Tech Support Forum banner
Status
Not open for further replies.

Malware Removal

1K views 0 replies 1 participant last post by  SILVERBULLETS 
#1 ·
I am at my wits end! I have tried everything that I know and am now turning to the professionals. I will try to make this short and sweet. I cannot boot my system normally without getting the blue screen of death. My CD drives no longer are functional. Drivers are either corrupted or missing. Media Player will not work. I have gone through several processes but have not been able to rid my computer of the problem. I have save several logs that I will attach below. Please help! Thank you.

Ad-Aware SE Build 1.06r1
Logfile Created on:Tuesday, March 27, 2007 3:55:55 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R163 26.03.2007
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):11 total references
Tracking Cookie(TAC index:3):6 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


3-27-2007 3:55:55 PM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\JENNIFER MARIE\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office


MRU List Object Recognized!
Location: : C:\Documents and Settings\JENNIFER MARIE\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-1417001333-1715567821-839522115-1003\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console


MRU List Object Recognized!
Location: : S-1-5-21-1417001333-1715567821-839522115-1003\software\microsoft\office\10.0\common\open find\microsoft word\settings\open\file name mru
Description : list of recent documents opened by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-1417001333-1715567821-839522115-1003\software\microsoft\office\10.0\common\open find\microsoft word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-1417001333-1715567821-839522115-1003\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant


MRU List Object Recognized!
Location: : S-1-5-21-1417001333-1715567821-839522115-1003\software\microsoft\windows\currentversion\applets\wordpad\recent file list
Description : list of recent files opened using wordpad


MRU List Object Recognized!
Location: : S-1-5-21-1417001333-1715567821-839522115-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-1417001333-1715567821-839522115-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-1417001333-1715567821-839522115-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 380
ThreadCreationTime : 3-27-2007 5:39:34 PM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 452
ThreadCreationTime : 3-27-2007 5:39:36 PM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 476
ThreadCreationTime : 3-27-2007 5:39:36 PM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 520
ThreadCreationTime : 3-27-2007 5:39:36 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 532
ThreadCreationTime : 3-27-2007 5:39:36 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 684
ThreadCreationTime : 3-27-2007 5:39:48 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 764
ThreadCreationTime : 3-27-2007 5:39:48 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 804
ThreadCreationTime : 3-27-2007 5:39:48 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 856
ThreadCreationTime : 3-27-2007 5:39:48 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 892
ThreadCreationTime : 3-27-2007 5:39:49 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [vsmon.exe]
FilePath : C:\WINDOWS\system32\ZoneLabs\
ProcessID : 960
ThreadCreationTime : 3-27-2007 5:39:49 PM
BasePriority : Normal
FileVersion : 7.0.337.000
ProductVersion : 7.0.337.000
ProductName : TrueVector Service
CompanyName : Zone Labs, LLC
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1998-2006, Zone Labs, LLC
OriginalFilename : vsmon.exe

#:12 [scanningprocess.exe]
FilePath : C:\WINDOWS\system32\ZoneLabs\avsys\
ProcessID : 1180
ThreadCreationTime : 3-27-2007 5:39:57 PM
BasePriority : Normal


#:13 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1212
ThreadCreationTime : 3-27-2007 5:39:57 PM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:14 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1388
ThreadCreationTime : 3-27-2007 5:40:13 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:15 [apdproxy.exe]
FilePath : C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\
ProcessID : 1556
ThreadCreationTime : 3-27-2007 5:40:17 PM
BasePriority : Normal


#:16 [acmonitor_x84-x85.exe]
FilePath : C:\PROGRA~1\LEXMAR~1\
ProcessID : 1580
ThreadCreationTime : 3-27-2007 5:40:17 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Jetsoft Development Company ACMonitor
CompanyName : Jetsoft Development Company
FileDescription : ACMonitor
InternalName : ACMonitor
LegalCopyright : Copyright © 2000
OriginalFilename : ACMonitor.exe
Comments : By: Alan S Hong

#:17 [acbtnmgr_x84-x85.exe]
FilePath : C:\PROGRA~1\LEXMAR~1\
ProcessID : 1596
ThreadCreationTime : 3-27-2007 5:40:17 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Jetsoft Development Company AcBtnMgr
CompanyName : Jetsoft Development Company
FileDescription : AcBtnMgr
InternalName : AcBtnMgr
LegalCopyright : Copyright © 2000
OriginalFilename : AcBtnMgr.exe
Comments : By: Alan S Hong

#:18 [printray.exe]
FilePath : C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\
ProcessID : 1604
ThreadCreationTime : 3-27-2007 5:40:17 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 7
ProductVersion : 1, 0, 0, 7
ProductName : Lexmark PrinTray
CompanyName : Lexmark
FileDescription : PrinTray
InternalName : PrinTray
LegalCopyright : Copyright © 2001
OriginalFilename : PrinTray.exe

#:19 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\
ProcessID : 1620
ThreadCreationTime : 3-27-2007 5:40:17 PM
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe

#:20 [sm1bg.exe]
FilePath : C:\WINDOWS\
ProcessID : 1628
ThreadCreationTime : 3-27-2007 5:40:17 PM
BasePriority : Normal
FileVersion : 6.01.1000.0
ProductVersion : 6.01.1000.0
ProductName : Cypress USB Mass Storage Adapter
CompanyName : Cypress Semiconductor
FileDescription : Cypress USB Mass Storage Driver Background Application
InternalName : SM1BG.EXE
LegalCopyright : Copyright (C) 1998-2003 Cypress Semiconductor
OriginalFilename : SM1BG.EXE

#:21 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_11\bin\
ProcessID : 1648
ThreadCreationTime : 3-27-2007 5:40:17 PM
BasePriority : Normal


#:22 [zlclient.exe]
FilePath : C:\Program Files\Zone Labs\ZoneAlarm\
ProcessID : 1656
ThreadCreationTime : 3-27-2007 5:40:17 PM
BasePriority : Normal
FileVersion : 7.0.337.000
ProductVersion : 7.0.337.000
ProductName : ZoneAlarm Client
CompanyName : Zone Labs, LLC
FileDescription : ZoneAlarm Client
InternalName : zlclient
LegalCopyright : Copyright © 1998-2006, Zone Labs, LLC
OriginalFilename : zlclient.exe

#:23 [rxmon.exe]
FilePath : C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\
ProcessID : 1672
ThreadCreationTime : 3-27-2007 5:40:17 PM
BasePriority : Normal


#:24 [winampa.exe]
FilePath : C:\Program Files\Winamp\
ProcessID : 1680
ThreadCreationTime : 3-27-2007 5:40:17 PM
BasePriority : Normal


#:25 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 1712
ThreadCreationTime : 3-27-2007 5:40:17 PM
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:26 [ebaytbdaemon.exe]
FilePath : C:\Program Files\eBay\eBay Toolbar2\
ProcessID : 1740
ThreadCreationTime : 3-27-2007 5:40:17 PM
BasePriority : Normal
FileVersion : 2, 4, 0, 0
ProductVersion : 2, 4, 0, 0
ProductName : eBay Toolbar Daemon
CompanyName : eBay
FileDescription : eBay Toolbar Daemon
InternalName : eBayTBDa
LegalCopyright : Copyright (C) eBay Inc. 2006
OriginalFilename : eBayTBDa.exe

#:27 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1760
ThreadCreationTime : 3-27-2007 5:40:18 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:28 [teatimer.exe]
FilePath : C:\Program Files\Spybot - Search & Destroy\
ProcessID : 1796
ThreadCreationTime : 3-27-2007 5:40:18 PM
BasePriority : Idle
FileVersion : 1, 4, 0, 2
ProductVersion : 1, 4, 0, 3
ProductName : Spybot - Search & Destroy
CompanyName : Safer Networking Limited
FileDescription : System settings protector
InternalName : TeaTimer
LegalCopyright : © 2000-2005 Patrick M. Kolla / Safer Networking Limited. Alle Rechte vorbehalten.
LegalTrademarks : "Spybot" und "Spybot - Search & Destroy" sind registrierte Warenzeichen.
OriginalFilename : TeaTimer.exe
Comments : SchĂĽtzt Systemeinstellungen vor ungewollten Ă„nderungen.

#:29 [sdhelp.exe]
FilePath : C:\Program Files\Spyware Doctor\
ProcessID : 1932
ThreadCreationTime : 3-27-2007 5:40:20 PM
BasePriority : Normal
FileVersion : 3.6.0.2026
ProductVersion : 3.6
ProductName : Spyware Doctor
CompanyName : PC Tools Research Pty Ltd

#:30 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ProcessID : 1960
ThreadCreationTime : 3-27-2007 5:40:21 PM
BasePriority : Normal
FileVersion : 7.5.0324
ProductVersion : 7.5.0324
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright (c) Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe

#:31 [easyshare.exe]
FilePath : C:\Program Files\Kodak\Kodak EasyShare software\bin\
ProcessID : 196
ThreadCreationTime : 3-27-2007 5:40:22 PM
BasePriority : Normal
FileVersion : 5, 3, 33, 27
ProductVersion : 6, 0, 1, 18
ProductName : KODAK EasyShare Software
FileDescription : KODAK EasyShare Software
InternalName : EasyShare
LegalCopyright : © Eastman Kodak Company, 2002-2006. All Rights Reserved.
OriginalFilename : EasyShare.exe

#:32 [kodak software updater.exe]
FilePath : C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\
ProcessID : 160
ThreadCreationTime : 3-27-2007 5:40:22 PM
BasePriority : Normal


#:33 [playlist.exe]
FilePath : C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\
ProcessID : 228
ThreadCreationTime : 3-27-2007 5:40:23 PM
BasePriority : Normal


