Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Hijacking


  • Please log in to reply
9 replies to this topic

#1 Mikey L

Mikey L

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 24 October 2007 - 12:22 AM

I have performed all the steps outlined in the preparatory guide to use before posting a log. My HijackThis log appears below. The problem I am having is periodically being redirected to undesirable websites while surfing, some which cannot be found and some pornographic. I am running Windows Media Center Edition and this mostly occurs while using Internet Explorer version 7.0.5730.11.

Any and all help is appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:17:45 AM, on 10/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RdTasker - {73E0DDC2-A93A-4D64-97B5-646627F61DD2} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\PROGRA~1\IWINGA~1\IWINGA~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\DOCUME~1\Mike\LOCALS~1\TEMPOR~1\Content.IE5\72RURTW6\NONVOI~1.SH! C:\DOCUME~1\Mike\LOCALS~1\TEMPOR~1\Content.IE5\XD7DOILO\OPTN_6~1.SH! C:\DOCUME~1\Mike\LOCALS~1\TEMPOR~1\Content.IE5\XD7DOILO\LAUNCH~1.SH! C:\DOCUME~1\Mike\LOCALS~1\TEMPOR~1\Content.IE5\72RURTW6\AIM_UA~1.SH! C:\DOCUME~1\Mike\LOCALS~1\Temp\HSPERF~1.SH! C:\DOCUME~1\Mike\LOCALS~1\TEMPOR~1\Content.IE5\FFY8PFY3\AIM_UA~2.SH! C:\DOCUME~1\Mike\LOCALS~1\TEMPOR~1\Content.IE5\V7KUWUMY\NONVOI~1.SH! C:\DOCUME~1\Mike\LOCALS~1\TEMPOR~1\Content.IE5\MZZ3NMT5\LAUNCH~2.SH! C:\DOCUME~1\Mike\LOCALS~1\TEMPOR~1\Content.IE5\WMLEJ4C8\AIM_UA~1.SH! C:\DOCUME~1\Mike\LOCALS~1\TEMPOR~1\Content.IE5\34YJFXXM\A37C81~1.SH! C:\DOCUME~1\Mike\LOCALS~1\TEMPOR~1\Content.IE5\J4GXKQL0\IFRAME~3.SH! C:\DOCUME~1\Mike\LOCALS~1\TEMPOR~1\Content.IE5\WMLEJ4C8\A39249~2.SH! C:\DOCUME~1\Mike\LOCALS~1\TEMPOR~1\Content.IE5\7A337BGB\IF7487~1.SH! C:\DOCUME~1\Mike\LOCALS~1\TEMPOR~1\Content.IE5\07B19MYU\AIM_UA~1.SH!
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - ?p=ZUxdm080MVUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: winmqx32 - winmqx32.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PowerPanel Personal Edition Service (ppped) - Unknown owner - C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe (file missing)
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe

--
End of file - 13902 bytes

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:06 AM

Posted 24 October 2007 - 03:24 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum Mikey L :thumbsup:
My name is Richie and i'll be helping you to fix your problems.

Download and run Fixwareout from the link below:
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe
After the reboot post the contents of the logfile C:\fixwareout\report.txt in your next reply.

If you have previously downloaded ComboFix,please delete that version now.
Now download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.

Also post a new Hijackthis log please.
Posted Image
Posted Image

#3 Mikey L

Mikey L
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 24 October 2007 - 11:30 AM

Thanks for the quick reply and the assistance.

My Fixware log is as follows:


Username "Mike" - 10/24/2007 11:48:23 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

Successfully flushed the DNS Resolver Cache.


System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"CTHelper"="CTHELPER.EXE"
"CTxfiHlp"="CTXFIHLP.EXE"
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"CTDVDDET"="\"C:\\Program Files\\Creative\\Sound Blaster X-Fi\\DVDAudio\\CTDVDDET.EXE\""
"VolPanel"="\"C:\\Program Files\\Creative\\Sound Blaster X-Fi\\Volume Panel\\VolPanel.exe\" /r"
"AudioDrvEmulator"="\"C:\\Program Files\\Creative\\Shared Files\\Module Loader\\DLLML.exe\" -1 AudioDrvEmulator \"C:\\Program Files\\Creative\\Shared Files\\Module Loader\\Audio Emulator\\AudDrvEm.dll\""
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"MMTray"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mm_tray.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_02\\bin\\jusched.exe\""
"SiteAdvisor"="C:\\Program Files\\SiteAdvisor\\6172\\SiteAdv.exe"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"Device Detector"="DevDetect.exe -autorun"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"
"mcagent_exe"="C:\\Program Files\\McAfee.com\\Agent\\mcagent.exe /runkey"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"TivoTransfer"="\"C:\\Program Files\\Common Files\\TiVo Shared\\Transfer\\TiVoTransfer.exe\" /service /registry /auto:TivoTransfer"
"TivoNotify"="\"C:\\Program Files\\TiVo\\Desktop\\TiVoNotify.exe\" /service /registry /auto:TivoNotify"
"TivoServer"="\"C:\\Program Files\\TiVo\\Desktop\\TiVoServer.exe\" /service /registry /auto:TivoServer"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_8 -reboot 1"
"DellSupport"="\"C:\\Program Files\\DellSupport\\DSAgnt.exe\" /startup"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"
"Aim6"=""
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater]
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~


My Combofix log is as follows:


ComboFix 07-10-23.1 - Mike 2007-10-24 12:02:37.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.444 [GMT -4:00]
Running from: C:\Documents and Settings\Mike\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-09-24 to 2007-10-24 )))))))))))))))))))))))))))))))
.

