Ad-Aware SE Build 1.06r1
Logfile Created on:Saturday, June 23, 2007 8:21:43 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R176 19.06.2007
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Win32.TrojanClicker(TAC index:10):2 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
6-23-2007 8:21:43 PM - Scan started. (Smart mode)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [taskeng.exe]
FilePath : C:\Windows\system32\
ProcessID : 1900
ThreadCreationTime : 6-23-2007 10:36:48 PM
BasePriority : Normal
FileVersion : 6.0.6000.16386 (vista_rtm.061101-2205)
ProductVersion : 6.0.6000.16386
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskEng
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : taskeng.exe.mui
#:2 [dwm.exe]
FilePath : C:\Windows\system32\
ProcessID : 1944
ThreadCreationTime : 6-23-2007 10:36:48 PM
BasePriority : Normal
FileVersion : 6.0.6000.16386 (vista_rtm.061101-2205)
ProductVersion : 6.0.6000.16386
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Desktop Window Manager
InternalName : dwm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : dwm.exe.mui
#:3 [explorer.exe]
FilePath : C:\Windows\
ProcessID : 116
ThreadCreationTime : 6-23-2007 10:36:49 PM
BasePriority : Normal
FileVersion : 6.0.6000.16386 (vista_rtm.061101-2205)
ProductVersion : 6.0.6000.16386
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE.MUI
#:4 [rthdvcpl.exe]
FilePath : C:\Windows\
ProcessID : 392
ThreadCreationTime : 6-23-2007 10:36:50 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 11
ProductVersion : 1, 0, 0, 11
ProductName : HD Audio Control Panel
CompanyName : Realtek Semiconductor
FileDescription : HD Audio Control Panel
InternalName : RtHDVCpl.exe
LegalCopyright : 2006 © Realtek Semiconductor. All rights reserved.
OriginalFilename : RtHDVCpl.exe
#:5 [igfxtray.exe]
FilePath : C:\Windows\System32\
ProcessID : 620
ThreadCreationTime : 6-23-2007 10:36:50 PM
BasePriority : Normal
FileVersion : 7.14.10.1147
ProductVersion : 7.14.10.1147
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : igfxTray Module
InternalName : IGFXTRAY
LegalCopyright : Copyright 1999-2006, Intel Corporation
OriginalFilename : IGFXTRAY.EXE
#:6 [hkcmd.exe]
FilePath : C:\Windows\System32\
ProcessID : 784
ThreadCreationTime : 6-23-2007 10:36:50 PM
BasePriority : Normal
FileVersion : 6.14.10.1147
ProductVersion : 6.14.10.1147
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
LegalCopyright : Copyright 1999-2006, Intel Corporation
OriginalFilename : HKCMD.EXE
#:7 [igfxpers.exe]
FilePath : C:\Windows\System32\
ProcessID : 1156
ThreadCreationTime : 6-23-2007 10:36:51 PM
BasePriority : Normal
FileVersion : 7.14.10.1147
ProductVersion : 7.14.10.1147
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : persistence Module
InternalName : PERSISTENCE
LegalCopyright : Copyright 1999-2006, Intel Corporation
OriginalFilename : IGFXPERS.EXE
#:8 [pdvdserv.exe]
FilePath : C:\Program Files\CyberLink\PowerDVD\
ProcessID : 1384
ThreadCreationTime : 6-23-2007 10:36:51 PM
BasePriority : Normal
FileVersion : 7.00.2320
ProductVersion : 7.00.2320
ProductName : PowerDVD
CompanyName : Cyberlink Corp.
FileDescription : PowerDVD RC Service
InternalName : PowerDVD RC Service
LegalCopyright : Copyright © CyberLink Corp. 1997-2006
OriginalFilename : PDVDSERV.EXE
#:9 [mskagent.exe]
FilePath : C:\Program Files\McAfee\MSK\
ProcessID : 1616
ThreadCreationTime : 6-23-2007 10:36:53 PM
BasePriority : Normal
FileVersion : 8.2.125.0
ProductVersion : 8.2
ProductName : McAfee SpamKiller
CompanyName : McAfee Inc.
FileDescription : McAfee SpamKiller MskAgent Application
InternalName : MskAgent
LegalCopyright : Copyright © 2006, McAfee Inc.
OriginalFilename : MskAgent.exe
#:10 [siteadv.exe]
FilePath : C:\Program Files\SiteAdvisor\6066\
ProcessID : 1440
ThreadCreationTime : 6-23-2007 10:36:53 PM
BasePriority : Normal
FileVersion : 2.0.0.75
ProductVersion : 2.0.0.75
ProductName : SiteAdvisor
CompanyName : McAfee, Inc.
FileDescription : SiteAdvisor
InternalName : SiteAdv
LegalCopyright : Copyright McAfee, Inc. All rights reserved.
OriginalFilename : SiteAdv
#:11 [communications_helper.exe]
FilePath : C:\Program Files\Common Files\Logitech\LComMgr\
ProcessID : 772
ThreadCreationTime : 6-23-2007 10:36:53 PM
BasePriority : Normal
FileVersion : 1.4.0.1063
ProductVersion : 1.4.0.1063
ProductName : Logitech
CompanyName : Logitech Inc.
FileDescription : Communications Manager
InternalName : Communications_Helper.exe
LegalCopyright : © 1996-2007 Logitech. All rights reserved.
OriginalFilename : Communications_Helper.exe
#:12 [quickcam10.exe]
FilePath : C:\Program Files\Logitech\QuickCam10\
ProcessID : 1872
ThreadCreationTime : 6-23-2007 10:36:54 PM
BasePriority : Normal
#:13 [lvcomsx.exe]
FilePath : C:\Program Files\Common Files\Logitech\LComMgr\
ProcessID : 248
ThreadCreationTime : 6-23-2007 10:36:54 PM
BasePriority : Normal
FileVersion : 10.4.0.1401
ProductVersion : 10.4.0.1401
ProductName : Logitech QuickCam
CompanyName : Logitech Inc.
FileDescription : LVCom Server
InternalName : LVComS.exe
LegalCopyright : © 1996-2007 Logitech. All rights reserved.
OriginalFilename : LVComS.exe
#:14 [bigfix.exe]
FilePath : C:\Program Files\BigFix\
ProcessID : 1128
ThreadCreationTime : 6-23-2007 10:36:55 PM
BasePriority : Normal
FileVersion : 2, 1, 1, 3
ProductVersion : 2, 1, 1, 3
ProductName : BigFix
CompanyName : BigFix Inc.
FileDescription : BigFix Client Application
InternalName : BigFix
LegalCopyright : Copyright © 2002
OriginalFilename : BigFix.exe
#:15 [ieuser.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 1696
ThreadCreationTime : 6-23-2007 10:36:56 PM
BasePriority : Normal
FileVersion : 6.0.6000.16386 (vista_rtm.061101-2205)
ProductVersion : 6.0.6000.16386
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : ieuser.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ieuser.exe.mui
#:16 [msascui.exe]
FilePath : C:\Program Files\Windows Defender\
ProcessID : 1856
ThreadCreationTime : 6-23-2007 10:36:57 PM
BasePriority : Normal
FileVersion : 1.1.1505.0
ProductVersion : 1.1.1505.0
ProductName : Windows Defender
CompanyName : Microsoft Corporation
FileDescription : Windows Defender User Interface
InternalName : MSASCUI
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : MSASCUI.exe
#:17 [mcagent.exe]
FilePath : C:\PROGRA~1\McAfee.com\Agent\
ProcessID : 2332
ThreadCreationTime : 6-23-2007 10:37:02 PM
BasePriority : Normal
FileVersion : 7,2,142,0
ProductVersion : 7,2,0,0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc.
FileDescription : McAfee Integrated Security Platform
InternalName : McAgent
LegalCopyright : Copyright © 2006 McAfee, Inc.
OriginalFilename : McAgent.exe
#:18 [mpsevh.exe]
FilePath : C:\Program Files\McAfee\MPS\
ProcessID : 3336
ThreadCreationTime : 6-23-2007 10:37:21 PM
BasePriority : Normal
FileVersion : 9.2.134.0
ProductVersion : 9.2.134.0
ProductName : McAfee Privacy Service
CompanyName : McAfee, Inc.
FileDescription : McAfee Privacy Service 9.0 Event Handler
InternalName : MpsEventHandler
LegalCopyright : Copyright © 2006 McAfee, Inc.