#:34 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 272
ThreadCreationTime : 3-27-2007 5:40:23 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:35 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2400
ThreadCreationTime : 3-27-2007 5:40:37 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:36 [scanningprocess.exe]
FilePath : C:\WINDOWS\system32\ZoneLabs\avsys\
ProcessID : 2440
ThreadCreationTime : 3-27-2007 5:40:39 PM
BasePriority : Normal


#:37 [monitor.exe]
FilePath : C:\WINDOWS\system32\ZoneLabs\avsys\
ProcessID : 2488
ThreadCreationTime : 3-27-2007 5:40:41 PM
BasePriority : Normal


#:38 [wgatray.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2632
ThreadCreationTime : 3-27-2007 5:40:44 PM
BasePriority : Normal
FileVersion : 1.5.0540.0
ProductVersion : 1.5.0540.0
ProductName : Windows Genuine Advantage
CompanyName : Microsoft Corporation
FileDescription : Windows Genuine Advantage Notification
InternalName : WgaNotify
LegalCopyright : © 1995-2006 Microsoft Corporation
OriginalFilename : WgaTray.exe

#:39 [mantispm.exe]
FilePath : C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\
ProcessID : 3884
ThreadCreationTime : 3-27-2007 5:41:14 PM
BasePriority : Normal
FileVersion : 4, 9, 1, 8211
ProductVersion : 4, 9, 1, 8211
FileDescription : Spam Filter
InternalName : mantispm.exe
LegalCopyright : (c) 2002-2004
OriginalFilename : mantispm.exe

#:40 [wuauclt.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2700
ThreadCreationTime : 3-27-2007 5:42:17 PM
BasePriority : Normal
FileVersion : 5.8.0.2469 built by: lab01_n(wmbla)
ProductVersion : 5.8.0.2469
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:41 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 4012
ThreadCreationTime : 3-27-2007 7:54:43 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 11


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 11


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 11


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jennifer marie@mediaplex[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:jennifer marie@mediaplex.com/
Expires : 6-21-2009 8:00:00 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jennifer marie@advertising[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:jennifer marie@advertising.com/
Expires : 3-25-2012 10:51:46 AM
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jennifer marie@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:jennifer marie@doubleclick.net/
Expires : 3-26-2010 9:49:00 AM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jennifer marie@2o7[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:jennifer marie@2o7.net/
Expires : 3-25-2012 9:49:00 AM
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jennifer marie@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:jennifer marie@atdmt.com/
Expires : 3-24-2012 8:00:00 PM
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jennifer marie@tribalfusion[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:32
Value : Cookie:jennifer marie@tribalfusion.com/
Expires : 3-26-2008 2:37:50 PM
LastSync : Hits:32
UseCount : 0
Hits : 32

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 6
Objects found so far: 17



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 17


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 17




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 17

4:11:37 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:15:42.609
Objects scanned:170842
Objects identified:6
Objects ignored:0
New critical objects:6


GetRunKeys.Bat - (c) 01/28/2006 By Chaslang *
* Beta only partially supports Win9x and ME *
* 02/21/2007 Version 1.57 beta *
* Forgot to delete xrnotif.txt temp file *
* Fix comment about installation folder being ShowNew *
* Added checks for proper installation *
*****************************************************************************
* Most of the information reported below is not necessarily bad. You must *
* not take any steps on any of these lines without consulting an expert. *
*****************************************************************************

Windows OS is

Microsoft Windows XP [Version 5.1.2600]
It's Tue March 27, 2007 01:50:26 PM

******************************************************************************
GetRunKey installation folder and files

"C:\GEEKTOOLS\"
getrun~1.bat Feb 21 2007 55183 "GetRunKey.bat"
grep.exe Apr 14 2003 80412 "grep.exe"
locate.com Jan 13 2005 11254 "locate.com"
ltime.exe Oct 28 1986 13184 "ltime.exe"
shownew.bat Mar 26 2007 44194 "ShowNew.bat"

5 items found: 5 files, 0 directories.
Total of file sizes: 204,227 bytes 199.44 K

----------------------------------------------------------------------------
Listing Standard Startup (Run) Registry Keys
----------------------------------------------------------------------------

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_8 -reboot 1"
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run]
"RoxioEngineUtility"="\"C:\\Program Files\\Common Files\\Roxio Shared\\System\\EngUtil.exe\""
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"Lexmark X84-X85 Button Monitor"="C:\\PROGRA~1\\LEXMAR~1\\ACMonitor_X84-X85.exe"
"Lexmark X84-X85 Button Manager"="C:\\PROGRA~1\\LEXMAR~1\\AcBtnMgr_X84-X85.exe"
"PrinTray"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\printray.exe"
"SM1BG"="C:\\WINDOWS\\SM1BG.EXE"
"EPSON Stylus CX5400"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I2G1.EXE /P19 \"EPSON Stylus CX5400\" /O6 \"USB001\" /M \"Stylus CX5400\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"RoxioAudioCentral"="\"C:\\Program Files\\Roxio\\Easy CD Creator 6\\AudioCentral\\RxMon.exe\""
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"KernelFaultCheck"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,\
00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,64,00,75,00,6d,00,70,00,72,00,65,00,70,00,20,00,30,00,20,00,2d,00,6b,\
00,00,00
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"eBayToolbar"="C:\\Program Files\\eBay\\eBay Toolbar2\\eBayTBDaemon.exe"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\RunOnce]


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\RunOnceEx]
@=""


[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Spyware Doctor"=""


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
"Logon"="WLEventLogon"
"Logoff"="WLEventLogoff"
"Startup"="WLEventStartup"
"Shutdown"="WLEventShutdown"
"StartScreenSaver"="WLEventStartScreenSaver"
"StopScreenSaver"="WLEventStopScreenSaver"
"Lock"="WLEventLock"
"Unlock"="WLEventUnlock"
"StartShell"="WLEventStartShell"
"PostShell"="WLEventPostShell"
"Disconnect"="WLEventDisconnect"
"Reconnect"="WLEventReconnect"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000000
"SafeMode"=dword:00000001
"MaxWait"=dword:ffffffff
"DllName"=hex(2):57,00,67,00,61,00,4c,00,6f,00,67,00,6f,00,6e,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Event"=dword:00000000
"InstallNotifyShown"=dword:00000001
"EulaAccepted"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\Settings]
"Data"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,\
00,00,4e,70,10,1e,0e,9a,cc,42,97,a1,cb,9e,dd,19,00,22,04,00,00,00,04,00,00,\
00,53,00,00,00,03,66,00,00,a8,00,00,00,10,00,00,00,6a,6b,ad,c5,ad,65,cb,5c,\
fa,fd,83,45,be,9a,2b,7b,00,00,00,00,04,80,00,00,a0,00,00,00,10,00,00,00,12,\
ac,b6,d4,7e,d7,36,3f,31,bf,03,41,c8,11,a8,91,68,02,00,00,70,f4,80,3e,06,fc,\
e7,81,97,b9,d7,8e,3f,5c,7e,5a,99,1e,9b,97,67,85,44,29,85,b5,05,7d,c6,b1,20,\
36,37,17,98,b0,46,17,69,34,09,70,49,f6,3f,23,7c,bb,68,0b,22,dd,fd,16,be,66,\
3d,bf,3a,36,d2,e3,b1,fb,8e,81,15,48,b0,1d,73,22,bc,f3,52,c3,c2,44,97,32,48,\
0f,6d,cc,6c,55,34,af,11,2d,7e,44,51,22,1f,28,dc,ec,44,07,98,30,c8,15,7d,e4,\
f7,18,8b,f5,6c,c3,49,b3,bd,6f,f0,b7,ed,33,2d,de,81,34,91,98,6c,0b,0c,c9,fc,\
24,be,f4,db,87,43,75,e2,68,f2,42,12,5c,92,02,07,11,b7,47,33,2e,af,ec,6a,c0,\
ed,b0,44,b4,55,39,5d,6c,2b,11,9a,74,ad,50,0b,80,5a,1d,91,10,66,6c,fe,de,6a,\
58,d4,17,b9,a7,8c,41,b1,cc,a5,0f,97,ec,e1,48,3f,25,54,d4,95,ec,da,8c,e7,e5,\
a9,01,e2,13,e8,66,2c,a1,9f,46,84,44,c5,f6,93,6b,7e,c7,89,81,60,63,1e,dc,d7,\
c9,ed,24,0c,3b,d0,19,0b,43,12,32,9c,2d,5a,72,45,15,b3,2b,0c,bf,06,61,07,3e,\
70,73,ac,dc,2d,e7,1f,fa,3c,a5,a5,a4,b6,4a,19,80,10,2a,7b,c2,6e,0b,a9,30,2d,\
ad,95,58,79,f9,f2,e9,23,79,7f,63,0b,58,dc,02,af,15,df,78,80,c8,d9,bc,f5,35,\
46,0a,ab,7e,47,f8,82,85,1a,20,75,eb,7b,4f,02,06,ab,62,2c,86,25,f0,72,3f,d2,\
56,a0,67,84,6b,13,50,99,d7,41,c2,53,bc,dc,0a,2d,7f,dc,eb,cb,42,01,bc,00,c0,\
ff,f5,0a,92,c8,e8,f7,f0,60,36,81,a8,fe,aa,cf,77,79,69,aa,d3,c8,ed,17,d8,f7,\
a9,1e,cb,17,b5,84,cf,50,fe,af,2a,98,50,6f,88,41,e5,fa,05,5a,61,75,31,06,2c,\
0f,92,a2,59,5d,f1,af,2f,9e,7f,05,89,49,8d,e9,1d,f6,96,3e,60,f1,5e,c0,ec,b1,\
cd,5e,7c,a1,61,ad,16,fe,3d,3e,4a,ac,07,bb,19,06,0e,8b,6a,3c,bf,ef,10,97,99,\
ec,0e,3b,ab,9f,41,11,55,b6,62,7a,6d,6d,50,e6,29,b6,32,f5,a8,4e,6b,62,a0,15,\
c7,6b,35,12,fc,e7,d2,b9,16,89,e5,69,70,26,ad,0f,bc,bd,80,88,5f,64,a3,38,3b,\
4c,e1,22,70,1d,4d,b1,48,9c,bf,7a,41,03,c7,ee,92,8b,da,c0,2e,95,bf,c5,5f,b7,\
b1,ad,7a,c9,43,5d,47,57,2d,e2,e0,9a,b2,fb,cc,b3,dd,fe,c6,e7,61,39,b8,67,5b,\
c3,b2,77,cd,a1,7d,94,7d,7c,36,0a,67,f6,fb,09,18,7b,39,6c,e9,9e,86,b4,8d,3f,\
84,dd,ed,f1,36,6a,9c,0a,c5,ed,94,62,15,17,d1,0b,f8,ad,04,70,86,49,a3,2f,03,\
9c,58,61,c6,2f,f6,98,bc,c5,da,14,00,00,00,87,59,5d,91,0c,0b,cc,ff,88,24,23,\
e4,73,7e,9b,7a,12,92,cb,04

