Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Agent.AMAW / advapi3.dll and Offersfortoday Infection


  • This topic is locked This topic is locked
17 replies to this topic

#1 mr_toad80

mr_toad80

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:39 PM

Posted 21 November 2008 - 07:27 PM

Hi there,

I'm having trouble with a malware infection. My real-time antivirus says that the threat is detected in the advapi3.dll file in the SYSTEM32 folder, however I'm not allowed to remove the file.

I'm also getting a lot of offersfortoday popups, which are continuing after running all the measures in the preparation guide.

Here's my log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:18:36, on 11/21/08
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WZCBDL Service\WZCBDLS.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\D-Link\Air USB Utility\AirCFG.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\OPLIMIT\ocrawr32.exe
C:\WINDOWS\System32\regsvr32.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\ATI Multimedia\main\ATISched.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
D:\Program Files\Stardock\ThinkDesk\Stardock\Impulse\Impulse.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F3 - REG:win.ini: load=C:\OPLIMIT\ocraware.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: offersfortoday - {636490d7-e746-ec79-63b5-e09b0e17e942} - C:\WINDOWS\system32\nszD.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: (no name) - {E2C68274-7256-405A-9495-4C945E8BC31C} - C:\WINDOWS\system32\advapi3.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O2 - BHO: offersfortoday browser enhancer - {FF1804BA-17BB-5A56-E8D5-EDF09C0A8909} - C:\WINDOWS\system32\oesrwotsfmbxj.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LyraHD2TrayApp] "C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe"
O4 - HKLM\..\Run: [LyraHDProfiler] "C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe"
O4 - HKLM\..\Run: [D-Link Air USB Utility] C:\Program Files\D-Link\Air USB Utility\AirCFG.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [nfislckhdqzqqpqnm] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\oesrwotsfmbxj.dll"
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ATI Scheduler] C:\Program Files\ATI Multimedia\main\ATISched.EXE
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ImpulseFastStart] "D:\Program Files\Stardock\ThinkDesk\Stardock\Impulse\Impulse.exe" /fastload
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/games/clients/y/it1_x.cab
O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potb_x.cab
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {88D8E8B7-A33B-4417-A385-8373484D43ED} (InstallHelper Class) - file://C:\DOCUME~1\ROBMUR~1\LOCALS~1\Temp\ThereInstallHelper.2.0.2106.0.dll
O16 - DPF: {8B486EF6-6B2A-4A1E-BB0D-236CB2DBB8D2} (There Voice Trainer) - file://C:\Program Files\There\ThereClient\ThereVoiceTrainer.dll
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.skibanff.com/skicam/AxisCamControl.ocx
O16 - DPF: {AAF421E6-7914-430A-9981-72B31AFF3BF4} (There Launcher) - file://C:\Program Files\There\ThereClient\ThereLauncher.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://blacks.pnimedia.com/upload/activex/...upv2.0.0.10.cab?
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe (file missing)
O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Program Files\WZCBDL Service\WZCBDLS.exe

--
End of file - 14065 bytes

BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:39 PM

Posted 28 November 2008 - 04:26 PM

Hi mr_toad80,

Welcome to BC HijackThis forum and sorry for the delay. I am farbar. I am going to assist you with your problem.

Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.
  • To get an idea about the current condition of you computer download random's system information tool (RSIT) by random/random from here and save it to your desktop.
    • Double click on RSIT.exe to run RSIT.
    • Click Continue at the disclaimer screen.
    • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

      Note 1: If you have diffucaulty finding the logs, the logs are in this folder: C:\rsit

      Note 2: The tool takes not more than one minute to scan the system.
  • Tell me if you have done anything since previous post. Or you have run any other tools. Also tell me how is the current condition of your computer.

You might want to save this page on your favorites, so you can find it again when you return.

#3 mr_toad80

mr_toad80
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:39 PM

Posted 28 November 2008 - 05:15 PM

Thanks for your response.

My computer is still problematic. Every time I open an IE browser window or 'My Computer', my AVG antivirus pops up a message that says "THREAT DETECTED - C:\WINDOWS\SYSTEM32\advapi3.dll - Trojan Horse Agent.AMAW" but I'm unable to clean it through conventional means. The computer is quite laggy and programs or even the entire system can crash easily.

I did install one new program called "Startup Control Panel" which controls what loads on startup - because my computer's been running so slowly I was attempting to speed things up slightly by disabling memory-hogging programs like TeaTime and Windows Live Messanger. Sorry about that - I won't make any more changes until this is resolved.

Here's the info you requested from RSIT:

