Malwarebytes' Anti-Malware 1.11
Database version: 622
Scan type: Quick Scan
Objects scanned: 36414
Time elapsed: 7 minute(s), 43 second(s)
Memory Processes Infected: 2
Memory Modules Infected: 6
Registry Keys Infected: 74
Registry Values Infected: 8
Registry Data Items Infected: 2
Folders Infected: 10
Files Infected: 41
Memory Processes Infected:
C:\WINDOWS\system32\dipqbyho.exe (Trojan.FakeAlert) -> Unloaded process successfully.
C:\Documents and Settings\All Users\Application Data\xsfafolq\hunmnsbo.exe (Trojan.FakeAlert) -> Unloaded process successfully.
Memory Modules Infected:
c:\WINDOWS\system32\geBssrOg.dll (Trojan.Vundo) -> Unloaded module successfully.
c:\WINDOWS\system32\rkvdr.dll (Trojan.Zlob) -> Unloaded module successfully.
C:\WINDOWS\system32\eacwhxaf.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\efcDUlkk.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\najfhent.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\rixxfruh.dll (Trojan.Vundo) -> Unloaded module successfully.
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{b82f29e4-8368-4b14-9c00-5138c0d94034} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b82f29e4-8368-4b14-9c00-5138c0d94034} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gebssrog (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{65bbf06c-ea06-4818-92a3-f3550d0e1004} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92eb4930-7426-4f92-a88f-f3a96b4f69cc} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{92eb4930-7426-4f92-a88f-f3a96b4f69cc} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4d1c4e81-a32a-416b-bcdb-33b3ef3617d3} (Adware.Need2Find) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{aaeff552-3e8b-48b3-9ba2-576073e3acb7} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{43e7b8b8-0c4a-45a9-b94c-5f5b078d68d8} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4340df8e-d7a3-4675-be74-80077b2b3e81} (Rogue.AntiSpamBoy) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{51a0888c-9970-44de-8c2c-835ba870d06f} (Rogue.AntiSpamBoy) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5acae4b8-62d9-4124-a58a-9b1258b77e99} (Rogue.AntiSpamBoy) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d12fb216-99da-4eb3-9cc0-c0f760b174a0} (Rogue.AntiSpamBoy) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d56c1af1-3fde-471c-9bc2-c52515f260c1} (Rogue.AntiSpamBoy) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e656b867-992c-4462-a27d-ebe604ec3a48} (Rogue.AntiSpamBoy) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e656b867-aa2c-4462-a27d-ebe604ec3a48} (Rogue.AntiSpamBoy) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7c109800-a5d5-438f-9640-18d17e168b88} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7c109800-a5d5-438f-9640-18d17e168b88} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{54645654-2225-4455-44a1-9f4543d34545} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{5c7f15e1-f31a-44fd-aa1a-2ec63aaffd3a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Classes\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Invictus (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorertoolbar (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\mwc (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Golden Palace Casino PT (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> Delete on reboot.
HKEY_CURRENT_USER\Software\NetProject (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Service (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Secure Browsing (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{919b3c27-233d-444d-b0ac-922c27bef052} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webvideo (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\vnbptxlf.bfna (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\vnbptxlf.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety Alert (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoPl.chl (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\SpywareBot (Rogue.SpywareBot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VideoPlugin (Trojan.Fakealert) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{b82f29e4-8368-4b14-9c00-5138c0d94034} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{65bbf06c-ea06-4818-92a3-f3550d0e1004} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uyqjfkyw (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\TKa2ahUmi0 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{919b3c27-233d-444d-b0ac-922c27bef052} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\some (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\start (Trojan.Zlob) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\efcdulkk -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\efcdulkk -> Delete on reboot.
Folders Infected:
C:\Program Files\SpywareBot (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Program Files\SpywareBot\Log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Program Files\SpywareBot\Quarantine (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Program Files\SpywareBot\Registry Backups (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Program Files\SpywareBot\Settings (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Casino (Adware.Casino) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\215651 (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dan\Desktopvirii (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
Files Infected:
c:\WINDOWS\system32\geBssrOg.dll (Trojan.Vundo) -> Delete on reboot.
c:\WINDOWS\system32\rkvdr.dll (Trojan.Zlob) -> Delete on reboot.