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

----------------------------------------------------------------------------
Listing MSCONFIG Registry Keys
----------------------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\ExpandFrom]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\ExpandTo]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax 4.1.lnk]
"location"="Common Startup"
"item"="eFax 4.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BurnQuick Queue]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BQTray"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eFax 4.1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="J2GDllCmd"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]
"system.ini"=dword:00000000
"win.ini"=dword:00000000
"bootini"=dword:00000000
"services"=dword:00000000
"startup"=dword:00000000

----------------------------------------------------------------------------
Listing ModuleUsage Registry Keys
----------------------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/bdoscandel.exe]
".Owner"="{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}"
"{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/bdoscandellang.ini]
".Owner"="{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}"
"{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/asinst.dll]
".Owner"="{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}"
"{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/bdcore.dll]
".Owner"="{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}"
"{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/bdupd.dll]
".Owner"="{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}"
"{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/bja.ocx]
".Owner"="{58FC4C77-71C2-4972-A8CD-78691AD85158}"
"{58FC4C77-71C2-4972-A8CD-78691AD85158}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/blockwerx.ocx]
".Owner"="{62969CF2-0F7A-433B-A221-FD8818C06C2F}"
"{62969CF2-0F7A-433B-A221-FD8818C06C2F}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/brickout.ocx]
".Owner"="{2C153C75-8476-434B-B3C3-57B63A3D1939}"
"{2C153C75-8476-434B-B3C3-57B63A3D1939}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/EPUWALcontrol.dll]
".Owner"="{4C39376E-FA9D-4349-BACC-D305C1750EF3}"
"{4C39376E-FA9D-4349-BACC-D305C1750EF3}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/freecell.ocx]
".Owner"="{6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7}"
"{6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/golfsol.ocx]
".Owner"="{E12EB891-D000-421B-A8ED-EDE1BDCA14A0}"
"{E12EB891-D000-421B-A8ED-EDE1BDCA14A0}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/hangman.ocx]
".Owner"="{B06CE1BC-5D9D-4676-BD28-1752DBF394E0}"
"{B06CE1BC-5D9D-4676-BD28-1752DBF394E0}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/haunted.ocx]
".Owner"="{9D8D7672-93FF-417E-9024-C16AD141C50C}"
"{9D8D7672-93FF-417E-9024-C16AD141C50C}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ipsupd.dll]
".Owner"="{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}"
"{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/lang.ini]
".Owner"="{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}"
"{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/libfn.dll]
".Owner"="{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}"
"{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/live.ini]
".Owner"="{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}"
"{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/luxor.ocx]
".Owner"="{A91FB93D-7561-4524-8484-5C27C8FA8D42}"
"{A91FB93D-7561-4524-8484-5C27C8FA8D42}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/oscan8.ocx]
".Owner"="{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}"
"{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/oscan81.ocx_x]
".Owner"="{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}"
"{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/pinstall.dll]
".Owner"="{6BEA1C48-1850-486C-8F58-C7354BA3165E}"
"{6BEA1C48-1850-486C-8F58-C7354BA3165E}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/scanoptions.tsi]
".Owner"="{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}"
"{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/shape.ocx]
".Owner"="{5EE92643-21CE-4949-903F-39439DCC3944}"
"{5EE92643-21CE-4949-903F-39439DCC3944}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/solotriv.ocx]
".Owner"="{D27FFC5F-D7B9-4349-9F41-F7458B585374}"
"{D27FFC5F-D7B9-4349-9F41-F7458B585374}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/swapit.ocx]
".Owner"="{AC2881FD-5760-46DB-83AE-20A5C6432A7E}"
"{AC2881FD-5760-46DB-83AE-20A5C6432A7E}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/wordcube.ocx]
".Owner"="{6F6DBC29-7A0C-4AC0-A42D-10EC70678526}"
"{6F6DBC29-7A0C-4AC0-A42D-10EC70678526}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/wordmojo.ocx]
".Owner"="{94299420-321F-4FF9-A247-62A23EBB640B}"
"{94299420-321F-4FF9-A247-62A23EBB640B}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/wwlaunch.ocx]
".Owner"="{8A94C905-FF9D-43B6-8708-F0F22D22B1CB}"
"{8A94C905-FF9D-43B6-8708-F0F22D22B1CB}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/wwspades.ocx]
".Owner"="{E70E3E64-2793-4AEF-8CC8-F1606BE563B0}"
"{E70E3E64-2793-4AEF-8CC8-F1606BE563B0}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/comintfs.dll]
".Owner"="{62969CF2-0F7A-433B-A221-FD8818C06C2F}"
"{62969CF2-0F7A-433B-A221-FD8818C06C2F}"=""
"{E70E3E64-2793-4AEF-8CC8-F1606BE563B0}"=""
"{58FC4C77-71C2-4972-A8CD-78691AD85158}"=""
"{6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7}"=""
"{E12EB891-D000-421B-A8ED-EDE1BDCA14A0}"=""
"{94299420-321F-4FF9-A247-62A23EBB640B}"=""
"{B06CE1BC-5D9D-4676-BD28-1752DBF394E0}"=""
"{D27FFC5F-D7B9-4349-9F41-F7458B585374}"=""
"{AC2881FD-5760-46DB-83AE-20A5C6432A7E}"=""
"{5EE92643-21CE-4949-903F-39439DCC3944}"=""
"{2C153C75-8476-434B-B3C3-57B63A3D1939}"=""
"{9D8D7672-93FF-417E-9024-C16AD141C50C}"=""
"{6F6DBC29-7A0C-4AC0-A42D-10EC70678526}"=""
"{A91FB93D-7561-4524-8484-5C27C8FA8D42}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/danim.dll]
"PowerDVD"="PowerDVD"
".Owner"="PowerDVD"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/ddrawex.dll]
"PowerDVD"="PowerDVD"
".Owner"="PowerDVD"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/GWFSPidGen.DLL]
".Owner"="{17492023-C23A-453E-A040-C7C580BBF700}"
"{17492023-C23A-453E-A040-C7C580BBF700}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL]
".Owner"="{17492023-C23A-453E-A040-C7C580BBF700}"
"{17492023-C23A-453E-A040-C7C580BBF700}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll]
".Owner"="Unknown Owner"
"{8A94C905-FF9D-43B6-8708-F0F22D22B1CB}"=""
"{62969CF2-0F7A-433B-A221-FD8818C06C2F}"=""
"{E70E3E64-2793-4AEF-8CC8-F1606BE563B0}"=""
"{58FC4C77-71C2-4972-A8CD-78691AD85158}"=""
"{6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7}"=""
"{E12EB891-D000-421B-A8ED-EDE1BDCA14A0}"=""
"{94299420-321F-4FF9-A247-62A23EBB640B}"=""
"{B06CE1BC-5D9D-4676-BD28-1752DBF394E0}"=""
"{D27FFC5F-D7B9-4349-9F41-F7458B585374}"=""
"{AC2881FD-5760-46DB-83AE-20A5C6432A7E}"=""
"{5EE92643-21CE-4949-903F-39439DCC3944}"=""
"{2C153C75-8476-434B-B3C3-57B63A3D1939}"=""
"{9D8D7672-93FF-417E-9024-C16AD141C50C}"=""
"{6F6DBC29-7A0C-4AC0-A42D-10EC70678526}"=""
"{A91FB93D-7561-4524-8484-5C27C8FA8D42}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/mssecadv.dll]
".Owner"="{19E28AFC-EAE3-4CE5-AC83-2407B42F57C9}"
"{19E28AFC-EAE3-4CE5-AC83-2407B42F57C9}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll]
".Owner"="Unknown Owner"
"{8A94C905-FF9D-43B6-8708-F0F22D22B1CB}"=""
"{62969CF2-0F7A-433B-A221-FD8818C06C2F}"=""
"{E70E3E64-2793-4AEF-8CC8-F1606BE563B0}"=""
"{58FC4C77-71C2-4972-A8CD-78691AD85158}"=""
"{6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7}"=""
"{E12EB891-D000-421B-A8ED-EDE1BDCA14A0}"=""
"{94299420-321F-4FF9-A247-62A23EBB640B}"=""
"{B06CE1BC-5D9D-4676-BD28-1752DBF394E0}"=""
"{D27FFC5F-D7B9-4349-9F41-F7458B585374}"=""
"{AC2881FD-5760-46DB-83AE-20A5C6432A7E}"=""
"{5EE92643-21CE-4949-903F-39439DCC3944}"=""
"{2C153C75-8476-434B-B3C3-57B63A3D1939}"=""
"{9D8D7672-93FF-417E-9024-C16AD141C50C}"=""
"{6F6DBC29-7A0C-4AC0-A42D-10EC70678526}"=""
"{A91FB93D-7561-4524-8484-5C27C8FA8D42}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll]
".Owner"="{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}"
"{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL]
".Owner"="{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}"
"{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll]
".Owner"="Unknown Owner"
"{8A94C905-FF9D-43B6-8708-F0F22D22B1CB}"=""
"{62969CF2-0F7A-433B-A221-FD8818C06C2F}"=""
"{E70E3E64-2793-4AEF-8CC8-F1606BE563B0}"=""
"{58FC4C77-71C2-4972-A8CD-78691AD85158}"=""
"{6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7}"=""
"{E12EB891-D000-421B-A8ED-EDE1BDCA14A0}"=""
"{94299420-321F-4FF9-A247-62A23EBB640B}"=""
"{B06CE1BC-5D9D-4676-BD28-1752DBF394E0}"=""
"{D27FFC5F-D7B9-4349-9F41-F7458B585374}"=""
"{AC2881FD-5760-46DB-83AE-20A5C6432A7E}"=""
"{5EE92643-21CE-4949-903F-39439DCC3944}"=""
"{2C153C75-8476-434B-B3C3-57B63A3D1939}"=""
"{9D8D7672-93FF-417E-9024-C16AD141C50C}"=""
"{6F6DBC29-7A0C-4AC0-A42D-10EC70678526}"=""
"{A91FB93D-7561-4524-8484-5C27C8FA8D42}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/quartz.dll]
"PowerDVD"="PowerDVD"
".Owner"="PowerDVD"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/SelfHelpControl.DLL]
".Owner"="{1E3F1348-4370-4BBE-A67A-CC7ED824CA85}"
"{1E3F1348-4370-4BBE-A67A-CC7ED824CA85}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/wuweb.dll]
".Owner"="{6414512B-B978-451D-A0D8-FCFDF33E833C}"
"{6414512B-B978-451D-A0D8-FCFDF33E833C}"=""

----------------------------------------------------------------------------
Listing HKCU Policies Registry Keys
----------------------------------------------------------------------------

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=dword:00000000


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=dword:00000091

----------------------------------------------------------------------------
Listing HKCU Explorer\Advanced//Hidden and SuperHidden Registry Keys
if Hidden = 0 then Hidden Files and Folders are not shown
if SuperHidden = 1 is the desired default value.
if ShowSuperHidden = 0 then System Files are not shown
if HideFileExt = 1 then File Extension are not shown
We want their values to be (from top to bottom) 1,1,1,0
----------------------------------------------------------------------------

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden"=dword:00000001
"SuperHidden"=dword:00000000
"ShowSuperHidden"=dword:00000001
"HideFileExt"=dword:00000001

----------------------------------------------------------------------------
Listing HKLM Policies Registry Keys
----------------------------------------------------------------------------

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

----------------------------------------------------------------------------
Listing BHO Registry Keys
----------------------------------------------------------------------------

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
@=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22D8E815-4A5E-4DFB-845E-AAB64207F5BD}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
"NoExplorer"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B56A7D7D-6927-48C8-A975-17DF180C71AC}]

----------------------------------------------------------------------------
Listing SharedTaskScheduler Registry Keys
----------------------------------------------------------------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\windows\currentversion\Explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

----------------------------------------------------------------------------
Listing ShellExecuteHooks Registry Keys
----------------------------------------------------------------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\windows\currentversion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

----------------------------------------------------------------------------
Listing ShellServiceObjectDelayLoad Registry Keys
----------------------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

----------------------------------------------------------------------------
Listing Default URL Prefix Keys - a possible hijack point
----------------------------------------------------------------------------

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\URL]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
@="http://"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes]
"ftp"="ftp://"
"gopher"="gopher://"
"home"="http://"
"mosaic"="http://"
"www"="http://"

----------------------------------------------------------------------------
HKEY_CURRENT_USER ZoneMap ProtocolDefaults
----------------------------------------------------------------------------

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults]
@=""
"http"=dword:00000003
"https"=dword:00000003
"ftp"=dword:00000003
"file"=dword:00000003
"@ivt"=dword:00000001
"shell"=dword:00000000

----------------------------------------------------------------------------
Miscellaneous Malware Detection Report
----------------------------------------------------------------------------

List of Malware found in SharedTaskScheduler
------------------------------------------------------------------------
No Malware found in SharedTaskScheduler
------------------------------------------------------------------------


List of Malware found in C:\WINDOWS\system32
------------------------------------------------------------------------
No Malware found in C:\WINDOWS\system32
------------------------------------------------------------------------


Check for Troj-Torpig-D,E,J Keylogger
------------------------------------------------------------------------
Troj-Torpig-D,E,J Keylogger was not found
------------------------------------------------------------------------