2007-10-24 12:01 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-22 13:40 <DIR> d-------- C:\WINDOWS\system32\Temp Delete from virus scan
2007-10-22 11:14 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-10-22 11:00 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-10-21 23:48 <DIR> d-------- C:\Documents and Settings\Mike\.housecall6.6
2007-10-21 22:56 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-20 22:29 <DIR> d-------- C:\Program Files\iTunes
2007-10-19 15:00 <DIR> d-------- C:\Documents and Settings\Jenn\Application Data\Gamelab
2007-10-18 18:21 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Ahead
2007-10-18 11:21 <DIR> d-------- C:\Program Files\Common Files\Viewpoint
2007-10-10 00:21 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-24 02:20 --------- d-----w C:\Program Files\Plaxo
2007-10-23 02:50 --------- d--h--w C:\Documents and Settings\Jenn\Application Data\Move Networks
2007-10-22 21:46 --------- d-----w C:\Program Files\iWin.com
2007-10-22 17:01 --------- d-----w C:\Program Files\HP
2007-10-21 02:29 --------- d-----w C:\Program Files\iPod
2007-10-21 02:24 --------- d-----w C:\Program Files\Apple Software Update
2007-10-19 15:31 --------- d-----w C:\Program Files\Viewpoint
2007-10-19 05:24 --------- d-----w C:\Documents and Settings\Jenn\Application Data\PlayFirst
2007-10-11 15:20 --------- d-----w C:\Program Files\McAfee
2007-10-09 17:57 --------- d-----w C:\Documents and Settings\Mike\Application Data\SiteAdvisor
2007-10-07 23:46 --------- d-----w C:\Documents and Settings\Jenn\Application Data\SiteAdvisor
2007-10-07 16:04 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\SiteAdvisor
2007-09-24 00:00 --------- d-----w C:\Documents and Settings\Jenn\Application Data\Big Fish Games
2007-09-10 16:37 --------- d-----w C:\Program Files\SiteAdvisor
2007-09-08 13:46 --------- d-----w C:\Program Files\activePDF
2007-08-27 21:08 --------- d-----w C:\Program Files\Common Files\AOL
2007-08-27 21:00 --------- d-----w C:\Documents and Settings\Mike\Application Data\AOL
2007-08-25 14:27 --------- d-----w C:\Documents and Settings\Mike\Application Data\tunebite
2007-08-25 06:22 --------- d-----w C:\Program Files\FairStars CD Ripper
2007-08-25 06:13 --------- d-----w C:\Program Files\tunebite
2007-08-25 05:57 --------- d-----w C:\Documents and Settings\Mike\Application Data\RTPlayer
2007-08-25 04:34 --------- d-----w C:\Documents and Settings\Jenn\Application Data\Ahead
2007-08-24 21:39 --------- d-----w C:\Documents and Settings\Mike\Application Data\uTorrent
2007-08-24 20:22 --------- d-----w C:\Documents and Settings\Mike\Application Data\Nero
2007-08-24 19:53 --------- d-----w C:\Program Files\Common Files\Adobe
2007-08-24 19:42 --------- d-----w C:\Documents and Settings\Mike\Application Data\Download Manager
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 06:15 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-08-20 10:04 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-20 10:04 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-20 10:04 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-08-20 10:04 6,058,496 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-08-20 10:04 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-08-20 10:04 477,696 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-20 10:04 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-08-20 10:04 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-08-20 10:04 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-08-20 10:04 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-08-20 10:04 3,584,512 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-20 10:04 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-20 10:04 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-08-20 10:04 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-08-20 10:04 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-08-20 10:04 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-20 10:04 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-20 10:04 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-08-20 10:04 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-20 10:04 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-08-20 10:04 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-08-20 10:04 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-08-20 10:04 1,152,000 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-17 10:21 625,152 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-08-17 10:20 63,488 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-08-17 10:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-08-17 07:34 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-08-08 14:07 3,350 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-07-30 23:19 92,504 -c--a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 23:19 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 23:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 23:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 23:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 23:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 23:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-07-30 23:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2007-07-30 23:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 23:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 23:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-30 23:18 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2007-07-14 02:08 52,448 -c--a-w C:\Documents and Settings\Mike\Application Data\GDIPFONTCACHEV1.DAT
2007-01-23 03:12 136,224 -c--a-w C:\Program Files\MC
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{73E0DDC2-A93A-4D64-97B5-646627F61DD2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8CA5ED52-F3FB-4414-A105-2E3491156990}]
2006-11-01 10:03 73728 --a------ C:\PROGRA~1\IWINGA~1\IWINGA~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 14:01]
"CTHelper"="CTHELPER.EXE" [2005-11-08 12:30 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-03-02 04:00 C:\WINDOWS\system32\CTXFIHLP.EXE]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05]
"CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 01:00]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 11:01]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 18:07]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-09-08 19:20]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2007-02-08 22:39]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53]
"Device Detector"="DevDetect.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-04 02:33]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"TivoTransfer"="C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" [2006-07-11 07:23]
"TivoNotify"="C:\Program Files\TiVo\Desktop\TiVoNotify.exe" [2006-07-11 07:24]
"TivoServer"="C:\Program Files\TiVo\Desktop\TiVoServer.exe" [2006-07-11 07:26]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 05:00]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-10 23:20]
"Aim6"="" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"DelayShred"="c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\DOCUME~1\Mike\LOCALS~1\TEMPOR~1\Content.IE5\72RURTW6\NONVOI~1.SH! C:\DOCUME~1\Mike\LOCALS~1\TEMPOR~1\Content.IE5\XD7DOILO\OPTN_6~1.SH! C:\DOCUME~1\Mike\LOCALS~1\TEMPOR~1\Content.IE5\XD7DOILO\LAUNCH~1.SH! C:\DOCUME~1\Mike\LOCALS~1\TEMPOR~1\Content.IE5\72RURTW6\AIM_UA~1.SH! C:\DOCUME~1\Mike\LOCALS~1\Temp\HSPERF~1.SH! C:\DOCUME~1\Mike\LOCALS~1\TEMPOR~1\Content.IE5\FFY8PFY3\AIM_UA~2.SH! C:\DOCUME~1\Mike\LOCALS~1\TEMPOR~1\Content.IE5\V7KUWUMY\NONVOI~1.SH! C:\DOCUME~1\Mike\LOCALS~1\TEMPOR~1\Content.IE5\MZZ3NMT5\LAUNCH~2.SH! C:\DOCUME~1\Mike\LOCALS~1\TEMPOR~1\Content.IE5\WMLEJ4C8\AIM_UA~1.SH! C:\DOCUME~1\Mike\LOCALS~1\TEMPOR~1\Content.IE5\34YJFXXM\A37C81~1.SH! C:\DOCUME~1\Mike\LOCALS~1\TEMPOR~1\Content.IE5\J4GXKQL0\IFRAME~3.SH! C:\DOCUME~1\Mike\LOCALS~1\TEMPOR~1\Content.IE5\WMLEJ4C8\A39249~2.SH! C:\DOCUME~1\Mike\LOCALS~1\TEMPOR~1\Content.IE5\7A337BGB\IF7487~1.SH! C:\DOCUME~1\Mike\LOCALS~1\TEMPOR~1\Content.IE5\07B19MYU\AIM_UA~1.SH! C:\DOCUME~1\Mike\LOCALS~1\TEMPOR~1\Content.IE5\8G5W8J1O\AIM_UA~1.SH! C:\DOCUME~1\Mike\LOCALS~1\TEMPOR~1\Content.IE5\8G5W8J1O\OPTN_6~1.SH! C:\DOCUME~1\Mike\LOCALS~1\TEMPOR~1\Content.IE5\4B7O7S1K\YOURDI~1.SH! C:\DOCUME~1\Mike\LOCALS~1\TEMPOR~1\Content.IE5\JGZLH2W5\AIM_UA~1.SH! C:\DOCUME~1\Mike\LOCALS~1\TEMPOR~1\Content.IE5\ZYR1TSPI\AIM_UA~1.SH! C:\DOCUME~1\Mike\LOCALS~1\TEMPOR~1\Content.IE5\LLY6J3W5\AIM_UA~1.SH! C:\DOCUME~1\Mike\LOCALS~1\TEMPOR~1\Content.IE5\QRMQQ4ZY\EBAYIS~3.SH! C:\DOCUME~1\Mike\LOCALS~1\TEMPOR~1\Content.IE5\QRMQQ4ZY\NEW-CI~1.SH! C:\DOCUME~1\Mike\LOCALS~1\TEMPOR~1\Content.IE5\TAMI8VLF\SLF_EC~1.SH! C:\DOCUME~1\Mike\LOCALS~1\TEMPOR~1\Content.IE5\30SUXTOI\EXP_1_~1.SH! C:\DOCUME~1\Mike\LOCALS~1\TEMPOR~1\Content.IE5\5DQOMFA5\TRAINI~1.SH! C:\DOCUME~1\Mike\LOCALS~1\TEMPOR~1\Content.IE5\GCDB611U\GOOGLE~1.SH! C:\DOCUME~1\Mike\LOCALS~1\TEMPOR~1\Content.IE5\IPLCBA7C\AIM_UA~1.SH! C:\DOCUME~1\Mike\LOCALS~1\TEMPOR~1\Content.IE5\N0XB3LA2\AIM_UA~1.SH! C:\DOCUME~1\Mike\Cookies\MIKE@W~1.SH! C:\DOCUME~1\Mike\Cookies\MIKE@Z~1.SH! C:\DOCUME~1\Mike\Cookies\MIKE@S~2.SH! C:\DOCUME~1\Mike\Cookies\MIKE@M~2.SH! C:\DOCUME~1\Mike\Cookies\MIKE@A~4.SH! C:\DOCUME~1\Mike\Cookies\MIC86B~1.SH! C:\DOCUME~1\Mike\Cookies\MIKE@A~3.SH! C:\DOCUME~1\Mike\Cookies\MI5B05~1.SH!

