notification Provider] MD5=B286E639DBEBAD85AF2A3BDBCCAB4237 SIZE=44032
%SYSDIR%\hpzlnt10.dll [HP] [HP DeskJet] MD5=2030AF1F7504A82E31C892D14BE55D6F SIZE=135249
%PROGRAMFILES%\Java\jre6\bin\jqs.exe [Sun Microsystems, Inc.] [Java(TM) Platform SE 6 U11] MD5=32192B4EBE8720ED8D49A455C962CB91 SIZE=152984
%PROGRAMFILES%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [GRISOFT s.r.o.] [AVG Anti-Spyware] MD5=3FD0B984601D65C6DA8E891A0D5905D1 SIZE=79408
%PROGRAMFILES%\SUPERAntiSpyware\SASSEH.DLL [SuperAdBlocker.com] [SuperAntiSpyware] MD5=ECD5517A6633826057D4F050927DDF56 SIZE=77824
%SYSDIR%\Macromed\Flash\Flash9f.ocx [Adobe Systems, Inc.] [Shockwave Flash] MD5=48FDF435B8595604E54125B321924510 SIZE=2991488
%PROGRAMFILES%\Yahoo!\SoftwareUpdate\YahooAUServic e.exe [Yahoo! Inc.] [Yahoo! AutoUpdater] MD5=DD0042F0C3B606A6A8B92D49AFB18AD6 SIZE=602392
%PROGRAMFILES%\Hewlett-Packard\Shared\hpqwmiex.exe [Hewlett-Packard Development Company, L.P.] [hpqwmiex Module] MD5=04C1DCBB226C6AE647B794833CE3CEB6 SIZE=135168
%PROGRAMFILES%\Nokia\Nokia PC Suite 7\phonebrowser.dll [Nokia] [Phone Browser] MD5=E8B5BE3B1298E6C55F984105176A5DDB SIZE=611328
%PROGRAMFILES%\Nokia\Nokia PC Suite 7\NGSCM.DLL [Nokia] [Next Gen Suite Common Modules] MD5=79D4D68D6BDD2A704B088CE06B88DD1F SIZE=823296
%PROGRAMFILES%\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr [Nokia] [Nokia Phone Browser] MD5=73DD6940DCCB252489CE5C4EF8CDA075 SIZE=26624
%PROGRAMFILES%\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr [Nokia] [Nokia Phone Browser] MD5=F2699D792A0D3079E9B2EE7F6F7C62AF SIZE=573440
%PROGRAMFILES%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe Systems Incorporated] [AcroIEHelper Library] MD5=42729C3DE75A7A51FC6F9EF6546C9199 SIZE=63136
%PROGRAMFILES%\WinRAR\rarext.dll MD5=023707D932BA31314210E6844D33D500 SIZE=129024
%SYSDIR%\spool\drivers\w32x86\3\HPZR3210.dll [HP] [Driver UI dlll] MD5=A49D4637796E347FB41ACA5E056151C3 SIZE=3182592
%SYSDIR%\hccutils.DLL [Intel Corporation] [Intel(R) Common User Interface] MD5=9CCA783AC94DED99F23985142D5F3991 SIZE=102400
%SYSDIR%\igfxsrvc.dll [Intel Corporation] [Intel(R) Common User Interface] MD5=30DB789A2D61DBE9BFCC07E3E9F3CDA8 SIZE=48128
%SYSDIR%\igfxres.dll [Intel Corporation] [Intel(R) Common User Interface] MD5=8C83E643E864F4CCBDAA851D12564924 SIZE=172032
%SYSDIR%\igfxsrvc.exe [Intel Corporation] [Intel(R) Common User Interface] MD5=1D4F13DBB57C5152FC9A5DABBCFC78B4 SIZE=249856
%SYSDIR%\igfxdev.dll [Intel Corporation] [Intel(R) Common User Interface] MD5=1180852DBFADAFC375DBBA1F6B23EEE7 SIZE=208896
%PROGRAMFILES%\Rainlendar2\plugins\iCalendarPlugin .dll MD5=8F945FC440FDD7C705AF3FB112C6E6D5 SIZE=140288
%PROGRAMFILES%\Hewlett-Packard\Shared\HpqToaster.exe [HpqToaster Module] MD5=9876623329C382AFBAB5B9D8099BD203 SIZE=491606
%PROGRAMFILES%\PrintFile\PRFILE32.EXE MD5=3C6767A12143A78CD405733CE54EA273 SIZE=180224
%PROGRAMFILES%\PC Connectivity Solution\ServiceLayer.exe [Nokia.] [PC Connectivity Solution] MD5=277D0890E10584C216BCCFA4EF6B9B3D SIZE=575488
%PROGRAMFILES%\PC Connectivity Solution\PCCS_DBEngine.dll [Nokia] [PC Connectivity Solution] MD5=115486AE993D1AFDB63BDAB8219A143B SIZE=367104
%PROGRAMFILES%\PC Connectivity Solution\NclDS.dll [Nokia] [PC Connectivity Solution] MD5=1ADDE417535A21AEA0383283D90FA4DF SIZE=214016
%PROGRAMFILES%\PC Connectivity Solution\NclTools.dll [Nokia] [PC Connectivity Solution] MD5=A272D696EFB8C8E3F392004987311EE4 SIZE=126976
%PROGRAMFILES%\PC Connectivity Solution\Transports\NclUSBSrv.exe [PC Connectivity Solution] MD5=400F8DB10A789BDD2A7C8D953FB8B71D SIZE=130560
%PROGRAMFILES%\PC Connectivity Solution\Transports\NclRSSrv.exe [PC Connectivity Solution] MD5=0E8BCB500CB3CB9296EB14A0A4B82548 SIZE=120320
%APPDATA%\Mozilla\Firefox\Profiles\g77arijd.defaul t\extensions\bkmrksync@nokia.com\components\BkMrkE xt.dll [Time Information Services Ltd.] [BkMrk Sync Extension] MD5=A817C8B492BFC8FA43E5FFA8FC5DAD33 SIZE=249856
%SYSDIR%\Macromed\Flash\NPSWF32.dll [Adobe Systems, Inc.] [Shockwave Flash] MD5=58F41CA8F9C2014709F9547B2B81A468 SIZE=3695008
%STARTUP%\desktop.ini MD5=D6A6856702E3F0953E7246A9B4A9FE35 SIZE=84
%STARTUP%\Stardock ObjectDock.lnk MD5=0FC80B1F29DDC1FC3EC4BB1829CC63DB SIZE=1685
%STARTUPALL%\Adobe Gamma Loader.lnk MD5=1681E390F1E055119572C5B38B3E144B SIZE=986
%STARTUPALL%\Adobe Reader Speed Launch.lnk MD5=B86C2297094B6E888BC704E9E6EC3FA2 SIZE=1757
%STARTUPALL%\desktop.ini MD5=D6A6856702E3F0953E7246A9B4A9FE35 SIZE=84
%STARTUPALL%\PrintFile.lnk MD5=F49CD109D746CA0AE74A6306389D1105 SIZE=1595
%PROGRAMFILES%\Yahoo!\Companion\Installs\cpn0\yt.d ll [Yahoo! Inc.] [Yahoo! Toolbar] MD5=5ADE87BAB92BF73E2FD63A7946D0F3A0 SIZE=911600
deskpan.dll
%PROGRAMFILES%\Microsoft Office\OFFICE11\MLSHEXT.DLL [Microsoft Corporation] [Microsoft Office Outlook] MD5=283926C9F1D6C0EC263962F684F502A1 SIZE=33120
%PROGRAMFILES%\Microsoft Office\OFFICE11\OLKFSTUB.DLL [Microsoft Corporation] [Microsoft Office Outlook] MD5=EEFF9EB53DE2111DEC77E7C9E8D090F0 SIZE=236384
%PROGRAMFILES%\Real\RealPlayer\rpshell.dll [RealNetworks, Inc.] [RealPlayer] MD5=D3EA9C1687A12608BF4D505EDAC585D6 SIZE=63040
%PROGRAMFILES%\Windows Live\Mail\mailcomm.dll [Microsoft Corporation] [Windows Live Mail] MD5=79DB4384FAC86529506F52DFE6EE497D SIZE=823808
%PROGRAMFILES%\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Microsoft Corporation] [Windows Live® Photo Gallery] MD5=8490C7D7D104F84D4CD5CF3F0BCC8806 SIZE=234528
%PROGRAMFILES%\Windows Live\Photo Gallery\PhotoViewerShim.dll [Microsoft Corporation] [Windows Live® Photo Gallery] MD5=10DFC43C8B22DDFE1E002776BF04331E SIZE=46112
%PROGRAMFILES%\WINDOWS LIVE\PHOTO GALLERY\WLXPHOTOGALLERY.EXE [Microsoft Corporation] [Windows Live® Photo Gallery] MD5=6A72C40E5DB59770D5815583D641A2D9 SIZE=119296
%SYSDIR%\svchost.exe -k netsvcs
%PROGRAMFILES%\Grisoft\AVG Anti-Spyware 7.5\guard.sys MD5=D6F4C1450699901048818B0C3AAF7A17 SIZE=11000
%SYSDIR%\DRIVERS\AvgAsCln.sys [GRISOFT, s.r.o.] [AVG7 Clean Driver] MD5=856B0CEE009946BF2D327E6B24FE7E3F SIZE=10872
%SYSDIR%\DRIVERS\bcmwl5.sys [Broadcom Corporation] [Broadcom 802.11 Network Adapter wireless driver] MD5=69F940672BE0ECEE5BD1E905706BA8CE SIZE=424320
