Malwarebytes' Anti-Malware 1.12
Database version: 768
Scan type: Full Scan (C:\|)
Objects scanned: 161773
Time elapsed: 1 hour(s), 53 minute(s), 56 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 13
Registry Values Infected: 3
Registry Data Items Infected: 1
Folders Infected: 2
Files Infected: 17
Memory Processes Infected:
C:\WINDOWS\SYSTEM32\xwusuhzh.exe (Trojan.Agent) -> Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4d51e91c-e917-4b7f-89ff-abe471e16927} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1e5b2693-d348-4ca7-8364-4f5e51bf9c6d} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2e54ac53-efa4-4831-a3f6-b47b1a1937cf} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{54a3f8b7-228e-4ed8-895b-de832b2c3959} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{bd937ffe-0352-4fde-88f2-c30d1a9b25cf} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{90c61707-c8f8-43db-a25c-c1f4b18ee41e} (Spyware.Comet.Cursor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{edc4193f-34ad-4d07-aa87-e3fdb89e3e76} (Spyware.Comet.Cursor) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{4d51e91c-e917-4b7f-89ff-abe471e16927} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Windows Installer (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\[email protected] (Adware.Zango) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\xwusuhzh.exe -> Quarantined and deleted successfully.
Folders Infected:
C:\Documents and Settings\Margaret\Application Data\PrivacyProtector Free (Rogue.PrivacyProtector) -> Quarantined and deleted successfully.
C:\Documents and Settings\Margaret\Application Data\PrivacyProtector Free\Logs (Rogue.PrivacyProtector) -> Quarantined and deleted successfully.
Files Infected:
C:\Documents and Settings\Margaret\Application Data\Antispyware\Quarantine\19-05-2008-15-00-29\102.qit (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Margaret\Local Settings\Temp\nsm6F5.tmp\blowfish.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP550\A0172948.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP550\A0172949.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP583\A0179276.exe (Adware.SearchAid) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TMP00000056D72D15A6B6F23B7F (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Margaret\Application Data\PrivacyProtector Free\Logs\update.log (Rogue.PrivacyProtector) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\xwusuhzh.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Margaret\Application Data\Microsoft\dtsc\32122.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clbdll.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\000060.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\DRIVERS\clbdriver.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\rs.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Margaret\Local Settings\Temp\ac8zt2\eotv.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Margaret\Local Settings\Temp\ac8zt2\npqtsrak.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Margaret\Local Settings\Temp\ac8zt2\rtqmekwg.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Margaret\Local Settings\Temp\ac8zt2\pmsoarbf.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-05-21 06:13:35
PROTECTIONS: 1
MALWARE: 94
SUSPECTS: 2
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
McAfee VirusScan Yes Yes
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00003992 spyware/adclicker Spyware No 1 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00110011-4b0b-44d5-9718-90c88817369b}
00013512 adware/searchaid Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{587DBF2D-9145-4C9E-92C2-1F953DA73773}
00013512 adware/searchaid Adware No 0 Yes No HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a}
00029036 adware/superspider Adware No 1 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{467FAEB2-5F5B-4C81-BAE0-2A4752CA7F4E}
00029036 adware/superspider Adware No 1 Yes No c:\windows\mssys.exe
00029343 adware/mssearch Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{fd9bc004-8331-4457-b830-4759ff704c22}
00029343 adware/mssearch Adware No 0 Yes No HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c}
00035633 adware/cws.nfo Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E3EEBBE8-9CAB-4C76-B26A-747E25EBB4C6}
00035722 adware/comet Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE6BC4EF-5676-484B-88AE-883323913256}
00036156 adware/winres Adware No 0 Yes No HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2D38A51A-23C9-48a1-A33C-48675AA2B494}
