Adware.eXact Advertising
C:\SYSTEM VOLUME INFORMATION_RESTORE{C36F20AE-6081-496A-B83A-3F6253FA7229}\RP106\A0032039.EXE
C:\SYSTEM VOLUME INFORMATION_RESTORE{C36F20AE-6081-496A-B83A-3F6253FA7229}\RP120\A0037261.EXE
C:\SYSTEM VOLUME INFORMATION_RESTORE{C36F20AE-6081-496A-B83A-3F6253FA7229}\RP124\A0037495.EXE
Adware.ZToolbar
C:\SYSTEM VOLUME INFORMATION_RESTORE{C36F20AE-6081-496A-B83A-3F6253FA7229}\RP130\A0047005.INF
Trojan.Service
C:\WINDOWS\SYSTEM32\SERVICE.EXE
Trojan.ErrorSafe
D:\PROGRAM FILES\ERROR SAFE\INSTHELP.EXE
D:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.1\UERS_9999_N91S2507NETINSTALLER.EXE
Adware.WhenU
D:\SYSTEM VOLUME INFORMATION_RESTORE{0534E627-4F14-4105-95EE-858952EC082B}\RP154\A0041960.EXE
D:\SYSTEM VOLUME INFORMATION_RESTORE{C93E01D6-892D-4A91-ADD4-EA2B5266DCF8}\RP27\A0015156.EXE
Adware.IST/SaferScan
D:\SYSTEM VOLUME INFORMATION_RESTORE{0534E627-4F14-4105-95EE-858952EC082B}\RP215\A0063441.EXE
And The New Hijackthis! log…
Logfile of HijackThis v1.99.1
Scan saved at 12:35:06 PM, on 21/03/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
c:\programs\Avast4\aswUpdSv.exe
D:\WINDOWS\ATKKBService.exe
c:\programs\Avast4\ashServ.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\WINDOWS\SOUNDMAN.EXE
C:\programs\Avast4\ashDisp.exe
D:\Program Files\Java\jre1.6.0\bin\jusched.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\programs\DAEMON Tools\daemon.exe
C:\Programs\TASKBA~1\TaskBar.exe
D:\Program Files\AIM95\aim.exe
C:\programs\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
D:\WINDOWS\System32\wuauclt.exe
c:\programs\Avast4\ashWebSv.exe
D:\Program Files\internet explorer\iexplore.exe
C:\HijackThis.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - D:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM..\Run: [avast!] c:\programs\Avast4\ashDisp.exe
O4 - HKLM..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM..\Run: [SunJavaUpdateSched] “D:\Program Files\Java\jre1.6.0\bin\jusched.exe”
O4 - HKLM..\Run: [CloneCDTray] “C:\programs\CloneCD\CloneCDTray.exe” /s
O4 - HKLM..\Run: [Zone Labs Client] “D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe”
O4 - HKLM..\Run: [QuickTime Task] “C:\programs\QuickTime\qttask.exe” -atboottime
O4 - HKLM..\Run: [DAEMON Tools] “C:\programs\DAEMON Tools\daemon.exe” -lang 1033
O4 - HKCU..\Run: [Taskbar Hide] C:\Programs\TASKBA~1\TaskBar.exe -Start
O4 - HKCU..\Run: [AIM] D:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\programs\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM95\aim.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www4.snapfish.com.au/SnapfishActivia.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O20 - Winlogon Notify: !SASWinLogon - C:\programs\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - c:\programs\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - D:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - Unknown owner - c:\programs\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - c:\programs\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - c:\programs\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe