1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Ouch! Trojan-Spy.Win32@mx - HjT and SmitFraudFix logs HERE

Discussion in 'Windows - Virus and spyware problems' started by Sarah317, Jan 24, 2007.

  1. Sarah317

    Sarah317 Member

    Joined:
    Jan 24, 2007
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    11
    SmitFraudFix v2.134

    Scan done at 12:02:58.43, Wed 01/24/2007
    Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    C:\WINDOWS\system32\axlet.dll FOUND !
    C:\WINDOWS\system32\ot.ico FOUND !
    C:\WINDOWS\system32\1024\ FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data

    C:\Documents and Settings\Owner\Application Data\Install.dat FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»»


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    C:\Program Files\AntiVerminser\ FOUND !
    C:\Program Files\eMedia Codec\ FOUND !
    C:\Program Files\Video ActiveX Object\ FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{D1A2E7CD-F5C1-21A8-CA2C-13D0AC72D19D}"="Wheel Mouse Optical Driver"

    [HKEY_CLASSES_ROOT\CLSID\{D1A2E7CD-F5C1-21A8-CA2C-13D0AC72D19D}\InProcServer32]
    @="C:\WINDOWS\system32\dxmpp.dll"

    [HKEY_CURRENT_USER\Software\Classes\CLSID\{D1A2E7CD-F5C1-21A8-CA2C-13D0AC72D19D}\InProcServer32]
    @="C:\WINDOWS\system32\dxmpp.dll"


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{8670ee50-01f9-47da-ac1e-cf8549e9e521}"="eupeptic"

    [HKEY_CLASSES_ROOT\CLSID\{8670ee50-01f9-47da-ac1e-cf8549e9e521}\InProcServer32]
    @="C:\WINDOWS\system32\axlet.dll"

    [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8670ee50-01f9-47da-ac1e-cf8549e9e521}\InProcServer32]
    @="C:\WINDOWS\system32\axlet.dll"



    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End




    and




    Logfile of HijackThis v1.99.1
    Scan saved at 12:06:37 PM, on 1/24/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Video ActiveX Object\pmsngr.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Digital Media Reader\shwiconem.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\zHotkey.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\system32\hphmon05.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\Program Files\BigFix\BigFix.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\NOTEPAD.EXE
    C:\HjT\HijackThis_v1.99.1.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.piczo.com/?cr=3&rfm=y
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - (no file)
    O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - C:\Program Files\Video ActiveX Object\isaddon.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Seekmo Toolbar - {53E0B6E8-A51D-448B-B692-40B67B285543} - C:\Program Files\Seekmo Programs\Seekmo Toolbar\SeekmoTB.dll
    O3 - Toolbar: Protection Bar - {0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} - C:\Program Files\Video ActiveX Object\iesplugin.dll (file missing)
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [Workflow] E:\Install\Workflow.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [WinAntiSpyware 2006] "c:\program files\winantispyware 2006 scanner\was6.exe" /min
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [NewsUpd] C:\Program Files\Creative\News\NewsUpd.EXE /q
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\Owner\Local Settings\Temp\{3D4DD508-2430-44AC-85F1-6F5B3235C0DA}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://sarahl64.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/uploader/ssiPictureUploader.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by102fd.bay102.hotmail.msn.com/activex/HMAtchmt.ocx
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: eupeptic - {8670ee50-01f9-47da-ac1e-cf8549e9e521} - C:\WINDOWS\system32\axlet.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
     
  2. nasayin

    nasayin Regular member

    Joined:
    Mar 5, 2006
    Messages:
    509
    Likes Received:
    0
    Trophy Points:
    26
    Please check off the following in HijackThis:

    O2 - BHO: (no name) - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - (no file)
    O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - C:\Program Files\Video ActiveX Object\isaddon.dll
    O3 - Toolbar: Seekmo Toolbar - {53E0B6E8-A51D-448B-B692-40B67B285543} - C:\Program Files\Seekmo Programs\Seekmo Toolbar\SeekmoTB.dll
    O3 - Toolbar: Protection Bar - {0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} - C:\Program Files\Video ActiveX Object\iesplugin.dll (file missing)

    Delete the following file/folder from C:\Program Files\Video ActiveX Object

    isaddon.dll
    Seekmo Toolbar
    iesplugin.dll

     
  3. Sarah317

    Sarah317 Member

    Joined:
    Jan 24, 2007
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    11
    Alright, I deleted the 4 files from HjT but I'm not sure how to get the ones from Video ActiveX.
     
  4. nasayin

    nasayin Regular member

    Joined:
    Mar 5, 2006
    Messages:
    509
    Likes Received:
    0
    Trophy Points:
    26
    Credit goes to Niobis:

    Go here and download KillBox.

    Open Killbox.exe.
    Check "Standard File Kill".
    In the "Full Path of File to Delete" box, copy/paste each of the following lines below one at a time. Then, click the red button with a white X after you enter each file.
    You will be prompted to confirm, click "Yes".

    C:\Program Files\Video ActiveX Object\isaddon.dll
    C:\Program Files\Seekmo Programs\Seekmo Toolbar\
    C:\Program Files\Video ActiveX Object\iesplugin.dll


    Open up HijackThis, go to Open Misc Tool section, go to open Process Manager, and click on C:\Program Files\Video ActiveX Object\pmsngr.exe, click on Kill Process.
    Then open up KillBox and kill this file:
    C:\Program Files\Video ActiveX Object\pmsngr.exe
     
    Last edited: Jan 24, 2007
  5. Sarah317

    Sarah317 Member

    Joined:
    Jan 24, 2007
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    11
    Killbox claims that these files don't exist:

    C:\Program Files\Video ActiveX Object\isaddon.dll
    C:\Program Files\Seekmo Programs\Seekmo Toolbar\
    C:\Program Files\Video ActiveX Object\iesplugin.dll

    But I deleted

    "C:\Program Files\Video ActiveX Object\pmsngr.exe".

    Also, there is another popup saying that I have NetWorm-i.Virus@fp

    (Next time, I'm buying a Mac...)
     
  6. nasayin

    nasayin Regular member

    Joined:
    Mar 5, 2006
    Messages:
    509
    Likes Received:
    0
    Trophy Points:
    26
    Sarah,

    Please download Ad-aware here. Update the program and do a system scan. Delete all the objects. Please post the log file.
    Also download Spybot here. Download the latest update. Run and check for problems. Delete all the objects. Please post the Spybot log file.
    And run Hjt and post that log file.
     
