Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Webbuyingassistant - Any Help Would Be Appreciated!


  • Please log in to reply
7 replies to this topic

#1 hardnose

hardnose

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:11 PM

Posted 27 August 2007 - 07:15 PM

Hi everyone, we've been working for a few days to get rid of loads of spyware/malware/viruses/etc and think we have it almost done, but cannot get rid of WebBuyingAssistant - can anyone help? It looks like there are a lot of great posters on this forum and we would really appreciate the guidance! Below is the HJT log. Thanks!


Logfile of HijackThis v1.99.1
Scan saved at 7:08:16 PM, on 8/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Online Services\vino22011.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cleanmgr.exe
C:\Documents and Settings\Kristin Brown\Desktop\Spy Stuff\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://officialhomepage.org/home5.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lexmark.com/MD/?func=newreg&...;os=5&src=1
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {366d98cd-3e0b-45b3-96be-72516409a714} - C:\WINDOWS\System32\rucefin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB - (no file)
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71A - (no file)
O4 - HKLM\..\Run: [cpr] C:\WINDOWS\cpr
O4 - HKLM\..\Run: [Grokster] C:\PROGRA~1\Grokster\Grokster.exe /SYSTRAY
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [vino] C:\Program Files\Online Services\vino22011.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Microsoft Works\WkDetect.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt4_x.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/111155b3326666...ip/RdxIE601.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O20 - Winlogon Notify: wvustts - wvustts.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:02:11 AM

Posted 28 August 2007 - 04:30 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum hardnose :thumbsup:
My name is Richie and i'll be helping you to fix your problems.

Please download OTMoveIt by OldTimer:
http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe

Save it to your desktop.
Please double-click OTMoveIt.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose 'Copy'):

C:\Program Files\Online Services\vino22011.exe
C:\WINDOWS\System32\rucefin.dll
C:\WINDOWS\cpr


Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
Click the red Moveit! button Posted Image.

Copy everything on the 'Results' window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose 'Copy'), and paste it on your next reply.
Close OTMoveIt

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes.

Please download VundoFix.exe to your desktop.
Double-click VundoFix.exe to run it.
When VundoFix re-opens,click the "Scan for Vundo" button.
Once it's done scanning,click the "Remove Vundo" button.
You will receive a prompt asking if you want to remove the files, click "YES".
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed,it will prompt that it will reboot your computer,click "OK".
Post the contents of C:\vundofix.txt into your next reply.

Note:
It is possible that VundoFix encountered a file it could not remove.
In this case,VundoFix will run on reboot,simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

Also post a new Hijackthis log.
Posted Image
Posted Image

#3 hardnose

hardnose
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:11 PM

Posted 28 August 2007 - 05:55 AM

Hi Richie, thanks for the help! Below are the results - it looks like the cpr directory is trouble...

from OTMoveIt:

C:\Program Files\Online Services\vino22011.exe moved successfully.
C:\WINDOWS\System32\rucefin.dll unregistered successfully.
C:\WINDOWS\System32\rucefin.dll moved successfully.
File/Folder C:\WINDOWS\cpr not found.

Created on 08/28/2007 05:35:19

************************

from VundoFix V6.5.7

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Scan started at 5:31:26 PM 8/27/2007

Listing files found while scanning....

C:\WINDOWS\System32\gebyx.dll
C:\WINDOWS\System32\xybeg.bak1
C:\WINDOWS\System32\xybeg.bak2
C:\WINDOWS\System32\xybeg.ini

Beginning removal...

Attempting to delete C:\WINDOWS\System32\gebyx.dll
C:\WINDOWS\System32\gebyx.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\xybeg.bak1
C:\WINDOWS\System32\xybeg.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\System32\xybeg.bak2
C:\WINDOWS\System32\xybeg.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\System32\xybeg.ini
C:\WINDOWS\System32\xybeg.ini Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.7

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Scan started at 5:37:10 AM 8/28/2007

Listing files found while scanning....

No infected files were found.


Beginning removal...

***************************************
and...

Logfile of HijackThis v1.99.1
Scan saved at 5:47:58 AM, on 8/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Online Services\vino22011.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Kristin Brown\Desktop\Spy Stuff\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://officialhomepage.org/home5.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lexmark.com/MD/?func=newreg?=0&...;os=5&src=1
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB - (no file)
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71A - (no file)
O4 - HKLM\..\Run: [cpr] C:\WINDOWS\cpr
O4 - HKLM\..\Run: [Grokster] C:\PROGRA~1\Grokster\Grokster.exe /SYSTRAY
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [vino] C:\Program Files\Online Services\vino22011.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Microsoft Works\WkDetect.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt4_x.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/111155b3326666...ip/RdxIE601.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O20 - Winlogon Notify: wvustts - wvustts.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:02:11 AM

Posted 28 August 2007 - 06:20 AM

Press Ctrl+Alt+Delete on your keyboard to open Task Manager.
Right click on vino22011.exe 'End Process',then exit Task Manager.

Download\install 'SuperAntiSpyware Home Edition Free Version' from here:
http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE

Launch SuperAntiSpyware and click on 'Check for updates'.
Once the updates have been installed,exit SuperAntiSpyware.

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB - (no file)
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71A - (no file)
O4 - HKLM\..\Run: [cpr] C:\WINDOWS\cpr
O4 - HKLM\..\Run: [vino] C:\Program Files\Online Services\vino22011.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O20 - Winlogon Notify: wvustts - wvustts.dll (file missing)

Exit Hijackthis.

Find and delete if present:
C:\Program Files\Online Services\vino22011.exe

Start SuperAntiSpyware.
On the main screen click on 'Scan your computer'.
Check: 'Perform Complete Scan'.
Click 'Next' to start the scan.

Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
Make sure everything found has a checkmark next to it,then press 'Next'.
Click on 'Finish' when you've done.

It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
Click on 'Preferences'.
Click on the 'Statistics/Logs' tab.
Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad.
Copy and paste the contents of that report into your next reply.


Please download Deckard's System Scanner (DSS) and save it to your Desktop.
* Close all other windows before proceeding.
* Double-click on dss.exe and follow the prompts.
* When it has finished, DSS will open two Notepads: main.txt and extra.txt
* Use Save As to save both Notepad files to your Desktop and post them in your next reply.
Posted Image
Posted Image

#5 hardnose

hardnose
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:11 PM

Posted 29 August 2007 - 10:00 PM

Ok, Richie, here's what came out of all that. I had a little trouble with Deckards - it kept crashing until I renamed the \Temp\ directory in \Local Settings\ and created a new one. Thanks again!

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/28/2007 at 11:00 PM

Application Version : 3.9.1008

Core Rules Database Version : 3294
Trace Rules Database Version: 1305

Scan type : Complete Scan
Total Scan Time : 00:50:18

Memory items scanned : 446
Memory threats detected : 0
Registry items scanned : 4383
Registry threats detected : 34
File items scanned : 58143
File threats detected : 240

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{44218730-94E0-4b24-BBF0-C3D8B2BCE2C3}
HKCR\CLSID\{44218730-94E0-4B24-BBF0-C3D8B2BCE2C3}
HKCR\CLSID\{44218730-94E0-4B24-BBF0-C3D8B2BCE2C3}\InprocServer32
HKCR\CLSID\{44218730-94E0-4B24-BBF0-C3D8B2BCE2C3}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\YKJUPPWO.DLL
HKCR\CLSID\{44218730-94E0-4B24-BBF0-C3D8B2BCE2C3}

Adware.Vundo Variant
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{C84D8A0A-E708-42B6-90CA-9C30956A87C6}

Adware.k8l
C:\PROGRAM FILES\COMPLUS APPLICATIONS\DIBOXONO.HTML
HKU\S-1-5-21-346238479-1278075702-3035401571-1005\Software\Microsoft\Internet Explorer\Desktop\Components\0
HKU\S-1-5-21-346238479-1278075702-3035401571-1005\Software\Microsoft\Internet Explorer\Desktop\Components\0#Source
HKU\S-1-5-21-346238479-1278075702-3035401571-1005\Software\Microsoft\Internet Explorer\Desktop\Components\0#SubscribedURL
HKU\S-1-5-21-346238479-1278075702-3035401571-1005\Software\Microsoft\Internet Explorer\Desktop\Components\0#FriendlyName
HKU\S-1-5-21-346238479-1278075702-3035401571-1005\Software\Microsoft\Internet Explorer\Desktop\Components\0#Flags
HKU\S-1-5-21-346238479-1278075702-3035401571-1005\Software\Microsoft\Internet Explorer\Desktop\Components\0#Position
HKU\S-1-5-21-346238479-1278075702-3035401571-1005\Software\Microsoft\Internet Explorer\Desktop\Components\0#CurrentState
HKU\S-1-5-21-346238479-1278075702-3035401571-1005\Software\Microsoft\Internet Explorer\Desktop\Components\0#OriginalStateInfo
HKU\S-1-5-21-346238479-1278075702-3035401571-1005\Software\Microsoft\Internet Explorer\Desktop\Components\0#RestoredStateInfo