info.txt logfile of random's system information tool 1.04 2008-11-28 14:59:41

======Uninstall list======

-->"C:\Program Files\Creative\SBAudigy2\Program\SETUP.EXE" /S /U /W
-->C:\Program Files\Yahoo!\Yahoo! Music Jukebox\oggcodecs\uninst.exe
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\UNINST.EXE -f"C:\Program Files\PhotoDeluxe HE 3.0\DeIsL1.isu" -c"C:\Program Files\PhotoDeluxe HE 3.0\Uninst.dll"
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->D:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1494984B-9AC5-4F16-B61A-C21D5EFCC1C4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1494984B-9AC5-4F16-B61A-C21D5EFCC1C4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{169F8893-C1C5-4847-972C-EA1E008112AC}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{169F8893-C1C5-4847-972C-EA1E008112AC}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{266F8C74-5DC6-4405-B79B-4EB82B2FC684}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{266F8C74-5DC6-4405-B79B-4EB82B2FC684}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8DF9BF77-7E10-4973-965E-3B7013ABEA6D}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8DF9BF77-7E10-4973-965E-3B7013ABEA6D}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C029DB0E-C59F-417A-90F8-88FD5B2C4AE7}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Active@ KillDisk FREE Suite-->"D:\Program Files\LSoft Technologies\Active KillDisk FREE Suite\UNWISE.EXE" "D:\Program Files\LSoft Technologies\Active KillDisk FREE Suite\INSTALL.LOG"
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Download Manager (Remove Only)-->"C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop 7.0-->C:\WINDOWS\ISUNINST.EXE -f"G:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"G:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe Type Manager 4.0-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Adobe Type Manager\DeIsL1.isu" -c"C:\Program Files\Adobe Type Manager\UNINST.DLL"
Air USB Utility-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2CA94ED4-F38D-44B4-A79D-E5835E276EFC}
ATI Multimedia Center 7.9.0.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9466F949-0AD8-4484-A661-90B91AE40EE9}\setup.exe"
AVG Free Edition-->C:\Program Files\Grisoft\AVG Free\setup.exe /UNINSTALL
Azureus-->C:\Program Files\Azureus\Uninstall.exe
Baldur's Gate™ II - Throne of Bhaal ™-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B8C3B479-1716-11D5-968A-0050BA84F5F7}\Setup.exe"
Baldur's Gate-->C:\WINDOWS\IsUninst.exe -f"d:\program files\black isle\Baldur's Gate\Uninst.isu"
Battlefield 1942: Secret Weapons of WWII-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B73B4A99-4173-4747-BBEC-0F05E966F9D2}\setup.exe" -l0x9
Battlefield 1942: The Road To Rome-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}\setup.exe" -l0x9
Battlefield 1942-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}\setup.exe" -l0x9
Battlefield 2: Deluxe Edition-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x9 -removeonly
BitTorrent 3.4.2-->"C:\Program Files\BitTorrent\uninstall.exe"
CEP - Color Enable Package-->"C:\WINDOWS\unins000.exe"
Combined Community Codec Pack 2006-12-15-->"C:\Program Files\Combined Community Codec Pack\unins000.exe"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
ConTEXT-->"C:\Program Files\ConTEXT\unins000.exe"
Creative Audio Console-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x9 /remove
Creative Removable Disk Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9 /remove
Creative System Information-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Creative ZEN Vision M Series-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{31C44235-A613-4E95-B297-207BF6C6A8C1}\SETUP.EXE" -l0x9 /remove
dBpowerAMP Music Converter-->"C:\WINDOWS\System32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Music Converter.dat
Dell Picture Studio - Dell Image Expert-->MsiExec.exe /I{0B8FF60F-C012-4459-AADF-A3AD4E3757DE}
Dell ResourceCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Dell Solution Center-->MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
DesertCombat 0.7-->C:\WINDOWS\iun6002.exe "C:\Program Files\EA GAMES\Battlefield 1942\DesertCombat.ini"
DesertCombat Public Alpha 0.4J-->C:\WINDOWS\iun6002.exe "C:\Program Files\EA GAMES\Battlefield 1942\irunin.ini"
Digital Camera Plus Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A8A3862C-3280-11D6-B2EA-0050BA18806B}\Setup.exe"
DivX 5.0.3 Bundle-->C:\WINDOWS\unvise32.exe C:\Program Files\DivX\uninstal.log
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DW-8000P PCI NIC ADSL Driver-->C:\WINDOWS\System32\UnAD6481.EXE -f
EA SPORTS online 2005-->C:\Program Files\EA SPORTS\EA SPORTS online\EASOUNInstaller.exe
EA.com Matchup-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F173C40-563E-11D4-89C5-0010ADDAAC33}\setup.exe" -l0x0 Uninstall
EA.com Update-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB97F52-512B-43EF-AAEC-4825C17B32ED}\setup.exe" -l0x0 Uninstall
ExtractNow-->"C:\Program Files\ExtractNow\unins000.exe"
FastStone Image Viewer 3.5-->C:\Program Files\FastStone Image Viewer\uninst.exe
FinePixViewer Ver.4.3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24ED4D80-8294-11D5-96CD-0040266301AD}\SETUP.EXE"
FreeSpace 2-->C:\WINDOWS\ISUNINST.EXE -fd:\program files\descent\freespace2\Uninst.isu -cd:\program files\descent\freespace2\fs2uninst.dll
FrostWire 4.17.1-->D:\Program Files\FrostWire\Uninstall.exe
FUJIFILM USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
Galactic Civilizations II-->D:\PROGRA~1\Stardock\TOTALG~1\GalCiv2\UNWISE.EXE D:\PROGRA~1\Stardock\TOTALG~1\GalCiv2\INSTALL.LOG
GameSpy Arcade-->C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
Garmin Communicator Plugin-->MsiExec.exe /X{3ACF833E-AADC-4B71-9F67-29CF4FFB8E3E}
Garmin POI Loader-->MsiExec.exe /X{80A2A967-C1B7-412D-B2B2-C4A33209C205}
Garmin WebUpdater-->MsiExec.exe /X{366FFC89-C800-4366-B903-B9C4314109A5}
getPlus®_ocx-->rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
Google Earth-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar5.dll"
GrabIt 1.3.1 ßeta-->C:\PROGRA~1\GrabIt\UNWISE.EXE C:\PROGRA~1\GrabIt\INSTALL.LOG
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
ID3man 3.0-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ID3man\ID3man.isu"
Impulse-->"C:\Documents and Settings\All Users\Application Data\{C8EE221B-B5DA-4C2D-878A-57DAFBB8622E}\Impulse_setup.exe" REMOVE=TRUE MODIFY=FALSE
Impulse-->C:\Documents and Settings\All Users\Application Data\{C8EE221B-B5DA-4C2D-878A-57DAFBB8622E}\Impulse_setup.exe
InCD (Ahead Software)-->C:\WINDOWS\NuNInst.exe /UNINSTALL
InCD EasyWrite Reader (Ahead Software)-->C:\WINDOWS\UNMrw.exe /UNINSTALL
Intel® PRO Ethernet Adapter and Software-->Prounstl.exe
Intel® PROSet II-->MsiExec.exe /I{01A4AEDE-F219-49A2-B855-16A016EAF9A4}
J2SE Runtime Environment 5.0 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150010}
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
J2SE Runtime Environment 5.0 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 8-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080}
J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java™ SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LiveReg (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.80 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x9 UNINSTALL
Logitech ImageStudio-->MsiExec.exe /I{5A24DD7E-7B01-41AC-ADA8-F1776177A3BA}
Lyra Jukebox Applications-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3374B4A6-5595-4667-882D-755ABE093806}\Setup.exe" -l0x9
MacroMaker-->MsiExec.exe /I{49E9E81A-9CA8-4A76-8AD6-BE7E3B2E1E2A}
MaxBlast 4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{639858DD-4966-40F3-A706-7C838BCF3A2B}\setup.exe"
Medieval II Total War : Kingdoms : Britannia-->C:\Program Files\InstallShield Installation Information\{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}\setup.exe -runfromtemp -l0x0009 -removeonly
Medieval II Total War-->C:\Program Files\InstallShield Installation Information\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\setup.exe -runfromtemp -l0x0009 -removeonly
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Encarta Encyclopedia Standard 2002-->MsiExec.exe /I{01001202-823E-46CD-A70E-BEE818F97169}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Money 2002 System Pack-->MsiExec.exe /I{CF5193F7-6B37-11D5-B7D2-00AA00A204F1}
Microsoft Money 2002-->MsiExec.exe /I{E7298FD5-1386-11D5-8D6C-0050DAD32D95}
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Picture It! Photo 2002-->MsiExec.exe /I{C769A271-7E1C-48F9-B331-474600DD4C06}
Microsoft Plus! for Windows XP-->MsiExec.exe /I{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}
Microsoft Streets and Trips 2002-->MsiExec.exe /I{12BDDF23-B1DB-49C8-92D3-3E6841CCED61}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual J# .NET Redistributable Package 1.1-->MsiExec.exe /X{1A655D51-1423-48A3-B748-8F5A0BE294C8}
Microsoft Word 2002-->MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9}
Microsoft Works 6.0-->MsiExec.exe /I{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}
Microsoft Works Suite Add-in for Microsoft Word-->MsiExec.exe /I{C3A439E4-7303-491F-A678-CEA36A87D517}
Monopoly-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hasbro Interactive\Monopoly\Uninst.isu"
MoodLogic DeviceLink-->C:\PROGRA~1\MOODLO~1\COMPON~1\DEVICE~1\UNWISE.EXE C:\PROGRA~1\MOODLO~1\COMPON~1\DEVICE~1\INSTALL.LOG
MoodLogic-->C:\WINDOWS\ml-uninstall-v10.exe
Mp3 Tag Tools v1.2-->"D:\Program Files\Mp3TagToolsv12\uninstall.exe"
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Music Visualizer Library 1.4.00-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3B24B725-D81F-442D-8CE5-2AF05A4A4CC9}\Setup.exe" -l0x9
Nero 7 Ultra Edition-->MsiExec.exe /I{6D6C1253-F5A2-4E0C-9070-F3C1176C1033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NIOC Service-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{BCF4E5BE-C249-4ED3-BA3B-C4257C743995}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
OpenMG Limited Patch 3.2-03-02-21-08-->C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix3.2-03-02-21-08\HotFixSetup\setup.exe /u
OpenMG Limited Patch 3.2-03-04-14-02-->C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix3.2-03-04-14-02\HotFixSetup\setup.exe /u
OpenMG Limited Patch 3.2-03-04-17-02-->C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix3.2-03-04-17-02\HotFixSetup\setup.exe /u
OpenMG Secure Module 3.2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{62F33B80-6244-4A70-A233-0DA13B640364}\setup.exe" -l0x9 UNINSTALL
Paint Shop Pro 7-->MsiExec.exe /I{D6DE02C7-1F47-11D4-9515-00105AE4B89A}
Philips Intelligent Agent-->"C:\Program Files\Philips Intelligent Agent\Uninst\unins000.exe"
Police Quest Collection-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3E658BA5-A9C0-C53A-2B70-B26EC119874A}\setup.exe" -l0x9 -removeonly
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log
RAW FILE CONVERTER LE-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D680C913-5955-469D-9D88-C1940F7506D6}\SETUP.EXE" -l0x9
RegCure 1.5.0.0-->C:\Program Files\RegCure\uninst.exe
RON Tool Offersfortoday-->C:\WINDOWS\system32\hdmnrugjkfesyrolj.exe
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Shockwave-->C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log
Sid Meier's Civilization 4 - Beyond the Sword-->C:\Program Files\InstallShield Installation Information\{32E4F0D2-C135-475E-A841-1D59A0D22989}\setup.exe -runfromtemp -l0x0009 -removeonly
Sid Meier's Civilization 4 - Warlords-->C:\Program Files\InstallShield Installation Information\{3E4B349F-10B5-4586-9D99-489A90A8B228}\setup.exe -runfromtemp -l0x0009 -removeonly
Sid Meier's Civilization 4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe" -l0x9 -removeonly
Sid Meier's SimGolf-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8C4504A1-9280-11D5-9F7E-00902712427E}\Setup.exe"
SimCity 4-->D:\Program Files\Maxis\SimCity 4\EAUninstall.exe
SimPE 0.58 (alpha)-->"C:\Program Files\SimPE\unins000.exe"
Sims2Pack Clean Installer -->C:\Program Files\Sims2Pack Clean Installer\uninstall.exe
Sound Blaster Audigy 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CECB9B3D-E681-4458-85F8-8D182941AF1D}\SETUP.EXE" -l0x9
Space Quest Collection-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6111D354-E5CA-814E-79F2-88030FFF4C39}\setup.exe" -l0x9 -removeonly
Spybot - Search & Destroy-->"D:\Program Files\Spybot - Search & Destroy\unins000.exe"
Star Wars®: Knights of the Old Republic ™-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}\setup.exe" -l0x9
Starcraft-->C:\WINDOWS\scunin.exe C:\WINDOWS\scunin.dat
Stardock Central-->C:\PROGRA~1\Stardock\SDCENT~1\UNWISE.EXE C:\PROGRA~1\Stardock\SDCENT~1\INSTALL.LOG
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
TES Construction Set-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Bethesda Softworks\Morrowind\CSUninstall\Setup.exe" -l0x9
The Sims 2 Nightlife-->D:\Program Files\EA GAMES\The Sims 2 Nightlife\EAUninstall.exe
The Sims 2 Open For Business-->D:\Program Files\EA GAMES\The Sims 2 Open For Business\EAUninstall.exe
The Sims 2 Pets-->D:\Program Files\EA GAMES\The Sims 2 Pets\EAUninstall.exe
The Sims 2 University-->D:\Program Files\EA GAMES\The Sims 2 University\EAUninstall.exe
The Sims 2-->D:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe
There (remove only)-->"C:\Program Files\There\ThereClientUninst.exe"
Tiger Woods PGA TOUR 2005-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2FDD9D12-46C9-4156-A4A0-55297B9498CA}\Setup.exe" -l0x9 uninstallme
Trillian-->C:\Program Files\Trillian\trillian.exe /uninstall
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Winamp-->"D:\Program Files\Winamp\UninstWA.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10 Hotfix - KB895316-->"C:\WINDOWS\$NtUninstallKB895316$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WingMan Software-->MsiExec.exe /X{435673AB-6821-416D-806A-E477DFA60A42}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WZCBDL Service-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{26595B84-25F5-43E2-9696-B1720E813850}
XviD 1.1 final uninstall-->"D:\Program Files\XviD\unins000.exe"
Yahoo! Music Jukebox-->MsiExec.exe /X{EC3B8CA2-49B8-4D38-BE9C-ABD0F6029168}
ZENcast Organizer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C029DB0E-C59F-417A-90F8-88FD5B2C4AE7}\setup.exe" -l0x9 /remove
ZoneAlarm Spy Blocker-->rundll32 C:\PROGRA~1\ZONEAL~1\bar\1.bin\SpyBlock.dll,O
ZoneAlarm-->D:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

======Hosts File======

127.0.0.1 localhost
127.0.0.1 desktop.kazaa.com
127.0.0.1 www.altnetp2p.com
127.0.0.1 alpha.kazaa.com
127.0.0.1 shop.kazaa.com
127.0.0.1 www.bonzi.com
127.0.0.1 www.brilliantdigital.com
127.0.0.1 www.b3d.com
127.0.0.1 media.altnet.com
127.0.0.1 www.altnet.com

======Security center information======

AV: AVG 7.5.552
FW: ZoneAlarm Firewall

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0204
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"tvdumpflags"=8

-----------------EOF-----------------





Logfile of random's system information tool 1.04 (written by random/random)
Run by Rob Murray at 2008-11-28 14:59:09
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 11 GB (37%) free of 29 GB
Total RAM: 767 MB (35% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:59:28, on 11/28/08
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WZCBDL Service\WZCBDLS.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\regsvr32.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\OPLIMIT\ocrawr32.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Microsoft Works\MSWorks.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Outlook Express\MSIMN.EXE
C:\Documents and Settings\Rob Murray\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Rob Murray.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F3 - REG:win.ini: load=C:\OPLIMIT\ocraware.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: offersfortoday - {636490d7-e746-ec79-63b5-e09b0e17e942} - C:\WINDOWS\system32\nszD.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: (no name) - {E2C68274-7256-405A-9495-4C945E8BC31C} - C:\WINDOWS\system32\advapi3.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O2 - BHO: offersfortoday browser enhancer - {FF1804BA-17BB-5A56-E8D5-EDF09C0A8909} - C:\WINDOWS\system32\oesrwotsfmbxj.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [nfislckhdqzqqpqnm] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\oesrwotsfmbxj.dll"
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/games/clients/y/it1_x.cab
O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potb_x.cab
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {88D8E8B7-A33B-4417-A385-8373484D43ED} (InstallHelper Class) - file://C:\DOCUME~1\ROBMUR~1\LOCALS~1\Temp\ThereInstallHelper.2.0.2106.0.dll
O16 - DPF: {8B486EF6-6B2A-4A1E-BB0D-236CB2DBB8D2} (There Voice Trainer) - file://C:\Program Files\There\ThereClient\ThereVoiceTrainer.dll
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.skibanff.com/skicam/AxisCamControl.ocx
O16 - DPF: {AAF421E6-7914-430A-9981-72B31AFF3BF4} (There Launcher) - file://C:\Program Files\There\ThereClient\ThereLauncher.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://blacks.pnimedia.com/upload/activex/...upv2.0.0.10.cab?
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe (file missing)
O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Program Files\WZCBDL Service\WZCBDLS.exe

--
End of file - 12324 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\RegCure Program Check.job
C:\WINDOWS\tasks\RegCure.job
C:\WINDOWS\tasks\Symantec NetDetect.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{025436F7-1634-4426-82EF-BB905DBC90EE}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - D:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{636490d7-e746-ec79-63b5-e09b0e17e942}]
offersfortoday - C:\WINDOWS\system32\nszD.dll [2008-10-08 364544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar5.dll [2007-01-19 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-14 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E2C68274-7256-405A-9495-4C945E8BC31C}]
C:\WINDOWS\system32\advapi3.dll [2008-04-13 94720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
ZoneAlarm Spy Blocker BHO - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-11-19 262144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]
C:\Program Files\Microsoft Money\System\mnyviewer.dll [2001-07-25 143420]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF1804BA-17BB-5A56-E8D5-EDF09C0A8909}]
offersfortoday browser enhancer - C:\WINDOWS\system32\oesrwotsfmbxj.dll [2008-11-16 296448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar5.dll [2007-01-19 2403392]
{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - ZoneAlarm Spy Blocker - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-11-19 262144]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Update Detection"=C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [2001-08-16 28738]
"AVG7_CC"=C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe [2008-10-17 590848]
"CTSysVol"=C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe [2003-09-17 57344]
"CTDVDDET"=C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE [2003-06-18 45056]
"SBDrvDet"=C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe [2002-12-03 45056]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]
"nwiz"=nwiz.exe /install []
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"CTHelper"=C:\WINDOWS\CTHELPER.EXE [2006-08-11 17920]
"CTxfiHlp"=C:\WINDOWS\system32\CTXFIHLP.EXE [2006-08-11 18944]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"nfislckhdqzqqpqnm"=C:\WINDOWS\System32\regsvr32.exe [2008-04-13 11776]
"ZoneAlarm Client"=D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-07-09 919016]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-19 68856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-01-15 147456]
"CTSyncU.exe"=C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe [2006-09-28 700416]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-07-08 486856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmileboxTray]
C:\Documents and Settings\Rob Murray\Application Data\Smilebox\SmileboxTray.exe [2008-01-28 201352]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe

C:\Documents and Settings\Rob Murray\Start Menu\Programs\Startup
PowerReg Scheduler.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SYMTDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Kazaa Lite K++\Kazaa.kpp"="C:\Program Files\Kazaa Lite K++\Kazaa.kpp:*:Enabled:Kazaa"
"C:\Program Files\ICQ\Icq.exe"="C:\Program Files\ICQ\Icq.exe:*:Enabled:ICQ"
"C:\Program Files\BitTorrent\btdownloadgui.exe"="C:\Program Files\BitTorrent\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\Program Files\EA SPORTS\Madden NFL 2004\Updater.exe"="C:\Program Files\EA SPORTS\Madden NFL 2004\Updater.exe:*:Enabled:Updater"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\SpacialAudio\SAM2\SAM2.exe"="C:\Program Files\SpacialAudio\SAM2\SAM2.exe:*:Enabled:SAM2"
"D:\Program Files\SpacialAudio\SAM2\SAMBC.exe"="D:\Program Files\SpacialAudio\SAM2\SAMBC.exe:*:Enabled:SAMBC"
"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"D:\NES\NESTCL95.EXE"="D:\NES\NESTCL95.EXE:*:Enabled:NESTCL95"
"C:\Program Files\Microsoft Games\Freelancer\EXE\Freelancer.exe"="C:\Program Files\Microsoft Games\Freelancer\EXE\Freelancer.exe:*:Enabled:Freelancer"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"D:\Program Files\EA GAMES\Battlefield 2\BF2.exe"="D:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2"
"C:\Program Files\Grisoft\AVG Free\avginet.exe"="C:\Program Files\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG Free\avgcc.exe"="C:\Program Files\Grisoft\AVG Free\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Program Files\Grisoft\AVG Free\avgemc.exe"="C:\Program Files\Grisoft\AVG Free\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\Grisoft\AVG Free\avgamsvr.exe"="C:\Program Files\Grisoft\AVG Free\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe"="C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox"
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe"="C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup"
"D:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe"="D:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"D:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe"="D:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe:*:Enabled:Sid Meier's Civilization 4 Warlords"
"D:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe"="D:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Pitboss"
"D:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe"="D:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword"
"D:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe"="D:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"D:\Program Files\FrostWire\FrostWire.exe"="D:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{04247fe7-9b51-11db-ac55-000f3ddfefc3}]
shell\AutoRun\command - G:\Launch.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{252abc9a-1ac5-11d7-b102-806d6172696f}]
shell\AutoRun\command - F:\baldur.exe


======List of files/folders created in the last 1 months======

2008-11-28 14:59:09 ----D---- C:\rsit
2008-11-21 17:17:52 ----D---- C:\Program Files\Trend Micro
2008-11-21 13:24:23 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-19 20:58:04 ----D---- C:\Program Files\ZoneAlarmSB
2008-11-19 20:55:23 ----D---- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-11-19 20:55:01 ----A---- C:\WINDOWS\zllsputility.exe
2008-11-19 20:55:01 ----A---- C:\WINDOWS\system32\SpOrder.dll
2008-11-19 20:54:11 ----A---- C:\WINDOWS\system32\vsregexp.dll
2008-11-19 20:54:11 ----A---- C:\WINDOWS\system32\libeay32_0.9.6l.dll
2008-11-19 20:54:07 ----A---- C:\WINDOWS\system32\zlcommdb.dll
2008-11-19 20:54:06 ----A---- C:\WINDOWS\system32\zlcomm.dll
2008-11-19 20:53:59 ----A---- C:\WINDOWS\system32\vswmi.dll
2008-11-19 20:53:58 ----A---- C:\WINDOWS\system32\zpeng24.dll
2008-11-19 20:53:58 ----A---- C:\WINDOWS\system32\vsxml.dll
2008-11-19 20:53:56 ----A---- C:\WINDOWS\system32\vspubapi.dll
2008-11-19 20:53:56 ----A---- C:\WINDOWS\system32\vsmonapi.dll
2008-11-19 20:53:07 ----A---- C:\WINDOWS\system32\vsutil.dll
2008-11-19 20:53:07 ----A---- C:\WINDOWS\system32\vsinit.dll
2008-11-19 20:53:07 ----A---- C:\WINDOWS\system32\vsdata.dll
2008-11-16 11:45:26 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-11-16 09:20:33 ----D---- C:\Documents and Settings\Rob Murray\Application Data\Stardock
2008-11-16 09:19:23 ----D---- C:\Documents and Settings\All Users\Application Data\Stardock
2008-11-16 09:05:42 ----HDC---- C:\Documents and Settings\All Users\Application Data\{C8EE221B-B5DA-4C2D-878A-57DAFBB8622E}
2008-11-16 08:50:57 ----A---- C:\WINDOWS\system32\advapi3.dll
2008-11-16 03:01:56 ----A---- C:\WINDOWS\system32\oesrwotsfmbxj.dll
2008-11-12 21:32:54 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 21:32:43 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-12 21:32:25 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$

======List of files/folders modified in the last 1 months======

2008-11-28 14:59:22 ----D---- C:\WINDOWS\Prefetch
2008-11-28 14:56:41 ----D---- C:\WINDOWS\Internet Logs
2008-11-28 13:47:21 ----D---- C:\WINDOWS\Temp
2008-11-27 21:38:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-27 21:35:53 ----A---- C:\WINDOWS\{00000002-00000000-00000001-00001102-00000008-10011102}.BAK
2008-11-27 21:35:47 ----A---- C:\WINDOWS\OPLIMIT.INI
2008-11-26 15:14:45 ----D---- C:\WINDOWS
2008-11-26 14:58:29 ----D---- C:\WINDOWS\Minidump
2008-11-25 21:19:06 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-25 20:38:37 ----D---- C:\WINDOWS\SYSTEM32
2008-11-25 20:38:36 ----HD---- C:\WINDOWS\INF
2008-11-24 13:03:17 ----D---- C:\Documents and Settings\All Users\Application Data\AVG7
2008-11-24 12:59:30 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2008-11-23 07:45:49 ----D---- C:\WINDOWS\Help
2008-11-21 17:17:52 ----RD---- C:\Program Files
2008-11-21 15:19:52 ----RD---- C:\WINDOWS\Web
2008-11-21 15:19:38 ----AC---- C:\WINDOWS\wininit.ini
2008-11-20 16:06:10 ----A---- C:\WINDOWS\cdPlayer.ini
2008-11-19 21:14:05 ----RHD---- C:\$VAULT$.AVG
2008-11-19 21:01:46 ----D---- C:\WINDOWS\system32\DRIVERS
2008-11-19 20:55:08 ----D---- C:\WINDOWS\system32\ZoneLabs
2008-11-18 20:19:07 ----A---- C:\rapport.txt
2008-11-18 18:37:11 ----A---- C:\WINDOWS\system32\tmp.txt
2008-11-18 18:34:58 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-17 17:24:38 ----SHD---- C:\System Volume Information
2008-11-17 17:24:38 ----D---- C:\WINDOWS\system32\Restore
2008-11-16 12:42:40 ----A---- C:\WINDOWS\NeroDigital.ini
2008-11-16 11:37:23 ----D---- C:\Documents and Settings\Rob Murray\Application Data\FrostWire
2008-11-16 09:41:27 ----RSD---- C:\WINDOWS\assembly
2008-11-16 09:41:27 ----D---- C:\WINDOWS\Microsoft.NET
2008-11-16 09:19:38 ----SHD---- C:\WINDOWS\Installer
2008-11-16 09:14:29 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-16 09:09:13 ----D---- C:\WINDOWS\WinSxS
2008-11-16 08:50:51 ----A---- C:\WINDOWS\system32\hdmnrugjkfesyrolj.exe
2008-11-13 14:34:19 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-12 21:32:52 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-12 21:32:48 ----A---- C:\WINDOWS\imsins.BAK
2008-11-08 09:04:35 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-11-08 09:04:25 ----D---- C:\Program Files\Common Files\Adobe
2008-11-08 09:04:25 ----D---- C:\Program Files\Adobe
2008-11-03 17:10:25 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ATMhelpr;ATMhelpr; C:\WINDOWS\system32\drivers\ATMhelpr.sys [1997-06-17 4064]
R1 Avg7Core;AVG7 Kernel; C:\WINDOWS\System32\Drivers\avg7core.sys [2007-10-23 821856]
R1 Avg7RsW;AVG7 Wrap Driver; C:\WINDOWS\System32\Drivers\avg7rsw.sys [2006-11-01 4224]
R1 Avg7RsXP;AVG7 Rezident Driver; C:\WINDOWS\System32\Drivers\avg7rsxp.sys [2007-02-27 27776]
R1 AvgClean;AVG7 Clean Driver; C:\WINDOWS\System32\Drivers\avgclean.sys [2007-12-31 10760]
R1 incdrm;InCD EasyWrite Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2003-04-21 7582]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2007-07-19 127768]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\System32\DRIVERS\omci.sys [2002-07-19 17153]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-07-09 394952]
R2 ATIBTCAP;ATI TV Wonder Video Capture; C:\WINDOWS\system32\drivers\atibtcap.sys [2002-11-04 58240]
R2 ATIBTXBAR;ATI TV Wonder Video Crossbar; C:\WINDOWS\system32\drivers\atibtxbr.sys [2002-11-04 6912]
R2 ATIVTUTW;ATI TV Wonder TV Tuner; C:\WINDOWS\system32\drivers\ativtutw.sys [2002-11-04 17664]
R2 ATIVXSTW;ATI TV Wonder Audio Crossbar; C:\WINDOWS\system32\drivers\ativxstw.sys [2002-11-04 28416]
R2 AvgTdi;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdi.sys [2006-11-01 4960]
R2 CommAgnt;ADI COMMAGNT; C:\WINDOWS\System32\DRIVERS\commagnt.sys [2002-03-19 8360]
R2 NIOC;NIOC Service; \??\C:\WINDOWS\system32\NIOC.SYS []
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2006-08-11 502272]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2006-08-11 499584]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2006-08-11 7168]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2006-08-11 143872]
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2002-04-30 139776]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2006-08-11 78336]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\System32\drivers\ha10kx2k.sys [2006-08-11 766976]
R3 hap17v2k;Creative P17V HAL Driver; C:\WINDOWS\System32\drivers\hap17v2k.sys [2006-08-11 180224]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-16 6557408]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2006-08-11 116224]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2004-04-01 10368]
R3 QCDonner;Logitech QuickCam Express(PID_0840); C:\WINDOWS\System32\DRIVERS\LVCD.sys [2002-06-10 39936]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2002-06-20 10144]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2002-06-20 39776]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-13 42752]
S3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
S3 avibjg9i;avibjg9i; C:\WINDOWS\system32\drivers\avibjg9i.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\System32\drivers\ctdvda2k.sys [2005-11-10 340704]
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\System32\drivers\hap16v2k.sys [2006-08-11 154112]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-03 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-03 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-03 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-03 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-03 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-03 19455]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-03 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-03 19551]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys []
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-03 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-03 23615]
S3 jbridgep;jbridgep; \??\C:\DOCUME~1\ROBMUR~1\LOCALS~1\Temp\jbridgep.sys []
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MR97310_VGA_DUAL_CAMERA;Dual-Mode Digital Camera; C:\WINDOWS\System32\DRIVERS\mr97310v.sys [2002-11-27 116126]
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\c:\PROGRA~1\COMMON~1\motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\c:\PROGRA~1\COMMON~1\motive\MRENDIS5.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NETMDUSB;Net MD; C:\WINDOWS\System32\Drivers\NETMDUSB.sys [2002-08-08 38951]
S3 nicadsl;DW-8000P Service; C:\WINDOWS\System32\DRIVERS\nicadsl.sys [2002-03-19 72332]
S3 NMSCFG;NIC Management Service Configuration Driver; \??\C:\WINDOWS\System32\drivers\NMSCFG.SYS []
S3 PRISM_USB;D-Link Air Wireless USB Adapter Driver; C:\WINDOWS\System32\DRIVERS\PRISMUSB.sys [2003-10-02 666624]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2002-08-05 545208]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WmFilter;Logitech WingMan HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2002-06-20 20128]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2002-06-20 5728]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 BsUDF;InCD UDF Driver; C:\WINDOWS\system32\drivers\BsUDF.sys [2002-08-21 364800]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 sr;System Restore Filter Driver; C:\WINDOWS\System32\DRIVERS\sr.sys [2008-04-13 73472]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-07-07 611664]
R2 Avg7Alrt;AVG7 Alert Manager Server; C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe [2007-10-23 418816]
R2 Avg7UpdSvc;AVG7 Update Service; C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe [2006-11-01 49664]
R2 AVGEMS;AVG E-mail Scanner; C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe [2007-12-31 406528]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-12 44032]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2007-11-13 66872]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe [2008-07-09 75304]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 WZCBDLService;WZCBDL Service; C:\Program Files\WZCBDL Service\WZCBDLS.exe [2002-03-19 36864]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-01-15 266240]
S2 MySql;MySql; C:/mysql/bin/mysqld-nt.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-26 138168]
S3 NBService;NBService; D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-15 774144]
S3 NMSSvc;Intel® NMS; C:\WINDOWS\System32\NMSSvc.exe [2002-05-03 1118208]
S3 SPTISRV;Sony SPTI Service; C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe [2002-12-24 65536]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:39 PM