  7. Sarah317

    Sarah317 Member

    Joined:
    Jan 24, 2007
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    11
    Adware Log
    Ad-Aware SE Build 1.06r1
    Logfile Created on:Thursday, January 25, 2007 5:45:00 PM
    Created with Ad-Aware SE Personal, free for private use.
    Using definitions file:SE1R147 25.01.2007
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    References detected during the scan:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    AntiVermins(TAC index:3):17 total references
    MRU List(TAC index:0):34 total references
    Tracking Cookie(TAC index:3):34 total references
    Zango(TAC index:4):4 total references
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Ad-Aware SE Settings
    ===========================
    Set : Search for negligible risk entries
    Set : Safe mode (always request confirmation)
    Set : Scan active processes
    Set : Scan registry
    Set : Deep-scan registry
    Set : Scan my IE Favorites for banned URLs
    Set : Scan my Hosts file

    Extended Ad-Aware SE Settings
    ===========================
    Set : Unload recognized processes & modules during scan
    Set : Scan registry for all users instead of current user only
    Set : Always try to unload modules before deletion
    Set : During removal, unload Explorer and IE if necessary
    Set : Let Windows remove files in use at next reboot
    Set : Delete quarantined objects after restoring
    Set : Include basic Ad-Aware settings in log file
    Set : Include additional Ad-Aware settings in log file
    Set : Include reference summary in log file
    Set : Include alternate data stream details in log file
    Set : Play sound at scan completion if scan locates critical objects


    1-25-2007 5:45:00 PM - Scan started. (Smart mode)

    Listing running processes
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    #:1 [smss.exe]
    FilePath : \SystemRoot\System32\
    ProcessID : 508
    ThreadCreationTime : 1-25-2007 9:30:13 PM
    BasePriority : Normal


    #:2 [csrss.exe]
    FilePath : \??\C:\WINDOWS\system32\
    ProcessID : 580
    ThreadCreationTime : 1-25-2007 9:30:15 PM
    BasePriority : Normal


    #:3 [winlogon.exe]
    FilePath : \??\C:\WINDOWS\system32\
    ProcessID : 616
    ThreadCreationTime : 1-25-2007 9:30:19 PM
    BasePriority : High


    #:4 [services.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 664
    ThreadCreationTime : 1-25-2007 9:30:20 PM
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Services and Controller app
    InternalName : services.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : services.exe

    #:5 [lsass.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 676
    ThreadCreationTime : 1-25-2007 9:30:20 PM
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : LSA Shell (Export Version)
    InternalName : lsass.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : lsass.exe

    #:6 [ati2evxx.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 832
    ThreadCreationTime : 1-25-2007 9:30:22 PM
    BasePriority : Normal
    FileVersion : 6.14.10.4114
    ProductVersion : 6.14.10.4114
    ProductName : ATI External Event Utility for WindowsNT and Windows9X
    CompanyName : ATI Technologies Inc.
    FileDescription : ATI External Event Utility EXE Module
    InternalName : ATI2EVXX.EXE
    LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.
    OriginalFilename : ATI2EVXX.EXE

    #:7 [svchost.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 852
    ThreadCreationTime : 1-25-2007 9:30:22 PM
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:8 [svchost.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 912
    ThreadCreationTime : 1-25-2007 9:30:22 PM
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:9 [svchost.exe]
    FilePath : C:\WINDOWS\System32\
    ProcessID : 980
    ThreadCreationTime : 1-25-2007 9:30:22 PM
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:10 [svchost.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 1020
    ThreadCreationTime : 1-25-2007 9:30:22 PM
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:11 [svchost.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 1068
    ThreadCreationTime : 1-25-2007 9:30:23 PM
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:12 [spoolsv.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 1332
    ThreadCreationTime : 1-25-2007 9:30:24 PM
    BasePriority : Normal
    FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
    ProductVersion : 5.1.2600.2696
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Spooler SubSystem App
    InternalName : spoolsv.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : spoolsv.exe

    #:13 [ati2evxx.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 1468
    ThreadCreationTime : 1-25-2007 9:30:25 PM
    BasePriority : Normal
    FileVersion : 6.14.10.4114
    ProductVersion : 6.14.10.4114
    ProductName : ATI External Event Utility for WindowsNT and Windows9X
    CompanyName : ATI Technologies Inc.
    FileDescription : ATI External Event Utility EXE Module
    InternalName : ATI2EVXX.EXE
    LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.
    OriginalFilename : ATI2EVXX.EXE

    #:14 [explorer.exe]
    FilePath : C:\WINDOWS\
    ProcessID : 1556
    ThreadCreationTime : 1-25-2007 9:30:26 PM
    BasePriority : Normal
    FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 6.00.2900.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Windows Explorer
    InternalName : explorer
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : EXPLORER.EXE

    #:15 [avgamsvr.exe]
    FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
    ProcessID : 1792
    ThreadCreationTime : 1-25-2007 9:30:32 PM
    BasePriority : Normal
    FileVersion : 7,1,0,365
    ProductVersion : 7.1.0.365
    ProductName : AVG Anti-Virus System
    CompanyName : GRISOFT, s.r.o.
    FileDescription : AVG Alert Manager
    InternalName : avgamsvr
    LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
    OriginalFilename : avgamsvr.EXE

    #:16 [avgupsvc.exe]
    FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
    ProcessID : 1808
    ThreadCreationTime : 1-25-2007 9:30:33 PM
    BasePriority : Normal
    FileVersion : 7,1,0,349
    ProductVersion : 7.1.0.349
    ProductName : AVG 7.0 Anti-Virus System
    CompanyName : GRISOFT, s.r.o.
    FileDescription : AVG Update Service
    InternalName : avgupsvc
    LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
    OriginalFilename : avgupdsvc.EXE

    #:17 [avgemc.exe]
    FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
    ProcessID : 1820
    ThreadCreationTime : 1-25-2007 9:30:33 PM
    BasePriority : Normal
    FileVersion : 7,1,0,400
    ProductVersion : 7.1.0.400
    ProductName : AVG Anti-Virus System
    CompanyName : GRISOFT, s.r.o.
    FileDescription : AVG E-Mail Scanner
    InternalName : avgemc
    LegalCopyright : Copyright © 2006, GRISOFT, s.r.o.
    OriginalFilename : avgemc.exe

    #:18 [cmdagent.exe]
    FilePath : C:\Program Files\Comodo\Firewall\
    ProcessID : 1860
    ThreadCreationTime : 1-25-2007 9:30:33 PM
    BasePriority : Normal
    FileVersion : 2.4.0.19
    ProductVersion : 2.4.0.0
    ProductName : Comodo Firewall
    CompanyName : COMODO
    FileDescription : Comodo Agent Service
    InternalName : cmdagent
    LegalCopyright : Copyright © 2005-2006 COMODO ®. All rights reserved
    LegalTrademarks : Copyright © 2005-2006 COMODO ®. All rights reserved
    OriginalFilename : cmdagent.exe