C:\WINDOWS\system32\eacwhxaf.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\faxhwcae.ini (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\efcDUlkk.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\kklUDcfe.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kklUDcfe.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\najfhent.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\tnehfjan.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rixxfruh.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\hurfxxir.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dipqbyho.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\xsfafolq\hunmnsbo.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkkHXrrs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\SpywareBot\DataBaseNew.ref (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Program Files\SpywareBot\Log\log_2007_02_22_20_13_04.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Program Files\SpywareBot\Log\log_2007_02_22_20_13_11.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Program Files\SpywareBot\Settings\CustomScan.stg (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Program Files\SpywareBot\Settings\IgnoreList.stg (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Program Files\SpywareBot\Settings\ScanInfo.stg (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Program Files\SpywareBot\Settings\ScanResults.stg (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Program Files\SpywareBot\Settings\SelectedFolders.stg (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Program Files\SpywareBot\Settings\Settings.stg (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\2_mslagent.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\mslagent.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\uninstall.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\system32smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dan\Desktopvirii\Trojan-Downloader.Win32.Agent.bl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dan\Desktopvirii\Trojan-Downloader.Win32.Agent.p.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dan\Desktopvirii\Trojan-Downloader.Win32.Agent.r.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dan\Desktopvirii\Trojan-Downloader.Win32.Agent.t.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dan\Desktopvirii\Trojan-Downloader.Win32.Agent.v.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\acrsecB.fon (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\acrsecI.fon (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\vnbptxlf.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\qdnkewfa.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\apoxqwfv.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
CatalogDB: 3:01:35 AM 12/12/2007: Adding Catalog File: KB941568.cat
CatalogDB: 3:01:35 AM 12/12/2007: DONE Adding Catalog File: KB941568.cat
CatalogDB: 3:01:43 AM 12/12/2007: Adding Catalog File: oem32.CAT
CatalogDB: 3:01:44 AM 12/12/2007: DONE Adding Catalog File: oem32.CAT
CatalogDB: 3:02:05 AM 12/12/2007: Adding Catalog File: KB942615-IE7.cat
CatalogDB: 3:02:05 AM 12/12/2007: DONE Adding Catalog File: KB942615-IE7.cat
CatalogDB: 3:02:42 AM 12/12/2007: Adding Catalog File: oem32.CAT
CatalogDB: 3:02:42 AM 12/12/2007: DONE Adding Catalog File: oem32.CAT
CatalogDB: 3:03:17 AM 12/12/2007: Adding Catalog File: KB941569.cat
CatalogDB: 3:03:17 AM 12/12/2007: DONE Adding Catalog File: KB941569.cat
CatalogDB: 3:03:22 AM 12/12/2007: Adding Catalog File: oem32.CAT
CatalogDB: 3:03:22 AM 12/12/2007: DONE Adding Catalog File: oem32.CAT
CatalogDB: 3:03:27 AM 12/12/2007: Adding Catalog File: KB942763.cat
CatalogDB: 3:03:27 AM 12/12/2007: DONE Adding Catalog File: KB942763.cat
CatalogDB: 4:09:41 AM 1/9/2008: Adding Catalog File: oem32.CAT
CatalogDB: 4:09:41 AM 1/9/2008: DONE Adding Catalog File: oem32.CAT
CatalogDB: 4:09:53 AM 1/9/2008: Adding Catalog File: oem32.CAT
CatalogDB: 4:09:54 AM 1/9/2008: DONE Adding Catalog File: oem32.CAT
CatalogDB: 4:10:42 AM 1/9/2008: Adding Catalog File: oem32.CAT
CatalogDB: 4:10:42 AM 1/9/2008: DONE Adding Catalog File: oem32.CAT
CatalogDB: 4:10:48 AM 1/9/2008: Adding Catalog File: oem32.CAT
CatalogDB: 4:10:48 AM 1/9/2008: DONE Adding Catalog File: oem32.CAT
CatalogDB: 3:00:39 AM 1/10/2008: Adding Catalog File: oem32.CAT
CatalogDB: 3:00:39 AM 1/10/2008: DONE Adding Catalog File: oem32.CAT
CatalogDB: 3:01:15 AM 1/10/2008: Adding Catalog File: KB943485.cat
CatalogDB: 3:01:15 AM 1/10/2008: DONE Adding Catalog File: KB943485.cat
CatalogDB: 3:01:29 AM 1/10/2008: Adding Catalog File: oem32.CAT
CatalogDB: 3:01:29 AM 1/10/2008: DONE Adding Catalog File: oem32.CAT
CatalogDB: 3:01:33 AM 1/10/2008: Adding Catalog File: KB941644.cat
CatalogDB: 3:01:33 AM 1/10/2008: DONE Adding Catalog File: KB941644.cat
CatalogDB: 5:20:20 PM 2/11/2008: Adding Catalog File: oem32.CAT
CatalogDB: 5:20:20 PM 2/11/2008: DONE Adding Catalog File: oem32.CAT
CatalogDB: 5:22:36 AM 2/13/2008: Adding Catalog File: oem33.CAT
CatalogDB: 5:22:36 AM 2/13/2008: DONE Adding Catalog File: oem33.CAT
CatalogDB: 5:22:48 AM 2/13/2008: Adding Catalog File: oem33.CAT
CatalogDB: 5:22:49 AM 2/13/2008: DONE Adding Catalog File: oem33.CAT
CatalogDB: 5:23:20 AM 2/13/2008: Adding Catalog File: oem33.CAT
CatalogDB: 5:23:20 AM 2/13/2008: DONE Adding Catalog File: oem33.CAT
CatalogDB: 5:23:27 AM 2/13/2008: Adding Catalog File: oem33.CAT
CatalogDB: 5:23:27 AM 2/13/2008: DONE Adding Catalog File: oem33.CAT
CatalogDB: 5:24:25 AM 2/13/2008: Adding Catalog File: oem33.CAT
CatalogDB: 5:24:26 AM 2/13/2008: DONE Adding Catalog File: oem33.CAT
CatalogDB: 5:24:45 AM 2/13/2008: Adding Catalog File: oem33.CAT
CatalogDB: 5:24:45 AM 2/13/2008: DONE Adding Catalog File: oem33.CAT
CatalogDB: 3:00:40 AM 2/14/2008: Adding Catalog File: oem33.CAT
CatalogDB: 3:00:40 AM 2/14/2008: DONE Adding Catalog File: oem33.CAT
CatalogDB: 3:01:24 AM 2/14/2008: Adding Catalog File: KB943055.cat
CatalogDB: 3:01:24 AM 2/14/2008: DONE Adding Catalog File: KB943055.cat
CatalogDB: 3:01:37 AM 2/14/2008: Adding Catalog File: oem33.CAT
CatalogDB: 3:01:38 AM 2/14/2008: DONE Adding Catalog File: oem33.CAT
CatalogDB: 3:01:58 AM 2/14/2008: Adding Catalog File: KB944533-IE7.cat
CatalogDB: 3:01:58 AM 2/14/2008: DONE Adding Catalog File: KB944533-IE7.cat
CatalogDB: 3:02:42 AM 2/14/2008: Adding Catalog File: oem33.CAT
CatalogDB: 3:02:42 AM 2/14/2008: DONE Adding Catalog File: oem33.CAT
CatalogDB: 3:02:46 AM 2/14/2008: Adding Catalog File: KB946026.cat
CatalogDB: 3:02:46 AM 2/14/2008: DONE Adding Catalog File: KB946026.cat
CatalogDB: 12:09:44 AM 3/20/2008: Adding Catalog File: _000000_.cat
CatalogDB: 12:09:44 AM 3/20/2008: DONE Adding Catalog File: _000000_.cat
CatalogDB: 12:10:29 AM 3/20/2008: Adding Catalog File: KB892130.cat
CatalogDB: 12:10:29 AM 3/20/2008: DONE Adding Catalog File: KB892130.cat
CatalogDB: 1:01:12 AM 3/20/2008: Adding Catalog File: oem33.CAT
CatalogDB: 1:01:12 AM 3/20/2008: DONE Adding Catalog File: oem33.CAT
CatalogDB: 1:01:55 AM 3/20/2008: Adding Catalog File: Wudf01000.cat
CatalogDB: 1:01:55 AM 3/20/2008: DONE Adding Catalog File: Wudf01000.cat
CatalogDB: 1:02:24 AM 3/20/2008: Adding Catalog File: oem33.CAT
CatalogDB: 1:02:25 AM 3/20/2008: DONE Adding Catalog File: oem33.CAT
CatalogDB: 1:03:05 AM 3/20/2008: Adding Catalog File: WMFDist11.cat
CatalogDB: 1:03:06 AM 3/20/2008: DONE Adding Catalog File: WMFDist11.cat
CatalogDB: 1:04:07 AM 3/20/2008: Adding Catalog File: oem33.CAT
CatalogDB: 1:04:08 AM 3/20/2008: DONE Adding Catalog File: oem33.CAT
CatalogDB: 1:04:51 AM 3/20/2008: Adding Catalog File: wmp11.cat
CatalogDB: 1:04:51 AM 3/20/2008: DONE Adding Catalog File: wmp11.cat
CatalogDB: 1:05:56 AM 3/20/2008: Adding Catalog File: oem33.CAT
CatalogDB: 1:05:56 AM 3/20/2008: DONE Adding Catalog File: oem33.CAT
CatalogDB: 1:06:15 AM 3/20/2008: Adding Catalog File: MSCompPackV1.cat
CatalogDB: 1:06:15 AM 3/20/2008: DONE Adding Catalog File: MSCompPackV1.cat
CatalogDB: 1:06:28 AM 3/20/2008: Adding Catalog File: oem33.CAT
CatalogDB: 1:06:28 AM 3/20/2008: DONE Adding Catalog File: oem33.CAT
CatalogDB: 1:07:25 AM 3/20/2008: Adding Catalog File: KB926239.cat
CatalogDB: 1:07:25 AM 3/20/2008: DONE Adding Catalog File: KB926239.cat
CatalogDB: 1:19:13 AM 3/20/2008: Adding Catalog File: oem34.CAT
CatalogDB: 1:19:13 AM 3/20/2008: DONE Adding Catalog File: oem34.CAT
CatalogDB: 1:19:15 AM 3/20/2008: Adding Catalog File: oem36.CAT
CatalogDB: 1:19:15 AM 3/20/2008: DONE Adding Catalog File: oem36.CAT
CatalogDB: 1:19:24 AM 3/20/2008: Adding Catalog File: oem40.CAT
CatalogDB: 1:19:24 AM 3/20/2008: DONE Adding Catalog File: oem40.CAT
CatalogDB: 1:19:26 AM 3/20/2008: Adding Catalog File: oem42.CAT
CatalogDB: 1:19:26 AM 3/20/2008: DONE Adding Catalog File: oem42.CAT
CatalogDB: 1:19:26 AM 3/20/2008: Adding Catalog File: oem43.CAT
CatalogDB: 1:19:26 AM 3/20/2008: DONE Adding Catalog File: oem43.CAT
CatalogDB: 1:19:26 AM 3/20/2008: Adding Catalog File: oem44.CAT
CatalogDB: 1:19:27 AM 3/20/2008: DONE Adding Catalog File: oem44.CAT
CatalogDB: 3:00:37 AM 3/21/2008: Adding Catalog File: oem45.CAT
CatalogDB: 3:00:37 AM 3/21/2008: DONE Adding Catalog File: oem45.CAT
CatalogDB: 3:01:15 AM 3/21/2008: Adding Catalog File: Tmp.0.KB936782.cat
CatalogDB: 3:01:16 AM 3/21/2008: DONE Adding Catalog File: Tmp.0.KB936782.cat
CatalogDB: 3:01:22 AM 3/21/2008: Adding Catalog File: KB936782.cat
CatalogDB: 3:01:23 AM 3/21/2008: DONE Adding Catalog File: KB936782.cat
CatalogDB: 3:01:33 AM 3/21/2008: Adding Catalog File: oem45.CAT
CatalogDB: 3:01:33 AM 3/21/2008: DONE Adding Catalog File: oem45.CAT
CatalogDB: 3:02:00 AM 3/21/2008: Adding Catalog File: KB939683.cat
CatalogDB: 3:02:00 AM 3/21/2008: DONE Adding Catalog File: KB939683.cat
CatalogDB: 3:02:03 AM 3/21/2008: Adding Catalog File: oem45.CAT
CatalogDB: 3:02:03 AM 3/21/2008: DONE Adding Catalog File: oem45.CAT
CatalogDB: 3:02:29 AM 3/21/2008: Adding Catalog File: KB929399.cat
CatalogDB: 3:02:29 AM 3/21/2008: DONE Adding Catalog File: KB929399.cat
CatalogDB: 3:02:33 AM 3/21/2008: Adding Catalog File: oem45.CAT
CatalogDB: 3:02:33 AM 3/21/2008: DONE Adding Catalog File: oem45.CAT
CatalogDB: 3:02:59 AM 3/21/2008: Adding Catalog File: KB941569.cat
CatalogDB: 3:02:59 AM 3/21/2008: DONE Adding Catalog File: KB941569.cat
CatalogDB: 10:18:20 AM 4/8/2008: Adding Catalog File: oem45.CAT
CatalogDB: 10:18:21 AM 4/8/2008: DONE Adding Catalog File: oem45.CAT
CatalogDB: 10:18:43 AM 4/8/2008: Adding Catalog File: oem45.CAT
CatalogDB: 10:18:43 AM 4/8/2008: DONE Adding Catalog File: oem45.CAT
CatalogDB: 10:23:37 AM 4/8/2008: Adding Catalog File: oem45.CAT
CatalogDB: 10:23:37 AM 4/8/2008: DONE Adding Catalog File: oem45.CAT
CatalogDB: 10:23:48 AM 4/8/2008: Adding Catalog File: oem45.CAT
CatalogDB: 10:23:48 AM 4/8/2008: DONE Adding Catalog File: oem45.CAT
CatalogDB: 10:24:04 AM 4/8/2008: Adding Catalog File: oem45.CAT
CatalogDB: 10:24:04 AM 4/8/2008: DONE Adding Catalog File: oem45.CAT
CatalogDB: 10:24:17 AM 4/8/2008: Adding Catalog File: oem45.CAT
CatalogDB: 10:24:17 AM 4/8/2008: DONE Adding Catalog File: oem45.CAT
CatalogDB: 3:00:41 AM 4/9/2008: Adding Catalog File: oem45.CAT
CatalogDB: 3:00:41 AM 4/9/2008: DONE Adding Catalog File: oem45.CAT
CatalogDB: 3:01:25 AM 4/9/2008: Adding Catalog File: KB945553.cat
CatalogDB: 3:01:25 AM 4/9/2008: DONE Adding Catalog File: KB945553.cat
CatalogDB: 3:03:54 AM 4/9/2008: Adding Catalog File: oem45.CAT
CatalogDB: 3:03:54 AM 4/9/2008: DONE Adding Catalog File: oem45.CAT
CatalogDB: 3:03:58 AM 4/9/2008: Adding Catalog File: KB948590.cat
CatalogDB: 3:03:58 AM 4/9/2008: DONE Adding Catalog File: KB948590.cat
CatalogDB: 3:04:06 AM 4/9/2008: Adding Catalog File: oem45.CAT
CatalogDB: 3:04:06 AM 4/9/2008: DONE Adding Catalog File: oem45.CAT
CatalogDB: 3:04:30 AM 4/9/2008: Adding Catalog File: KB947864-IE7.cat
CatalogDB: 3:04:30 AM 4/9/2008: DONE Adding Catalog File: KB947864-IE7.cat
CatalogDB: 3:05:08 AM 4/9/2008: Adding Catalog File: oem45.CAT
CatalogDB: 3:05:08 AM 4/9/2008: DONE Adding Catalog File: oem45.CAT
CatalogDB: 3:05:13 AM 4/9/2008: Adding Catalog File: KB941693.cat
CatalogDB: 3:05:13 AM 4/9/2008: DONE Adding Catalog File: KB941693.cat
CatalogDB: 3:05:21 AM 4/9/2008: Adding Catalog File: oem45.CAT
CatalogDB: 3:05:21 AM 4/9/2008: DONE Adding Catalog File: oem45.CAT
CatalogDB: 3:05:26 AM 4/9/2008: Adding Catalog File: KB948881.cat
CatalogDB: 3:05:26 AM 4/9/2008: DONE Adding Catalog File: KB948881.cat
CatalogDB: 1:58:35 PM 4/13/2008: File #2 at line #1422 encountered error 0x00000057
CatalogDB: 1:58:35 PM 4/13/2008: File #2 at line #1422 encountered error 0x00000057
CatalogDB: 1:58:35 PM 4/13/2008: File #2 at line #1422 encountered error 0x00000057
CatalogDB: 1:58:36 PM 4/13/2008: File #2 at line #1422 encountered error 0x00000057
CatalogDB: 1:58:36 PM 4/13/2008: File #2 at line #1422 encountered error 0x00000057
CatalogDB: 1:58:36 PM 4/13/2008: File #2 at line #1422 encountered error 0x00000057
CatalogDB: 1:58:36 PM 4/13/2008: File #2 at line #1422 encountered error 0x00000057
CatalogDB: 1:58:36 PM 4/13/2008: File #2 at line #1422 encountered error 0x00000057
;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-04-13 21:26:17
PROTECTIONS: 1
MALWARE: 7
SUSPECTS: 0
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
avast! antivirus 4.8.1169 [VPS 080413-0] 4.8.1169 No Yes
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00029258 application/altnet HackTools No 0 Yes No c:\windows\smdat32a.sys
00029258 application/altnet HackTools No 0 Yes No HKEY_CLASSES_ROOT\Interface\{258A3625-183B-4477-AEE2-EA54DF6D878D}
00029258 application/altnet HackTools No 0 Yes No HKEY_CLASSES_ROOT\TypeLib\{5830698F-7FC0-40CD-A453-9A0CAFDF3A64}
00029258 application/altnet HackTools No 0 Yes No HKEY_CLASSES_ROOT\Interface\{AD5BC1F0-72D8-44B3-8E3D-8E8FECCE43FB}
00029258 application/altnet HackTools No 0 Yes No c:\program files\altnet
00029258 application/altnet HackTools No 0 Yes No HKEY_CLASSES_ROOT\Interface\{E813099D-5529-47F4-9B37-4AFAFCB00A43}
00029258 application/altnet HackTools No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC}
00029258 application/altnet HackTools No 0 Yes No hkey_local_machine\software\classes\typelib\{676f6d1d-c559-42a9-860b-27c1477b7179}
00029258 application/altnet HackTools No 0 Yes No hkey_local_machine\software\classes\typelib\{bff4f684-677e-44f4-8c74-1d575c950e10}
00029258 application/altnet HackTools No 0 Yes No hkey_local_machine\software\altnet
00029258 application/altnet HackTools No 0 Yes No HKEY_CLASSES_ROOT\Interface\{582AB125-1403-42FB-9EFB-198690BA1496}
00029258 application/altnet HackTools No 0 Yes No hkey_classes_root\clsid\{1d3bce37-7834-4579-8169-e67681420a98}
00029258 application/altnet HackTools No 0 Yes No hkey_classes_root\clsid\{3646c2bd-3554-49ca-8125-44deefb881de}
00029258 application/altnet HackTools No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{1D3BCE37-7834-4579-8169-E67681420A98}
00029258 application/altnet HackTools No 0 Yes No hkey_classes_root\clsid\{9bbcf06c-dcd7-495d-80df-cdd5399d0ff8}
00029258 application/altnet HackTools No 0 Yes No hkey_classes_root\clsid\{b7156514-a76c-4545-9d5b-a4e1d02c7aec}
00029258 application/altnet HackTools No 0 Yes No hkey_classes_root\clsid\{def37997-d9c9-4a4b-bf3c-88f99eaceec2}
00029258 application/altnet HackTools No 0 Yes No hkey_classes_root\clsid\{e813099d-5529-47f4-9b37-4afafcb00a43}
00029258 application/altnet HackTools No 0 Yes No hkey_local_machine\software\classes\appid\adm.exe
00029258 application/altnet HackTools No 0 Yes No hkey_local_machine\software\classes\appid\altnet signing module.exe
00029258 application/altnet HackTools No 0 Yes No hkey_local_machine\software\classes\appid\{99a8e2b2-3405-4c0d-9110-131c14caaf62}
00029258 application/altnet HackTools No 0 Yes No hkey_classes_root\appid\adm.exe
00029258 application/altnet HackTools No 0 Yes No hkey_classes_root\appid\{99a8e2b2-3405-4c0d-9110-131c14caaf62}
00029258 application/altnet HackTools No 0 Yes No hkey_local_machine\software\classes\adm.adm
00029258 application/altnet HackTools No 0 Yes No hkey_local_machine\software\classes\adm25.adm25
00029258 application/altnet HackTools No 0 Yes No hkey_local_machine\software\classes\adm25.adm25.1
00029258 application/altnet HackTools No 0 Yes No hkey_local_machine\software\classes\adm4.adm4
00029258 application/altnet HackTools No 0 Yes No hkey_local_machine\software\classes\signingmodule.signingmodule
00029258 application/altnet HackTools No 0 Yes No hkey_local_machine\software\classes\signingmodule.signingmodule.1
00029258 application/altnet HackTools No 0 Yes No hkey_local_machine\software\classes\topsearch.tslink
00029258 application/altnet HackTools No 0 Yes No hkey_local_machine\software\classes\topsearch.tslink.1
00029258 application/altnet HackTools No 0 Yes No hkey_classes_root\adm.adm
00029258 application/altnet HackTools No 0 Yes No hkey_classes_root\adm.adm.1
00029258 application/altnet HackTools No 0 Yes No hkey_classes_root\adm25.adm25
00029258 application/altnet HackTools No 0 Yes No hkey_classes_root\adm25.adm25.1
00029258 application/altnet HackTools No 0 Yes No hkey_classes_root\adm4.adm4
00029258 application/altnet HackTools No 0 Yes No hkey_classes_root\adm4.adm4.1
00029258 application/altnet HackTools No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{3646C2BD-3554-49CA-8125-44DEEFB881DE}
00029258 application/altnet HackTools No 0 Yes No HKEY_CLASSES_ROOT\TypeLib\{676F6D1D-C559-42A9-860B-27C1477B7179}
00029258 application/altnet HackTools No 0 Yes No HKEY_CLASSES_ROOT\AppID\{8B0FEF15-54DC-49F5-8377-8172DE975F75}
00029258 application/altnet HackTools No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{9BBCF06C-DCD7-495D-80DF-CDD5399D0FF8}
00029258 application/altnet HackTools No 0 Yes No hkey_classes_root\signingmodule.signingmodule
00029258 application/altnet HackTools No 0 Yes No hkey_classes_root\signingmodule.signingmodule.1
00029258 application/altnet HackTools No 0 Yes No hkey_classes_root\topsearch.tslink
00029258 application/altnet HackTools No 0 Yes No hkey_classes_root\topsearch.tslink.1
00029258 application/altnet HackTools No 0 Yes No HKEY_CLASSES_ROOT\Interface\{E79DADC6-18D0-4A2A-831F-D196D41F8438}
00029258 application/altnet HackTools No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{DEF37997-D9C9-4A4B-BF3C-88F99EACEEC2}
00059895 adware/instafinder Adware No 0 Yes No c:\program files\instafink
00059895 adware/instafinder Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E7BD74F-2B8D-469E-90F0-F66AB581A933}
00064489 adware/rxtoolbar Adware No 1 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25D8BACF-3DE2-4B48-AE22-D659B8D835B0}
00169752 application/need2find HackTools No 0 Yes No hkey_classes_root\need2findbar.settingsplugin
00169752 application/need2find HackTools No 0 Yes No hkey_classes_root\clsid\{630d6140-04c5-4db0-b27a-020d766ff09b}
00169752 application/need2find HackTools No 0 Yes No hkey_local_machine\software\need2find
00169752 application/need2find HackTools No 0 Yes No hkey_classes_root\need2findbar.settingsplugin.1
00169752 application/need2find HackTools No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\uninstall\need2findbar uninstall
00169752 application/need2find HackTools No 0 Yes No c:\program files\need2find
00169752 application/need2find HackTools No 0 Yes No hkey_classes_root\need2findbar.toolbarplugin
00169752 application/need2find HackTools No 0 Yes No HKEY_CLASSES_ROOT\Interface\{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3}
00169752 application/need2find HackTools No 0 Yes No hkey_current_user\software\need2find
00169752 application/need2find HackTools No 0 Yes No hkey_classes_root\need2findbar.toolbarplugin.1
00169752 application/need2find HackTools No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{630D6140-04C5-4db0-B27A-020D766FF09B}
00211158 application/bestoffer HackTools No 0 Yes No c:\windows\smdat32m.sys
00735083 Application/Altnet HackTools No 0 Yes No C:\Program Files\Altnet\Download Manager\admdata.dll
02654465 Generic Malware Virus/Trojan No 0 Yes No C:\Documents and Settings\Dan\My Documents\bpssr.exe
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
UNINSTALL LIST
Adobe Acrobat 5.0
Adobe Download Manager 1.2 (Remove Only)
Adobe Flash Player 9 ActiveX
Adobe Flash Player Plugin
Adobe Reader 6.0
Adobe Shockwave Player
Apple Software Update
Atlantic Lounge
avast! Antivirus
BetRoyal Casino
Breakaway Casino
Casino Classic
Cirrus Casino
Club Player Casino
Club World Casinos
Compaq Advisor
Compaq Wallpaper
Compaq WinDVD
CompuServe 2000
Cool Cat Casino
Crown Vegas Casino
Disney's Toontown Online
EnglishHarbourCasino
EnglishHarbourCasino
E-PlayersCard
ESPN Version 2.0.6.88
FTDI USB Serial Converter Drivers
Full Tilt Poker
Full Tilt Poker.Net
Golden Casino
GoldenCasino
HetmanCasino
HijackThis 2.0.2
Homescan Internet Transporter
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:50:06 PM, on 4/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ACNielsen\Homescan Internet Transporter\HSTrans.exe
C:\Program Files\First Principle Group\fpg.exe
C:\Documents and Settings\Dan\Local Settings\Application Data\VTShared\GCNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O1 - Hosts: 200.124.131.116 casinocontroller.com
O1 - Hosts: 200.124.131.116 casinocontroller.com
O1 - Hosts: 200.124.131.116 casinocontroller.com
O1 - Hosts: 200.124.131.116 casinocontroller.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MegaPanel] C:\Program Files\ACNielsen\Homescan Internet Transporter\HSTrans.exe
O4 - HKLM\..\Run: [First Principle Group] C:\Program Files\First Principle Group\fpg.exe /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcNotifier] C:\Documents and Settings\Dan\Local Settings\Application Data\VTShared\GCNotifier.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Search - http://kl.bar.need2f...earch.html?p=KL
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Support - {8D6BC837-B245-4828-9BB1-06092A487FE6} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O16 - DPF: Yahoo! Backgammon - http://download.game...nts/y/at1_x.cab
O16 - DPF: Yahoo! Literati - http://download2.gam...nts/y/tt4_x.cab
O16 - DPF: Yahoo! Pinochle - http://download.game...nts/y/ut2_x.cab
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinn...rabblecubes.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {04063354-A10E-4427-A1EC-F3CC81587BC6} (Mines Control) - http://www.worldwinn...mines/mines.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab46479.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} (SkillGam Control) - http://www.worldwinn...am/skillgam.cab
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinn...GamesLoader.cab
O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} (Brickout Control) - http://www.worldwinn...ut/brickout.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://www.worldwinn...0/pool/pool.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/...dy.cab32846.cab
O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} (Jigsaw Genius Control) - http://www.worldwinn...gsaw/jigsaw.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {5445BE81-B796-11D2-B931-002018654E2E} (MeadCo Security Manager) - http://livesupport.h...g/ie/SecMgr.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab32846.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://www.worldwinn...jattack/bja.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinn...d/bejeweled.cab
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://www.worldwinn...x/blockwerx.cab
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} (FreeCell Control) - http://www.worldwinn...ll/freecell.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://www.worldwinn...jo/wordmojo.cab
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://www.worldwinn...cubis/cubis.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinn...v46/sol/sol.cab
O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} (WwLuxor Control) - http://www.worldwinn...luxor/luxor.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinn...apit/swapit.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.micro...n7/DLHelper.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinn...man/hangman.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} (Tilecity Control) - http://www.worldwinn...ty/tilecity.cab
O16 - DPF: {BB637307-92FA-47EC-B3F7-696907867