Posted 28 November 2008 - 06:32 PM

Thanks for careful reading of my post and for the feedback. :thumbsup:

There are a lot of programs installed, some of them are not needed, some are leftovers, some of them are bad and the computer is also infected. We are going to do some cleaning along with disinfection.

Your log(s) show that you are using so called peer-to-peer or file-sharing programs (in your case Kazaa Lite, BitTorrent, LimeWire, and Azureus). These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

Also I see from the log you are using a registry cleaner. It is even scheduled to run. Here at BC we do not recommend using registry cleaners as it might irreversibly damage your computer.

Removal Instructions
  • I see on the log RON Tool Offersfortoday is installed on your computer:

    This program is known to be bundled with adware/spyware. You may read more about RON Tool Offersfortoday here:
    http://www.bleepingcomputer.com/uninstall/...0Offersfortoday
    http://research.sunbelt-software.com/threa...x?threatid=1692

    To uninstall RON Tool Offersfortoday:

    Click "start" on the taskbar and then click on the "Control Panel" icon.
    Please doubleclick the "Add or Remove Programs" icon.
    A list of programs installed will be "populated" this may take a bit of time.
    If they exist, uninstall the following by clicking on the following entries and selecting "remove":

    RON Tool Offersfortoday

  • Your version of ZoneAlarm Firewall comes with ZoneAlarm Spyblocker toolbar and this is not highly recommended. See here to find out why.

    I recommend you to uninstall ZoneAlarm Spyblocker toolbar:

    Click "start" on the taskbar and then click on the "Control Panel" icon.
    Please doubleclick the "Add or Remove Programs" icon.
    A list of programs installed will be "populated" this may take a bit of time.
    If they exist, uninstall the following by clicking on the following entries and selecting "remove":

    ZoneAlarm Spyblocker

    You may need to re-install ZoneAlarm Firewall if it's not working properly.

    Alternatively, you can get another firewall. Please make sure that only ONE firewall is installed on the computer. Having more than one firewall on a computer will cause conflicts.
    Here are some good free ones:
    Sunbelt-Kerio
    Comodo Firewall Pro
    Online Armor Free edition

  • You have still some leftovers from an incomplete uninstalled Norton Antivirus (Live update service and a couple of others) on your computer. They usually have a negative effect on the proper working of the system.

    To remove the leftovers please download and run the Norton Removal Tool.

    Warning: The Norton Removal Tool uninstalls all Norton 2008/2007/2006/2005/2004/2003 products and Norton 360 from your computer. If you use ACT! or WinFAX, back up those databases before you proceed.

  • Please download Malwarebytes' Anti-Malware from MajorGeeks
    • Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the MBAM log.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


  • Please run RSIT, set the list of Files/Folders created to 3 Months and copy/paste the content of log.txt to your reply (this time RSIT creates just one log).
Please copy/paste in your next reply:
  • The log of MBAM.
  • The RSIT log.


#5 mr_toad80

mr_toad80
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:39 PM

Posted 28 November 2008 - 10:51 PM

I've followed the steps. I also removed the Registry Cleaner program. Do you have other recommendations for cleaning the registry or is that kind of thing even needed?

After running MBAM, I'm still getting the advapi3.dll Threat Detection popup from AVG when I open my IE.

Malwarebytes' Anti-Malware 1.30
Database version: 1433
Windows 5.1.2600 Service Pack 3

11/28/08 6:47:34 PM
mbam-log-2008-11-28 (18-47-34).txt

Scan type: Quick Scan
Objects scanned: 67374
Time elapsed: 17 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 28
Registry Values Infected: 5
Registry Data Items Infected: 0
Folders Infected: 12
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e2c68274-7256-405a-9495-4c945e8bc31c} (Trojan.BHO.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{e2c68274-7256-405a-9495-4c945e8bc31c} (Trojan.BHO.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e2c68274-7256-405a-9495-4c945e8bc31c} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorertoolbar (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\WinIFixer.com (Rogue.WinIFixer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{636490d7-e746-ec79-63b5-e09b0e17e942} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{636490d7-e746-ec79-63b5-e09b0e17e942} (Adware.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Delete on reboot.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Rob Murray\Application Data\WinIFixer.com (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rob Murray\Application Data\WinIFixer.com\WinIFixer (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rob Murray\Application Data\WinIFixer.com\WinIFixer\Quarantine (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rob Murray\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rob Murray\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKCU (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rob Murray\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKCU\RunOnce (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rob Murray\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKLM (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rob Murray\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKLM\RunOnce (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rob Murray\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\StartMenuAllUsers (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rob Murray\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\StartMenuCurrentUser (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rob Murray\Application Data\WinIFixer.com\WinIFixer\Quarantine\BrowserObjects (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rob Murray\Application Data\WinIFixer.com\WinIFixer\Quarantine\Packages (Rogue.WinIFixer) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\SYSTEM32\advapi3.dll (Trojan.BHO.H) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\nszD.dll (Adware.BHO) -> Delete on reboot.