%SYSDIR%\svchost -k DcomLaunch
%SYSDIR%\svchost.exe -k NetworkService
%SYSDIR%\DRIVERS\fssfltr.sys [Microsoft Corporation] [Family Safety Filter Driver (TDI)] MD5=EE2241501D513352C1A704C48D9A149D SIZE=56344
%SYSDIR%\drivers\CHDAud.sys [Conexant Systems Inc.] [Conexant HDAudio Driver] MD5=08F0F83FDB49CDBCACF546971A660524 SIZE=594432
%SYSDIR%\DRIVERS\HSFHWAZL.sys [Conexant Systems, Inc.] [SoftK56 Modem Driver] MD5=0AAEF566E6782957252FA79F566FBC0B SIZE=211456
%SYSDIR%\DRIVERS\HSF_DPV.sys [Conexant Systems, Inc.] [SoftK56 Modem Driver] MD5=E472E0CB4E716CC34C0E045F2C196221 SIZE=989696
%SYSDIR%\svchost.exe -k HTTPFilter
%SYSDIR%\DRIVERS\igxpmp32.sys [Intel Corporation] [Intel Graphics Accelerator Drivers for Windows NT(R)] MD5=48846B31BE5A4FA662CCFDE7A1BA86B9 SIZE=5854752
%SYSDIR%\svchost.exe -k LocalService
%SYSDIR%\svchost -k rpcss
%PROGRAMFILES%\SUPERAntiSpyware\SASDIFSV.SYS [SUPERAdBlocker.com and SUPERAntiSpyware.com] [SUPERAntiSpyware] MD5=C030C9A39E85B6F04A8DD25D1A50258A SIZE=8944
%PROGRAMFILES%\SUPERAntiSpyware\SASKUTIL.sys [SUPERAdBlocker.com and SUPERAntiSpyware.com] [SUPERAntiSpyware] MD5=64C100DBF57C6CB6E7D5D24153F5E444 SIZE=55024
%SYSDIR%\svchost.exe -k imgsvc
%SYSDIR%\DRIVERS\HSF_CNXT.sys [Conexant Systems, Inc.] [SoftK56 Modem Driver] MD5=0E666AC2766F2FD860CC03F405A2ACE1 SIZE=731520
%SYSDIR%\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe
%SYSDIR%\svchost.exe -k WudfServiceGroup
%PROGRAMFILES%\Windows Live\Messenger\msgrapp.14.0.5027.0908.dll [Microsoft Corporation] [Windows Live Messenger Protocol Handler Module] MD5=8F52BDC9B2ADFF3A99E1CBE60D86042A SIZE=64000
%COMMONFILES%\Microsoft Shared\Web Components\10\OWC10.DLL [Microsoft Corporation] [Microsoft Office XP] MD5=AA2204BD7F9FBFAA09EF15C212A67D69 SIZE=7255384

End of Report


Remove Process:

Preparing structures
Creating System Restore Point
Remove Small-8586
Deleted File: C:\WINDOWS\system32\LSASSMGR.EXE
Deleted File: C:\Program Files\Mozilla Firefox\firefoxe.exe
Deleted File: C:\Program Files\Internet Explorer\iexplor.exe
Deleted File: C:\WINDOWS\system32\spool.exe
Closing System Restore Point
Done

[evilfantasy]

Run this online scan.

This scanner requires Internet Explorer

Use the ESET Nod32 Online Scanner

1. Check the box next to YES, I accept the Terms of Use.
2. Click Start
3. When asked, allow the activex control to install
4. Click Start
5. Make sure that the option Remove found threats and the option Scan unwanted applications is check marked.
6. Click Scan
7. Wait for the scan to finish
8. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
9. Add the C:\Program Files\EsetOnlineScanner\log.txt log into your next reply.

----------

Download random's system information tool (RSIT) by random/random from and save it to your Desktop.

• Double click on RSIT.exe to run.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open.
• log.txt <will be maximized and info.txt <will be minimized
• Please post the contents of both logs in the next reply.