"General properties";""
"Report name";"Detailed Complete Test"
"Start time";"4/10/2008 3:10:04 AM"
"End time";"4/10/2008 6:35:43 AM (total: 3:25:38.5 hrs)"
"Launch method";"Scanning launched by scheduler"
"Scanning result";"Threats found"
"Report status";"Scanning completed successfully"
" ";""
"Object summary";""
"Scanned";"453245"
"Threats Found";"1"
"Cleaned";"0"
"Moved to vault";"0"
"Deleted";"0"
"Errors";"0"
"C:\WINDOWS\system32\kernel32.dll";"Change";"Changed"
"C:\WINDOWS\system32\shell32.dll";"Change";"Changed"
"C:\WINDOWS\system32\drivers\etc\hosts";"Change";"Changed"
"C:\pagefile.sys";"Cannot open; not checked!";"Not scanned"
"C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Altnet.zip";"Contains password-protected files";"Archive"
"C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Altnet1.zip";"Contains password-protected files";"Archive"
"C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar.zip";"Contains password-protected files";"Archive"
"C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar1.zip";"Contains password-protected files";"Archive"
"C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar2.zip";"Contains password-protected files";"Archive"
"C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride.zip";"Contains password-protected files";"Archive"
"C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled.zip";"Contains password-protected files";"Archive"
"C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar.zip";"Contains password-protected files";"Archive"
"C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar1.zip";"Contains password-protected files";"Archive"
"C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar2.zip";"Contains password-protected files";"Archive"
"C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpyShield.zip";"Contains password-protected files";"Archive"
"C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent.zip";"Contains password-protected files";"Archive"
"C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterAntiVirusOverride.zip";"Contains password-protected files";"Archive"
"C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterAntiVirusOverride1.zip";"Contains password-protected files";"Archive"
"C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Zango.zip";"Contains password-protected files";"Archive"
"C:\Documents and Settings\HP_Administrator\NTUSER.DAT";"Cannot open; not checked!";"Not scanned"
"C:\Documents and Settings\HP_Administrator\ntuser.dat.LOG";"Cannot open; not checked!";"Not scanned"
"C:\Documents and Settings\HP_Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 06-30-2007 - 16-48-53.SBU";"Contains password-protected files";"Archive"
"C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat";"Cannot open; not checked!";"Not scanned"
"C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG";"Cannot open; not checked!";"Not scanned"
"C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{62D2FE30-78C3-4AD2-B4FE-328C4C4D2B31}";"Cannot open; not checked!";"Not scanned"
"C:\Documents and Settings\LocalService\NTUSER.DAT";"Cannot open; not checked!";"Not scanned"
"C:\Documents and Settings\LocalService\ntuser.dat.LOG";"Cannot open; not checked!";"Not scanned"
"C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat";"Cannot open; not checked!";"Not scanned"
"C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG";"Cannot open; not checked!";"Not scanned"
"C:\Documents and Settings\NetworkService\NTUSER.DAT";"Cannot open; not checked!";"Not scanned"
"C:\Documents and Settings\NetworkService\ntuser.dat.LOG";"Cannot open; not checked!";"Not scanned"
"C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat";"Cannot open; not checked!";"Not scanned"
"C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG";"Cannot open; not checked!";"Not scanned"
"C:\Program Files\BOINC\slots\1\boinc_lockfile";"Cannot open; not checked!";"Not scanned"
"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask";"Contains password-protected files";"Archive"
"C:\Program Files\Microsoft Works\1033\Wizards\invwius.wwd";"Found some macros";"Scanned"
"C:\temp\HP_WebRelease\Setup\copy\Copy.cab:\HpQCopy.dll14.AEC15260_A444_440E_9621_BC683B6AC303";"Trojan horse PSW.OnlineGames.AJVH";"Infected, Embedded object"
"C:\temp\HP_WebRelease\Setup\copy\Copy.cab";"Trojan horse PSW.OnlineGames.AJVH";"Infected, Archive"
"C:\WINDOWS\system32\CatRoot2\edb.log";"Cannot open; not checked!";"Not scanned"
"C:\WINDOWS\system32\CatRoot2\tmp.edb";"Cannot open; not checked!";"Not scanned"
"C:\WINDOWS\system32\config\default";"Cannot open; not checked!";"Not scanned"
"C:\WINDOWS\system32\config\default.LOG";"Cannot open; not checked!";"Not scanned"
"C:\WINDOWS\system32\config\SAM";"Cannot open; not checked!";"Not scanned"
"C:\WINDOWS\system32\config\SAM.LOG";"Cannot open; not checked!";"Not scanned"
"C:\WINDOWS\system32\config\SECURITY";"Cannot open; not checked!";"Not scanned"
"C:\WINDOWS\system32\config\SECURITY.LOG";"Cannot open; not checked!";"Not scanned"
"C:\WINDOWS\system32\config\software";"Cannot open; not checked!";"Not scanned"
"C:\WINDOWS\system32\config\software.LOG";"Cannot open; not checked!";"Not scanned"
"C:\WINDOWS\system32\config\system";"Cannot open; not checked!";"Not scanned"
"C:\WINDOWS\system32\config\system.LOG";"Cannot open; not checked!";"Not scanned"
"D:\I386\Apps\APP32227\src\MSWORKS\PFILES\MSWORKS\1033\WIZARDS\INVWIUS.WWD";"Found some macros";"Scanned"
"D:\I386\Apps\APP32227\src\MSWORKS\PFILES\MSWORKS\1033\WIZARDS\INVWIZ.WWD";"Found some macros";"Scanned"
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:04:15 PM, on 4/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\FarStone\VirtualDrive\VHD\RDTask.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\BOINC\boinc.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\BOINC\projects\qah.uni-muenster.de\Amolqc-preRC1_5.01_windows_intelx86.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.n...lbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netflix.com/MemberHome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.n...lbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - (no file)
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: PaltalkWebLogin - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [VirtualDrive] C:\Program Files\FarStone\VirtualDrive\vdtask.exe /AutoRestore /Silence
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [RAMDrive] "C:\Program Files\FarStone\VirtualDrive\VHD\RDTask.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Start Smileycons - {C64A8F17-F16A-4a35-9618-B3A250D9EF2B} - C:\Program Files\Smileycons\smileycons.exe (HKCU)
O9 - Extra 'Tools' menuitem: Start Smileycons - {C64A8F17-F16A-4a35-9618-B3A250D9EF2B} - C:\Program Files\Smileycons\smileycons.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04063354-A10E-4427-A1EC-F3CC81587BC6} (Mines Control) - http://www.worldwinn...mines/mines.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinn...GamesLoader.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} (IEPlayInterface Class) - file:///E:/win/setup/iaieplay.dll
O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} (Brickout Control) - http://www.worldwinn...ut/brickout.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplane...DC_2.3.0.97.cab
O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} (Jigsaw Genius Control) - http://www.worldwinn...gsaw/jigsaw.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinn...d/bejeweled.cab
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://www.worldwinn...x/blockwerx.cab
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} (FreeCell Control) - http://www.worldwinn...ll/freecell.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://www.worldwinn...cubis/cubis.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} (WwLuxor Control) - http://www.worldwinn...luxor/luxor.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinn...apit/swapit.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinn...man/hangman.cab
O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} (Tilecity Control) - http://www.worldwinn...ty/tilecity.cab
O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} (Royal Control) - http://www.worldwinn...royal/royal.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} (Paint Control) - http://www.worldwinn...paint/paint.cab
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoft...5/asproinst.cab
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} (WWSpades Control) - http://www.worldwinn...es/wwspades.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Tenebril antispyware satellite (TNBRLDS) - Unknown owner - C:\Program Files\GhostSurf 2005\DeleteSvc.exe (file missing)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 13865 bytes
Incident Status Location
Potentially unwanted tool:application/need2find No disinfected HKEY_CURRENT_USER\SOFTWARE\NEED2FIND
Spyware:Cookie/Atwola Disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Serving-sys Disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Com.com Disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt[.com.com/]
Spyware:Cookie/Go Disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt[.go.com/]
Spyware:Cookie/RealMedia Disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/WUpd Disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Serving-sys Disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Target Disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt[.target.com/]
Spyware:Cookie/Yadro Disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt[.yadro.ru/]
Spyware:Cookie/Advertising Disinfected C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\k6fixzyk.default\cookies.txt[]
Spyware:Cookie/PointRoll Disinfected C:\Documents and Settings\Mom\Cookies\[email protected][2].txt
Spyware:Cookie/Azjmp Disinfected C:\Documents and Settings\Mom\Cookies\mom@azjmp[1].txt
Spyware:Cookie/BurstNet Disinfected C:\Documents and Settings\Mom\Cookies\mom@burstnet[1].txt
Spyware:Cookie/Enhance Disinfected C:\Documents and Settings\Mom\Cookies\mom@enhance[1].txt
Spyware:Cookie/FastClick Disinfected C:\Documents and Settings\Mom\Cookies\mom@fastclick[2].txt
Spyware:Cookie/Go Disinfected C:\Documents and Settings\Mom\Cookies\mom@go[1].txt
Spyware:Cookie/Target Disinfected C:\Documents and Settings\Mom\Cookies\mom@target[1].txt
Spyware:Cookie/Traffic Marketplace Disinfected C:\Documents and Settings\Mom\Cookies\mom@trafficmp[2].txt
Spyware:Cookie/BurstBeacon Disinfected C:\Documents and Settings\Mom\Cookies\[email protected][2].txt
Potentially unwanted tool:Application/KillApp.B No disinfected C:\hp\bin\KillIt.exe
Spyware:Cookie/Com.com No disinfected C:\Program Files\support.com\backup\Co\cookies.txt\84453_553b92812_[]
Spyware:Cookie/Com.com No disinfected C:\Program Files\support.com\backup\Co\cookies.txt\92785_59dc0eb63_[]
Spyware:Cookie/RealMedia No disinfected C:\Program Files\support.com\backup\Co\cookiesnew.txt\27901_5c432c19a_[]