00039204 adware/cws Adware No 0 Yes No HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972}
00039204 adware/cws Adware No 0 Yes No HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2}
00039204 adware/cws Adware No 0 Yes No HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba}
00039204 adware/cws Adware No 0 Yes No HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26}
00040007 adware/cws.yexe Adware No 0 Yes No c:\windows\loader.exe
00040007 adware/cws.yexe Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5321E378-FFAD-4999-8C62-03CA8155F0B3}
00040377 adware/adultlinks Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{965e6b07-6832-4738-bdbe-25f226ba2ab0}
00046490 adware/azesearch Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{d7bf3304-138b-4dd5-86ee-491bb6a2286c}
00065497 Adware/Comet Adware No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppqDF.tmp
00065497 Adware/Comet Adware No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppqDD.tmp
00103389 adware/noname Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{cf021f40-3e14-23a5-cba2-717765721306}
00110259 dialer.py Dialers No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8522F9B3-38C5-4AA4-AE40-7401F1BBC851}
00110532 spyware/clientman Spyware No 1 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCADDC14-BD46-408A-9842-CDBE1C6D37EB}
00119488 application/mediapipe HackTools No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B3E19860-0CD5-4991-A066-4FCA2704DE59}
00132447 adware program Adware No 0 Yes No c:\windows\x.exe
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Margaret\Application Data\Antispyware\Quarantine\19-05-2008-15-00-29\82.qit
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq11E.tmp
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppqF3.tmp
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppqFA.tmp
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Margaret\Application Data\Antispyware\Quarantine\19-05-2008-15-00-29\45.qit
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Margaret\Application Data\Antispyware\Quarantine\19-05-2008-20-42-32\0.qit
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Margaret\Application Data\Antispyware\Quarantine\19-05-2008-17-28-26\5.qit
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Margaret\Application Data\Antispyware\Quarantine\20-05-2008-05-56-03\4.qit
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Margaret\Application Data\Antispyware\Quarantine\19-05-2008-15-00-29\33.qit
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppqEB.tmp
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Margaret\Application Data\Antispyware\Quarantine\19-05-2008-17-28-26\2.qit
00139535 Application/Processor HackTools No 0 Yes No C:\WINDOWS\SYSTEM32\Process.exe
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq11D.tmp
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppqE4.tmp
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Margaret\Application Data\Antispyware\Quarantine\19-05-2008-15-00-29\0.qit
00145433 Cookie/Mammamediasolutions TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq11C.tmp
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Margaret\Application Data\Antispyware\Quarantine\19-05-2008-17-28-26\6.qit
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Margaret\Application Data\Antispyware\Quarantine\20-05-2008-05-56-03\7.qit
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppqFE.tmp
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Margaret\Application Data\Antispyware\Quarantine\19-05-2008-15-00-29\49.qit
00145466 Cookie/Advertising TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq10A.tmp
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq11F.tmp
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Margaret\Application Data\Antispyware\Quarantine\19-05-2008-15-00-29\83.qit
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq104.tmp
00145792 Cookie/SexList TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq10C.tmp
00146967 Cookie/PayCounter TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq105.tmp
00147806 Cookie/7search TrackingCookie No 0 Yes No C:\Documents and Settings\Margaret\Application Data\Antispyware\Quarantine\19-05-2008-15-00-29\1.qit
00152401 Cookie/Belnk TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppqEC.tmp
00160284 Cookie/Findwhat TrackingCookie No 0 Yes No C:\Documents and Settings\Margaret\Application Data\Antispyware\Quarantine\19-05-2008-15-00-29\50.qit
00162730 Cookie/Belnk TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppqED.tmp
00167672 Cookie/DomainSponsor TrackingCookie No 0 Yes No C:\Documents and Settings\Margaret\Application Data\Antispyware\Quarantine\19-05-2008-15-00-29\44.qit
00167672 Cookie/DomainSponsor TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppqF9.tmp
00167706 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq113.tmp
00167730 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppqFC.tmp
00167733 Cookie/Adserver TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq123.tmp
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq11A.tmp
00167759 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq118.tmp
00167760 Cookie/Hitslink TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq101.tmp
00167761 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq117.tmp
00167764 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq116.tmp
00167770 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq110.tmp
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Margaret\Application Data\Antispyware\Quarantine\19-05-2008-15-00-29\66.qit
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Margaret\Application Data\Antispyware\Quarantine\20-05-2008-05-56-03\0.qit
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Margaret\Application Data\Antispyware\Quarantine\19-05-2008-15-00-29\3.qit
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Margaret\Application Data\Antispyware\Quarantine\19-05-2008-17-28-26\0.qit
00168057 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq10D.tmp
00168058 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq114.tmp
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Margaret\Application Data\Antispyware\Quarantine\19-05-2008-17-28-26\1.qit
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Margaret\Application Data\Antispyware\Quarantine\19-05-2008-15-00-29\28.qit
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Margaret\Application Data\Antispyware\Quarantine\20-05-2008-05-56-03\3.qit
00168069 Cookie/Bilbo.counted TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppqEE.tmp
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Margaret\Application Data\Antispyware\Quarantine\20-05-2008-05-56-03\5.qit
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Margaret\Application Data\Antispyware\Quarantine\19-05-2008-15-00-29\40.qit
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppqF2.tmp
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Margaret\Application Data\Antispyware\Quarantine\19-05-2008-17-28-26\3.qit
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Margaret\Application Data\Antispyware\Quarantine\19-05-2008-15-00-29\75.qit
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq10B.tmp
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Margaret\Application Data\Antispyware\Quarantine\19-05-2008-15-00-29\39.qit
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppqF1.tmp
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Margaret\Application Data\Antispyware\Quarantine\20-05-2008-05-56-03\13.qit
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Margaret\Application Data\Antispyware\Quarantine\19-05-2008-15-00-29\91.qit
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Margaret\Application Data\Antispyware\Quarantine\19-05-2008-17-28-26\10.qit
00168101 Cookie/Falkag TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppqFD.tmp
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\Margaret\Application Data\Antispyware\Quarantine\19-05-2008-15-00-29\63.qit
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Margaret\Application Data\Antispyware\Quarantine\19-05-2008-15-00-29\23.qit
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppqEA.tmp
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Margaret\Application Data\Antispyware\Quarantine\20-05-2008-05-56-03\2.qit
00169286 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq119.tmp
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Margaret\Application Data\Antispyware\Quarantine\20-05-2008-05-56-03\12.qit
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq121.tmp
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Margaret\Application Data\Antispyware\Quarantine\19-05-2008-15-00-29\88.qit
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Margaret\Application Data\Antispyware\Quarantine\19-05-2008-17-28-26\9.qit
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Margaret\Application Data\Antispyware\Quarantine\19-05-2008-15-00-29\69.qit
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq106.tmp
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq107.tmp
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Margaret\Application Data\Antispyware\Quarantine\19-05-2008-15-00-29\65.qit
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq109.tmp
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Margaret\Application Data\Antispyware\Quarantine\19-05-2008-15-00-29\73.qit
00171842 trj/downloader.coy Virus/Trojan No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{47CD99DF-8BCF-4B9B-94EF-02E51B2F79DA}
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq108.tmp
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Margaret\Application Data\Antispyware\Quarantine\19-05-2008-17-28-26\8.qit
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Margaret\Application Data\Antispyware\Quarantine\19-05-2008-15-00-29\72.qit
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq124.tmp
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppqF0.tmp
00177226 spyware/lefeat Spyware No 1 Yes No HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B847676D-72AC-4393-BFFF-43A1EB979352}
00180153 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq112.tmp
00180154 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq111.tmp
00180246 Cookie/XXXCounter TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq122.tmp
00180246 Cookie/XXXCounter TrackingCookie No 0 Yes No C:\Documents and Settings\Margaret\Application Data\Antispyware\Quarantine\19-05-2008-15-00-29\92.qit
00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Documents and Settings\Margaret\Application Data\Antispyware\Quarantine\19-05-2008-15-00-29\35.qit
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Margaret\Application Data\Antispyware\Quarantine\19-05-2008-15-00-29\20.qit
00193807 dialer.bny Dialers No 0 Yes No c:\windows\pcconfig.dat
00206953 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq10F.tmp
00218977 adware/affilred Adware No 0 Yes No c:\windows\msupdate.exe
00219327 adware/conspy Adware No 0 Yes No c:\windows\waol.exe
00219327 adware/conspy Adware No 0 Yes No c:\windows\editpad.exe
00226936 adware/cws.payfortraffic Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98DBBF16-CA43-4c33-BE80-99E6694468A4}
00251542 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq115.tmp
00262024 Cookie/ErrorSafe TrackingCookie No 0 Yes No C:\Documents and Settings\Margaret\Application Data\Antispyware\Quarantine\19-05-2008-15-00-29\48.qit
00262025 Cookie/ErrorSafe TrackingCookie No 0 Yes No C:\Documents and Settings\Margaret\Application Data\Antispyware\Quarantine\19-05-2008-15-00-29\47.qit
00262033 adware/emediacodec Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{134F7664-943D-3BB9-65F5-70B91DF46C86}
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppqFF.tmp
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\Margaret\Application Data\Antispyware\Quarantine\19-05-2008-15-00-29\13.qit
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\Documents and Settings\Margaret\Application Data\Antispyware\Quarantine\19-05-2008-15-00-29\37.qit
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppqF4.tmp
02261869 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq10E.tmp
02887528 Cookie/AdvancedCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\Margaret\Application Data\Antispyware\Quarantine\19-05-2008-15-00-29\21.qit
02908816 Cookie/Starware TrackingCookie No 0 Yes No C:\Documents and Settings\Margaret\Application Data\Antispyware\Quarantine\19-05-2008-15-00-29\54.qit
02909984 Cookie/PCCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\Margaret\Application Data\Antispyware\Quarantine\19-05-2008-15-00-29\68.qit
02919041 Adware/PCCleaner Adware No 0 Yes No C:\Documents and Settings\Margaret\Application Data\Antispyware\Quarantine\19-05-2008-15-00-29\914.qit
02936685 Adware/VirusAlert Adware No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP550\A0172941.exe
02936689 Adware/VapSup Adware No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP550\A0172944.exe
02936691 Adware/VideoAccessCodec Adware No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP550\A0172945.dll
02980351 Adware/NaviPromo Adware No 1 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP588\A0179664.exe
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location (
;===============================================================================
=================================================================================
===================
No C:\PROGRAM FILES\ANTISPYWAREAPP\TCL.DLL (
No C:\PROGRAM FILES\ANTISPYWAREAPP\ZLIB.DLL (
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description (
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
SUPERAntiSpyware Scan Log
Generated 05/20/2008 at 08:29 PM
Application Version : 3.6.1000
Core Rules Database Version : 3464
Trace Rules Database Version: 1455
Scan type : Quick Scan
Total Scan Time : 01:01:36
Memory items scanned : 677
Memory threats detected : 0
Registry items scanned : 910
Registry threats detected : 10
File items scanned : 33735
File threats detected : 13
Parasite.CoolWebSearch Variant
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22}
C:\WINDOWS\OLEHELP.EXE
HTMLCore Module BHO
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85}
CoolWebSearch Parasite Variant
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e}
Browser Hijacker.Tubby
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306}
ClientMan BHO
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fcaddc14-bd46-408a-9842-cdbe1c6d37eb}
Adware.Zango Toolbar/Hb
C:\Documents and Settings\Margaret\Application Data\Zango
Adware.Casino Games (Golden Palace Casino)
C:\BODOG CASINO\CASINO.EXE
Adware.AdSponsor/ISM
C:\DOCUMENTS AND SETTINGS\MARGARET\APPLICATION DATA\ANTISPYWARE\QUARANTINE\19-05-2008-15-00-29\803.QIT
Worm.EXPLORER32
C:\WINDOWS\EXPLORER32.EXE
Trojan.Downloader-Gen/Win
C:\WINDOWS\IEDLL.EXE
C:\WINDOWS\WIN32E.EXE
Trojan.IEXPLORER
C:\WINDOWS\IEXPLORER.EXE
Trojan.Unclassified/Loader-Suspicious
C:\WINDOWS\LOADER.EXE
RUNDLL16.EXE
C:\WINDOWS\RUNDLL16.EXE
Worm.Rbot Variant
C:\WINDOWS\SVCHOST32.EXE
Trojan.Downloader-Systeem
C:\WINDOWS\SYSTEEM.EXE
Trojan.Downloader-SystemCritcial/Fake Alert
C:\WINDOWS\SYSTEMCRITICAL.EXE
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:51:14 AM, on 5/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\AIM95\aim.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\AntiSpywareApp\Antispyware.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\TrueAssistant\TrueAssistant.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
C:\Program Files\HP\hpcoretech\comp\hpdarc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;http://localhost;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [hpfsched] C:\WINDOWS\hpfsched.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [QdrModule16] "C:\Program Files\QdrModule\QdrModule16.exe"
O4 - HKCU\..\Run: [Antispyware] C:\Program Files\AntiSpywareApp\Antispyware.exe -boot
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Addiction by pogo - http://game3.pogo.co...ction-en_US.cab
O16 - DPF: Bingo Luau by pogo - http://game3.pogo.co...bingo-en_US.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.co...kjack-en_US.cab
O16 - DPF: Blackjack Carnival by pogo - http://game1.pogo.co...jack2-en_US.cab
O16 - DPF: Bowling by pogo - http://game1.pogo.co...wling-en_US.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.co...nasta-en_US.cab
O16 - DPF: Dice City Roller by pogo - http://game3.pogo.co...z/ytz-en_US.cab
O16 - DPF: Dominoes v2 by pogo - http://game3.pogo.co...mino2-en_US.cab
O16 - DPF: Euchre by pogo - http://game3.pogo.co...uchre-en_US.cab
O16 - DPF: Fortune Bingo by pogo - http://game3.pogo.co...bingo-en_US.cab
O16 - DPF: Golf Solitaire by pogo - http://game3.pogo.co...taire-en_US.cab
O16 - DPF: High Stakes Pool by pogo - http://game3.pogo.co.../pool-en_US.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.co...ottso-en_US.cab
O16 - DPF: Mahjong Safari by Pogo - http://game3.pogo.co...afari-en_US.cab
O16 - DPF: Makeover Madness by pogo - http://game1.pogo.co...shoes-en_US.cab
O16 - DPF: Pinochle by pogo - http://game1.pogo.co...ochle-en_US.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.co...popfu-en_US.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.co...ppit2-en_US.cab
O16 - DPF: Quick Quack by pogo - http://game1.pogo.co...treak-en_US.cab
O16 - DPF: Spades 2 by pogo - http://game3.pogo.co...ades2-en_US.cab
O16 - DPF: Squelchies by pogo - http://game3.pogo.co...chies-en_US.cab
O16 - DPF: Super Dominoes by pogo - http://game1.pogo.co...omino-en_US.cab
O16 - DPF: Sweet Tooth 2 by Pogo - http://game1.pogo.co...ooth2-en_US.cab
O16 - DPF: Thousand Island Solitaire by pogo - http://game1.pogo.co...lbrae-en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://game3.pogo.co...peaks-en_US.cab
O16 - DPF: Turbo 21 v2 by pogo - http://game1.pogo.co...rbo22-en_US.cab
O16 - DPF: Wonderland Memories by pogo - http://game1.pogo.co...ories-en_US.cab
O16 - DPF: Word Search Daily by pogo - http://game3.pogo.co...earch-en_US.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O