Logfile of random's system information tool 1.04 (written by random/random)
Run by Rob Murray at 2008-11-28 20:48:06
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 11 GB (37%) free of 29 GB
Total RAM: 767 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:48:19, on 11/28/08
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WZCBDL Service\WZCBDLS.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\OPLIMIT\ocrawr32.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Rob Murray\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Rob Murray.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F3 - REG:win.ini: load=C:\OPLIMIT\ocraware.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: (no name) - {E2C68274-7256-405A-9495-4C945E8BC31C} - C:\WINDOWS\system32\advapi3.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/games/clients/y/it1_x.cab
O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potb_x.cab
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {88D8E8B7-A33B-4417-A385-8373484D43ED} (InstallHelper Class) - file://C:\DOCUME~1\ROBMUR~1\LOCALS~1\Temp\ThereInstallHelper.2.0.2106.0.dll
O16 - DPF: {8B486EF6-6B2A-4A1E-BB0D-236CB2DBB8D2} (There Voice Trainer) - file://C:\Program Files\There\ThereClient\ThereVoiceTrainer.dll
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.skibanff.com/skicam/AxisCamControl.ocx
O16 - DPF: {AAF421E6-7914-430A-9981-72B31AFF3BF4} (There Launcher) - file://C:\Program Files\There\ThereClient\ThereLauncher.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://blacks.pnimedia.com/upload/activex/...upv2.0.0.10.cab?
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe (file missing)
O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Program Files\WZCBDL Service\WZCBDLS.exe

--
End of file - 11504 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\User_Feed_Synchronization-{025436F7-1634-4426-82EF-BB905DBC90EE}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - D:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar5.dll [2007-01-19 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-14 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E2C68274-7256-405A-9495-4C945E8BC31C}]
C:\WINDOWS\system32\advapi3.dll [2008-04-13 94720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]
C:\Program Files\Microsoft Money\System\mnyviewer.dll [2001-07-25 143420]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar5.dll [2007-01-19 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Update Detection"=C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [2001-08-16 28738]
"AVG7_CC"=C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe [2008-10-17 590848]
"CTSysVol"=C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe [2003-09-17 57344]
"CTDVDDET"=C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE [2003-06-18 45056]
"SBDrvDet"=C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe [2002-12-03 45056]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]
"nwiz"=nwiz.exe /install []
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"CTHelper"=C:\WINDOWS\CTHELPER.EXE [2006-08-11 17920]
"CTxfiHlp"=C:\WINDOWS\system32\CTXFIHLP.EXE [2006-08-11 18944]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"ZoneAlarm Client"=D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-07-09 919016]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-19 68856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-01-15 147456]
"CTSyncU.exe"=C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe [2006-09-28 700416]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-07-08 486856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmileboxTray]
C:\Documents and Settings\Rob Murray\Application Data\Smilebox\SmileboxTray.exe [2008-01-28 201352]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe

C:\Documents and Settings\Rob Murray\Start Menu\Programs\Startup
PowerReg Scheduler.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Kazaa Lite K++\Kazaa.kpp"="C:\Program Files\Kazaa Lite K++\Kazaa.kpp:*:Enabled:Kazaa"
"C:\Program Files\ICQ\Icq.exe"="C:\Program Files\ICQ\Icq.exe:*:Enabled:ICQ"
"C:\Program Files\BitTorrent\btdownloadgui.exe"="C:\Program Files\BitTorrent\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\Program Files\EA SPORTS\Madden NFL 2004\Updater.exe"="C:\Program Files\EA SPORTS\Madden NFL 2004\Updater.exe:*:Enabled:Updater"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\SpacialAudio\SAM2\SAM2.exe"="C:\Program Files\SpacialAudio\SAM2\SAM2.exe:*:Enabled:SAM2"
"D:\Program Files\SpacialAudio\SAM2\SAMBC.exe"="D:\Program Files\SpacialAudio\SAM2\SAMBC.exe:*:Enabled:SAMBC"
"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"D:\NES\NESTCL95.EXE"="D:\NES\NESTCL95.EXE:*:Enabled:NESTCL95"
"C:\Program Files\Microsoft Games\Freelancer\EXE\Freelancer.exe"="C:\Program Files\Microsoft Games\Freelancer\EXE\Freelancer.exe:*:Enabled:Freelancer"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"D:\Program Files\EA GAMES\Battlefield 2\BF2.exe"="D:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2"
"C:\Program Files\Grisoft\AVG Free\avginet.exe"="C:\Program Files\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG Free\avgcc.exe"="C:\Program Files\Grisoft\AVG Free\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Program Files\Grisoft\AVG Free\avgemc.exe"="C:\Program Files\Grisoft\AVG Free\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\Grisoft\AVG Free\avgamsvr.exe"="C:\Program Files\Grisoft\AVG Free\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe"="C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox"
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe"="C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup"
"D:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe"="D:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"D:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe"="D:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe:*:Enabled:Sid Meier's Civilization 4 Warlords"
"D:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe"="D:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Pitboss"
"D:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe"="D:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword"
"D:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe"="D:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"D:\Program Files\FrostWire\FrostWire.exe"="D:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 3 months======

2008-11-28 18:15:34 ----D---- C:\Documents and Settings\Rob Murray\Application Data\Malwarebytes
2008-11-28 18:15:25 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-28 18:15:25 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-28 17:56:44 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2008-11-28 14:59:09 ----D---- C:\rsit
2008-11-21 17:17:52 ----D---- C:\Program Files\Trend Micro
2008-11-21 13:24:23 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-19 20:55:23 ----D---- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-11-19 20:55:01 ----A---- C:\WINDOWS\zllsputility.exe
2008-11-19 20:55:01 ----A---- C:\WINDOWS\system32\SpOrder.dll
2008-11-19 20:54:11 ----A---- C:\WINDOWS\system32\vsregexp.dll
2008-11-19 20:54:11 ----A---- C:\WINDOWS\system32\libeay32_0.9.6l.dll
2008-11-19 20:54:07 ----A---- C:\WINDOWS\system32\zlcommdb.dll
2008-11-19 20:54:06 ----A---- C:\WINDOWS\system32\zlcomm.dll
2008-11-19 20:53:59 ----A---- C:\WINDOWS\system32\vswmi.dll
2008-11-19 20:53:58 ----A---- C:\WINDOWS\system32\zpeng24.dll
2008-11-19 20:53:58 ----A---- C:\WINDOWS\system32\vsxml.dll
2008-11-19 20:53:56 ----A---- C:\WINDOWS\system32\vspubapi.dll
2008-11-19 20:53:56 ----A---- C:\WINDOWS\system32\vsmonapi.dll
2008-11-19 20:53:07 ----A---- C:\WINDOWS\system32\vsutil.dll
2008-11-19 20:53:07 ----A---- C:\WINDOWS\system32\vsinit.dll
2008-11-19 20:53:07 ----A---- C:\WINDOWS\system32\vsdata.dll
2008-11-16 11:45:26 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-11-16 09:20:33 ----D---- C:\Documents and Settings\Rob Murray\Application Data\Stardock
2008-11-16 09:19:23 ----D---- C:\Documents and Settings\All Users\Application Data\Stardock
2008-11-16 09:05:42 ----HDC---- C:\Documents and Settings\All Users\Application Data\{C8EE221B-B5DA-4C2D-878A-57DAFBB8622E}
2008-11-16 08:50:57 ----A---- C:\WINDOWS\system32\advapi3.dll
2008-11-12 21:32:54 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 21:32:43 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-12 21:32:25 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-10-24 22:10:56 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-22 20:55:43 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-15 20:18:57 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-15 20:18:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-15 20:18:35 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-15 20:17:24 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-15 20:16:38 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-09-30 16:43:34 ----A---- C:\WINDOWS\system32\msxml4.dll
2008-09-27 15:00:16 ----D---- C:\Program Files\ConTEXT
2008-09-09 20:41:33 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-09 20:40:10 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-04 21:01:58 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-09-04 06:34:09 ----D---- C:\WINDOWS\Prefetch
2008-09-04 05:31:40 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-09-04 05:31:28 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-09-04 05:31:15 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-09-04 05:31:04 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-09-04 05:30:52 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-09-04 05:30:40 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-09-04 05:30:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-09-04 05:30:14 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-09-04 05:30:03 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-09-04 05:29:50 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-09-04 05:20:48 ----D---- C:\WINDOWS\system32\scripting
2008-09-04 05:20:37 ----D---- C:\WINDOWS\l2schemas
2008-09-04 05:20:35 ----D---- C:\WINDOWS\system32\en