    #:19 [ehrecvr.exe]
    FilePath : C:\WINDOWS\eHome\
    ProcessID : 1884
    ThreadCreationTime : 1-25-2007 9:30:33 PM
    BasePriority : Above Normal
    FileVersion : 5.1.2700.2230 built by: private/xpsp_mce_qfe(wmbla)
    ProductVersion : 5.1.2700.2230
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Media Center Receiver Service
    InternalName : ehRecvr
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : ehRecvr.exe

    #:20 [ehsched.exe]
    FilePath : C:\WINDOWS\eHome\
    ProcessID : 1900
    ThreadCreationTime : 1-25-2007 9:30:33 PM
    BasePriority : Normal
    FileVersion : 5.1.2700.2180 (private/xpsp_mce.040810-0205)
    ProductVersion : 5.1.2700.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Media Center Scheduler Service
    InternalName : ehSched
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : ehSched.exe

    #:21 [prismxl.sys]
    FilePath : C:\Program Files\Common Files\New Boundary\PrismXL\
    ProcessID : 1992
    ThreadCreationTime : 1-25-2007 9:30:34 PM
    BasePriority : Normal
    FileVersion : 6.0.1.22
    ProductVersion : 6.0.1.22
    ProductName : PrismXL Software Family
    CompanyName : New Boundary Technologies, Inc.
    FileDescription : PrismXL Service
    InternalName : PrismXL Service
    LegalCopyright : © 1997-2004 New Boundary Technologies
    OriginalFilename : PrismXL.sys

    #:22 [dllhost.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 968
    ThreadCreationTime : 1-25-2007 9:30:47 PM
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : COM Surrogate
    InternalName : dllhost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : dllhost.exe

    #:23 [alg.exe]
    FilePath : C:\WINDOWS\System32\
    ProcessID : 1392
    ThreadCreationTime : 1-25-2007 9:30:48 PM
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Application Layer Gateway Service
    InternalName : ALG.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : ALG.exe

    #:24 [ehtray.exe]
    FilePath : C:\WINDOWS\ehome\
    ProcessID : 3388
    ThreadCreationTime : 1-25-2007 9:37:56 PM
    BasePriority : Normal
    FileVersion : 5.1.2700.2180 (private/xpsp_mce.040810-0205)
    ProductVersion : 5.1.2700.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Media Center Tray Applet
    InternalName : ehtray
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : ehtray.exe

    #:25 [shwiconem.exe]
    FilePath : C:\Program Files\Digital Media Reader\
    ProcessID : 3432
    ThreadCreationTime : 1-25-2007 9:37:56 PM
    BasePriority : Idle
    FileVersion : 1, 4, 0, 8
    ProductVersion : 1, 4, 0, 8
    ProductName : Multimedia Card Reader
    CompanyName : Alcor Micro, Corp.
    LegalCopyright : Copyright c 2002
    Comments : Alcor 9360 4/4.5 Slot XP

    #:26 [atiptaxx.exe]
    FilePath : C:\Program Files\ATI Technologies\ATI Control Panel\
    ProcessID : 3452
    ThreadCreationTime : 1-25-2007 9:37:56 PM
    BasePriority : Normal
    FileVersion : 6.14.10.5145
    ProductVersion : 6.14.10.5145
    ProductName : ATI Desktop Component
    CompanyName : ATI Technologies, Inc.
    FileDescription : ATI Desktop Control Panel
    InternalName : Atiptaxx.exe
    LegalCopyright : Copyright (C) 1998-2005 ATI Technologies Inc.
    OriginalFilename : Atiptaxx.exe

    #:27 [zhotkey.exe]
    FilePath : C:\WINDOWS\
    ProcessID : 3492
    ThreadCreationTime : 1-25-2007 9:37:56 PM
    BasePriority : Normal
    FileVersion : 3, 0, 0, 7
    ProductVersion : 3, 0, 0, 0
    ProductName : Multimedia Keyboard Driver
    FileDescription : Multimedia Keyboard Driver
    InternalName : Multimedia Hotkey Driver
    LegalCopyright : Copyright (c) 2005.
    OriginalFilename : mHotkey.res

    #:28 [soundman.exe]
    FilePath : C:\WINDOWS\
    ProcessID : 3500
    ThreadCreationTime : 1-25-2007 9:37:56 PM
    BasePriority : Normal
    FileVersion : 5.1.0.38
    ProductVersion : 5.1.0.38
    ProductName : Realtek Sound Manager
    CompanyName : Realtek Semiconductor Corp.
    FileDescription : Realtek Sound Manager
    InternalName : ALSMTray
    LegalCopyright : Copyright (c) 2001-2004 Realtek Semiconductor Corp.
    OriginalFilename : ALSMTray.exe
    Comments : Realtek AC97 Audio Sound Manager

    #:29 [pdvdserv.exe]
    FilePath : C:\Program Files\CyberLink\PowerDVD\
    ProcessID : 3596
    ThreadCreationTime : 1-25-2007 9:37:57 PM
    BasePriority : Normal
    FileVersion : 6.00.1027
    ProductVersion : 6.00.1027
    ProductName : PowerDVD
    CompanyName : Cyberlink Corp.
    FileDescription : PowerDVD RC Service
    InternalName : PowerDVD RC Service
    LegalCopyright : Copyright (c) CyberLink Corp. 1997-2004
    OriginalFilename : PDVDSERV.EXE

    #:30 [hpcmpmgr.exe]
    FilePath : C:\Program Files\HP\hpcoretech\
    ProcessID : 3624
    ThreadCreationTime : 1-25-2007 9:37:57 PM
    BasePriority : Normal
    FileVersion : 1.80.0
    ProductVersion : 1.80.0
    ProductName : hp coretech (COmponent REuse TECHnology)
    CompanyName : Hewlett-Packard Company
    FileDescription : HP Framework Component Manager Service
    InternalName : HPComponentManagerService module
    LegalCopyright : Copyright (C) Hewlett-Packard. 2002-2003
    OriginalFilename : HPCmpMgr.exe

    #:31 [hphmon05.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 3632
    ThreadCreationTime : 1-25-2007 9:37:57 PM
    BasePriority : Normal
    FileVersion : 5,1,7
    ProductVersion : 5,1,7
    ProductName : HP Photosmart
    CompanyName : Hewlett-Packard
    FileDescription : HPHmon05
    InternalName : HPHmon05
    LegalCopyright : Copyright (C) 2003
    OriginalFilename : HPHmon05.exe

    #:32 [hpztsb09.exe]
    FilePath : C:\WINDOWS\system32\spool\drivers\w32x86\3\
    ProcessID : 3652
    ThreadCreationTime : 1-25-2007 9:37:57 PM
    BasePriority : Normal
    FileVersion : 2.239.0.0
    ProductVersion : 2.239.0.0
    ProductName : HP DeskJet
    CompanyName : HP
    LegalCopyright : Copyright (c) Hewlett-Packard Company 1999-2003

    #:33 [ehmsas.exe]
    FilePath : C:\WINDOWS\eHome\
    ProcessID : 3748
    ThreadCreationTime : 1-25-2007 9:37:58 PM
    BasePriority : Normal
    FileVersion : 5.1.2700.2180 (private/xpsp_mce.040810-0205)
    ProductVersion : 5.1.2700.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Media Center Media Status Aggregator Service
    InternalName : eHMSAS
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : ehMSAS.exe

    #:34 [realsched.exe]
    FilePath : C:\Program Files\Common Files\Real\Update_OB\
    ProcessID : 3860
    ThreadCreationTime : 1-25-2007 9:38:00 PM
    BasePriority : Normal
    FileVersion : 0.1.0.3492
    ProductVersion : 0.1.0.3492
    ProductName : RealPlayer (32-bit)
    CompanyName : RealNetworks, Inc.
    FileDescription : RealNetworks Scheduler
    InternalName : schedapp
    LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
    LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc.
    OriginalFilename : realsched.exe

    #:35 [avgcc.exe]
    FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
    ProcessID : 3960
    ThreadCreationTime : 1-25-2007 9:38:01 PM
    BasePriority : Normal
    FileVersion : 7,1,0,406
    ProductVersion : 7.1.0.406
    ProductName : AVG Anti-Virus System
    CompanyName : GRISOFT, s.r.o.
    FileDescription : AVG Control Center
    InternalName : AvgCC
    LegalCopyright : Copyright © 2006, GRISOFT, s.r.o.
    OriginalFilename : AvgCC.EXE

    #:36 [hpwuschd2.exe]
    FilePath : C:\Program Files\Hewlett-Packard\HP Software Update\
    ProcessID : 3968
    ThreadCreationTime : 1-25-2007 9:38:01 PM
    BasePriority : Normal
    FileVersion : 50.0.146.000
    ProductVersion : 050.000.146.000
    ProductName : hp digital imaging - hp all-in-one series
    CompanyName : Hewlett-Packard Co.
    FileDescription : Hewlett-Packard Product Assistant
    InternalName : hpwuSchd2
    LegalCopyright : Copyright (C) Hewlett-Packard Co. 1995-2004
    OriginalFilename : hpwuSchd2.exe
    Comments : Hewlett-Packard Product Assistant

    #:37 [qttask.exe]
    FilePath : C:\Program Files\QuickTime\
    ProcessID : 3988
    ThreadCreationTime : 1-25-2007 9:38:02 PM
    BasePriority : Normal
    FileVersion : 7.1.3
    ProductVersion : QuickTime 7.1.3
    ProductName : QuickTime
    CompanyName : Apple Computer, Inc.
    FileDescription : QuickTime Task
    InternalName : QuickTime Task
    LegalCopyright : Copyright Apple Computer, Inc. 1989-2006
    OriginalFilename : QTTask.exe

    #:38 [hpzipm12.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 4028
    ThreadCreationTime : 1-25-2007 9:38:02 PM
    BasePriority : Normal
    FileVersion : 7, 0, 0, 0
    ProductVersion : 7, 0, 0, 0
    ProductName : HP PML
    CompanyName : HP
    FileDescription : PML Driver
    InternalName : PmlDrv
    LegalCopyright : Copyright © 1998, 1999 Hewlett-Packard Company
    OriginalFilename : PmlDrv.exe

    #:39 [ituneshelper.exe]
    FilePath : C:\Program Files\iTunes\
    ProcessID : 4092
    ThreadCreationTime : 1-25-2007 9:38:02 PM
    BasePriority : Normal
    FileVersion : 7.0.2.16
    ProductVersion : 7.0.2.16
    ProductName : iTunes
    CompanyName : Apple Computer, Inc.
    FileDescription : iTunesHelper Module
    InternalName : iTunesHelper
    LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
    OriginalFilename : iTunesHelper.exe

    #:40 [cpf.exe]
    FilePath : C:\Program Files\Comodo\Firewall\
    ProcessID : 2004
    ThreadCreationTime : 1-25-2007 9:38:03 PM
    BasePriority : Normal
    FileVersion : 2.4.0.57
    ProductVersion : 2.4.0.0
    ProductName : COMODO Firewall Pro
    CompanyName : COMODO
    FileDescription : COMODO Firewall Pro
    InternalName : cpf.exe
    LegalCopyright : Copyright © 2005-2006 COMODO ®. All rights reserved
    OriginalFilename : cpf.exe

    #:41 [msmsgs.exe]
    FilePath : C:\Program Files\Messenger\
    ProcessID : 1944
    ThreadCreationTime : 1-25-2007 9:38:03 PM
    BasePriority : Normal
    FileVersion : 4.7.3001
    ProductVersion : Version 4.7.3001
    ProductName : Messenger
    CompanyName : Microsoft Corporation
    FileDescription : Windows Messenger
    InternalName : msmsgs
    LegalCopyright : Copyright (c) Microsoft Corporation 2004
    LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
    OriginalFilename : msmsgs.exe

    #:42 [msnmsgr.exe]
    FilePath : C:\Program Files\MSN Messenger\
    ProcessID : 1980
    ThreadCreationTime : 1-25-2007 9:38:03 PM
    BasePriority : Normal
    FileVersion : 7.5.0322
    ProductVersion : 7.5.0322
    ProductName : MSN Messenger
    CompanyName : Microsoft Corporation
    FileDescription : MSN Messenger
    InternalName : msnmsgr
    LegalCopyright : Copyright (c) Microsoft Corporation 1997-2004
    LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
    OriginalFilename : msnmsgr.exe

    #:43 [bigfix.exe]
    FilePath : C:\Program Files\BigFix\
    ProcessID : 1464
    ThreadCreationTime : 1-25-2007 9:38:06 PM
    BasePriority : Normal
    FileVersion : 1, 7, 6, 0
    ProductVersion : 1, 7, 6, 0
    ProductName : BigFix
    CompanyName : BigFix Inc.
    FileDescription : BigFix Client Application
    InternalName : BigFix
    LegalCopyright : Copyright © 2002
    OriginalFilename : BigFix.exe

    #:44 [ipodservice.exe]
    FilePath : C:\Program Files\iPod\bin\
    ProcessID : 2056
    ThreadCreationTime : 1-25-2007 9:38:08 PM
    BasePriority : Normal
    FileVersion : 7.0.2.16
    ProductVersion : 7.0.2.16
    ProductName : iTunes
    CompanyName : Apple Computer, Inc.
    FileDescription : iPodService Module
    InternalName : iPodService
    LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
    OriginalFilename : iPodService.exe

    #:45 [hijackthis_v1.99.1.exe]
    FilePath : C:\HjT\
    ProcessID : 2608
    ThreadCreationTime : 1-25-2007 9:39:17 PM
    BasePriority : Normal
    FileVersion : 1.99.0001
    ProductVersion : 1.99.0001
    ProductName : HijackThis
    CompanyName : Soeperman Enterprises Ltd.
    FileDescription : HijackThis
    InternalName : HijackThis
    LegalCopyright : Freeware
    OriginalFilename : HijackThis.exe
    Comments : Version history is in Help section

    #:46 [notepad.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 1136
    ThreadCreationTime : 1-25-2007 9:39:24 PM
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Notepad
    InternalName : Notepad
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : NOTEPAD.EXE

    #:47 [firefox.exe]
    FilePath : C:\Program Files\Mozilla Firefox\
    ProcessID : 2652
    ThreadCreationTime : 1-25-2007 9:39:53 PM
    BasePriority : Normal


    #:48 [wkswp.exe]
    FilePath : C:\Program Files\Microsoft Works\
    ProcessID : 2744
    ThreadCreationTime : 1-25-2007 9:40:36 PM
    BasePriority : Normal
    FileVersion : 8.04.0623.0
    ProductVersion : 8.04.0623.0
    ProductName : Microsoft® Works 8
    CompanyName : Microsoft® Corporation
    FileDescription : Microsoft® Works Word Processor
    InternalName : WKSWP
    LegalCopyright : Copyright © Microsoft Corporation. All rights reserved.
    OriginalFilename : WksWp.exe

    #:49 [wkdstore.exe]
    FilePath : C:\Program Files\Microsoft Works\
    ProcessID : 2764
    ThreadCreationTime : 1-25-2007 9:40:37 PM
    BasePriority : Normal
    FileVersion : 8.04.0623.0
    ProductVersion : 8.04.0623.0
    ProductName : Microsoft® Works 8
    CompanyName : Microsoft® Corporation
    FileDescription : Microsoft® Works Data Store
    InternalName : WkDStore
    LegalCopyright : Copyright © Microsoft Corporation. All rights reserved.
    OriginalFilename : WkDStore.exe

    #:50 [wkgdcach.exe]
    FilePath : C:\Program Files\Microsoft Works\
    ProcessID : 2804
    ThreadCreationTime : 1-25-2007 9:40:37 PM
    BasePriority : Normal
    FileVersion : 8.04.0623.0
    ProductVersion : 8.04.0623.0
    ProductName : Microsoft® Works 8
    CompanyName : Microsoft® Corporation
    FileDescription : Microsoft® Works Font Cache
    InternalName : GDICACHE
    LegalCopyright : Copyright © Microsoft Corporation. All rights reserved.
    OriginalFilename : WkgdCach.exe

    #:51 [ad-aware.exe]
    FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
    ProcessID : 3124
    ThreadCreationTime : 1-25-2007 9:44:50 PM
    BasePriority : Normal
    FileVersion : 6.2.0.236
    ProductVersion : SE 106
    ProductName : Lavasoft Ad-Aware SE
    CompanyName : Lavasoft Sweden
    FileDescription : Ad-Aware SE Core application
    InternalName : Ad-Aware.exe
    LegalCopyright : Copyright © Lavasoft AB Sweden
    OriginalFilename : Ad-Aware.exe
    Comments : All Rights Reserved

    Memory scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 0


    Started registry scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    AntiVermins Object Recognized!
    Type : Regkey
    Data :
    TAC Rating : 3
    Category : Malware
    Comment :
    Rootkey : HKEY_CLASSES_ROOT
    Object : interface\{118601e4-0bc8-4b98-aaec-723eba43ed33}

    AntiVermins Object Recognized!
    Type : Regkey
    Data :
    TAC Rating : 3
    Category : Malware
    Comment :
    Rootkey : HKEY_CLASSES_ROOT
    Object : interface\{15548c74-5c8b-4911-ae88-739dd473e2ba}

    AntiVermins Object Recognized!
    Type : Regkey
    Data :
    TAC Rating : 3
    Category : Malware
    Comment :
    Rootkey : HKEY_CLASSES_ROOT
    Object : interface\{468164cc-476e-47d5-9269-278d0db22a13}

    AntiVermins Object Recognized!
    Type : Regkey
    Data :
    TAC Rating : 3
    Category : Malware
    Comment :
    Rootkey : HKEY_CLASSES_ROOT
    Object : interface\{478b7d17-f00a-4ab3-b802-46972cab1ae9}

    AntiVermins Object Recognized!
    Type : Regkey
    Data :
    TAC Rating : 3
    Category : Malware
    Comment :
    Rootkey : HKEY_CLASSES_ROOT
    Object : interface\{4fcd9ab0-0765-4117-a612-db3b4fac1ee3}

    AntiVermins Object Recognized!
    Type : Regkey
    Data :
    TAC Rating : 3
    Category : Malware
    Comment :
    Rootkey : HKEY_CLASSES_ROOT
    Object : interface\{5d89ba32-c9f8-48cc-b22a-18c808df6d83}

    AntiVermins Object Recognized!
    Type : Regkey
    Data :
    TAC Rating : 3
    Category : Malware
    Comment :
    Rootkey : HKEY_CLASSES_ROOT
    Object : interface\{698664ff-f50e-4bdc-b9c0-c00f96a64b84}

    AntiVermins Object Recognized!
    Type : Regkey
    Data :
    TAC Rating : 3
    Category : Malware
    Comment :
    Rootkey : HKEY_CLASSES_ROOT
    Object : interface\{89ae8b3e-3ee8-4068-8932-60ca9e6ac40b}

    AntiVermins Object Recognized!
    Type : Regkey
    Data :
    TAC Rating : 3
    Category : Malware
    Comment :
    Rootkey : HKEY_CLASSES_ROOT
    Object : interface\{93362b42-9631-4bae-92ef-7726e5dd747d}

    AntiVermins Object Recognized!
    Type : Regkey
    Data :
    TAC Rating : 3
    Category : Malware
    Comment :
    Rootkey : HKEY_CLASSES_ROOT
    Object : interface\{999e9507-216c-4a7a-b103-57d3ff617e49}

    AntiVermins Object Recognized!
    Type : Regkey
    Data :
    TAC Rating : 3
    Category : Malware
    Comment :
    Rootkey : HKEY_CLASSES_ROOT
    Object : interface\{a5a2382e-6ea1-40c9-9eeb-fce758a7a3f1}

    AntiVermins Object Recognized!
    Type : Regkey
    Data :
    TAC Rating : 3
    Category : Malware
    Comment :
    Rootkey : HKEY_CLASSES_ROOT
    Object : interface\{c20782a3-b65d-41ab-8d04-bbe3122363c2}