Adware.Tracking Cookie
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@adopt.euroclick[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@login.tracking101[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin_brown@adbrite[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin_brown@2o7[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin_brown@trafficmp[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@free-christian[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@ads.vnuemedia[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@snagajob.122.2o7[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin_brown@azjmp[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@toplist[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@ads.as4x.tmcs[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@bs.serving-sys[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@data2.perf.overture[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@tacoda[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@anat.tacoda[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin_brown@realmedia[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@msnportal.112.2o7[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@edge.ru4[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@roiservice[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@www.burstbeacon[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@as-us.falkag[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin_brown@ads.k8l[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@adinterax[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@cc.bridgetrack[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@list[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@overture[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@247realmedia[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@data3.perf.overture[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@112.2o7[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@adserve.webtoolcafe[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@free-counter[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@belnk[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@kanoodle[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin_brown@precisionclick[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@serving-sys[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@qksrv[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@planetout.122.2o7[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@perf.overture[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin_brown@revsci[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@379[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin_brown@adbrite.122.2o7[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin_brown@ads.addynamix[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@a.websponsors[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@44153975[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@anad.tacoda[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin_brown@server.iad.liveperson[3].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@tribalfusion[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@webpower[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin_brown@server.iad.liveperson[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@specificclick[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@dist.belnk[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@nextag[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@atdmt[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@354[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@data4.perf.overture[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@tracking.thunderdownloads[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@296[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@personal-dating-service[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@citi.bridgetrack[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin_brown@ads.revsci[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@ads.specificclick[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@adknowledge[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@cgi-bin[4].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@aff.primaryads[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@75397623[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@partner2profit[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@ads.pointroll[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@thunderbolt.adjuggler[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@msnaccountservices.112.2o7[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@superstats[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@atwola[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@tracker.myspacemaps[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@cratebarrel.112.2o7[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@316[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@mb[3].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@ez-tracks[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@yadro[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@qnsr[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@cbs.112.2o7[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@cgi-bin[3].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@e-2dj6wfmyaid5acp.stats.esomniture[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@dealtime[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@41409448[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin_brown@www.screensavers[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@stat.dealtime[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@track.bestbuy[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@rotator.adjuggler[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin_brown@interclick[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@27391302[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@bnkicom.112.2o7[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@www.clickmanage[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@ads.realtechnetwork[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@m1.webstats4u[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@e-2dj6wjl4ohajilo.stats.esomniture[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@ads.as4x.tmcs.ticketmaster[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@e-2dj6wfmiqnazgdo.stats.esomniture[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@nbads[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin_brown@tracking.exclusivenet[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@clicksor[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@71384334[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@ads.monster[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@bizrate[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin_brown@newmotioninc.112.2o7[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@74613876[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@enhance[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@adopt.specificclick[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@sales.liveperson[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@48986480[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@keywordmax[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin_brown@i.screensavers[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@adlegend[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@factorycard.122.2o7[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@vmix.adbureau[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin_brown@questionmarket[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@11906334[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@cz8.clickzs[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@indexstats[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@try.screensavers[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@nielsen.112.2o7[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@a.as-us.falkag[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@e-2dj6wfkiwpcpafp.stats.esomniture[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@onetruemedia[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@51176218[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@e-2dj6wfkosld5mep.stats.esomniture[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@tripod[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@counter.surfcounters[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@homeclick[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@emarketmakers[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@try.starware[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin_brown@adfarm1.adition[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@hc2.humanclick[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@www.windowsmedia[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@ads.bridgetrack[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@richmedia.yahoo[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@pt.crossmediaservices[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin_brown@ads.adbrite[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@viamtvcom.112.2o7[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@maxserving[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@stats.amerock[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@vitacost.122.2o7[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@reduxads.valuead[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@e-2dj6wjmycoczoko.stats.esomniture[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@publishers.clickbooth[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@e-2dj6wjk4qhcjgfo.stats.esomniture[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@html[4].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@servedby.adxpower[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@cgi-bin[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@s.clickability[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin_brown@tremor.adbureau[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin_brown@indiads[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@1071678606[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@tour.sexsearchcom[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin_brown@www.xctrk[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@h.starware[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@ad.scanmedios[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@traffic-tracker[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@buzznet.112.2o7[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@niftynats.tripod[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@as-eu.falkag[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@revenue[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@www.onetruemedia[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@www.claxonmedia[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@leeenterprises.112.2o7[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@barcelohotels.112.2o7[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@shoplocl.adbureau[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@popularscreensavers[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@e-2dj6wjloqpd5sdq.stats.esomniture[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@pch.122.2o7[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@findwhat[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@wt.sexsearch[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin_brown@media303[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin_brown@ads.jokeroo[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@ad.firstadsolution[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@cgi-bin[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@1071163083[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin_brown@ads.glispa[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@www.popunderserver[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@firstpremierbankcard.112.2o7[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@1069870899[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@heavycom.122.2o7[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@20471186[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@stat.onestat[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@image.masterstats[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin_brown@www.adbrite[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@ad.bannerconnect[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin_brown@clicksfeed[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@www.homeclick[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@www.ez-tracks[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@1067421519[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@ad.wanderlist[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@serving.rpowermedia[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@ad.afy11[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@stats.searchtrack[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin_brown@exitexchange[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@ads.uncoverthenet[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@www.advertyz[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin_brown@screensavers[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@e-2dj6wjlockdpwfq.stats.esomniture[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@windowsmedia[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@lynxtrack[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@1071486122[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin_brown@reunioncom.112.2o7[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@buycom.122.2o7[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@1071946097[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@recipe[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin_brown@pro-market[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@adsby.zwoops[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin_brown@mediatraffic[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@electronicarts.112.2o7[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin_brown@adecn[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@3.adbrite[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@ad.theadhost[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin_brown@cpvfeed[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@adsrevenue[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@ad.adnetinteractive[2].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@banner[1].txt
C:\Documents and Settings\Kristin Brown\Cookies\kristin brown@track[1].txt
C:\Documents and Settings\LocalService\Cookies\system@directtrack[1].txt
C:\Documents and Settings\LocalService\Cookies\system@findwhat[1].txt
C:\Documents and Settings\LocalService\Cookies\system@indextools[2].txt
C:\Documents and Settings\LocalService\Cookies\system@nfm.directtrack[2].txt

Trojan.WinAntiSpyware/WinAntiVirus 2006/2007
C:\WINDOWS\system32\drivers\FOPN.sys

Trojan.NetMon/DNSChange
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#DeviceDesc

Trojan.cmdService
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#DeviceDesc

Adware.MyWay
C:\Program Files\MyWay
C:\WINDOWS\SYSTEM32\XCITE.DLL

Adware.Web Buying
HKU\S-1-5-21-346238479-1278075702-3035401571-1005\Software\WebBuying

Trojan.WinAntiSpyware 2007
C:\Program Files\Common Files\WinAntiSpyware 2007\err.log
C:\Program Files\Common Files\WinAntiSpyware 2007
C:\DOCUMENTS AND SETTINGS\KRISTIN BROWN\LOCAL SETTINGS\TEMP\WINANTISPYWARE2007SETUP.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DE0CCCDE-8715-4A49-93EA-CF416A4EDF49}\RP429\A0025848.EXE

Adware.Avenue Media/Web Rebates (TopRebates)
C:\DOCUMENTS AND SETTINGS\KRISTIN BROWN\LOCAL SETTINGS\TEMP\DJTOPR1150.EXE

Adware.DelFin Project
C:\DOCUMENTS AND SETTINGS\KRISTIN BROWN\LOCAL SETTINGS\TEMP\PIXIT.EXE

Trojan.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DE0CCCDE-8715-4A49-93EA-CF416A4EDF49}\RP429\A0025845.VBS
C:\WINDOWS\S3JPC3RPBIBCCM93BG\MALDWALDV21FWA6AV0.VBS
C:\_OTMOVEIT\MOVEDFILES\PROGRAM FILES\ONLINE SERVICES\VINO22011.EXE

Adware.WebBuying Assistant-Installer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DE0CCCDE-8715-4A49-93EA-CF416A4EDF49}\RP429\A0025847.EXE

Adware.Spyware Labs
C:\WINDOWS\SYSTEM32\BO2202031216.DLL

Adware.webHancer
C:\WINDOWS\SYSTEM32\CC1\MON123BCZ.EXE

Adware.ClearSearch
C:\WINDOWS\SYSTEM32\GR0CK03.DLL

Adware.BroadcastPC
C:\WINDOWS\TEMP\BPC_INST.EXE


*************************
Deckard's System Scanner v20070826.66
Run by Kristin Brown on 2007-08-29 21:48:46
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 5 Restore Point(s) --
42: 2007-08-30 02:24:49 UTC - RP434 - Deckard's System Scanner Restore Point
41: 2007-08-29 08:00:25 UTC - RP433 - Software Distribution Service 3.0
40: 2007-08-29 03:07:24 UTC - RP432 - Installed SUPERAntiSpyware Free Edition
39: 2007-08-28 19:49:46 UTC - RP431 - System Checkpoint
38: 2007-08-27 19:35:16 UTC - RP430 - System Checkpoint


-- First Restore Point --
1: 2007-08-26 17:32:02 UTC - RP393 - Installed Windows XP KB900725.


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Kristin Brown.exe) ---------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-08-29 21:49:21
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16512)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Kristin Brown\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchasst.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchasst.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchasst.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lexmark.com/MD/?func=newreg?=0&...;os=5&src=1
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchasst.htm
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Spybot - Search & Destroy\SDHelper.dll
O4 - HKEY_LOCAL_MACHINE\..\Run: [Grokster] C:\PROGRA~1\Grokster\Grokster.exe /SYSTRAY
O4 - HKEY_LOCAL_MACHINE\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKEY_LOCAL_MACHINE\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKEY_LOCAL_MACHINE\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Microsoft Works\WkDetect.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Literati () - http://download.games.yahoo.com/games/clients/y/tt4_x.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} () - http://software-dl.real.com/111155b3326666...ip/RdxIE601.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgemc.exe



-- HijackThis Fixed Entries (C:\DOCUME~1\KRISTI~1\Desktop\SPYSTU~1\backups\) ---

backup-20070827-185239-145 O2 - BHO: (no name) - {C84D8A0A-E708-42B6-90CA-9C30956A87C6} - C:\WINDOWS\System32\wvustts.dll (file missing)
backup-20070827-185239-241 O2 - BHO: 0 - {873E9D30-380A-445D-33B4-B3F41E28DDCD} - C:\Program Files\ComPlus Applications\zyrikuta408.dll (file missing)
backup-20070827-185239-618 R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
backup-20070827-185239-846 O2 - BHO: (no name) - {47B83D78-F986-4E96-9769-2C55EF14DA0B} - C:\WINDOWS\System32\qbrsvcwp.dll (file missing)
backup-20070827-185239-878 O2 - BHO: (no name) - {94FC6F38-C817-4898-94C9-6A4EB2237CD3} - C:\WINDOWS\System32\gebyx.dll (file missing)
backup-20070828-220405-288 O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
backup-20070828-220405-571 O4 - HKLM\..\Run: [cpr] C:\WINDOWS\cpr
backup-20070828-220405-791 O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71A - (no file)
backup-20070828-220405-843 O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
backup-20070828-220405-874 O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB - (no file)
backup-20070828-220405-962 O20 - Winlogon Notify: wvustts - wvustts.dll (file missing)
backup-20070828-220405-966 O4 - HKLM\..\Run: [vino] C:\Program Files\Online Services\vino22011.exe

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S3 ATWPKT2 - c:\program files\america online 8.0a\atwpkt2.sys (file missing)
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 aawservice (Ad-Aware 2007 Service) - c:\program files\lavasoft\ad-aware 2007\aawservice.exe <Not Verified; Lavasoft AB; Ad-Aware 2007 Service>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-07-08 09:38:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-07-29 and 2007-08-29 -----------------------------

2007-08-28 22:07:48 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-08-28 22:07:25 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-08-28 22:07:25 0 d-------- C:\Documents and Settings\Kristin Brown\Application Data\SUPERAntiSpyware.com
2007-08-27 17:31:26 0 d-------- C:\VundoFix Backups
2007-08-27 11:03:09 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2007-08-27 11:03:09 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-08-27 11:03:09 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-08-27 11:03:09 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-08-27 11:03:09 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2007-08-27 11:03:09 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-08-27 11:03:09 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-08-27 11:03:09 0 dr------- C:\Documents and Settings\Administrator\My Documents
2007-08-27 11:03:09 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-08-27 11:03:09 0 dr------- C:\Documents and Settings\Administrator\Favorites
2007-08-27 11:03:09 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-08-27 11:03:09 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2007-08-27 11:03:09 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-08-27 11:03:09 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-08-27 11:03:09 0 d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust
2007-08-27 11:03:09 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2007-08-27 11:03:09 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2007-08-27 11:03:08 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-08-27 11:00:00 0 d-------- C:\WINDOWS\pss
2007-08-26 20:39:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-08-26 20:39:12 0 d-------- C:\Spybot - Search & Destroy
2007-08-26 14:07:41 0 d-------- C:\Program Files\MSXML 4.0
2007-08-26 14:01:43 0 d-------- C:\Documents and Settings\Kristin Brown\Application Data\Mozilla
2007-08-26 13:45:58 0 d-------- C:\WINDOWS\network diagnostic
2007-08-26 13:09:07 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2007-08-26 13:08:10 0 d-------- C:\WINDOWS\Prefetch
2007-08-26 12:10:58 0 d-------- C:\WINDOWS\provisioning
2007-08-26 12:10:58 0 d-------- C:\WINDOWS\peernet
2007-08-26 12:08:55 0 d-------- C:\WINDOWS\ServicePackFiles
2007-08-26 11:58:47 0 d-------- C:\WINDOWS\EHome
2007-08-23 20:14:32 46352 --a------ C:\WINDOWS\setdebug.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-08-23 20:14:30 171280 --a------ C:\WINDOWS\system32\jit.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-08-23 20:14:29 139536 --a------ C:\WINDOWS\system32\javaee.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-08-23 20:14:29 6550 --a------ C:\WINDOWS\jautoexp.dat
2007-08-23 20:14:27 313856 --a------ C:\WINDOWS\system32\dx3j.dll <Not Verified; Microsoft Corporation; MicrosoftÆ DirectX for Java>
2007-08-23 20:13:48 113 --a------ C:\WINDOWS\system32\zonedon.reg
2007-08-23 20:13:48 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2007-08-23 20:13:46 171792 --a------ C:\WINDOWS\system32\wjview.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-08-23 20:13:45 286992 --a------ C:\WINDOWS\system32\vmhelper.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-08-23 20:13:43 21264 --a------ C:\WINDOWS\system32\msjdbc10.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-08-23 20:13:41 947472 --a------ C:\WINDOWS\system32\msjava.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-08-23 20:13:39 154384 --a------ C:\WINDOWS\system32\msawt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-08-23 20:13:37 172304 --a------ C:\WINDOWS\system32\jview.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-08-23 20:13:36 15120 --a------ C:\WINDOWS\system32\jdbgmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-08-23 20:13:34 404752 --a------ C:\WINDOWS\system32\javart.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-08-23 20:13:32 63248 --a------ C:\WINDOWS\system32\javaprxy.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-08-23 20:13:31 187152 --a------ C:\WINDOWS\system32\javacypt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-08-23 20:13:28 49424 --a------ C:\WINDOWS\system32\clspack.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-08-23 19:16:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2007-08-23 18:55:07 0 d-------- C:\WINDOWS\system32\PreInstall
2007-08-23 18:54:18 0 d--h----- C:\WINDOWS\$hf_mig$
2007-08-23 18:43:51 0 d-------- C:\WINDOWS\system32\bits
2007-08-23 10:20:44 0 dr-h----- C:\$VAULT$.AVG
2007-08-23 08:06:23 0 d-------- C:\Documents and Settings\Kristin Brown\Application Data\AVG7
2007-08-23 08:06:14 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-08-23 08:05:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-08-23 08:05:50 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-08-22 14:46:59 0 d-------- C:\Program Files\Lavasoft
2007-08-22 14:46:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-08-22 14:46:20 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-17 09:54:36 79872 --a------ C:\WINDOWS\system32\drivers\FOPN.sys <Not Verified; Windows ® Codename Longhorn DDK provider; Windows ® Codename Longhorn DDK driver>
2007-08-17 09:54:31 0 d-------- C:\Program Files\Common Files\WinAntiSpyware 2007
2007-08-17 09:52:35 0 d--hs---- C:\WINDOWS\S3Jpc3RpbiBCcm93bg
2007-08-17 09:52:31 0 d-------- C:\WINDOWS\system32\tmps6
2007-08-17 09:52:31 0 d-------- C:\WINDOWS\system32\ICM3
2007-08-17 09:52:31 0 d-------- C:\WINDOWS\system32\dll66
2007-08-17 09:52:31 0 d-------- C:\WINDOWS\system32\CC1
2007-08-17 09:52:31 0 d-------- C:\WINDOWS\system32\bgfig5
2007-08-17 09:52:29 0 d-------- C:\WINDOWS\system32\f10WtR
2007-08-17 09:52:29 0 d-------- C:\Temp
2007-08-06 11:17:22 0 d-------- C:\Documents and Settings\Kristin Brown\Application Data\Snapfish


-- Find3M Report ---------------------------------------------------------------

2007-08-28 05:35:19 0 d-------- C:\Program Files\Online Services
2007-08-26 21:07:14 0 d-------- C:\Program Files\MyWay
2007-08-26 20:33:23 0 d-------- C:\Program Files\Messenger
2007-08-26 12:10:59 0 d-------- C:\Program Files\Movie Maker
2007-08-26 12:08:12 0 d-------- C:\Program Files\Windows NT
2007-08-22 14:46:20 0 d-------- C:\Program Files\Common Files


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Grokster"="C:\PROGRA~1\Grokster\Grokster.exe" []
"SoundMan"="SOUNDMAN.EXE" [07/16/2002 03:09 PM C:\WINDOWS\SOUNDMAN.EXE]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/27/2007 09:41 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [04/13/2005 04:48 AM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [08/23/2007 08:05 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" []
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [07/13/2000 03:00 PM]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [10/13/2004 11:24 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/21/2007 02:06 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [6/2/2006 5:29:26 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 6:05:56 PM]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\ComPlus Applications\diboxono.html
FriendlyName=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2007-08-29 21:51:02 ------------


Deckard's System Scanner v20070826.66
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ XP 2400+
Percentage of Memory in Use: 33%
Physical Memory (total/avail): 991.48 MiB / 661.49 MiB
Pagefile Memory (total/avail): 2389.51 MiB / 2178.53 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1966.94 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 38.23 GiB total, 25.15 GiB free.
D: is CDROM (No Media)
E: is Removable (FAT)

\\.\PHYSICALDRIVE0 - Maxtor 2F040L0 - 38.29 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 38.23 GiB - C:

\\.\PHYSICALDRIVE1 - SanDisk Cruzer Mini USB Device - 243.17 MiB - 1 partition
\PARTITION0 - MS-DOS V4 Huge - 244.7 MiB - E:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: AVG 7.5.484 v7.5.484 (GRISOFT)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Kristin Brown\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YOUR-FD6NVJCER4
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Kristin Brown
LOGONSERVER=\\YOUR-FD6NVJCER4
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0801
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\KRISTI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\KRISTI~1\LOCALS~1\Temp
USERDOMAIN=YOUR-FD6NVJCER4
USERNAME=Kristin Brown
USERPROFILE=C:\Documents and Settings\Kristin Brown
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Kristin Brown (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /X{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\System32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Apple Software Update --> MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
Avance AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
CompuServe --> C:\Program Files\Common Files\csshare\csunins_us.exe
Conexant SoftK56 Modem(M) --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F00&SUBSYS_8D8B155D\HXFSETUP.EXE -U -IVEN_14F1&DEV_2F00&SUBSYS_200214F1
ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp --> MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock --> MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC --> MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
ESSTOOLS --> MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt --> MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
essvcpt --> MsiExec.exe /I{D1973749-F5E7-40EB-B528-F2B78685B9FF}
HijackThis 1.99.1 --> C:\Documents and Settings\Kristin Brown\Desktop\HijackThis.exe /uninstall
HLPPDOCK --> MsiExec.exe /I{154508C0-07C5-4659-A7A0-E49968750D21}
InqScribe 1.5.2 --> "C:\Program Files\InqScribe\unins000.exe"
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Java 2 Runtime Environment Standard Edition v1.3.1_02 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\JavaSoft\JRE\1.3.1_02\Uninst.isu"
kgcbaby --> MsiExec.exe /I{E18B549C-5D15-45DA-8D8F-8FD2BD946344}
kgcbase --> MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}
kgchday --> MsiExec.exe /I{11F3F858-4131-4FFA-A560-3FE282933B6E}
kgchlwn --> MsiExec.exe /I{03EDED24-8375-407D-A721-4643D9768BE1}
kgcinvt --> MsiExec.exe /I{9BD54685-1496-46A5-AB62-357CD140ED8B}
kgckids --> MsiExec.exe /I{693C08A7-9E76-43FF-B11E-9A58175474C4}
kgcmove --> MsiExec.exe /I{A1588373-1D86-4D44-86C9-78ABD190F9CC}
kgcvday --> MsiExec.exe /I{8A8664E1-84C8-4936-891C-BC1F07797549}
Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140010_1681cb8\Setup.exe /APR-REMOVE
KSU --> MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
Lexmark Photo Center --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe /M{523BD5B6-E904-493C-B902-1BC9B7D44DF4} /l1033
Lexmark Z700-P700 Series --> C:\WINDOWS\System32\spool\drivers\w32x86\3\LXBLUN5C.EXE -dLexmark Z700-P700 Series
LimeWire 4.12.6 --> "C:\Program Files\LimeWire\uninstall.exe"
Microsoft Office 2000 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Works 6.0 --> MsiExec.exe /I{F8D0829C-9C6F-11D3-8080-00C04FA329AA}
Mozilla Firefox (2.0.0.6) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
OfotoXMI --> MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
OTtBP --> MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
OTtBPSDK --> MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}
ProSavageDDR and Utilities --> C:\PROGRA~1\S3\P4M266\s3setvga.exe -s -fC:\PROGRA~1\S3\P4M266\P4M266.uns
QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
S3Gamma2 --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Gamma2'
S3Info2 --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Info2'
S3Overlay --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Overlay'
SFR --> MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA --> MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
SKIN0001 --> MsiExec.exe /I{FDF9943A-3D5C-46B3-9679-586BD237DDEE}
SKINXSDK --> MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
Spybot - Search & Destroy 1.4 --> "C:\Spybot - Search & Destroy\unins000.exe"
staticcr --> MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
updater (remove only) --> C:\Program Files\Common files\updater\uninstall.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Windows Backup Utility --> MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
WIRELESS --> MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}


-- Application Event Log -------------------------------------------------------

Event Record #/Type1231 / Error
Event Submitted/Written: 08/29/2007 09:43:46 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application dss.exe, version 3.2.4.9, faulting module dss.dll, version 0.0.0.0, fault address 0x000020c8.
Processing media-specific event for [dss.exe!ws!]

Event Record #/Type1230 / Error
Event Submitted/Written: 08/29/2007 09:41:47 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application dss.exe, version 3.2.4.9, faulting module dss.dll, version 0.0.0.0, fault address 0x000020c8.
Processing media-specific event for [dss.exe!ws!]

Event Record #/Type1229 / Error
Event Submitted/Written: 08/29/2007 09:25:25 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application dss.exe, version 3.2.4.9, faulting module dss.dll, version 0.0.0.0, fault address 0x000020c8.
Processing media-specific event for [dss.exe!ws!]

Event Record #/Type1218 / Warning
Event Submitted/Written: 08/27/2007 06:14:27 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type1214 / Warning
Event Submitted/Written: 08/27/2007 06:12:07 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type15640 / Warning
Event Submitted/Written: 08/29/2007 08:57:10 PM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type15599 / Error
Event Submitted/Written: 08/28/2007 10:06:54 PM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 74.139.99.77 for the Network Card with network address 000D87060A95 has been
denied by the DHCP server 192.168.15.1 (The DHCP Server sent a DHCPNACK message).

Event Record #/Type15597 / Warning
Event Submitted/Written: 08/28/2007 10:21:34 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type15593 / Error
Event Submitted/Written: 08/27/2007 08:44:16 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.

Event Record #/Type15475 / Error
Event Submitted/Written: 08/27/2007 11:26:54 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}



-- End of Deckard's System Scanner: finished at 2007-08-29 21:51:02 ------------

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:02:11 AM

Posted 30 August 2007 - 04:12 AM

Make sure all hidden files are showing:
* Click 'Start'.
* Open 'My Computer'.
* Select the 'Tools' menu and click 'Folder Options'.
* Select the 'View' tab.
* Under the 'Hidden files and folders' heading select 'Show hidden files and folders'.
* Uncheck the 'Hide file extensions for known types' option.
* Uncheck the 'Hide protected operating system files (recommended)' option.
* Click Yes to confirm.
* Click OK.

Reboot your computer into SAFE MODE using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

C:\WINDOWS\system32\tmps6
C:\WINDOWS\system32\ICM3
C:\WINDOWS\system32\dll66
C:\WINDOWS\system32\CC1
C:\WINDOWS\system32\bgfig5
C:\WINDOWS\system32\f10WtR
C:\WINDOWS\S3Jpc3RpbiBCcm93bg
C:\Program Files\MyWay
C:\Program Files\Common Files\WinAntiSpyware 2007

Restart your pc normally.


Download and scan with the free 15 day trial of Counterspy V2
Save the report when it's finished:
1.Once Counterspy has done scanning,the 'Scan Results' box will appear.
2.Click on 'View Results'.
3.Under (Recommended Action),using the drop down menus at the side of each entry found,set EVERYTHING to 'Remove'.
4.Then click on 'Take Action'.
5.Once everything has been removed,click on 'View Details'.
6.Copy and Paste those details into your next reply.

Also post a new Hijackthis log.
Let me know how your pc is running now.
Posted Image
Posted Image

#7 hardnose

hardnose
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:11 PM

Posted 30 August 2007 - 10:23 PM

Thanks, Richie, the PC is running MUCH better now! I have been browsing for hours with no problems!

The only thing I could not find from your list below was C:\WINDOWS\S3Jpc3RpbiBCcm93bg. I was able to follow all other instructions.

How do the logs look?

Thanks again,

Terry

*****************
CounterSpy
Scan History Details
Start Date: 8/30/2007 7:58:47 PM
End Date: 8/30/2007 8:45:06 PM
Total Time: 46 Min 19 Sec
Detected security risks

Cookie: AdKnowledge.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\kristin brown\cookies\kristin brown@adknowledge[2].txt


Cookie: AdsRemote.Scripps.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\kristin brown\cookies\kristin brown@adsremote.scripps[2].txt


Cookie: Trafficmp.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\kristin brown\cookies\kristin_brown@trafficmp[2].txt


Cookie: ATDMT.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\kristin brown\cookies\kristin brown@atdmt[2].txt


Cookie: Bizrate Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\kristin brown\cookies\kristin brown@bizrate[1].txt


Cookie: Bravenet.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\kristin brown\cookies\kristin brown@bravenet[1].txt


Cookie: BS.Serving-Sys Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\kristin brown\cookies\kristin brown@bs.serving-sys[1].txt
c:\documents and settings\kristin brown\cookies\kristin brown@serving-sys[2].txt


Cookie: CGI-Bin Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\kristin brown\cookies\kristin brown@cgi-bin[1].txt
c:\documents and settings\kristin brown\cookies\kristin brown@cgi-bin[2].txt
c:\documents and settings\kristin brown\cookies\kristin brown@cgi-bin[3].txt
c:\documents and settings\kristin brown\cookies\kristin brown@cgi-bin[4].txt


Cookie: Citi.BridgeTrack Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\kristin brown\cookies\kristin brown@citi.bridgetrack[2].txt


Cookie: Com.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\kristin brown\cookies\kristin brown@com[1].txt


Cydoor Adware (General) more information...
Details: Cydoor is an adware program that downloads advertisements from a server and displays them on your computer.
Status: Deleted

Files detected
C:\Documents and Settings\Kristin Brown\Local Settings\Tempxxxxx\v.dat


Cookie: DealTime Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\kristin brown\cookies\kristin brown@dealtime[1].txt


Delfin.Media Viewer Adware (General) more information...
Details: DelFin Media Viewer, also called PromulGate, is an adware-based media player.
Status: Deleted

Files detected
C:\keys.ini


DownloadWare Adware (General) more information...
Details: DownloadWare is a process that runs on Windows startup. If a network connection is available it will connect to its servers, which can direct it to download and install software from advertisers. It may be installed through an ActiveX control.
Status: Deleted

Files detected
C:\PROGRAM FILES\DOWNLOADWARE ENGINE\AlComms.dll
C:\PROGRAM FILES\DOWNLOADWARE ENGINE\AlConfig.dll
C:\PROGRAM FILES\DOWNLOADWARE ENGINE\AlDebug.dll
C:\PROGRAM FILES\DOWNLOADWARE ENGINE\AlDLManager.dll
C:\PROGRAM FILES\DOWNLOADWARE ENGINE\AlFile.dll
C:\PROGRAM FILES\DOWNLOADWARE ENGINE\AlP2PLib.exe
C:\PROGRAM FILES\DOWNLOADWARE ENGINE\AlUtil.dll
C:\PROGRAM FILES\DOWNLOADWARE ENGINE\AlXML.dll
C:\WINDOWS\system32\Gr0ck03.dll
C:\PROGRAM FILES\DOWNLOADWARE ENGINE

Registry entries detected
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{963F349D-8B15-4A3B-AC6A-6E1958B21E20}
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{963F349D-8B15-4A3B-AC6A-6E1958B21E20}\1.0
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{963F349D-8B15-4A3B-AC6A-6E1958B21E20}\1.0
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{963F349D-8B15-4A3B-AC6A-6E1958B21E20}\1.0\0
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{963F349D-8B15-4A3B-AC6A-6E1958B21E20}\1.0\0\win32
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{963F349D-8B15-4A3B-AC6A-6E1958B21E20}\1.0\0\win32
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{963F349D-8B15-4A3B-AC6A-6E1958B21E20}\1.0\FLAGS
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{963F349D-8B15-4A3B-AC6A-6E1958B21E20}\1.0\FLAGS
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{963F349D-8B15-4A3B-AC6A-6E1958B21E20}\1.0\HELPDIR
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{963F349D-8B15-4A3B-AC6A-6E1958B21E20}\1.0\HELPDIR
HKEY_LOCAL_MACHINE\SOFTWARE\CLIPGENIEP2P
HKEY_LOCAL_MACHINE\SOFTWARE\CLIPGENIEP2P


Cookie: Findwhat Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\kristin brown\cookies\kristin brown@findwhat[1].txt


Cookie: GeoCities Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\kristin brown\cookies\kristin brown@geocities[2].txt


Grokster P2P Program more information...
Details: Grokster is a peer-to-peer (P2P) application that allows its users to join together in a network via the Internet and share files from each other's hard drives.
Status: Deleted

Files detected
C:\WINDOWS\unast.exe

Registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\MAGNET\HANDLERS\GROKSTER
HKEY_LOCAL_MACHINE\SOFTWARE\MAGNET\HANDLERS\GROKSTER
HKEY_LOCAL_MACHINE\SOFTWARE\MAGNET\HANDLERS\GROKSTER
HKEY_LOCAL_MACHINE\SOFTWARE\MAGNET\HANDLERS\GROKSTER
HKEY_LOCAL_MACHINE\SOFTWARE\MAGNET\HANDLERS\GROKSTER
HKEY_LOCAL_MACHINE\SOFTWARE\MAGNET\HANDLERS\GROKSTER
HKEY_LOCAL_MACHINE\SOFTWARE\MAGNET\HANDLERS\GROKSTER
HKEY_LOCAL_MACHINE\SOFTWARE\MAGNET\HANDLERS\GROKSTER\Type
HKEY_LOCAL_MACHINE\SOFTWARE\MAGNET\HANDLERS\GROKSTER\Type
HKEY_LOCAL_MACHINE\SOFTWARE\MAGNET\HANDLERS\GROKSTER\Type
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\MEDIAPLAYER\SHIMEXCLUSIONLIST\GROKSTER.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\MEDIAPLAYER\SHIMEXCLUSIONLIST\GROKSTER.EXE


Cookie: HC2.HumanClick Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\kristin brown\cookies\kristin brown@hc2.humanclick[1].txt


KaZaA P2P Program more information...
Details: KaZaA is a peer-to-peer (P2P) application that allows its users to join together in a network via the Internet and share files from each other's hard drives.
Status: Deleted

Registry entries detected
HKEY_USERS\S-1-5-21-346238479-1278075702-3035401571-1005\SOFTWARE\KAZAA
HKEY_USERS\S-1-5-21-346238479-1278075702-3035401571-1005\SOFTWARE\KAZAA\Advanced
HKEY_USERS\S-1-5-21-346238479-1278075702-3035401571-1005\SOFTWARE\KAZAA\Advanced
HKEY_USERS\S-1-5-21-346238479-1278075702-3035401571-1005\SOFTWARE\KAZAA\DontShow
HKEY_USERS\S-1-5-21-346238479-1278075702-3035401571-1005\SOFTWARE\KAZAA\DontShow
HKEY_USERS\S-1-5-21-346238479-1278075702-3035401571-1005\SOFTWARE\KAZAA\DontShow
HKEY_USERS\S-1-5-21-346238479-1278075702-3035401571-1005\SOFTWARE\KAZAA\InstantMessaging
HKEY_USERS\S-1-5-21-346238479-1278075702-3035401571-1005\SOFTWARE\KAZAA
HKEY_USERS\S-1-5-21-346238479-1278075702-3035401571-1005\SOFTWARE\KAZAA\LocalContent
HKEY_USERS\S-1-5-21-346238479-1278075702-3035401571-1005\SOFTWARE\KAZAA\LocalContent
HKEY_USERS\S-1-5-21-346238479-1278075702-3035401571-1005\SOFTWARE\KAZAA\Promotions
HKEY_USERS\S-1-5-21-346238479-1278075702-3035401571-1005\SOFTWARE\KAZAA\Promotions\Broadband
HKEY_USERS\S-1-5-21-346238479-1278075702-3035401571-1005\SOFTWARE\KAZAA\Promotions\Broadband
HKEY_USERS\S-1-5-21-346238479-1278075702-3035401571-1005\SOFTWARE\KAZAA\Promotions\Broadband
HKEY_USERS\S-1-5-21-346238479-1278075702-3035401571-1005\SOFTWARE\KAZAA\Promotions\Broadband
HKEY_USERS\S-1-5-21-346238479-1278075702-3035401571-1005\SOFTWARE\KAZAA\Promotions\Broadband
HKEY_USERS\S-1-5-21-346238479-1278075702-3035401571-1005\SOFTWARE\KAZAA\Promotions\Broadband
HKEY_USERS\S-1-5-21-346238479-1278075702-3035401571-1005\SOFTWARE\KAZAA\Search
HKEY_USERS\S-1-5-21-346238479-1278075702-3035401571-1005\SOFTWARE\KAZAA\Search
HKEY_USERS\S-1-5-21-346238479-1278075702-3035401571-1005\SOFTWARE\KAZAA\Search
HKEY_USERS\S-1-5-21-346238479-1278075702-3035401571-1005\SOFTWARE\KAZAA\Search
HKEY_USERS\S-1-5-21-346238479-1278075702-3035401571-1005\SOFTWARE\KAZAA\Search
HKEY_USERS\S-1-5-21-346238479-1278075702-3035401571-1005\SOFTWARE\KAZAA\Search
HKEY_USERS\S-1-5-21-346238479-1278075702-3035401571-1005\SOFTWARE\KAZAA\Search
HKEY_USERS\S-1-5-21-346238479-1278075702-3035401571-1005\SOFTWARE\KAZAA\Search
HKEY_USERS\S-1-5-21-346238479-1278075702-3035401571-1005\SOFTWARE\KAZAA\Search
HKEY_USERS\S-1-5-21-346238479-1278075702-3035401571-1005\SOFTWARE\KAZAA\Search
HKEY_USERS\S-1-5-21-346238479-1278075702-3035401571-1005\SOFTWARE\KAZAA\Search
HKEY_USERS\S-1-5-21-346238479-1278075702-3035401571-1005\SOFTWARE\KAZAA\Search
HKEY_USERS\S-1-5-21-346238479-1278075702-3035401571-1005\SOFTWARE\KAZAA\Search
HKEY_USERS\S-1-5-21-346238479-1278075702-3035401571-1005\SOFTWARE\KAZAA\Search
HKEY_USERS\S-1-5-21-346238479-1278075702-3035401571-1005\SOFTWARE\KAZAA\Search
HKEY_USERS\S-1-5-21-346238479-1278075702-3035401571-1005\SOFTWARE\KAZAA\Settings
HKEY_USERS\S-1-5-21-346238479-1278075702-3035401571-1005\SOFTWARE\KAZAA\Settings
HKEY_USERS\S-1-5-21-346238479-1278075702-3035401571-1005\SOFTWARE\KAZAA\Settings
HKEY_USERS\S-1-5-21-346238479-1278075702-3035401571-1005\SOFTWARE\KAZAA\Settings
HKEY_USERS\S-1-5-21-346238479-1278075702-3035401571-1005\SOFTWARE\KAZAA\Settings
HKEY_USERS\S-1-5-21-346238479-1278075702-3035401571-1005\SOFTWARE\KAZAA
HKEY_USERS\S-1-5-21-346238479-1278075702-3035401571-1005\SOFTWARE\KAZAA\Transfer
HKEY_USERS\S-1-5-21-346238479-1278075702-3035401571-1005\SOFTWARE\KAZAA\Transfer
HKEY_USERS\S-1-5-21-346238479-1278075702-3035401571-1005\SOFTWARE\KAZAA\Transfer
HKEY_USERS\S-1-5-21-346238479-1278075702-3035401571-1005\SOFTWARE\KAZAA\Transfer
HKEY_USERS\S-1-5-21-346238479-1278075702-3035401571-1005\SOFTWARE\KAZAA\Transfer
HKEY_USERS\S-1-5-21-346238479-1278075702-3035401571-1005\SOFTWARE\KAZAA\Transfer
HKEY_USERS\S-1-5-21-346238479-1278075702-3035401571-1005\SOFTWARE\KAZAA\Transfer


Look2Me Adware (General) more information...
Details: Look2Me monitors the web sites you visit and sends the log to the vendor's server. Look2Me will also open pop-up windows.
Status: Deleted

Files detected
C:\WINDOWS\system32\msg116.dll


Cookie: LookSmart Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\kristin brown\cookies\kristin brown@looksmart[2].txt


Lycos SideSearch Potentially Unwanted Program more information...
Details: Lycos SideSearch is an Internet Explorer plugin (BHO and Toolbar) that modifies your browser's homepage and additional settings without your permissions.
Status: Deleted

Files detected
C:\PROGRAM FILES\LYCOS

Registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\LYCOS


NetworkEssentials Hijacker more information...
Details: Network Essentials adds hundreds of Internet Explorer favorite site links to the users favorate folder as well as desktop.
Status: Deleted

Files detected
C:\DOCUMENTS AND SETTINGS\KRISTIN BROWN\FAVORITES\-BUSINESS & HOME OFFICE-
C:\DOCUMENTS AND SETTINGS\KRISTIN BROWN\FAVORITES\-POPULAR SITES-
C:\DOCUMENTS AND SETTINGS\KRISTIN BROWN\FAVORITES\-POPULAR SITES-\-CAREER-
C:\DOCUMENTS AND SETTINGS\KRISTIN BROWN\FAVORITES\-POPULAR SITES-\-FREE MUSIC-
C:\DOCUMENTS AND SETTINGS\KRISTIN BROWN\FAVORITES\-POPULAR SITES-\-MOVIES-


Cookie: Overture.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\kristin brown\cookies\kristin brown@overture[1].txt


Altnet P2P Networking Low Risk Adware more information...
Details: Altnet P2P Networking is a program that uses peer-to-peer functionality to enable the delivery of content, including advertising, to PC desktops. This content may be used by other programs.
Status: Deleted

Registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\P2P NETWORKING
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\P2P NETWORKING
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\P2P NETWORKING
HKEY_USERS\.DEFAULT\SOFTWARE\P2P NETWORKING
HKEY_USERS\.DEFAULT\SOFTWARE\P2P NETWORKING\JcdeAgent
HKEY_USERS\.DEFAULT\SOFTWARE\P2P NETWORKING\JcdeAgent\Connection
HKEY_USERS\.DEFAULT\SOFTWARE\P2P NETWORKING\JcdeAgent\Connection
HKEY_USERS\.DEFAULT\SOFTWARE\P2P NETWORKING\JcdeAgent\Connection\Bandwidth
HKEY_USERS\.DEFAULT\SOFTWARE\P2P NETWORKING\JcdeAgent\Connection\Bandwidth
HKEY_USERS\.DEFAULT\SOFTWARE\P2P NETWORKING\JcdeAgent\Connection\Bandwidth
HKEY_USERS\.DEFAULT\SOFTWARE\P2P NETWORKING\JcdeAgent\Connection\Bandwidth
HKEY_USERS\.DEFAULT\SOFTWARE\P2P NETWORKING\JcdeAgent\Connection\Bandwidth
HKEY_USERS\.DEFAULT\SOFTWARE\P2P NETWORKING\JcdeAgent\Connection\Bandwidth
HKEY_USERS\.DEFAULT\SOFTWARE\P2P NETWORKING\JcdeAgent\Connection\Firewall
HKEY_USERS\.DEFAULT\SOFTWARE\P2P NETWORKING\JcdeAgent\Connection\Firewall
HKEY_USERS\.DEFAULT\SOFTWARE\P2P NETWORKING\JcdeAgent\Connection\Firewall
HKEY_USERS\.DEFAULT\SOFTWARE\P2P NETWORKING\JcdeAgent\Connection\Firewall
HKEY_USERS\.DEFAULT\SOFTWARE\P2P NETWORKING\JcdeAgent\Connection\Uptime
HKEY_USERS\.DEFAULT\SOFTWARE\P2P NETWORKING\JcdeAgent\Connection\Uptime
HKEY_USERS\.DEFAULT\SOFTWARE\P2P NETWORKING\JcdeAgent\Connection\Uptime
HKEY_USERS\.DEFAULT\SOFTWARE\P2P NETWORKING\JcdeAgent\FileManager
HKEY_USERS\.DEFAULT\SOFTWARE\P2P NETWORKING\JcdeAgent\FileManager
HKEY_USERS\.DEFAULT\SOFTWARE\P2P NETWORKING\JcdeAgent\FileManager
HKEY_USERS\.DEFAULT\SOFTWARE\P2P NETWORKING\JcdeAgent\FileManager
HKEY_USERS\.DEFAULT\SOFTWARE\P2P NETWORKING\JcdeAgent\FileManager
HKEY_USERS\.DEFAULT\SOFTWARE\P2P NETWORKING\JcdeAgent\FileManager
HKEY_USERS\.DEFAULT\SOFTWARE\P2P NETWORKING\JcdeAgent\FileManager
HKEY_USERS\.DEFAULT\SOFTWARE\P2P NETWORKING\JcdeAgent
HKEY_USERS\.DEFAULT\SOFTWARE\P2P NETWORKING\JcdeAgent\P2PNetworkingGUI
HKEY_USERS\.DEFAULT\SOFTWARE\P2P NETWORKING\JcdeAgent\P2PNetworkingGUI
HKEY_USERS\.DEFAULT\SOFTWARE\P2P NETWORKING\JcdeAgent\P2PNetworkingGUI
HKEY_USERS\.DEFAULT\SOFTWARE\P2P NETWORKING\JcdeAgent\P2PNetworkingGUI
HKEY_USERS\.DEFAULT\SOFTWARE\P2P NETWORKING\JcdeAgent\P2PNetworkingGUI
HKEY_USERS\.DEFAULT\SOFTWARE\P2P NETWORKING\JcdeAgent\P2PNetworkingGUI
HKEY_USERS\.DEFAULT\SOFTWARE\P2P NETWORKING\JcdeAgent\P2PNetworkingGUI
HKEY_USERS\.DEFAULT\SOFTWARE\P2P NETWORKING\JcdeAgent\P2PNetworkingGUI
HKEY_USERS\.DEFAULT\SOFTWARE\P2P NETWORKING\JcdeAgent\P2PNetworkingGUI
HKEY_USERS\.DEFAULT\SOFTWARE\P2P NETWORKING\JcdeAgent\P2PNetworkingGUI
HKEY_USERS\.DEFAULT\SOFTWARE\P2P NETWORKING\JcdeAgent\P2PNetworkingGUI
HKEY_USERS\.DEFAULT\SOFTWARE\P2P NETWORKING\JcdeAgent\P2PNetworkingGUI
HKEY_USERS\.DEFAULT\SOFTWARE\P2P NETWORKING\JcdeAgent\P2PNetworkingGUI
HKEY_USERS\.DEFAULT\SOFTWARE\P2P NETWORKING\JcdeAgent\P2PNetworkingGUI
HKEY_USERS\S-1-5-18\SOFTWARE\P2P NETWORKING
HKEY_USERS\S-1-5-18\SOFTWARE\P2P NETWORKING\JcdeAgent
HKEY_USERS\S-1-5-18\SOFTWARE\P2P NETWORKING\JcdeAgent\Connection
HKEY_USERS\S-1-5-18\SOFTWARE\P2P NETWORKING\JcdeAgent\Connection
HKEY_USERS\S-1-5-18\SOFTWARE\P2P NETWORKING\JcdeAgent\Connection\Bandwidth
HKEY_USERS\S-1-5-18\SOFTWARE\P2P NETWORKING\JcdeAgent\Connection\Bandwidth
HKEY_USERS\S-1-5-18\SOFTWARE\P2P NETWORKING\JcdeAgent\Connection\Bandwidth
HKEY_USERS\S-1-5-18\SOFTWARE\P2P NETWORKING\JcdeAgent\Connection\Bandwidth
HKEY_USERS\S-1-5-18\SOFTWARE\P2P NETWORKING\JcdeAgent\Connection\Bandwidth
HKEY_USERS\S-1-5-18\SOFTWARE\P2P NETWORKING\JcdeAgent\Connection\Bandwidth
HKEY_USERS\S-1-5-18\SOFTWARE\P2P NETWORKING\JcdeAgent\Connection\Firewall
HKEY_USERS\S-1-5-18\SOFTWARE\P2P NETWORKING\JcdeAgent\Connection\Firewall
HKEY_USERS\S-1-5-18\SOFTWARE\P2P NETWORKING\JcdeAgent\Connection\Firewall
HKEY_USERS\S-1-5-18\SOFTWARE\P2P NETWORKING\JcdeAgent\Connection\Firewall
HKEY_USERS\S-1-5-18\SOFTWARE\P2P NETWORKING\JcdeAgent\Connection\Uptime
HKEY_USERS\S-1-5-18\SOFTWARE\P2P NETWORKING\JcdeAgent\Connection\Uptime
HKEY_USERS\S-1-5-18\SOFTWARE\P2P NETWORKING\JcdeAgent\Connection\Uptime
HKEY_USERS\S-1-5-18\SOFTWARE\P2P NETWORKING\JcdeAgent\FileManager
HKEY_USERS\S-1-5-18\SOFTWARE\P2P NETWORKING\JcdeAgent\FileManager
HKEY_USERS\S-1-5-18\SOFTWARE\P2P NETWORKING\JcdeAgent\FileManager
HKEY_USERS\S-1-5-18\SOFTWARE\P2P NETWORKING\JcdeAgent\FileManager
HKEY_USERS\S-1-5-18\SOFTWARE\P2P NETWORKING\JcdeAgent\FileManager
HKEY_USERS\S-1-5-18\SOFTWARE\P2P NETWORKING\JcdeAgent\FileManager
HKEY_USERS\S-1-5-18\SOFTWARE\P2P NETWORKING\JcdeAgent\FileManager
HKEY_USERS\S-1-5-18\SOFTWARE\P2P NETWORKING\JcdeAgent
HKEY_USERS\S-1-5-18\SOFTWARE\P2P NETWORKING\JcdeAgent\P2PNetworkingGUI
HKEY_USERS\S-1-5-18\SOFTWARE\P2P NETWORKING\JcdeAgent\P2PNetworkingGUI
HKEY_USERS\S-1-5-18\SOFTWARE\P2P NETWORKING\JcdeAgent\P2PNetworkingGUI
HKEY_USERS\S-1-5-18\SOFTWARE\P2P NETWORKING\JcdeAgent\P2PNetworkingGUI
HKEY_USERS\S-1-5-18\SOFTWARE\P2P NETWORKING\JcdeAgent\P2PNetworkingGUI
HKEY_USERS\S-1-5-18\SOFTWARE\P2P NETWORKING\JcdeAgent\P2PNetworkingGUI
HKEY_USERS\S-1-5-18\SOFTWARE\P2P NETWORKING\JcdeAgent\P2PNetworkingGUI
HKEY_USERS\S-1-5-18\SOFTWARE\P2P NETWORKING\JcdeAgent\P2PNetworkingGUI
HKEY_USERS\S-1-5-18\SOFTWARE\P2P NETWORKING\JcdeAgent\P2PNetworkingGUI
HKEY_USERS\S-1-5-18\SOFTWARE\P2P NETWORKING\JcdeAgent\P2PNetworkingGUI
HKEY_USERS\S-1-5-18\SOFTWARE\P2P NETWORKING\JcdeAgent\P2PNetworkingGUI
HKEY_USERS\S-1-5-18\SOFTWARE\P2P NETWORKING\JcdeAgent\P2PNetworkingGUI
HKEY_USERS\S-1-5-18\SOFTWARE\P2P NETWORKING\JcdeAgent\P2PNetworkingGUI
HKEY_USERS\S-1-5-18\SOFTWARE\P2P NETWORKING\JcdeAgent\P2PNetworkingGUI


Cookie: PointRoll.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\kristin brown\cookies\kristin brown@ads.pointroll[1].txt


Cookie: QuestionMarket.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\kristin brown\cookies\kristin_brown@questionmarket[2].txt


Cookie: RealMedia.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\kristin brown\cookies\kristin_brown@realmedia[1].txt


Cookie: Revenue.net Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\kristin brown\cookies\kristin brown@revenue[2].txt


Cookie: Ru4.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\kristin brown\cookies\kristin brown@edge.ru4[1].txt


Cookie: SuperStats Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\kristin brown\cookies\kristin brown@superstats[1].txt


Cookie: Stat.Onestat Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\kristin brown\cookies\kristin brown@stat.onestat[2].txt


TopMoxie Adware (General) more information...
Details: TopMoxie displays pop-up advertisements when you visit particular Web sites.
Status: Deleted

Registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\TOPMOXIE


Cookie: TribalFusion.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\kristin brown\cookies\kristin brown@tribalfusion[1].txt


Cookie: Tripod Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\kristin brown\cookies\kristin brown@tripod[1].txt


Twain Tech Adware (General) more information...
Details: Twain-Tech is an adware based Internet Explorer browser helper object that deliver targeted ads based on a user's browsing patters. Twain-Tech does not provide any other relevant purpose other then to display pop-up ads.
Status: Deleted

Files detected
C:\WINDOWS\smdat32m.sys


Cookie: 247RealMedia.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\kristin brown\cookies\kristin brown@247realmedia[2].txt


webHancer Adware (General) more information...
Details: webHancer is an adware application started at Windows startup that monitors web sites being viewed and sends performance data on them back to webHancer's servers. This occurs unknown to the user.
Status: Deleted

Files detected
C:\RECYCLER\S-1-5-21-346238479-1278075702-3035401571-1005\Dc4\mon123bcz.exe


Cookie: WindowsMedia Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\kristin brown\cookies\kristin brown@windowsmedia[1].txt


Wast Adware (General) more information...
Details: Wast is an ads updater.
Status: Deleted

Files detected
C:\WINDOWS\syswast.exe


Cookie: as-us.falkag Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\kristin brown\cookies\kristin brown@a.as-us.falkag[1].txt
c:\documents and settings\kristin brown\cookies\kristin brown@as-us.falkag[1].txt


Cookie: cookie.monster Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\kristin brown\cookies\kristin_brown@cookie.monster[2].txt


Cookie: maxserving Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\kristin brown\cookies\kristin brown@maxserving[1].txt


Cookie: tickle Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\kristin brown\cookies\kristin_brown@tickle[1].txt


AproposMedia.ContextPlus Hijacker more information...
Details: AproposMedia.ContextPlus is a component of PeopleOnPage that spawns pop-up ads and hijacks browser settings including the user's default homepage and search settings. Some variants may install a toolbar.
Status: Deleted

Registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\POP
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\POP
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\POP


Deskwizz/ZQuest Browser Plug-in more information...
Details: Deskwizz/ZQuest is an adware application that tracks the user's browsing in order to display targeted advertising on the desktop.
Status: Deleted

Files detected
C:\_OTMoveIt\MovedFiles\Program Files\Online Services\vino22011.exe


ABetterInternet.Transponder.Ceres Adware (General) more information...
Details: VX2.ABetterInternet.Transponder.2 is a new transponder variant of aBetterInternet.
Status: Deleted

Files detected
C:\Documents and Settings\Kristin Brown\Local Settings\Tempxxxxx\bi5.inf
C:\WINDOWS\inf\bi5.inf


Cookie: Claria.DashBar Cookie Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\kristin brown\cookies\kristin brown@belnk[1].txt


My Way Speedbar Potentially Unwanted Program more information...
Details: MyWay Speedbar is a search toolbar that installs into Internet Explorer and Netscape Navigator, adding search functions and popup blocking.
Status: Deleted

Files detected
C:\WINDOWS\system32\Xcite.dll


Cookie: a.websponsors Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\kristin brown\cookies\kristin brown@a.websponsors[1].txt


Command Service Adware (General) more information...
Details: Command Service is an adware application that opens pop-ups and displays various types of advertising on the user's desktop while browsing web pages.
Status: Deleted

Registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\POLICIES


WinFixer Rogue Security Program more information...
Details: WinFixer is a disabled data repair utility that nags the user to purchase it in order to fix the problems reported in its scan.
Status: Deleted

Files detected
C:\WINDOWS\system32\drivers\FOPN.sys


Web Buying Adware (General) more information...
Status: Deleted

Files detected
C:\_OTMoveIt\MovedFiles\WINDOWS\System32\rucefin.dll

************

Logfile of HijackThis v1.99.1
Scan saved at 8:57:30 PM, on 8/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\Documents and Settings\Kristin Brown\Desktop\Spy Stuff\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lexmark.com/MD/?func=newreg&...;os=5&src=1
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [Grokster] C:\PROGRA~1\Grokster\Grokster.exe /SYSTRAY
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Microsoft Works\WkDetect.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt4_x.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/111155b3326666...ip/RdxIE601.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe

#8 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:02:11 AM

Posted 31 August 2007 - 04:40 AM

Your log is clean :thumbsup:
If all's ok,please do the following.

Find and delete:
OTMoveIt.exe
VundoFix.exe
dss.exe
main.txt
extra.txt

C:\_OTMoveIt
C:\VundoFix Backups
C:\Qoobox

* Click 'Start'.
* Open 'My Computer'.
* Select the 'Tools' menu and click 'Folder Options'.
* Select the 'View' tab.
* Under the 'Hidden files and folders' heading unselect 'Show hidden files and folders'.
* Re-check the 'Hide file extensions for known types' option.
* Re-check the 'Hide protected operating system files (recommended)' option.
* Click Yes to confirm.
* Click OK.


Download ATF Cleaner by Atribune:
http://www.atribune.org/ccount/click.php?id=1

Double-click ATF-Cleaner.exe to run the program.
Click 'Select All' found at the bottom of the list.
Click the 'Empty Selected' button.

If you use Firefox browser, do this also:
Click Firefox at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

If you use Opera browser,do this also:
Click Opera at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.
Click 'Exit' on the Main menu to close the program.

Your version of Sun Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older versions of Sun Java,and then update.
1. Download the latest version of Java Runtime Environment (JRE)
2. Scroll down to where it says 'Java Runtime Environment (JRE) 6u2'.
3. Click the "Download" button to the right.
4. Check the box that says: "Accept License Agreement".
5. The page will refresh.
6. Click on the link to download 'Windows Offline Installation, Multi-language' and save to your desktop.
7. Close any programs you may have running - especially your web browser.
8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.
10. Click the Change/Remove button.
11. Repeat as many times as necessary to remove each Java versions.
12. Reboot your computer once all Java components are removed.
13. Then from your desktop double-click on jre-6u2-windows-i586-p.exe to install the newest version.


Click on Start/All Programs/Accessories/System Tools/System Restore.
In the 'System Restore' window,click on the 'Create a Restore Point' button,then click 'Next'.
In the window that appears,enter a description\name for the Restore Point,then click on 'Create',wait,then click 'Close'.
The date and time will be created automatically.

Next click on Start/All Programs/Accessories/System Tools/Disk Cleanup.
The 'Select Drive' box will appear,click on Ok.
The 'Disk Cleanup for [C:]' box will appear,click on the 'More Options' tab.
At the bottom in the 'System Restore' window,click on the 'Clean up...' button.
A box will pop up 'Are you sure you want to delete all but the most recent restore point?',click on 'Yes'.
Click on 'Yes' at 'Are you sure you want to perform these actions?'.
Now wait until 'Disk Cleanup' finishes and the box disappears.

Read through the information found here,to help you prevent any possible future infections.
'How to prevent Malware' by miekiemoes:
http://users.telenet.be/bluepatchy/miekiem...prevention.html
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users