C:\Documents and Settings\Jenn\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2006-07-20 15:39:23]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winmqx32]
winmqx32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mike^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=C:\Documents and Settings\Mike\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=C:\WINDOWS\pss\HotSync Manager.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tunebite.exe]
C:\Program Files\Tunebite\tunebite.exe -tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)

R2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
R2 TivoBeacon2;TiVo Beacon;"C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe" /service
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys
R3 tbhsd;Tunebite High-Speed Dubbing;C:\WINDOWS\system32\drivers\tbhsd.sys
S3 RimSerPort;RIM Virtual Serial Port;C:\WINDOWS\system32\DRIVERS\RimSerial.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command - E:\setup.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-10-22 17:12:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-10-19 22:30:00 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (OFFICE-Admin).job"
"2007-09-15 05:00:00 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2007-10-01 05:00:00 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-24 12:12:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-24 12:14:00
.
--- E O F ---


My HijackThis log is as follows:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:22:46 PM, on 10/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RdTasker - {73E0DDC2-A93A-4D64-97B5-646627F61DD2} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\PROGRA~1\IWINGA~1\IWINGA~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\DOCUME~1\Mike\LOCALS~1\TEMPOR~1\Content.IE5\72RURTW6\NONVOI~1.SH! C:\DOCUME~1\Mike\LOCALS~1\TEMPOR~1\Content.IE5\XD7DOILO\OPTN_6~1.SH! C:\DOCUME~1\Mike\LOCALS~1\TEMPOR~1\Content.IE5\XD7DOILO\LAUNCH~1.SH! C:\DOCUME~1\Mike\LOCALS~1\TEMPOR~1\Content.IE5\72RURTW6\AIM_UA~1.SH! C:\DOCUME~1\Mike\LOCALS~1\Temp\HSPERF~1.SH! C:\DOCUME~1\Mike\LOCALS~1\TEMPOR~1\Content.IE5\FFY8PFY3\AIM_UA~2.SH! C:\DOCUME~1\Mike\LOCALS~1\TEMPOR~1\Content.IE5\V7KUWUMY\NONVOI~1.SH! C:\DOCUME~1\Mike\LOCALS~1\TEMPOR~1\Content.IE5\MZZ3NMT5\LAUNCH~2.SH! C:\DOCUME~1\Mike\LOCALS~1\TEMPOR~1\Content.IE5\WMLEJ4C8\AIM_UA~1.SH! C:\DOCUME~1\Mike\LOCALS~1\TEMPOR~1\Content.IE5\34YJFXXM\A37C81~1.SH! C:\DOCUME~1\Mike\LOCALS~1\TEMPOR~1\Content.IE5\J4GXKQL0\IFRAME~3.SH! C:\DOCUME~1\Mike\LOCALS~1\TEMPOR~1\Content.IE5\WMLEJ4C8\A39249~2.SH! C:\DOCUME~1\Mike\LOCALS~1\TEMPOR~1\Content.IE5\7A337BGB\IF7487~1.SH! C:\DOCUME~1\Mike\LOCALS~1\TEMPOR~1\Content.IE5\07B19MYU\AIM_UA~1.SH!
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - ?p=ZUxdm080MVUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: winmqx32 - winmqx32.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PowerPanel Personal Edition Service (ppped) - Unknown owner - C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe (file missing)
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe

--
End of file - 13903 bytes

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:06 AM

Posted 24 October 2007 - 05:52 PM

Please disable Spybot S&Dís protection,or it will interfere.
You can enable it after you're clean.
Open Spybot and click on 'Mode' and check 'Advanced Mode'.
Click on 'Tools' in bottom left hand corner.
Click on the 'System Startup' icon.
Uncheck 'Teatimer' box and/or uncheck 'Resident'.
Click the 'Allow Change' box.
Then, check next to the computer clock to see if the icon for Spybot is still there.
If it is, right click it and choose 'exit Spybot-S&D Resident'.
Restart the computer.
If you find you're experiencing problems disabling Spybot's Tea-Timer,follow the info in the link below:
http://www.russelltexas.com/malware/teatimer.htm


Please download OTMoveIt by OldTimer:
http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe

Save it to your desktop.
Please double-click OTMoveIt.exe to run it.
Copy the file paths inside the quote box below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose 'Copy'):

C:\Program Files\Common Files\Viewpoint
C:\Program Files\iWin.com
C:\Program Files\Viewpoint

Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
Click the red Moveit! button Posted Image

Copy everything on the 'Results' window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose 'Copy'), and paste it into your next reply.
Close OTMoveIt

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes.


Download\install 'SuperAntiSpyware Home Edition Free Version' from here:
http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE

Launch SuperAntiSpyware and click on 'Check for updates'.
Once the updates have been installed,exit SuperAntiSpyware.

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O2 - BHO: RdTasker - {73E0DDC2-A93A-4D64-97B5-646627F61DD2} - (no file)
O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\PROGRA~1\IWINGA~1\IWINGA~1.DLL
O4 - HKCU\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\DOCUME~1\Mike\LOCALS~1\TEMPOR~1\Content.IE5\72RURTW6\NONVOI~1.SH! C:\DOCUME~1\Mike\LOCALS~1\TEMPOR~1\Content.IE5\XD7DOILO\OPTN_6~1.SH! C:\DOCUME~1\Mike\LOCALS~1\TEMPOR~1\Content.IE5\XD7DOILO\LAUNCH~1.SH! C:\DOCUME~1\Mike\LOCALS~1\TEMPOR~1\Content.IE5\72RURTW6\AIM_UA~1.SH! C:\DOCUME~1\Mike\LOCALS~1\Temp\HSPERF~1.SH! C:\DOCUME~1\Mike\LOCALS~1\TEMPOR~1\Content.IE5\FFY8PFY3\AIM_UA~2.SH! C:\DOCUME~1\Mike\LOCALS~1\TEMPOR~1\Content.IE5\V7KUWUMY\NONVOI~1.SH! C:\DOCUME~1\Mike\LOCALS~1\TEMPOR~1\Content.IE5\MZZ3NMT5\LAUNCH~2.SH! C:\DOCUME~1\Mike\LOCALS~1\TEMPOR~1\Content.IE5\WMLEJ4C8\AIM_UA~1.SH! C:\DOCUME~1\Mike\LOCALS~1\TEMPOR~1\Content.IE5\34YJFXXM\A37C81~1.SH! C:\DOCUME~1\Mike\LOCALS~1\TEMPOR~1\Content.IE5\J4GXKQL0\IFRAME~3.SH! C:\DOCUME~1\Mike\LOCALS~1\TEMPOR~1\Content.IE5\WMLEJ4C8\A39249~2.SH! C:\DOCUME~1\Mike\LOCALS~1\TEMPOR~1\Content.IE5\7A337BGB\IF7487~1.SH! C:\DOCUME~1\Mike\LOCALS~1\TEMPOR~1\Content.IE5\07B19MYU\AIM_UA~1.SH!
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O20 - Winlogon Notify: winmqx32 - winmqx32.dll (file missing)

Exit Hijackthis.

Start SuperAntiSpyware.
On the main screen click on 'Scan your computer'.
Check: 'Perform Complete Scan'.
Click 'Next' to start the scan.

Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
Make sure everything found has a checkmark next to it,then press 'Next'.
Click on 'Finish' when you've done.

It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
Click on 'Preferences'.
Click on the 'Statistics/Logs' tab.
Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad.
Copy and paste the contents of that report into your next reply.
Also post a new Hijackthis log,let me know how your pc is running now.

Posted Image
Posted Image

#5 Mikey L

Mikey L
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 25 October 2007 - 11:15 AM

My OTMoveIt log:

C:\Program Files\Common Files\Viewpoint\Toolbar Runtime moved successfully.
C:\Program Files\Common Files\Viewpoint moved successfully.
C:\Program Files\iWin.com\Stand O Food\textures\stage1\wall moved successfully.
C:\Program Files\iWin.com\Stand O Food\textures\stage1\smiles moved successfully.
C:\Program Files\iWin.com\Stand O Food\textures\stage1\palp moved successfully.
C:\Program Files\iWin.com\Stand O Food\textures\stage1 moved successfully.
C:\Program Files\iWin.com\Stand O Food\textures\russian\splash_pictures moved successfully.
C:\Program Files\iWin.com\Stand O Food\textures\russian\splash_baloons moved successfully.
C:\Program Files\iWin.com\Stand O Food\textures\russian\cafe_big moved successfully.
C:\Program Files\iWin.com\Stand O Food\textures\russian moved successfully.
C:\Program Files\iWin.com\Stand O Food\textures\map moved successfully.
C:\Program Files\iWin.com\Stand O Food\textures\font moved successfully.
C:\Program Files\iWin.com\Stand O Food\textures\english\splash_pictures moved successfully.
C:\Program Files\iWin.com\Stand O Food\textures\english\splash_baloons moved successfully.
C:\Program Files\iWin.com\Stand O Food\textures\english\cafe_big moved successfully.
C:\Program Files\iWin.com\Stand O Food\textures\english moved successfully.
C:\Program Files\iWin.com\Stand O Food\textures\effects\big_stars moved successfully.
C:\Program Files\iWin.com\Stand O Food\textures\effects moved successfully.
C:\Program Files\iWin.com\Stand O Food\textures\burgerlib moved successfully.
C:\Program Files\iWin.com\Stand O Food\textures\bgr moved successfully.
C:\Program Files\iWin.com\Stand O Food\textures\atlases\russian moved successfully.
C:\Program Files\iWin.com\Stand O Food\textures\atlases\english moved successfully.
C:\Program Files\iWin.com\Stand O Food\textures\atlases moved successfully.
C:\Program Files\iWin.com\Stand O Food\textures moved successfully.
C:\Program Files\iWin.com\Stand O Food\sounds\biznesman moved successfully.
C:\Program Files\iWin.com\Stand O Food\sounds moved successfully.
C:\Program Files\iWin.com\Stand O Food\package_info moved successfully.
C:\Program Files\iWin.com\Stand O Food\logs\OFFICE moved successfully.
C:\Program Files\iWin.com\Stand O Food\logs moved successfully.
C:\Program Files\iWin.com\Stand O Food\gamepage\images\product moved successfully.
C:\Program Files\iWin.com\Stand O Food\gamepage\images moved successfully.
C:\Program Files\iWin.com\Stand O Food\gamepage\css moved successfully.
C:\Program Files\iWin.com\Stand O Food\gamepage moved successfully.
C:\Program Files\iWin.com\Stand O Food\data\data\russian moved successfully.
C:\Program Files\iWin.com\Stand O Food\data\data\english moved successfully.
C:\Program Files\iWin.com\Stand O Food\data\data moved successfully.
C:\Program Files\iWin.com\Stand O Food\data moved successfully.
C:\Program Files\iWin.com\Stand O Food moved successfully.
C:\Program Files\iWin.com\Nancy Drew Last Train to Blue Moon Canyon\Save moved successfully.
C:\Program Files\iWin.com\Nancy Drew Last Train to Blue Moon Canyon\HDVideo moved successfully.
C:\Program Files\iWin.com\Nancy Drew Last Train to Blue Moon Canyon\HDSound moved successfully.
C:\Program Files\iWin.com\Nancy Drew Last Train to Blue Moon Canyon\Ciftree moved successfully.
C:\Program Files\iWin.com\Nancy Drew Last Train to Blue Moon Canyon\CDVideo moved successfully.
C:\Program Files\iWin.com\Nancy Drew Last Train to Blue Moon Canyon\CDSound moved successfully.
C:\Program Files\iWin.com\Nancy Drew Last Train to Blue Moon Canyon moved successfully.
C:\Program Files\iWin.com\Nancy Drew Deception Island\Save moved successfully.
C:\Program Files\iWin.com\Nancy Drew Deception Island\HDVideo moved successfully.
C:\Program Files\iWin.com\Nancy Drew Deception Island\HDSound moved successfully.
C:\Program Files\iWin.com\Nancy Drew Deception Island\gamepage\images\product moved successfully.
C:\Program Files\iWin.com\Nancy Drew Deception Island\gamepage\images\generics moved successfully.
C:\Program Files\iWin.com\Nancy Drew Deception Island\gamepage\images moved successfully.
C:\Program Files\iWin.com\Nancy Drew Deception Island\gamepage\css moved successfully.
C:\Program Files\iWin.com\Nancy Drew Deception Island\gamepage moved successfully.
C:\Program Files\iWin.com\Nancy Drew Deception Island\Ciftree moved successfully.
C:\Program Files\iWin.com\Nancy Drew Deception Island\CDVideo moved successfully.
C:\Program Files\iWin.com\Nancy Drew Deception Island\CDSound moved successfully.
C:\Program Files\iWin.com\Nancy Drew Deception Island moved successfully.
C:\Program Files\iWin.com\Nancy Drew Danger by Design\HDVideo moved successfully.
C:\Program Files\iWin.com\Nancy Drew Danger by Design\HDSound moved successfully.
C:\Program Files\iWin.com\Nancy Drew Danger by Design\gamepage\images\product moved successfully.
C:\Program Files\iWin.com\Nancy Drew Danger by Design\gamepage\images\generics moved successfully.
C:\Program Files\iWin.com\Nancy Drew Danger by Design\gamepage\images moved successfully.
C:\Program Files\iWin.com\Nancy Drew Danger by Design\gamepage\css moved successfully.
C:\Program Files\iWin.com\Nancy Drew Danger by Design\gamepage moved successfully.
C:\Program Files\iWin.com\Nancy Drew Danger by Design\Ciftree moved successfully.
C:\Program Files\iWin.com\Nancy Drew Danger by Design\CDVideo moved successfully.
C:\Program Files\iWin.com\Nancy Drew Danger by Design\CDSound moved successfully.
C:\Program Files\iWin.com\Nancy Drew Danger by Design moved successfully.
C:\Program Files\iWin.com\Nancy Drew Curse of Blackmoor Manor\Save moved successfully.
C:\Program Files\iWin.com\Nancy Drew Curse of Blackmoor Manor\HDVideo moved successfully.
C:\Program Files\iWin.com\Nancy Drew Curse of Blackmoor Manor\HDSound moved successfully.
C:\Program Files\iWin.com\Nancy Drew Curse of Blackmoor Manor\Ciftree moved successfully.
C:\Program Files\iWin.com\Nancy Drew Curse of Blackmoor Manor\CDVideo moved successfully.
C:\Program Files\iWin.com\Nancy Drew Curse of Blackmoor Manor\CDSound moved successfully.
C:\Program Files\iWin.com\Nancy Drew Curse of Blackmoor Manor moved successfully.
C:\Program Files\iWin.com\Miss Management\manifests moved successfully.
C:\Program Files\iWin.com\Miss Management\levels\normal moved successfully.
C:\Program Files\iWin.com\Miss Management\levels moved successfully.
C:\Program Files\iWin.com\Miss Management\images\Shared moved successfully.
C:\Program Files\iWin.com\Miss Management\images\PowerupStoreImages\ItemInfo moved successfully.
C:\Program Files\iWin.com\Miss Management\images\PowerupStoreImages moved successfully.
C:\Program Files\iWin.com\Miss Management\images\Non Game UI\QuitConfirm_images moved successfully.
C:\Program Files\iWin.com\Miss Management\images\Non Game UI\Options_images moved successfully.
C:\Program Files\iWin.com\Miss Management\images\Non Game UI\MainMenu_images moved successfully.
C:\Program Files\iWin.com\Miss Management\images\Non Game UI\InGameMenu_images moved successfully.
C:\Program Files\iWin.com\Miss Management\images\Non Game UI\Help_images moved successfully.
C:\Program Files\iWin.com\Miss Management\images\Non Game UI\GoalsCompleted_images moved successfully.
C:\Program Files\iWin.com\Miss Management\images\Non Game UI\Credits_images moved successfully.
C:\Program Files\iWin.com\Miss Management\images\Non Game UI\CallItADay_images moved successfully.
C:\Program Files\iWin.com\Miss Management\images\Non Game UI\Account\Account_images moved successfully.
C:\Program Files\iWin.com\Miss Management\images\Non Game UI\Account\AccountPopups_images moved successfully.
C:\Program Files\iWin.com\Miss Management\images\Non Game UI\Account moved successfully.
C:\Program Files\iWin.com\Miss Management\images\Non Game UI moved successfully.
C:\Program Files\iWin.com\Miss Management\images\NewPowerupImages moved successfully.
C:\Program Files\iWin.com\Miss Management\images\LevelSelectImages\SeasonTitles moved successfully.
C:\Program Files\iWin.com\Miss Management\images\LevelSelectImages\SeasonBackgrounds moved successfully.
C:\Program Files\iWin.com\Miss Management\images\LevelSelectImages\EpisodeImages moved successfully.
C:\Program Files\iWin.com\Miss Management\images\LevelSelectImages moved successfully.
C:\Program Files\iWin.com\Miss Management\images\Intro_Outro_Interstitial_images moved successfully.
C:\Program Files\iWin.com\Miss Management\images\generic\textedit moved successfully.
C:\Program Files\iWin.com\Miss Management\images\generic\button moved successfully.
C:\Program Files\iWin.com\Miss Management\images\generic moved successfully.
C:\Program Files\iWin.com\Miss Management\images\game\tasks moved successfully.
C:\Program Files\iWin.com\Miss Management\images\game\speech_bubble moved successfully.
C:\Program Files\iWin.com\Miss Management\images\game\powerups moved successfully.
C:\Program Files\iWin.com\Miss Management\images\game\notifications\TaskCompleted moved successfully.
C:\Program Files\iWin.com\Miss Management\images\game\notifications\Stressout moved successfully.
C:\Program Files\iWin.com\Miss Management\images\game\notifications\newGoalUnlocked moved successfully.
C:\Program Files\iWin.com\Miss Management\images\game\notifications\goalComplete moved successfully.
C:\Program Files\iWin.com\Miss Management\images\game\notifications moved successfully.
C:\Program Files\iWin.com\Miss Management\images\game\name_plates moved successfully.
C:\Program Files\iWin.com\Miss Management\images\game\LevelClockImages moved successfully.
C:\Program Files\iWin.com\Miss Management\images\game\goal_thought_bubble moved successfully.
C:\Program Files\iWin.com\Miss Management\images\game\GoalTrackingHUDImages moved successfully.
C:\Program Files\iWin.com\Miss Management\images\game\GoalInfoPanel moved successfully.
C:\Program Files\iWin.com\Miss Management\images\game\game_background moved successfully.
C:\Program Files\iWin.com\Miss Management\images\game\furniture\storageShelf moved successfully.
C:\Program Files\iWin.com\Miss Management\images\game\furniture\Radio moved successfully.
C:\Program Files\iWin.com\Miss Management\images\game\furniture\elevator moved successfully.
C:\Program Files\iWin.com\Miss Management\images\game\furniture\desk_arrow\animations moved successfully.
C:\Program Files\iWin.com\Miss Management\images\game\furniture\desk_arrow moved successfully.
C:\Program Files\iWin.com\Miss Management\images\game\furniture\Bathroom_close moved successfully.
C:\Program Files\iWin.com\Miss Management\images\game\furniture\AC moved successfully.
C:\Program Files\iWin.com\Miss Management\images\game\furniture moved successfully.
C:\Program Files\iWin.com\Miss Management\images\game\employee_info moved successfully.
C:\Program Files\iWin.com\Miss Management\images\game\employees\Xtimothy moved successfully.
C:\Program Files\iWin.com\Miss Management\images\game\employees\Xpearl moved successfully.
C:\Program Files\iWin.com\Miss Management\images\game\employees\xnadine moved successfully.
C:\Program Files\iWin.com\Miss Management\images\game\employees\Xluke moved successfully.
C:\Program Files\iWin.com\Miss Management\images\game\employees\Xduncan moved successfully.
C:\Program Files\iWin.com\Miss Management\images\game\employees\Xbrooke moved successfully.
C:\Program Files\iWin.com\Miss Management\images\game\employees\Xashley moved successfully.
C:\Program Files\iWin.com\Miss Management\images\game\employees\Winston moved successfully.
C:\Program Files\iWin.com\Miss Management\images\game\employees\tara moved successfully.
C:\Program Files\iWin.com\Miss Management\images\game\employees\StressThermometer moved successfully.
C:\Program Files\iWin.com\Miss Management\images\game\employees\Mahavir moved successfully.
C:\Program Files\iWin.com\Miss Management\images\game\employees\Denise moved successfully.
C:\Program Files\iWin.com\Miss Management\images\game\employees\coffee_effect moved successfully.
C:\Program Files\iWin.com\Miss Management\images\game\employees moved successfully.
C:\Program Files\iWin.com\Miss Management\images\game\clock moved successfully.
C:\Program Files\iWin.com\Miss Management\images\game moved successfully.
C:\Program Files\iWin.com\Miss Management\images\EpisodeTitle_images moved successfully.
C:\Program Files\iWin.com\Miss Management\images\EpilogueImages moved successfully.
C:\Program Files\iWin.com\Miss Management\images\arrow_buttons moved successfully.
C:\Program Files\iWin.com\Miss Management\images moved successfully.
C:\Program Files\iWin.com\Miss Management\gamepage\images\product moved successfully.
C:\Program Files\iWin.com\Miss Management\gamepage\images moved successfully.
C:\Program Files\iWin.com\Miss Management\gamepage\css moved successfully.
C:\Program Files\iWin.com\Miss Management\gamepage moved successfully.
C:\Program Files\iWin.com\Miss Management\fonts moved successfully.
C:\Program Files\iWin.com\Miss Management\cutscenes moved successfully.
C:\Program Files\iWin.com\Miss Management\audio\sfx moved successfully.
C:\Program Files\iWin.com\Miss Management\audio\music moved successfully.
C:\Program Files\iWin.com\Miss Management\audio moved successfully.
C:\Program Files\iWin.com\Miss Management moved successfully.
C:\Program Files\iWin.com\Fruit Fall Deluxe moved successfully.
C:\Program Files\iWin.com\FamilyFeudOnlineParty\splash moved successfully.
C:\Program Files\iWin.com\FamilyFeudOnlineParty\images\mp moved successfully.
C:\Program Files\iWin.com\FamilyFeudOnlineParty\images\mainmenu moved successfully.
C:\Program Files\iWin.com\FamilyFeudOnlineParty\images\ff moved successfully.
C:\Program Files\iWin.com\FamilyFeudOnlineParty\images moved successfully.
C:\Program Files\iWin.com\FamilyFeudOnlineParty\fonts moved successfully.
Folder move failed. C:\Program Files\iWin.com\FamilyFeudOnlineParty\existcheck scheduled to be moved on reboot.
C:\Program Files\iWin.com\FamilyFeudOnlineParty\cfg\animations moved successfully.
C:\Program Files\iWin.com\FamilyFeudOnlineParty\cfg moved successfully.
C:\Program Files\iWin.com\FamilyFeudOnlineParty\audiovo moved successfully.
C:\Program Files\iWin.com\FamilyFeudOnlineParty\audio moved successfully.
C:\Program Files\iWin.com\FamilyFeudOnlineParty moved successfully.
C:\Program Files\iWin.com\Cinema Tycoon moved successfully.
C:\Program Files\iWin.com\Azada\local moved successfully.
C:\Program Files\iWin.com\Azada\gamepage\images\product moved successfully.
C:\Program Files\iWin.com\Azada\gamepage\images\generics moved successfully.
C:\Program Files\iWin.com\Azada\gamepage\images moved successfully.
C:\Program Files\iWin.com\Azada\gamepage\css moved successfully.
C:\Program Files\iWin.com\Azada\gamepage moved successfully.
C:\Program Files\iWin.com\Azada moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Text\Scripts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Text\Journal moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Text moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Sound\VO moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Sound\SFX moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Sound\Music moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Sound\Interface moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Sound moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Saved Games moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\People\wargrave moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\People\unknown moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\People\trogers moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\People\raven02 moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\People\raven moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\People\narracott moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\People\marston moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\People\mackenzie moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\People\lombard moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\People\gull moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\People\goat02 moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\People\goat moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\People\erogers moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\People\claythorne moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\People\chickenwhite moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\People\chicken02 moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\People\chicken moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\People\brent moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\People\blore moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\People\armstrong moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\People moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Windingpath\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Windingpath\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Windingpath\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Windingpath moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Westbalcony\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Westbalcony\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Westbalcony\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Westbalcony moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Wargravesroom\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Wargravesroom\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Wargravesroom\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Wargravesroom moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Wararmbath\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Wararmbath\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Wararmbath\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Wararmbath\Act05a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Wararmbath\Act04b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Wararmbath\Act01b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Wararmbath moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Verasroom\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Verasroom\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Verasroom\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Verasroom\Act10a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Verasroom\Act08a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Verasroom\Act04c moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Verasroom\Act01b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Verasroom moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Upstairsbalcony\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Upstairsbalcony\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Upstairsbalcony\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Upstairsbalcony\Act10a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Upstairsbalcony\Act09a\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Upstairsbalcony\Act09a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Upstairsbalcony\Act08a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Upstairsbalcony\Act07b\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Upstairsbalcony\Act07b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Upstairsbalcony\Act06c moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Upstairsbalcony\Act06b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Upstairsbalcony\Act05a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Upstairsbalcony\Act04c moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Upstairsbalcony\Act02a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Upstairsbalcony\Act01d moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Upstairsbalcony\Act01b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Upstairsbalcony moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Undergroundpassage\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Undergroundpassage\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Undergroundpassage\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Undergroundpassage moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Storeroom\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Storeroom\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Storeroom moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Shiprock\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Shiprock\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Shiprock\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Shiprock\Act05a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Shiprock\Act03a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Shiprock moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Shed\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Shed\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Shed\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Shed\Act06c moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Shed\Act05a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Shed\Act04d moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Shed\Act03a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Shed moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Servantsq\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Servantsq\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Servantsq\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Servantsq\Act04b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Servantsq\Act01d moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Servantsq moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Secludedbeach\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Secludedbeach\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Secludedbeach\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Secludedbeach\Act08a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Secludedbeach\Act03a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Secludedbeach moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Screeningroom\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Screeningroom\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Screeningroom\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Screeningroom\Act08a\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Screeningroom\Act08a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Screeningroom\Act04b\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Screeningroom\Act04b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Screeningroom moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Sandypath\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Sandypath\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Sandypath\Act06c moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Sandypath moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Saferoom\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Saferoom\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Saferoom\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Saferoom moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Ruinedvillageb\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Ruinedvillageb\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Ruinedvillageb\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Ruinedvillageb moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Ruinedvillagea\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Ruinedvillagea\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Ruinedvillagea\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Ruinedvillagea moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Protectedcove\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Protectedcove\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Protectedcove\Base\Animations moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Protectedcove\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Protectedcove moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Parlor\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Parlor\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Parlor\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Parlor\Act07a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Parlor\Act06a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Parlor\Act05c moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Parlor\Act04b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Parlor\Act03a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Parlor\Act01e\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Parlor\Act01e moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Parlor\Act01d moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Parlor\Act01b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Parlor moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Orchard\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Orchard\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Orchard\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Orchard\act06c moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Orchard moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Marstonsroom\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Marstonsroom\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Marstonsroom\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Marstonsroom\Act04c moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Marstonsroom\Act02a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Marstonsroom moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Marmacbath\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Marmacbath\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Marmacbath\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Marmacbath\Act04c moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Marmacbath\Act02a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Marmacbath\Act01b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Marmacbath moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Mainstair\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Mainstair\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Mainstair\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Mainstair\Act10b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Mainstair\Act06b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Mainstair\Act03a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Mainstair\Act01b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Mainstair moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Mainmenu\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Mainmenu\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Mainmenu moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Mackenziesroom\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Mackenziesroom\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Mackenziesroom\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Mackenziesroom\Act04c moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Mackenziesroom\Act04b\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Mackenziesroom\Act04b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Mackenziesroom\Act02a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Mackenziesroom moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Lombardsroom\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Lombardsroom\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Lombardsroom\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Lombardsroom\Act06a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Lombardsroom\Act02a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Lombardsroom\Act01b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Lombardsroom moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Linenhall\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Linenhall\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Linenhall\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Linenhall\Act04c moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Linenhall\Act02a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Linenhall\Act01b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Linenhall moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Library\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Library\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Library\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Library\Act05c moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Library moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Kitchen\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Kitchen\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Kitchen\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Kitchen\Act04b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Kitchen\Act04a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Kitchen\Act03a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Kitchen\Act02b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Kitchen\Act01c moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Kitchen\Act01b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Kitchen moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Jetty\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Jetty\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Jetty\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Jetty moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Grotto\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Grotto\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Grotto\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Grotto moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Goatpen\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Goatpen\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Goatpen\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Goatpen moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Garden\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Garden\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Garden\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Garden\Act06c moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Garden\Act05c moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Garden\Act04d moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Garden\Act01b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Garden moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Gameroom\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Gameroom\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Gameroom\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Gameroom\Act10b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Gameroom\Act06a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Gameroom\Act05a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Gameroom\Act04b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Gameroom\Act03a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Gameroom\Act01d moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Gameroom\Act01b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Gameroom moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Frontentry\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Frontentry\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Frontentry\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Frontentry\Act06c moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Frontentry\Act05c moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Frontentry\Act05b\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Frontentry\Act05b\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Frontentry\Act05b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Frontentry\Act05a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Frontentry\Act04d\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Frontentry\Act04d moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Frontentry\Act03a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Frontentry\Act01a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Frontentry moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Frontbalcony\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Frontbalcony\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Frontbalcony\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Frontbalcony\Act05c moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Frontbalcony moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Entryway\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Entryway\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Entryway\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Entryway\Act10b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Entryway\Act08a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Entryway\Act07b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Entryway\Act06c moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Entryway\Act06b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Entryway\Act05a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Entryway\Act04b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Entryway\Act02b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Entryway\Act01d moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Entryway\Act01c moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Entryway\Act01b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Entryway moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Emiverbath\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Emiverbath\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Emiverbath\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Emiverbath\Act09a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Emiverbath moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Emilysroom\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Emilysroom\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Emilysroom\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Emilysroom\Act02a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Emilysroom\Act01b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Emilysroom moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Eastporch\Base\cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Eastporch\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Eastporch\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Eastporch\Act08a\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Eastporch\Act08a\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Eastporch\Act08a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Eastporch\Act06c moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Eastporch\Act05a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Eastporch\Act04d moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Eastporch\Act01b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Eastporch moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Easternpaths\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Easternpaths\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Easternpaths\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Easternpaths\Act09a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Easternpaths\Act05a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Easternpaths moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Eastbalcony\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Eastbalcony\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Eastbalcony\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Eastbalcony\Act09a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Eastbalcony\Act08a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Eastbalcony\Act07b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Eastbalcony\Act06a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Eastbalcony\Act04c moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Eastbalcony moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Diningroom\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Diningroom\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Diningroom\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Diningroom\Act10b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Diningroom\Act06b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Diningroom\Act04c moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Diningroom\Act04b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Diningroom\Act04a\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Diningroom\Act04a\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Diningroom\Act04a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Diningroom\Act03a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Diningroom\Act02b\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Diningroom\Act02b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Diningroom\Act02a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Diningroom\Act01b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Diningroom moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Cliffpath\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Cliffpath\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Cliffpath\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Cliffpath\Act03a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Cliffpath\Act01a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Cliffpath moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Bloresroom\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Bloresroom\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Bloresroom\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Bloresroom\Act01b\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Bloresroom\Act01b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Bloresroom moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Blolombath\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Blolombath\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Blolombath\Act01b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Blolombath moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Backhall\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Backhall\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Backhall\Act04c moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Backhall\Act02a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Backhall moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Armstrongsroom\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Armstrongsroom\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Armstrongsroom\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Armstrongsroom\Act04b\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Armstrongsroom\Act04b\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Armstrongsroom\Act04b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Armstrongsroom\Act02a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Armstrongsroom\Act01b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Armstrongsroom moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Apiarypath\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Apiarypath\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Apiarypath\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Apiarypath\Act06c moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Apiarypath\Act05b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Apiarypath moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\wirebasket moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\whiskey moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\wargravesletter moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\verasletter moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\unlitsmoker moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\tubex201a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\tube807h moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\tube305gt moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\tripod moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\tobaccopouch moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\tobaccolamp moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\tobacco moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\telescope moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\stepladder moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\steelenote moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\smoker moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\smallgascan moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\silksheets moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\shovel moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\shaker moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\sewnsheets moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\sellotape moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\scoop moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\scissors moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\sailorboy moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\rubberraft moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\rogersletter moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\rogersdelay moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\robsonspipe moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\recordb moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\record moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\ravenearring moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\raftoars moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\propellor moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\projbulb moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\printrogers02 moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\printrogers01 moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\printmarston02 moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\printmarston01 moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\printclaythorne02 moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\printclaythorne01 moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\printbrent02 moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\printbrent01 moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\printarmstrong02 moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\printarmstrong01 moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\pouch moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\pliers moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\pipestem moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\pipebowl moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\parachute moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\oars moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\newspaperclip01 moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\needles moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\movieqh moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\movielb moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\moviehome moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\moviehello moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\moviebbc moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\microphone moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\medicalbag moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\medalertcard moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\matches moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\marstonstelegram moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\marstonglass moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\marblechunk moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\mackenziesletter moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\lombardsplan moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\lombardsletter moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\legaldocument moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\juiceglass moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\islandmap moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\inkstamp moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\inkpad moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\inflatedraft moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\hurricanelamp moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\hose moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\honeyglass moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\homingbeacon moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\harness moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\handaxe moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\fullbucket moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\frame moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\flourmarstonglass moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\flourembrocation moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\flourbaster moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\flour moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\flashlightbatt moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\flashlight moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\fishingnets moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\fishingline moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\filmcanqh moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\filmcanlb moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\filledshaker moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\emptysmoker moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\embrocation moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\drinkglass03 moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\drinkglass02 moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\drinkglass01 moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\dicebox moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\desklampbulb moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\desklamp moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\deskkey moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\decodedmessage moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\copperwire moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\codedmessage moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\codebook moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\ciderglass moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\cheesewheelcloth moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\cheesewheel moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\cheesecloth moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\cardtalkischeap moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\cardtakeair moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\cardrowyourboat moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\cardpoolresources moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\cardoldbones moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\cardlightonsubject moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\bulb moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\bucket moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\brentsletter moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\brandy moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\bookwarjust moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\booksailflo moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\booksafepass moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\bookrobdi moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\booknavpan moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\bookhisdev moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\bookbirddev moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\bookbeekeep moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\bloresnotebook moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\bloresletter moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\bible moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\bearstick moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\batteries moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\baster moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\basketofapples moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\armstrongsletter moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\apples moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory\airpump moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Inventory moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Interface\Scenes\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Interface\Scenes\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Interface\Scenes moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Interface\Fonts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Interface moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\gamepage\images\product moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\gamepage\images moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\gamepage\css moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\gamepage moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\FMV\Transitions moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\FMV\InScene moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\FMV moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Elements\Special moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Elements\Skies moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Elements\Particles moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Elements\Movies moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Elements\Lights moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Elements\Fog moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Elements moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Dialogue\Locations moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Dialogue\General moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Dialogue\Acts\Events moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Dialogue\Acts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Dialogue moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Wargravesumsup\Act05a\backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Wargravesumsup\Act05a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Wargravesumsup moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Wargravemissing\Act08a\backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Wargravemissing\Act08a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Wargravemissing moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Wargraveisnext\Act06a\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Wargraveisnext\Act06a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Wargraveisnext moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Wargraveholdscourt\Act01d\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Wargraveholdscourt\Act01d moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Wargraveholdscourt moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Sundaymorning\Act04d\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Sundaymorning\Act04d\backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Sundaymorning\Act04d moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Sundaymorning moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Summingupthejudge\Act07a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Summingupthejudge moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Snookeredagain\Act03a\backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Snookeredagain\Act03a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Snookeredagain moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Marstonchokes\Act01e\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Marstonchokes\Act01e\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Marstonchokes\Act01e moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Marstonchokes moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Lombardverashiprock\Act05a\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Lombardverashiprock\Act05a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Lombardverashiprock moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Goplaysnooker\Act06a\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Goplaysnooker\Act06a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Goplaysnooker moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Generalstaydevon\Act03b\backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Generalstaydevon\Act03b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Generalstaydevon moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Fridaynightdinner\Act01c\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Fridaynightdinner\Act01c\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Fridaynightdinner\Act01c moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Fridaynightdinner moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Coldtongue\Act04a\backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Coldtongue\Act04a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Coldtongue moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Closeupsuspicion\Act07a\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Closeupsuspicion\Act07a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Closeupsuspicion moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Choppedinhalf\Act04d\backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Choppedinhalf\Act04d moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Choppedinhalf moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Chapter10\Act10a\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Chapter10\Act10a\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Chapter10\Act10a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Chapter10 moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Chapter09\Act09a\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Chapter09\Act09a\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Chapter09\Act09a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Chapter09 moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Chapter08\Act08a\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Chapter08\Act08a\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Chapter08\Act08a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Chapter08 moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Chapter07\Act07a\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Chapter07\Act07a\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Chapter07\Act07a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Chapter07 moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Chapter06\Act06a\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Chapter06\Act06a\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Chapter06\Act06a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Chapter06 moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Chapter05\Act05b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Chapter05\Act05a\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Chapter05\Act05a\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Chapter05\Act05a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Chapter05 moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Chapter04\Act04c moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Chapter04\Act04b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Chapter04\Act04a\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Chapter04\Act04a\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Chapter04\Act04a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Chapter04 moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Chapter03\Act03a\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Chapter03\Act03a\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Chapter03\Act03a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Chapter03 moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Chapter02\Act02b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Chapter02\Act02a\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Chapter02\Act02a\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Chapter02\Act02a\Animations moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Chapter02\Act02a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Chapter02 moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Chapter01\Act01a\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Chapter01\Act01a\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Chapter01\Act01a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Chapter01 moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Armstrongemilymix\Act05a\backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Armstrongemilymix\Act05a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Armstrongemilymix moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Abeestingsemily\Act05b\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Abeestingsemily\Act05b\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Abeestingsemily\Act05b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes\Abeestingsemily moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Cutscenes moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None moved successfully.
C:\Program Files\iWin.com moved successfully.
C:\Program Files\Viewpoint\Viewpoint Toolbar moved successfully.
C:\Program Files\Viewpoint moved successfully.

Created on 10/25/2007 00:46:00


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/25/2007 at 02:29 AM

Application Version : 3.9.1008

Core Rules Database Version : 3330
Trace Rules Database Version: 1331

Scan type : Complete Scan
Total Scan Time : 01:15:29

Memory items scanned : 764
Memory threats detected : 0
Registry items scanned : 9184
Registry threats detected : 0
File items scanned : 104076
File threats detected : 53

Adware.Tracking Cookie
C:\Documents and Settings\Jenn\Cookies\jenn@2o7[1].txt
C:\Documents and Settings\Jenn\Cookies\jenn@3.adbrite[1].txt
C:\Documents and Settings\Jenn\Cookies\jenn@ad.yieldmanager[1].txt
C:\Documents and Settings\Jenn\Cookies\jenn@adopt.specificclick[1].txt
C:\Documents and Settings\Jenn\Cookies\jenn@ads.adbrite[1].txt
C:\Documents and Settings\Jenn\Cookies\jenn@ads.as4x.tmcs.ticketmaster[1].txt
C:\Documents and Settings\Jenn\Cookies\jenn@ads.expedia[1].txt
C:\Documents and Settings\Jenn\Cookies\jenn@ads.joinaxxess[2].txt
C:\Documents and Settings\Jenn\Cookies\jenn@ads.monster[1].txt
C:\Documents and Settings\Jenn\Cookies\jenn@ads.pointroll[1].txt
C:\Documents and Settings\Jenn\Cookies\jenn@ads.realtechnetwork[1].txt
C:\Documents and Settings\Jenn\Cookies\jenn@ads.realtechnetwork[2].txt
C:\Documents and Settings\Jenn\Cookies\jenn@ads.realtechnetwork[3].txt
C:\Documents and Settings\Jenn\Cookies\jenn@ads.revsci[1].txt
C:\Documents and Settings\Jenn\Cookies\jenn@advertising[2].txt
C:\Documents and Settings\Jenn\Cookies\jenn@anad.tacoda[2].txt
C:\Documents and Settings\Jenn\Cookies\jenn@anat.tacoda[1].txt
C:\Documents and Settings\Jenn\Cookies\jenn@ar.atwola[2].txt
C:\Documents and Settings\Jenn\Cookies\jenn@atdmt[2].txt
C:\Documents and Settings\Jenn\Cookies\jenn@atwola[2].txt
C:\Documents and Settings\Jenn\Cookies\jenn@burstnet[2].txt
C:\Documents and Settings\Jenn\Cookies\jenn@collective-media[1].txt
C:\Documents and Settings\Jenn\Cookies\jenn@cpvfeed[2].txt
C:\Documents and Settings\Jenn\Cookies\jenn@edge.ru4[1].txt
C:\Documents and Settings\Jenn\Cookies\jenn@focalex[2].txt
C:\Documents and Settings\Jenn\Cookies\jenn@imrworldwide[2].txt
C:\Documents and Settings\Jenn\Cookies\jenn@login.tracking101[2].txt
C:\Documents and Settings\Jenn\Cookies\jenn@media-bucket[1].txt
C:\Documents and Settings\Jenn\Cookies\jenn@media.hotels[1].txt
C:\Documents and Settings\Jenn\Cookies\jenn@media.mtvnservices[2].txt
C:\Documents and Settings\Jenn\Cookies\jenn@nextag[2].txt
C:\Documents and Settings\Jenn\Cookies\jenn@oddcast[1].txt
C:\Documents and Settings\Jenn\Cookies\jenn@partner2profit[2].txt
C:\Documents and Settings\Jenn\Cookies\jenn@precisionclick[1].txt
C:\Documents and Settings\Jenn\Cookies\jenn@qnsr[1].txt
C:\Documents and Settings\Jenn\Cookies\jenn@revsci[1].txt
C:\Documents and Settings\Jenn\Cookies\jenn@richmedia.yahoo[1].txt
C:\Documents and Settings\Jenn\Cookies\jenn@sales.liveperson[1].txt
C:\Documents and Settings\Jenn\Cookies\jenn@sales.liveperson[3].txt
C:\Documents and Settings\Jenn\Cookies\jenn@sec1.liveperson[1].txt
C:\Documents and Settings\Jenn\Cookies\jenn@sec1.liveperson[3].txt
C:\Documents and Settings\Jenn\Cookies\jenn@superstats[1].txt
C:\Documents and Settings\Jenn\Cookies\jenn@trafficmp[1].txt
C:\Documents and Settings\Jenn\Cookies\jenn@tribalfusion[2].txt
C:\Documents and Settings\Jenn\Cookies\jenn@vhost.oddcast[2].txt
C:\Documents and Settings\Jenn\Cookies\jenn@www.burstbeacon[1].txt
C:\Documents and Settings\Jenn\Cookies\jenn@www.googleadservices[1].txt
C:\Documents and Settings\Jenn\Cookies\jenn@www.googleadservices[2].txt
C:\Documents and Settings\Jenn\Cookies\jenn@www3.addfreestats[2].txt
C:\Documents and Settings\Jenn\Cookies\jenn@www4.addfreestats[1].txt
C:\Documents and Settings\Jenn\Cookies\jenn@www6.addfreestats[2].txt

Adware.IWinGames
C:\PROGRAM FILES\TREND MICRO\HIJACKTHIS\BACKUPS\BACKUP-20071025-010005-285.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP450\A0067969.DLL

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:52:39 AM, on 10/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\Explorer.EXE
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - ?p=ZUxdm080MVUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PowerPanel Personal Edition Service (ppped) - Unknown owner - C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe (file missing)
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe

--
End of file - 12444 bytes

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:06 AM

Posted 25 October 2007 - 02:10 PM

Your version of Sun Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older versions of Sun Java,and then update.
1. Download the latest version of Java Runtime Environment (JRE)
2. Scroll down to where it says 'Java Runtime Environment (JRE) 6 update 3'.
3. Click the "Download" button to the right.
4. Check the box that says: "Accept License Agreement".
5. The page will refresh.
6. Click on the link to download 'Windows Offline Installation, Multi-language' and save to your desktop.
7. Close any programs you may have running - especially your web browser.
8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.
10. Click the Change/Remove button.
11. Repeat as many times as necessary to remove each Java version.
12. Reboot your computer once all Java components are removed.
13. Then from your desktop double-click on jre-6u3-windows-i586-p.exe to install the newest version.

Let me know how your pc is running now.
Posted Image
Posted Image

#7 Mikey L

Mikey L
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 26 October 2007 - 12:11 PM

:thumbsup: Everything looks good so far however this problem is a problem that historically has popped up every now and again, and did not surface with every web browsing session.

I am currently running Ad-aware and McAfee Security Center, do you have any other recommendations for software I should be running on a regular basis to prevent these types of problems in the future? Should I replace McAfee with something else?

Thanks for all your help!!

#8 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:06 AM

Posted 26 October 2007 - 03:06 PM

Your log is clean :thumbsup:
If all's ok,please do the following:

Please double-click OTMoveIt.exe to run it.
Click on the 'Cleanup' button Posted Image
When you do this a text file named cleanup.txt will be downloaded from the internet.
If you get a warning from your firewall or other security programs regarding OTMoveIt attempting to contact the internet you should allow it to do so.
When the 'Confirm' box appears click 'Yes'.
Restart your pc when prompted.

Download ATF Cleaner by Atribune:
http://www.atribune.org/ccount/click.php?id=1

Double-click ATF-Cleaner.exe to run the program.
Click 'Select All' found at the bottom of the list.
Click the 'Empty Selected' button.

If you use Firefox browser, do this also:
Click Firefox at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

If you use Opera browser,do this also:
Click Opera at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.
Click 'Exit' on the Main menu to close the program.


Click on Start/All Programs/Accessories/System Tools/System Restore.
In the 'System Restore' window,click on the 'Create a Restore Point' button,then click 'Next'.
In the window that appears,enter a description\name for the Restore Point,then click on 'Create',wait,then click 'Close'.
The date and time will be created automatically.

Next click on Start/All Programs/Accessories/System Tools/Disk Cleanup.
The 'Select Drive' box will appear,click on Ok.
The 'Disk Cleanup for [C:]' box will appear,click on the 'More Options' tab.
At the bottom in the 'System Restore' window,click on the 'Clean up...' button.
A box will pop up 'Are you sure you want to delete all but the most recent restore point?',click on 'Yes'.
Click on 'Yes' at 'Are you sure you want to perform these actions?'.
Now wait until 'Disk Cleanup' finishes and the box disappears.

Read through the information found in the links below,to help you prevent any possible future infections:

Simple and easy ways to keep your computer safe and secure on the Internet:
http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

How to prevent Malware by miekiemoes:
http://users.telenet.be/bluepatchy/miekiem...prevention.html

Edited by RichieUK, 26 October 2007 - 03:07 PM.

Posted Image
Posted Image

#9 Mikey L

Mikey L
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 26 October 2007 - 06:25 PM

In the system tray i am getting the Java icon and it keeps popping up telling me there is an update available. Do you think this is malware since I just downloaded and installed the newest version directly from the web?

#10 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:06 AM

Posted 27 October 2007 - 04:08 AM

Did you remove all previous versions of Sun Java before installing the latest version.

Launch HJThis,click 'Open the Misc Tools Section'.
Click 'Open Uninstall Manager'.
Click on 'Save List',save it to your desktop.
Copy and paste the content of that list into your next reply.

Also post a new Hijackthis log.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users