OriginalFilename : mpsevh.exe
#:19 [winmail.exe]
FilePath : C:\Program Files\Windows Mail\
ProcessID : 2576
ThreadCreationTime : 6-23-2007 10:38:01 PM
BasePriority : Normal
FileVersion : 6.0.6000.16386 (vista_rtm.061101-2205)
ProductVersion : 6.0.6000.16386
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Mail
InternalName : WinMail.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WinMail.exe.mui
#:20 [unsecapp.exe]
FilePath : C:\Windows\system32\wbem\
ProcessID : 1744
ThreadCreationTime : 6-23-2007 10:38:13 PM
BasePriority : Normal
FileVersion : 6.0.6000.16386 (vista_rtm.061101-2205)
ProductVersion : 6.0.6000.16386
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Sink to receive asynchronous callbacks for WMI client application
InternalName : unsecapp.dll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : unsecapp.dll
#:21 [cocimanager.exe]
FilePath : C:\Program Files\Common Files\Logishrd\LQCVFX\
ProcessID : 3680
ThreadCreationTime : 6-23-2007 10:38:41 PM
BasePriority : Normal
FileVersion : 10.4.0.1401
ProductVersion : 10.4.0.1401
ProductName : Logitech QuickCam
CompanyName : Logitech Inc.
FileDescription : Camera Control Interface
InternalName : COCIManager.exe
LegalCopyright : © 1996-2007 Logitech. All rights reserved.
OriginalFilename : COCIManager.exe
#:22 [superantispyware.exe]
FilePath : C:\Users\J&Kim\Documents\superspyware\
ProcessID : 4524
ThreadCreationTime : 6-23-2007 10:39:17 PM
BasePriority : Normal
FileVersion : 3, 8, 0, 1002
ProductVersion : 3, 8, 0, 1002
ProductName : SUPERAntiSpyware
CompanyName : SUPERAntiSpyware.com
FileDescription : SUPERAntiSpyware
InternalName : SUPERAntiSpyware
LegalCopyright : Copyright © 2005-2007 by SUPERAntiSpyware.com and SUPERAdBlocker.com
OriginalFilename : SUPERAntiSpyware.exe
#:23 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 2604
ThreadCreationTime : 6-23-2007 10:59:19 PM
BasePriority : Normal
FileVersion : 7.00.6000.16386 (vista_rtm.061101-2205)
ProductVersion : 7.00.6000.16386
ProductName : Windows® Internet Explorer
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE.MUI
#:24 [flashutil9c.exe]
FilePath : C:\Windows\system32\Macromed\Flash\
ProcessID : 3956
ThreadCreationTime : 6-24-2007 12:20:48 AM
BasePriority : Normal
FileVersion : 9,0,45,0
ProductVersion : 9,0,45,0
ProductName : Flash Player Helper
CompanyName : Adobe Systems, Inc.
FileDescription : Adobe Flash Player Helper 9.0 r45
InternalName : Adobe Flash Player Helper 9.0
LegalCopyright : Copyright © 1996-2007 Adobe, Inc.
LegalTrademarks : Adobe Flash Player
OriginalFilename : FlashBroker.exe
#:25 [ad-aware.exe]
FilePath : C:\Users\J&Kim\Documents\ad-ware\Ad-Aware SE Personal\
ProcessID : 6072
ThreadCreationTime : 6-24-2007 12:21:22 AM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Win32.TrojanClicker Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{c68ae9c0-0909-4ddc-b661-c1afb9f5ae53}
Win32.TrojanClicker Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{c68ae9c0-0909-4ddc-b661-c1afb9f5ae53}
Value : AppID
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 2
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
<STOP>
8:22:26 PM Scan stopped by user
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:00:43.281
Objects scanned:79731
Objects identified:2
Objects ignored:0
New critical objects:2
Logfile of HijackThis v1.99.1
Scan saved at 9:14:55 PM, on 6/23/2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\mobsync.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\McAfee\MSK\mskagent.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\BigFix\bigfix.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Documents\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html ... TP&M=T3612
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html ... TP&M=T3612
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html ... TP&M=T3612
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [BigFix] c:\program files\Bigfix\bigfix.exe /atstartup
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Users\J&Kim\Documents\superspyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe