Logfile of Spyware Terminator v2.5.6.316 (db:3.004.024.000)
Scan Time: 4/25/2009 8:36:45 PM length: 4353 s
Platform: WXP (5.1.0.2600)
User: Admin
Boot Mode: Normal
Scan type: Ultra Scanner
Scanned Objects: 204263 (Critical:0)
Filter: No System items, No Safe items, No Invalid items
Running Processes
aswUpdSv.exe [ALWIL Software] : C:\Program Files\MegaCool\SomethingforU\aswUpdSv.exe
ashServ.exe [ALWIL Software] : C:\Program Files\MegaCool\SomethingforU\ashServ.exe
jqs.exe [Sun Microsystems, Inc.] : C:\Program Files\Java\jre6\bin\jqs.exe
LxrJD31s.exe : C:\WINDOWS\system32\LxrJD31s.exe
uphclean.exe [Microsoft Corporation] : C:\Program Files\UPHClean\uphclean.exe
ViewpointService.exe [Viewpoint Corporation] : C:\Program Files\Viewpoint\Common\ViewpointService.exe
ashDisp.exe [ALWIL Software] : C:\Program Files\MegaCool\SomethingforU\ashDisp.exe
ashMaiSv.exe [ALWIL Software] : C:\Program Files\MegaCool\SomethingforU\ashMaiSv.exe
ashWebSv.exe [ALWIL Software] : C:\Program Files\MegaCool\SomethingforU\ashWebSv.exe
wltuser.exe [Microsoft Corporation] : C:\Program Files\Windows Live\Toolbar\wltuser.exe
Internet Settings
R - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page =
http://www.msn.com/R - HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant =
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htmR - HKLM\Software\Microsoft\Internet Explorer\Search, CustomizeSearch =
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htmR - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings, ProxyOverride = *.local
R - HKLM\System\CurrentControlSet\Services\Tcpip\Parameters, Domain =
R - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony, DomainName =
BHO
02 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - [Ask.com] : C:\Program Files\AskBarDis\bar\bin\askBar.dll
02 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - [Microsoft Corp.] : C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
02 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - [Against Intuition Oy] : C:\Program Files\WOT\WOT.dll
02 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - [Sun Microsystems, Inc.] : C:\Program Files\Java\jre6\bin\jp2ssv.dll
02 - BHO: Windows Live Toolbar Beta - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - [Microsoft Corporation] : C:\Program Files\Windows Live\Toolbar\wltcore.dll
02 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - [Sun Microsystems, Inc.] : C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
Toolbars
03 - Toolbar: &Windows Live Toolbar Beta - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - [Microsoft Corporation] : C:\Program Files\Windows Live\Toolbar\wltcore.dll
03 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - [Against Intuition Oy] : C:\Program Files\WOT\WOT.dll
03 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - [Ask.com] : C:\Program Files\AskBarDis\bar\bin\askBar.dll
StartUps
04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, msnmsgr : [Microsoft Corporation] : C:\Program Files\WINDOWS LIVE\MESSENGER\MSNMSGR.EXE
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, eFax 4.3 : [j2 Global Communications, Inc.] : C:\Program Files\EFAX MESSENGER 4.3\J2GDLLCMD.EXE
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, avast! : [ALWIL Software] : C:\Program Files\MegaCool\SomethingforU\ashDisp.exe
04 - Startup: : C:\Documents and Settings\Donovan\Start Menu\Programs\Startup\desktop.ini
04 - Startup: : C:\Documents and Settings\Donovan\Start Menu\Programs\Startup\Secunia PSI.lnk
04 - Startup: : C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\desktop.ini
Shell Extensions
HotShellExt - {6872d785-fe43-44cb-9b2a-2df4c5eb13b2} - [j2 Global Communications, Inc.] : C:\Program Files\eFax Messenger 4.3\J2GShell.dll
Web Sites - {AB4F43CA-ADCD-4384-B9AF-3CECEA7D6544} - [Microsoft Corporation] : C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\BIN\FPNSE.DLL
CLSID_WLMCMimeFilter - {0563DB41-F538-4B37-A92D-4659049B7766} - [Microsoft Corporation] : C:\Program Files\Windows Live\Mail\mailcomm.dll
- {06A2568A-CED6-4187-BB20-400B8C02BE5A} - [Microsoft Corporation] : C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe
Windows Live Photo Gallery Viewer Autoplay Shim - {00F33137-EE26-412F-8D71-F84E4C2C6625} - [Microsoft Corporation] : C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
Windows Live Photo Gallery Autoplay Drop Target - {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} - [Microsoft Corporation] : C:\Program Files\WINDOWS LIVE\PHOTO GALLERY\WLXPHOTOGALLERY.EXE
Windows Live Photo Gallery Editor Drop Target - {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} - [Microsoft Corporation] : C:\Program Files\WINDOWS LIVE\PHOTO GALLERY\WLXPHOTOGALLERY.EXE
Windows Live Photo Gallery Viewer Drop Target - {00F374B7-B390-4884-B372-2FC349F2172B} - [Microsoft Corporation] : C:\Program Files\WINDOWS LIVE\PHOTO GALLERY\WLXPHOTOGALLERY.EXE
Windows Live Photo Gallery Viewer Shim - {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} - [Microsoft Corporation] : C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
Windows Live Photo Gallery Editor Shim - {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} - [Microsoft Corporation] : C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
Windows Live Photo Gallery Viewer Autoplay Shim - {00F30F90-3E96-453B-AFCD-D71989ECC2C7} - [Microsoft Corporation] : C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
avast - {472083B0-C522-11CF-8763-00608CC02F24} - [ALWIL Software] : C:\Program Files\MegaCool\SomethingforU\ashShell.dll
Protocol Handler
- {828030A1-22C1-4009-854F-8E305202313F} - [Microsoft Corporation] : C:\Program Files\Windows Live\Messenger\msgrapp.14.0.5027.0908.dll
- {828030A1-22C1-4009-854F-8E305202313F} - [Microsoft Corporation] : C:\Program Files\Windows Live\Messenger\msgrapp.14.0.5027.0908.dll
Windows Live Mail HTML Asynchronous Pluggable Protocol Handler - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - [Microsoft Corporation] : C:\Program Files\Windows Live\Mail\mailcomm.dll
WOT Protocol - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - [Against Intuition Oy] : C:\Program Files\WOT\WOT.dll
Services
23 - [ALWIL Software] : C:\Program Files\MegaCool\SomethingforU\aswUpdSv.exe
23 - [ALWIL Software] : C:\Program Files\MegaCool\SomethingforU\ashServ.exe
23 - [ALWIL Software] : C:\Program Files\MegaCool\SomethingforU\ashMaiSv.exe
23 - [ALWIL Software] : C:\Program Files\MegaCool\SomethingforU\ashWebSv.exe
23 - [Creative Technology Ltd] : C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
23 - [Deterministic Networks, Inc.] : C:\WINDOWS\system32\DRIVERS\dne2000.sys
23 - [Sun Microsystems, Inc.] : C:\Program Files\Java\jre6\bin\jqs.exe
23 - : C:\WINDOWS\system32\Drivers\LxrJD31d.sys
23 - : C:\WINDOWS\system32\LxrJD31s.exe
23 - [Dell Computer Corporation] : C:\WINDOWS\system32\DRIVERS\OMCI.SYS
23 - [Creative Technology Ltd.] : C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
23 - [Creative Technology Ltd.] : C:\WINDOWS\system32\drivers\P16X.sys
23 - [Creative Technology Ltd.] : C:\WINDOWS\system32\drivers\PfModNT.sys
23 - [SonicWALL, Inc.] : C:\WINDOWS\system32\Drivers\RCFOX.sys
23 - [Protection Technology] : C:\WINDOWS\system32\drivers\sfdrv01.sys
23 - [Protection Technology] : C:\WINDOWS\system32\drivers\sfhlp02.sys
23 - [Protection Technology] : C:\WINDOWS\system32\drivers\sfsync02.sys
23 - [Protection Technology] : C:\WINDOWS\system32\drivers\sfvfs02.sys
23 - [Microsoft Corporation] : C:\Program Files\UPHClean\uphclean.exe
23 - [USR] : C:\WINDOWS\system32\DRIVERS\usrwlan.sys
23 - [Microsoft Corporation] : C:\WINDOWS\system32\Drivers\VCFFltr.SYS
23 - [Viewpoint Corporation] : C:\Program Files\Viewpoint\Common\ViewpointService.exe
23 - [America Online, Inc.] : C:\WINDOWS\system32\DRIVERS\wanatw4.sys
23 - [Crawler.com] : C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
Threat Files
<Java(tm) Plug-In 2 SSV Helper ( BHO )> (User Threat) [Sun Microsystems, Inc.] : C:\Program Files\Java\jre6\bin\jp2ssv.dll
<JQSIEStartDetectorImpl Class ( BHO )> (User Threat) [Sun Microsystems, Inc.] : C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
<&Windows Live Toolbar Beta ( Toolbar )> (User Threat) [Microsoft Corporation] : C:\Program Files\Windows Live\Toolbar\wltcore.dll
<Search Helper ( BHO )> (User Threat) [Microsoft Corp.] : C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
Advanced Files Report
%PROGRAMFILES%\MegaCool\SomethingforU\aswUpdSv.exe [ALWIL Software] [avast! Antivirus] MD5=B4253776EE034F6770FCEE32C28490B0 SIZE=18752
%PROGRAMFILES%\MegaCool\SomethingforU\aswCmnS.dll [ALWIL Software] [avast! Antivirus] MD5=A702AF52B8E8BF225AD045812A84A1CC SIZE=192512
%PROGRAMFILES%\MegaCool\SomethingforU\aswCmnOS.dll [ALWIL Software] [avast! Antivirus] MD5=1CD561EE4D3232A166BEE03642936EB0 SIZE=86016
%PROGRAMFILES%\MegaCool\SomethingforU\aswCmnB.dll [ALWIL Software] [avast! Antivirus] MD5=6E4A9A1B2458AF79ED5A6F6B4D5F05A7 SIZE=131072