    AntiVermins Object Recognized!
    Type : Regkey
    Data :
    TAC Rating : 3
    Category : Malware
    Comment :
    Rootkey : HKEY_CLASSES_ROOT
    Object : interface\{c54890b0-b9f8-4e58-9715-8c58b52a4d5d}

    AntiVermins Object Recognized!
    Type : Regkey
    Data :
    TAC Rating : 3
    Category : Malware
    Comment :
    Rootkey : HKEY_CLASSES_ROOT
    Object : interface\{d037be5c-7e06-4d4d-8729-fd1ee7e59c89}

    AntiVermins Object Recognized!
    Type : Regkey
    Data :
    TAC Rating : 3
    Category : Malware
    Comment :
    Rootkey : HKEY_CLASSES_ROOT
    Object : interface\{d108017b-1769-4bfb-8a4c-0e6202fdbd08}

    AntiVermins Object Recognized!
    Type : Regkey
    Data :
    TAC Rating : 3
    Category : Malware
    Comment :
    Rootkey : HKEY_CLASSES_ROOT
    Object : interface\{decc44f4-e972-4e5c-8f5f-238295c5add5}

    AntiVermins Object Recognized!
    Type : Regkey
    Data :
    TAC Rating : 3
    Category : Malware
    Comment :
    Rootkey : HKEY_CLASSES_ROOT
    Object : typelib\{823b335c-00de-4886-be7a-fbdc0f69294e}

    Zango Object Recognized!
    Type : Regkey
    Data :
    TAC Rating : 4
    Category : Adware
    Comment :
    Rootkey : HKEY_CLASSES_ROOT
    Object : clsid\{f31a5d11-bf0b-4a4e-90af-274f2090aaa6}

    Zango Object Recognized!
    Type : Regkey
    Data :
    TAC Rating : 4
    Category : Adware
    Comment :
    Rootkey : HKEY_CLASSES_ROOT
    Object : interface\{bdddf1a5-51a9-4f51-b38d-4cd0ad831b31}

    Registry Scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 19
    Objects found so far: 19


    Started deep registry scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Deep registry scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 19


    Started Tracking Cookie scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : owner@cs.sexcounter[2].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:10
    Value : Cookie:eek:wner@cs.sexcounter.com/
    Expires : 5-12-2024 2:07:28 PM
    LastSync : Hits:10
    UseCount : 0
    Hits : 10

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : owner@pacificpoker[1].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:5
    Value : Cookie:eek:wner@pacificpoker.com/
    Expires : 9-6-2008 3:46:00 PM
    LastSync : Hits:5
    UseCount : 0
    Hits : 5

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : owner@tripod[1].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:6
    Value : Cookie:eek:wner@tripod.com/
    Expires : 1-10-2007 7:30:50 PM
    LastSync : Hits:6
    UseCount : 0
    Hits : 6

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : owner@247realmedia[1].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:12
    Value : Cookie:eek:wner@247realmedia.com/
    Expires : 12-31-2010 8:00:00 PM
    LastSync : Hits:12
    UseCount : 0
    Hits : 12

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : owner@server.iad.liveperson[1].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:10
    Value : Cookie:eek:wner@server.iad.liveperson.net/
    Expires : 1-24-2007 1:06:48 PM
    LastSync : Hits:10
    UseCount : 0
    Hits : 10

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : owner@etype.adbureau[1].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:12
    Value : Cookie:eek:wner@etype.adbureau.net/
    Expires : 2-28-2007 8:00:00 PM
    LastSync : Hits:12
    UseCount : 0
    Hits : 12

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : owner@microsofteup.112.2o7[1].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:1
    Value : Cookie:eek:wner@microsofteup.112.2o7.net/
    Expires : 2-6-2011 2:27:36 AM
    LastSync : Hits:1
    UseCount : 0
    Hits : 1

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : owner@estat[1].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:1
    Value : Cookie:eek:wner@estat.com/
    Expires : 1-4-2016 9:00:42 PM
    LastSync : Hits:1
    UseCount : 0
    Hits : 1

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : owner@paycounter[1].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:2
    Value : Cookie:eek:wner@paycounter.com/
    Expires : 12-30-2030 9:00:00 PM
    LastSync : Hits:2
    UseCount : 0
    Hits : 2

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : owner@as1.falkag[2].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:4
    Value : Cookie:eek:wner@as1.falkag.de/
    Expires : 2-5-2006 9:11:14 PM
    LastSync : Hits:4
    UseCount : 0
    Hits : 4

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : owner@realmedia[1].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:224
    Value : Cookie:eek:wner@realmedia.com/
    Expires : 12-31-2020 8:00:00 PM
    LastSync : Hits:224
    UseCount : 0
    Hits : 224

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : owner@qksrv[2].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:3
    Value : Cookie:eek:wner@qksrv.net/
    Expires : 1-5-2011 9:02:16 PM
    LastSync : Hits:3
    UseCount : 0
    Hits : 3

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : owner@adserver[1].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:1
    Value : Cookie:eek:wner@ads.revsci.net/adserver
    Expires : 12-14-2038 1:21:36 PM
    LastSync : Hits:1
    UseCount : 0
    Hits : 1

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : owner@tribalfusion[2].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:66
    Value : Cookie:eek:wner@tribalfusion.com/
    Expires : 12-31-2037 8:00:00 PM
    LastSync : Hits:66
    UseCount : 0
    Hits : 66

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : owner@2o7[2].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:122
    Value : Cookie:eek:wner@2o7.net/
    Expires : 2-6-2011 2:54:40 AM
    LastSync : Hits:122
    UseCount : 0
    Hits : 122

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : owner@xml.bravenetmedianetwork[2].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:8
    Value : Cookie:eek:wner@xml.bravenetmedianetwork.com/
    Expires : 8-27-2006 4:03:46 PM
    LastSync : Hits:8
    UseCount : 0
    Hits : 8

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : owner@tickle[1].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:80
    Value : Cookie:eek:wner@tickle.com/
    Expires : 7-18-2008 11:06:32 PM
    LastSync : Hits:80
    UseCount : 0
    Hits : 80

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : owner@adtech[2].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:4
    Value : Cookie:eek:wner@adtech.de/
    Expires : 1-4-2016 8:59:26 PM
    LastSync : Hits:4
    UseCount : 0
    Hits : 4

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : owner@as-us.falkag[2].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:43
    Value : Cookie:eek:wner@as-us.falkag.net/
    Expires : 2-2-2007 11:30:44 PM
    LastSync : Hits:43
    UseCount : 0
    Hits : 43

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : owner@maxserving[2].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:7
    Value : Cookie:eek:wner@maxserving.com/
    Expires : 1-4-2016 8:58:50 PM
    LastSync : Hits:7
    UseCount : 0
    Hits : 7

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : owner@real[2].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:246
    Value : Cookie:eek:wner@real.com/
    Expires : 2-25-2036 9:23:38 AM
    LastSync : Hits:246
    UseCount : 0
    Hits : 246

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : owner@gateway.122.2o7[1].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:10
    Value : Cookie:eek:wner@gateway.122.2o7.net/
    Expires : 1-5-2011 7:51:26 PM
    LastSync : Hits:10
    UseCount : 0
    Hits : 10

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : owner@katu.adbureau[1].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:3
    Value : Cookie:eek:wner@katu.adbureau.net/
    Expires : 2-28-2007 8:00:00 PM
    LastSync : Hits:3
    UseCount : 0
    Hits : 3

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : owner@weborama[2].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:2
    Value : Cookie:eek:wner@weborama.fr/
    Expires : 1-6-2008 9:00:42 PM
    LastSync : Hits:2
    UseCount : 0
    Hits : 2

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : owner@cnn.122.2o7[1].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:1
    Value : Cookie:eek:wner@cnn.122.2o7.net/
    Expires : 1-18-2011 12:28:48 AM
    LastSync : Hits:1
    UseCount : 0
    Hits : 1

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : owner@adopt.euroclick[1].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:106
    Value : Cookie:eek:wner@adopt.euroclick.com/
    Expires : 12-7-2016 6:41:56 PM
    LastSync : Hits:106
    UseCount : 0
    Hits : 106

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : owner@trafficmp[1].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:21
    Value : Cookie:eek:wner@trafficmp.com/
    Expires : 1-6-2007 8:57:48 PM
    LastSync : Hits:21
    UseCount : 0
    Hits : 21

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : owner@toteme[2].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:8
    Value : Cookie:eek:wner@toteme.com/
    Expires : 12-28-2006 3:11:28 PM
    LastSync : Hits:8
    UseCount : 0
    Hits : 8

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : owner@www.ppctracking[1].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:4
    Value : Cookie:eek:wner@www.ppctracking.net/
    Expires : 8-29-2036 5:58:12 PM
    LastSync : Hits:4
    UseCount : 0
    Hits : 4

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : owner@live365[1].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:19
    Value : Cookie:eek:wner@live365.com/
    Expires : 1-14-2011 5:21:46 PM
    LastSync : Hits:19
    UseCount : 0
    Hits : 19

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : owner@perf.overture[1].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:8
    Value : Cookie:eek:wner@perf.overture.com/
    Expires : 2-6-2010 2:02:14 AM
    LastSync : Hits:8
    UseCount : 0
    Hits : 8

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : owner@adserver.pollstar[1].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:1
    Value : Cookie:eek:wner@adserver.pollstar.com/
    Expires : 7-24-2006 11:23:04 AM
    LastSync : Hits:1
    UseCount : 0
    Hits : 1

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : owner@date[1].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:5
    Value : Cookie:eek:wner@date.ca/
    Expires : 10-11-2007 11:31:40 PM
    LastSync : Hits:5
    UseCount : 0
    Hits : 5

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : owner@revsci[1].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:8
    Value : Cookie:eek:wner@revsci.net/
    Expires : 12-30-2037 11:00:00 PM
    LastSync : Hits:8
    UseCount : 0
    Hits : 8

    Tracking cookie scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 34
    Objects found so far: 53



    Deep scanning and examining files...
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Disk Scan Result for C:\WINDOWS
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 53

    Disk Scan Result for C:\WINDOWS\system32
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 53

    Disk Scan Result for C:\DOCUME~1\Owner\LOCALS~1\Temp\
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 53


    Scanning Hosts file......
    Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Hosts file scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    1 entries scanned.
    New critical objects:0
    Objects found so far: 53



    MRU List Object Recognized!
    Location: : C:\Documents and Settings\Owner\Application Data\microsoft\office\recent
    Description : list of recently opened documents using microsoft office


    MRU List Object Recognized!
    Location: : C:\Documents and Settings\Owner\recent
    Description : list of recently opened documents


    MRU List Object Recognized!
    Location: : S-1-5-21-1754373419-3450894586-818449183-1006\software\microsoft\direct3d\mostrecentapplication
    Description : most recent application to use microsoft direct3d


    MRU List Object Recognized!
    Location: : software\microsoft\direct3d\mostrecentapplication
    Description : most recent application to use microsoft direct3d


    MRU List Object Recognized!
    Location: : S-1-5-21-1754373419-3450894586-818449183-1006\software\microsoft\direct3d\mostrecentapplication
    Description : most recent application to use microsoft direct X


    MRU List Object Recognized!
    Location: : software\microsoft\direct3d\mostrecentapplication
    Description : most recent application to use microsoft direct X


    MRU List Object Recognized!
    Location: : software\microsoft\directdraw\mostrecentapplication
    Description : most recent application to use microsoft directdraw


    MRU List Object Recognized!
    Location: : S-1-5-21-1754373419-3450894586-818449183-1006\software\microsoft\directinput\mostrecentapplication
    Description : most recent application to use microsoft directinput


    MRU List Object Recognized!
    Location: : S-1-5-21-1754373419-3450894586-818449183-1006\software\microsoft\directinput\mostrecentapplication
    Description : most recent application to use microsoft directinput


    MRU List Object Recognized!
    Location: : S-1-5-21-1754373419-3450894586-818449183-1006\software\microsoft\internet explorer
    Description : last download directory used in microsoft internet explorer


    MRU List Object Recognized!
    Location: : S-1-5-21-1754373419-3450894586-818449183-1006\software\microsoft\internet explorer\typedurls
    Description : list of recently entered addresses in microsoft internet explorer


    MRU List Object Recognized!
    Location: : S-1-5-21-1754373419-3450894586-818449183-1006\software\microsoft\mediaplayer\medialibraryui
    Description : last selected node in the microsoft windows media player media library


    MRU List Object Recognized!
    Location: : S-1-5-21-1754373419-3450894586-818449183-1006\software\microsoft\mediaplayer\player\recentfilelist
    Description : list of recently used files in microsoft windows media player


    MRU List Object Recognized!
    Location: : S-1-5-21-1754373419-3450894586-818449183-1006\software\microsoft\mediaplayer\player\settings
    Description : last save as directory used in jasc paint shop pro


    MRU List Object Recognized!
    Location: : S-1-5-21-1754373419-3450894586-818449183-1006\software\microsoft\mediaplayer\player\settings
    Description : last open directory used in jasc paint shop pro


    MRU List Object Recognized!
    Location: : S-1-5-21-1754373419-3450894586-818449183-1006\software\microsoft\mediaplayer\preferences
    Description : last playlist index loaded in microsoft windows media player


