Tech Support Guy banner
Cancel

Please Read My Log

Jump to Latest Follow
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.
1 - 10 of 10 Posts
S

· Registered
Joined
·
11 Posts
Discussion Starter · #1 ·
Hi,

I got a million pop-ups when I was visiting an ostensibly safe blog, I suspect it was some bug.

Scanned with Ad-aware, AVG Anti-Spyware, AVG Free Antivirus, Spybot S&D.

Can someone help read my HijackThis log?

Thank you very very much.

-----START----------

Logfile of HijackThis v1.99.1
Scan saved at 4:35:19 PM, on 1/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

N2 - Netscape 6: user_pref("browser.startup.homepage", "about:blank"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\04h4v9va.slt\prefs.js)
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\04h4v9va.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F25B625A-762E-41E9-92DE-2B008E37F651}: NameServer = 202.188.0.133,202.188.1.5
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

-------END---------
 
Cheeseball81

· Retired Moderator
Joined
·
84,466 Posts
#2 ·
Run ActiveScan online virus scan:
http://www.pandasoftware.com/products/activescan.htm

Once you are on the Panda site click the Scan your PC button.
A new window will open...click the Check Now button.
Enter your Country.
Enter your State/Province.
Enter your e-mail address and click send.
Select either Home User or Company.
Click the big Scan Now button.
If it wants to install an ActiveX component allow it.
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on My Computer to start the scan.
When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the ActiveScan report.
 
S

· Registered
Joined
·
11 Posts
Discussion Starter · #3 ·
Scanned. Here is the report.

---START---

Incident Status Location

Adware:adware/comet Not disinfected Windows Registry
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\04h4v9va.slt\cookies.txt[.atwola.com/]
Spyware:Cookie/FastClick Not disinfected C:\FOUND.012\FILE0003.CHK

---END---
I have removed the cookies before with ad-aware but they seem to always find a way back.

Thank you for your help.
 
Cheeseball81

· Retired Moderator
Joined
·
84,466 Posts
#4 ·
Do you still get pop ups?

Download WinPFind
  • Right Click the Zip Folder and Select "Extract All"
  • Extract it somewhere you will remember like the Desktop
  • Don’t do anything with it yet!

Click here for info on how to boot to safe mode if you don't already know how.

Reboot into Safe Mode.

Double click WinPFind.exe
  • Click "Start Scan"
  • It will scan the entire System, so please be patient and let it complete.

Reboot back to Normal Mode!

  • Go to the WinPFind folder
  • Locate WinPFind.txt
  • Copy and paste WinPFind.txt in your next post here please.
 
S

· Registered
Joined
·
11 Posts
Discussion Starter · #5 ·
Thank you. Here's the logfile:

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Logfile created on: 1/12/2007 3:25:14 PM
WinPFind v1.5.0 Folder = C:\Documents and Settings\Owner\Desktop\WinPFind\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
aspack 6/12/2005 12:46:28 PM 535040 C:\WINDOWS\flashax.exe (Microsoft Corporation)
aspack 6/12/2005 12:46:34 PM 192000 C:\WINDOWS\potter_kids_01.scr (ScreenTime Media)

Checking %System% folder...
PECompact2 1/3/2007 7:19:44 AM 10980776 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
aspack 1/3/2007 7:19:44 AM 10980776 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
WSUD 8/17/2005 6:25:20 PM R 18771968 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL (Realtek Semiconductor Corp.)
PTech 6/19/2006 4:19:42 PM 571184 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll (Microsoft Corporation)
PEC2 8/23/2001 12:00:00 PM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc ()
WSUD 8/4/2004 12:56:56 AM 1200128 C:\WINDOWS\SYSTEM32\ntbackup.exe (Microsoft Corporation)
winsync 8/23/2001 12:00:00 PM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu ()
WSUD 8/4/2004 12:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
PTech 6/19/2006 4:19:26 PM 304944 C:\WINDOWS\SYSTEM32\WgaTray.exe (Microsoft Corporation)
Umonitor 8/4/2004 12:56:46 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll (Microsoft Corporation)
aspack 8/4/2004 12:56:38 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll (Microsoft Corporation)

Checking %System%\Drivers folder and sub-folders...
UPX! 11/15/2006 11:08:56 AM 816672 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys (GRISOFT, s.r.o.)
FSG! 11/15/2006 11:08:56 AM 816672 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys (GRISOFT, s.r.o.)
PEC2 11/15/2006 11:08:56 AM 816672 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys (GRISOFT, s.r.o.)
aspack 11/15/2006 11:08:56 AM 816672 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys (GRISOFT, s.r.o.)
PTech 8/3/2004 10:41:38 PM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys (Smart Link)

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
1/12/2007 3:22:08 PM S 2048 C:\WINDOWS\bootstat.dat ()
1/7/2007 5:02:10 PM H 54156 C:\WINDOWS\QTFont.qfn ()
12/19/2006 12:01:44 AM HS 7168 C:\WINDOWS\Thumbs.db ()
1/12/2007 3:21:06 PM H 1040384 C:\WINDOWS\system32\config\system.LOG ()
1/12/2007 3:21:06 PM H 86016 C:\WINDOWS\system32\config\software.LOG ()
1/12/2007 3:21:06 PM H 8192 C:\WINDOWS\system32\config\default.LOG ()
1/12/2007 3:22:24 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG ()
1/12/2007 3:22:10 PM H 16384 C:\WINDOWS\system32\config\SECURITY.LOG ()
1/10/2007 8:57:54 PM H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG ()
12/30/2006 5:17:28 AM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred ()
12/30/2006 5:17:26 AM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\17f3435f-8c78-49a7-9192-7cddbe8f4208 ()
12/8/2006 9:30:20 AM S 9057 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB923689.cat ()
11/18/2006 2:05:18 PM S 22261 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB925454.cat ()
12/20/2006 3:09:32 AM S 8847 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB929969.cat ()
1/7/2007 11:48:00 AM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini ()
1/7/2007 11:48:00 AM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\OXMNG92B\desktop.ini ()
1/7/2007 11:48:00 AM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\IBY9EPUX\desktop.ini ()
1/7/2007 11:48:00 AM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\KPQRQ7Y7\desktop.ini ()
1/7/2007 11:48:00 AM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\3SJGV0A0\desktop.ini ()
1/7/2007 11:48:00 AM HS 113 C:\WINDOWS\Temp\History\History.IE5\desktop.ini ()
1/12/2007 3:21:00 PM H 6 C:\WINDOWS\Tasks\SA.DAT ()

Checking for CPL files...
5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl (Microsoft Corporation)
8/4/2004 12:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl (Microsoft Corporation)
8/17/2005 6:25:20 PM R 18771968 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL (Realtek Semiconductor Corp.)
8/4/2004 12:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl (Microsoft Corporation)
8/4/2004 12:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl (Microsoft Corporation)
8/4/2004 12:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl (Microsoft Corporation)
8/4/2004 12:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl (Microsoft Corporation)
8/23/2001 12:00:00 PM 187904 C:\WINDOWS\SYSTEM32\main.cpl (Microsoft Corporation)
8/4/2004 12:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl (Microsoft Corporation)
8/23/2001 12:00:00 PM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl (Microsoft Corporation)
8/23/2001 12:00:00 PM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl (Microsoft Corporation)
8/23/2001 12:00:00 PM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl (Microsoft Corporation)
8/4/2004 12:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl (Microsoft Corporation)
8/4/2004 12:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl (Microsoft Corporation)
8/4/2004 12:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
8/4/2004 12:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl (Microsoft Corporation)
8/4/2004 12:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl (Microsoft Corporation)
8/4/2004 12:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl (Microsoft Corporation)
8/4/2004 12:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl (Microsoft Corporation)
8/4/2004 12:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl (Microsoft Corporation)
8/4/2004 12:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl (Microsoft Corporation)
8/4/2004 12:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl (Microsoft Corporation)
8/4/2004 12:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl (Microsoft Corporation)
8/4/2004 12:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl (Microsoft Corporation)
5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl (Microsoft Corporation)
8/23/2001 12:00:00 PM 36864 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl (Microsoft Corporation)
8/23/2001 12:00:00 PM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl (Microsoft Corporation)
8/23/2001 12:00:00 PM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl (Microsoft Corporation)
8/23/2001 12:00:00 PM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl (Microsoft Corporation)

Checking for Downloaded Program Files...
{00B71CFB-6864-4346-A978-C0A14556272C} - Checkers Class - CodeBase = http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
{02BCC737-B171-4746-94C9-0D8A0B2C0089} - Microsoft Office Template and Media Control - CodeBase = http://office.microsoft.com/templates/ieawsdc.cab
{166B1BCA-3F9C-11CF-8075-444553540000} - Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
{2917297F-F02B-4B9D-81DF-494B6333150B} - Minesweeper Flags Class - CodeBase = http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} - MSN Photo Upload Tool - CodeBase = http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - MessengerStatsClient Class - CodeBase = http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - ActiveScan Installer Class - CodeBase = http://acs.pandasoftware.com/activescan/as5free/asinst.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} - - CodeBase = http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
{F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - Solitaire Showdown Class - CodeBase = http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
Microsoft XML Parser for Java - - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
9/1/2006 2:34:06 PM 1822 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk ()
7/22/2006 3:17:08 PM 1661 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk ()
5/18/2004 7:54:08 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()
5/18/2004 9:29:16 PM 1634 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk ()

Checking files in %ALLUSERSPROFILE%\Application Data folder...
5/18/2004 7:31:38 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini ()
7/28/2006 3:12:02 PM 1393 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache ()

Checking files in %USERPROFILE%\Startup folder...
5/18/2004 7:54:06 PM HS 84 C:\Documents and Settings\Owner\Start Menu\Programs\Startup\desktop.ini ()
8/4/2006 9:45:34 PM 554 C:\Documents and Settings\Owner\Start Menu\Programs\Startup\SpywareGuard.lnk ()

Checking files in %USERPROFILE%\Application Data folder...
5/18/2004 7:31:38 PM HS 62 C:\Documents and Settings\Owner\Application Data\desktop.ini ()
6/28/2006 2:24:42 AM 72304 C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT ()
1/24/2005 10:42:08 AM 1601536 C:\Documents and Settings\Owner\Application Data\SecureTraveler.exe ()

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

>>> Internet Explorer Settings <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
\\Search Page - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
\\Default_Page_URL - http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
\\Default_Search_URL - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
\\Local Page - %SystemRoot%\system32\blank.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.msn.com/
\\Search Page - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
\\Local Page - C:\WINDOWS\system32\blank.htm

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
\\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
\\SearchAssistant - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)

>>> BHO's <<<
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Adobe PDF Reader Link Helper = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
\{4A368E80-174F-4872-96B5-0B27DDD11DB2} - SpywareGuardDLBLOCK.CBrowserHelper = C:\Program Files\SpywareGuard\dlprotect.dll ()
\{9030D464-4C02-4ABF-8ECC-5164760863C6} - Windows Live Sign-in Helper = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

>>> Internet Explorer Bars, Toolbars and Extensions <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
\{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
\{21569614-B795-46B1-85F4-E737A8DC09AD} - Shell Search Band = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
\{32683183-48a0-441b-a342-7c2a440a9478} - = ()
\{90C61707-C8F8-43DB-A25C-C1F4B18EE41E} - = ()
\{EFA24E61-B078-11D0-89E4-00C04FC9E26E} - Favorites Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)
\{EFA24E62-B078-11D0-89E4-00C04FC9E26E} - History Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
\ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - = ()
\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping]
\\NEXTID - 8196
\\{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8193 = Windows Messenger
\\{946B3E9E-E21A-49c8-9F63-900533FAFE14} - 8194 =
\\{946B3E9E-E21A-49c8-9F63-900533FAFE15} - 8195 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
\{FB5F1910-F110-11d2-BB9E-00C04F795683} - ButtonText: Messenger = C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

>>> Approved Shell Extensions (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
\\{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = deskpan.dll ()
\\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = ()
\\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = ()
\\{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINDOWS\System32\hticons.dll (Hilgraeve, Inc.)
\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = ()
\\{32683183-48a0-441b-a342-7c2a440a9478} - Media Band = ()
\\{7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = ()
\\{E0D79304-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
\\{E0D79305-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
\\{E0D79306-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
\\{E0D79307-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
\\{32020A01-506E-484D-A2A8-BE3CF17601C3} - AlcoholShellEx = ()
\\{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} - iTunes = C:\Program Files\iTunes\iTunesMiniPlayer.dll (Apple Computer, Inc.)
\\{81559C35-8464-49F7-BB0E-07A383BEF910} - = C:\Program Files\SpywareGuard\spywareguard.dll ()
\\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} - AVG7 Shell Extension = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o.)
\\{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} - AVG7 Find Extension = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o.)
\\{B41DB860-8EE4-11D2-9906-E49FADC173CA} - WinRAR shell extension = C:\Program Files\WinRAR\rarext.dll ()

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

>>> Context Menu Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers]
\AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.)
\AVG7 Shell Extension - {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o.)
\ClamWin - {65713842-C410-4f44-8383-BFE01A398C90} = C:\Program Files\ClamWin\bin\ExpShell.dll ()
\ewido - {57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido anti-malware\context.dll (ewido networks)
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()
\WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)

[HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers]

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers]
\AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.)
\ewido - {57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido anti-malware\context.dll (ewido networks)
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()
\WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers]

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers]
\AVG7 Shell Extension - {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o.)
\ClamWin - {65713842-C410-4f44-8383-BFE01A398C90} = C:\Program Files\ClamWin\bin\ExpShell.dll ()
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()
\WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)

>>> Column Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
\{F9DB5320-233E-11D1-9F84-707F02C10627} - PDF Column Info = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc.)

>>> Registry Run Keys <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
SoundMan - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
VTTimer - C:\WINDOWS\SYSTEM32\VTTimer.exe (S3 Graphics, Inc.)
VTTrayp - C:\WINDOWS\SYSTEM32\VTtrayp.exe (S3 Graphics Co., Ltd.)
RaidTool - C:\Program Files\VIA\RAID\raid_tool.exe (VIA Technologies)
iTunesHelper - C:\Program Files\iTunes\iTunesHelper.exe (Apple Computer, Inc.)
QuickTime Task - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
ClamWin - C:\Program Files\ClamWin\bin\ClamTray.exe (alch)
AVG7_CC - C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe (GRISOFT, s.r.o.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MsnMsgr - C:\Program Files\MSN Messenger\MsnMsgr.Exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

>>> Startup Links <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common Startup]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Startup]
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\desktop.ini ()
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe ()

>>> MSConfig Disabled Items <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 0

[All Users Startup Folder Disabled Items]

[Current User Startup Folder Disabled Items]

>>> User Agent Post Platform <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
\\SV1 -

>>> AppInit Dll's <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]

>>> Image File Execution Options <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
\Your Image File Name Here without a path - Debugger = ntsd -d

>>> Shell Service Object Delay Load <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
\\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll (Microsoft Corporation)
\\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)

>>> Shell Execute Hooks <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation)
\\{54D9498B-CF93-414F-8984-8CE7FDE0D391} - CShellExecuteHookImpl Object = C:\Program Files\ewido anti-malware\shellhook.dll ()
\\{81559C35-8464-49F7-BB0E-07A383BEF910} - SpywareGuard.Handler = C:\Program Files\SpywareGuard\spywareguard.dll ()
\\{57B86673-276A-48B2-BAE7-C6DBB3020EB8} - CShellExecuteHookImpl Object = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (Anti-Malware Development a.s.)

>>> Shared Task Scheduler <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
\\{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\\{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)

>>> Winlogon <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
\\UserInit = C:\WINDOWS\system32\userinit.exe,
\\Shell = Explorer.exe
\\System =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
\crypt32chain - crypt32.dll = (Microsoft Corporation)
\cryptnet - cryptnet.dll = (Microsoft Corporation)
\cscdll - cscdll.dll = (Microsoft Corporation)
\ScCertProp - wlnotify.dll = (Microsoft Corporation)
\Schedule - wlnotify.dll = (Microsoft Corporation)
\sclgntfy - sclgntfy.dll = (Microsoft Corporation)
\SensLogn - WlNotify.dll = (Microsoft Corporation)
\termsrv - wlnotify.dll = (Microsoft Corporation)
\WgaLogon - WgaLogon.dll = (Microsoft Corporation)
\wlballoon - wlnotify.dll = (Microsoft Corporation)

>>> DNS Name Servers <<<
{BD0D232B-07AF-4819-8E3B-092D6CEC1CE6} - ()
{F25B625A-762E-41E9-92DE-2B008E37F651} - 202.188.0.133,202.188.1.5 (Realtek RTL8139/810x Family Fast Ethernet NIC)

>>> All Winsock2 Catalogs <<<
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries]
\000000000001\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
\000000000002\\LibraryPath - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation)
\000000000003\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries]
\000000000001\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000002\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000003\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000004\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000005\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000006\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000007\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000008\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000009\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000010\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000011\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000012\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000013\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000014\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000015\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000016\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000017\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

>>> Protocol Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler]
\ipp - ()
\msdaipp - ()

>>> Protocol Filters (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter]

>>> Selected AddOn's <<<

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
 
S

· Registered
Joined
·
11 Posts
Discussion Starter · #9 ·
This one:

---START---

Incident Status Location

Adware:adware/comet Not disinfected Windows Registry
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\04h4v9va.slt\cookies.txt[.atwola.com/]
Spyware:Cookie/FastClick Not disinfected C:\FOUND.012\FILE0003.CHK

---END---
 
1 - 10 of 10 Posts
Status
Not open for further replies.
About this Discussion
9 Replies
2 Participants
Last post:
Cheeseball81
Tech Support Guy
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Hardware Virus & Other Malware Removal Windows XP Off Topic Lounge Thread Games & Discussion
Top