Looking for winlogonhook/conhook trojan
------------------------------------------------------------------------
winlogonhook/conhook key not found
------------------------------------------------------------------------


Looking for Miscellaneous Rootkits
------------------------------------------------------------------------
lzx32, msguard, and pe386 rootkits not found
------------------------------------------------------------------------


Looking for CmdService adware - part of ADSPY/ISearch.d.2
------------------------------------------------------------------------
CmdService adware not found
------------------------------------------------------------------------


Looking for Network_Monitor adware - part of ADSPY/ISearch.d.2
------------------------------------------------------------------------
Network_Monitor adware not found
------------------------------------------------------------------------


Looking for Trojan.Peacomm aka Downloader-BAI.sys
------------------------------------------------------------------------
Trojan.Peacomm not found
------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 2:07:46 PM, on 3/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\ZoneLabs\avsys\Monitor.exe
C:\WINDOWS\system32\WgaTray.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\hjt\hjt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: D-Link AirPlus.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://go.microsoft.com/fwlink/?LinkId=82580
O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} (Brickout Control) - http://www.worldwinner.com/games/v46/brickout/brickout.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://www.worldwinner.com/games/v49/bjattack/bjattack.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5EE92643-21CE-4949-903F-39439DCC3944} (Shapetris Control) - http://www.worldwinner.com/games/v42/shape/shape.cab
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://www.worldwinner.com/games/v47/blockwerx/blockwerx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1118721604387
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} - http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} (FreeCell Control) - http://www.worldwinner.com/games/v40/freecell/freecell.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1142543822706
O16 - DPF: {6F6DBC29-7A0C-4AC0-A42D-10EC70678526} (Word Cubes Control) - http://www.worldwinner.com/games/v44/wordcube/wordcube.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://www.worldwinner.com/games/v45/wordmojo/wordmojo.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9D8D7672-93FF-417E-9024-C16AD141C50C} (Haunted Control) - http://www.worldwinner.com/games/v49/haunted/haunted.cab
O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} (WwLuxor Control) - http://www.worldwinner.com/games/v46/luxor/luxor.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v61/swapit/swapit.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinner.com/games/v40/hangman/hangman.cab
O16 - DPF: {D27FFC5F-D7B9-4349-9F41-F7458B585374} (SoloTriv Control) - http://www.worldwinner.com/games/v43/solotriv/solotriv.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - https://royaljoker.microgaming.com/royaljoker/FlashAX.cab
O16 - DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} (GolfSol Control) - http://www.worldwinner.com/games/v42/golfsol/golfsol.cab
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} (WWSpades Control) - http://www.worldwinner.com/games/v46/wwspades/wwspades.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Norton Unerase Protection (NProtectService) - Unknown owner - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Speed Disk service - Unknown owner - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


Incident Status Location

Adware:adware/prositefinder Not disinfected Windows Registry
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\JENNIFER MARIE\Application Data\Mozilla\Firefox\Profiles\3lmcbn7j.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\JENNIFER MARIE\Cookies\jennifer marie@2o7[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\JENNIFER MARIE\Cookies\jennifer marie@advertising[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\JENNIFER MARIE\Cookies\jennifer marie@atdmt[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\JENNIFER MARIE\Cookies\jennifer marie@doubleclick[1].txt

AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 3:52:05 PM 3/27/2007

+ Scan result:



C:\Documents and Settings\JENNIFER MARIE\Cookies\jennifer marie@2o7[2].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\JENNIFER MARIE\Cookies\jennifer marie@advertising[2].txt -> TrackingCookie.Advertising : No action taken.
:mozilla.8:C:\Documents and Settings\JENNIFER MARIE\Application Data\Mozilla\Firefox\Profiles\3lmcbn7j.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\JENNIFER MARIE\Cookies\jennifer marie@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\JENNIFER MARIE\Cookies\jennifer marie@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.27:C:\Documents and Settings\JENNIFER MARIE\Application Data\Mozilla\Firefox\Profiles\3lmcbn7j.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\JENNIFER MARIE\Cookies\jennifer marie@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.42:C:\Documents and Settings\JENNIFER MARIE\Application Data\Mozilla\Firefox\Profiles\3lmcbn7j.default\cookies.txt -> TrackingCookie.Netflame : No action taken.
C:\Documents and Settings\JENNIFER MARIE\Cookies\jennifer marie@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : No action taken.
:mozilla.13:C:\Documents and Settings\JENNIFER MARIE\Application Data\Mozilla\Firefox\Profiles\3lmcbn7j.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.11:C:\Documents and Settings\JENNIFER MARIE\Application Data\Mozilla\Firefox\Profiles\3lmcbn7j.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\JENNIFER MARIE\Cookies\jennifer marie@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.39:C:\Documents and Settings\JENNIFER MARIE\Application Data\Mozilla\Firefox\Profiles\3lmcbn7j.default\cookies.txt -> TrackingCookie.Webtrends : No action taken.


::Report end
 
See less See more
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top