    MRU List Object Recognized!
    Location: : S-1-5-21-1754373419-3450894586-818449183-1006\software\microsoft\mediaplayer\preferences
    Description : last playlist loaded in microsoft windows media player


    MRU List Object Recognized!
    Location: : S-1-5-21-1754373419-3450894586-818449183-1006\software\microsoft\mediaplayer\preferences
    Description : last search path used in microsoft windows media player


    MRU List Object Recognized!
    Location: : S-1-5-21-1754373419-3450894586-818449183-1006\software\microsoft\microsoft management console\recent file list
    Description : list of recent snap-ins used in the microsoft management console


    MRU List Object Recognized!
    Location: : S-1-5-21-1754373419-3450894586-818449183-1006\software\microsoft\office\11.0\powerpoint\recent file list
    Description : list of recent files used by microsoft powerpoint


    MRU List Object Recognized!
    Location: : .DEFAULT\software\microsoft\search assistant\acmru
    Description : list of recent search terms used with the search assistant


    MRU List Object Recognized!
    Location: : S-1-5-18\software\microsoft\search assistant\acmru
    Description : list of recent search terms used with the search assistant


    MRU List Object Recognized!
    Location: : S-1-5-21-1754373419-3450894586-818449183-1006\software\microsoft\search assistant\acmru
    Description : list of recent search terms used with the search assistant


    MRU List Object Recognized!
    Location: : S-1-5-21-1754373419-3450894586-818449183-1006\software\microsoft\windows\currentversion\applets\paint\recent file list
    Description : list of files recently opened using microsoft paint


    MRU List Object Recognized!
    Location: : S-1-5-21-1754373419-3450894586-818449183-1006\software\microsoft\windows\currentversion\applets\wordpad\recent file list
    Description : list of recent files opened using wordpad


    MRU List Object Recognized!
    Location: : S-1-5-21-1754373419-3450894586-818449183-1006\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
    Description : list of recent programs opened


    MRU List Object Recognized!
    Location: : S-1-5-21-1754373419-3450894586-818449183-1006\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
    Description : list of recently saved files, stored according to file extension


    MRU List Object Recognized!
    Location: : S-1-5-21-1754373419-3450894586-818449183-1006\software\microsoft\windows\currentversion\explorer\recentdocs
    Description : list of recent documents opened


    MRU List Object Recognized!
    Location: : S-1-5-21-1754373419-3450894586-818449183-1006\software\realnetworks\realplayer\6.0\preferences
    Description : list of recent skins in realplayer


    MRU List Object Recognized!
    Location: : S-1-5-21-1754373419-3450894586-818449183-1006\software\realnetworks\realplayer\6.0\preferences
    Description : list of recent clips in realplayer


    MRU List Object Recognized!
    Location: : S-1-5-21-1754373419-3450894586-818449183-1006\software\realnetworks\realplayer\6.0\preferences
    Description : last login time in realplayer


    MRU List Object Recognized!
    Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
    Description : windows media sdk


    MRU List Object Recognized!
    Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
    Description : windows media sdk


    MRU List Object Recognized!
    Location: : S-1-5-21-1754373419-3450894586-818449183-1006\software\microsoft\windows media\wmsdk\general
    Description : windows media sdk



    Performing conditional scans...
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Zango Object Recognized!
    Type : Regkey
    Data :
    TAC Rating : 4
    Category : Adware
    Comment :
    Rootkey : HKEY_CLASSES_ROOT
    Object : lmgr180.wmdrmax

    Zango Object Recognized!
    Type : Regkey
    Data :
    TAC Rating : 4
    Category : Adware
    Comment :
    Rootkey : HKEY_CLASSES_ROOT
    Object : lmgr180.wmdrmax.1

    Conditional scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 2
    Objects found so far: 89

    5:46:27 PM Scan Complete

    Summary Of This Scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    Total scanning time:00:01:27.219
    Objects scanned:100335
    Objects identified:55
    Objects ignored:0
    New critical objects:55

    HjT Log

    Logfile of HijackThis v1.99.1
    Scan saved at 7:23:08 PM, on 1/25/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Comodo\Firewall\cmdagent.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Digital Media Reader\shwiconem.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\zHotkey.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\system32\hphmon05.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Comodo\Firewall\CPF.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\BigFix\BigFix.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\HjT\HijackThis_v1.99.1.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.piczo.com/?cr=3&rfm=y
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [Workflow] E:\Install\Workflow.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [WinAntiSpyware 2006] "c:\program files\winantispyware 2006 scanner\was6.exe" /min
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [NewsUpd] C:\Program Files\Creative\News\NewsUpd.EXE /q
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\Owner\Local Settings\Temp\{3D4DD508-2430-44AC-85F1-6F5B3235C0DA}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://sarahl64.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/uploader/ssiPictureUploader.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by102fd.bay102.hotmail.msn.com/activex/HMAtchmt.ocx
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: eupeptic - {8670ee50-01f9-47da-ac1e-cf8549e9e521} - C:\WINDOWS\system32\axlet.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

    Whoops, forgot to get the log for Spybot but I corrected what it recommended.
     
  8. nasayin

    nasayin Regular member

    Joined:
    Mar 5, 2006
    Messages:
    509
    Likes Received:
    0
    Trophy Points:
    26
    Are you still having problems?
     
  9. Sarah317

    Sarah317 Member

    Joined:
    Jan 24, 2007
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    11
    Yeah, Antivermins is one of them. I deleted it with Adware but it keeps coming back. Plus, I keep getting Windows messages about the computer having "virus activities".
     
  10. nasayin

    nasayin Regular member

    Joined:
    Mar 5, 2006
    Messages:
    509
    Likes Received:
    0
    Trophy Points:
    26
    Run your computer in Safe Mode (F8 when you are booting up)

    Run SmitFraudFix.cmd
    Select #2 and hit Enter
    Enter Y to clean the registry

    Reboot your computer to normal mode.

    Is it any better?
     
  11. Sarah317

    Sarah317 Member

    Joined:
    Jan 24, 2007
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    11
    Hmm, Safe Mode doesn't seem to be working. I am able to select it, and then it brings up another screen with one option - to run Windows Media Center XP. After I hit enter, it brings up a screen with a list of files but won't go any farther.

    (This is frustrating!)

    I also tried to run Safe Mode with Command Prompt but it does the same thing.
     
  12. nasayin

    nasayin Regular member

    Joined:
    Mar 5, 2006
    Messages:
    509
    Likes Received:
    0
    Trophy Points:
    26
    Just let it run and eventually you will be in Safe Mode.
     
  13. HazelB

    HazelB Member

    Joined:
    Aug 14, 2004
    Messages:
    99
    Likes Received:
    0
    Trophy Points:
    16

Share This Page