======List of files/folders modified in the last 3 months======

2008-11-28 20:34:06 ----D---- C:\WINDOWS\Internet Logs
2008-11-28 18:52:23 ----D---- C:\WINDOWS\Temp
2008-11-28 18:50:48 ----RD---- C:\Program Files
2008-11-28 18:50:01 ----D---- C:\WINDOWS\system32\DRIVERS
2008-11-28 18:50:01 ----D---- C:\WINDOWS\SYSTEM32
2008-11-28 18:50:01 ----D---- C:\WINDOWS
2008-11-28 18:49:24 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-28 18:47:59 ----A---- C:\WINDOWS\{00000002-00000000-00000001-00001102-00000008-10011102}.BAK
2008-11-28 18:47:58 ----A---- C:\WINDOWS\OPLIMIT.INI
2008-11-28 18:13:20 ----SD---- C:\WINDOWS\Tasks
2008-11-28 18:05:34 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-28 18:01:16 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-11-26 14:58:29 ----D---- C:\WINDOWS\Minidump
2008-11-25 20:38:36 ----HD---- C:\WINDOWS\INF
2008-11-24 13:03:17 ----D---- C:\Documents and Settings\All Users\Application Data\AVG7
2008-11-24 12:59:30 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2008-11-23 07:45:49 ----D---- C:\WINDOWS\Help
2008-11-21 15:19:52 ----RD---- C:\WINDOWS\Web
2008-11-21 15:19:38 ----AC---- C:\WINDOWS\wininit.ini
2008-11-20 16:06:10 ----A---- C:\WINDOWS\cdPlayer.ini
2008-11-19 21:14:05 ----RHD---- C:\$VAULT$.AVG
2008-11-19 20:55:08 ----D---- C:\WINDOWS\system32\ZoneLabs
2008-11-18 20:19:07 ----A---- C:\rapport.txt
2008-11-18 18:37:11 ----A---- C:\WINDOWS\system32\tmp.txt
2008-11-18 18:34:58 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-17 17:24:38 ----SHD---- C:\System Volume Information
2008-11-17 17:24:38 ----D---- C:\WINDOWS\system32\Restore
2008-11-16 12:42:40 ----A---- C:\WINDOWS\NeroDigital.ini
2008-11-16 11:37:23 ----D---- C:\Documents and Settings\Rob Murray\Application Data\FrostWire
2008-11-16 09:41:27 ----RSD---- C:\WINDOWS\assembly
2008-11-16 09:41:27 ----D---- C:\WINDOWS\Microsoft.NET
2008-11-16 09:19:38 ----SHD---- C:\WINDOWS\Installer
2008-11-16 09:14:29 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-16 09:09:13 ----D---- C:\WINDOWS\WinSxS
2008-11-13 14:34:19 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-12 21:32:52 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-12 21:32:48 ----A---- C:\WINDOWS\imsins.BAK
2008-11-08 09:04:35 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-11-08 09:04:25 ----D---- C:\Program Files\Common Files\Adobe
2008-11-08 09:04:25 ----D---- C:\Program Files\Adobe
2008-11-03 17:10:25 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-22 20:56:22 ----D---- C:\Program Files\Lavasoft
2008-10-22 20:55:43 ----D---- C:\Program Files\Common Files
2008-10-22 20:54:15 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-16 14:07:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\muweb.dll
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-10-15 20:18:15 ----D---- C:\Program Files\Internet Explorer
2008-10-15 15:12:08 ----D---- C:\Documents and Settings\Rob Murray\Application Data\Azureus
2008-10-15 09:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-03 10:41:15 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-09-24 15:43:27 ----D---- C:\Program Files\Guild Wars
2008-09-23 14:12:33 ----D---- C:\WINDOWS\nview
2008-09-12 15:29:52 ----SD---- C:\Documents and Settings\Rob Murray\Application Data\Microsoft
2008-09-09 18:14:56 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-09-04 12:19:53 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-09-04 10:15:04 ----A---- C:\WINDOWS\system32\msxml3.dll
2008-09-04 06:35:52 ----AC---- C:\WINDOWS\OEWABLog.txt
2008-09-04 06:34:13 ----AC---- C:\WINDOWS\SETUPLOG.TXT
2008-09-04 06:32:57 ----D---- C:\WINDOWS\system32\Setup
2008-09-04 06:32:57 ----D---- C:\WINDOWS\AppPatch
2008-09-04 06:32:56 ----D---- C:\WINDOWS\system32\WBEM
2008-09-04 06:32:56 ----D---- C:\Program Files\Outlook Express
2008-09-04 06:32:56 ----D---- C:\Program Files\Common Files\System
2008-09-04 06:32:54 ----RSD---- C:\WINDOWS\Fonts
2008-09-04 06:31:37 ----D---- C:\WINDOWS\SECURITY
2008-09-04 05:31:43 ----D---- C:\WINDOWS\system32\CatRoot
2008-09-04 05:29:52 ----D---- C:\Program Files\Messenger
2008-09-04 05:21:29 ----D---- C:\WINDOWS\network diagnostic
2008-09-04 05:21:29 ----D---- C:\WINDOWS\IME
2008-09-04 05:20:49 ----D---- C:\WINDOWS\system32\USMT
2008-09-04 05:20:49 ----D---- C:\WINDOWS\system32\en-US
2008-09-04 05:20:34 ----D---- C:\WINDOWS\system32\bits
2008-09-04 05:20:34 ----D---- C:\WINDOWS\peernet
2008-09-04 05:20:33 ----D---- C:\Program Files\Movie Maker
2008-09-04 05:14:49 ----D---- C:\WINDOWS\system32\NPP
2008-09-04 05:14:47 ----D---- C:\WINDOWS\MSAGENT
2008-09-04 05:14:44 ----D---- C:\WINDOWS\SRCHASST
2008-09-04 05:14:42 ----D---- C:\Program Files\NetMeeting
2008-09-04 05:14:40 ----D---- C:\WINDOWS\system32\Com
2008-09-04 05:14:36 ----D---- C:\Program Files\Windows Media Player
2008-09-04 05:14:34 ----D---- C:\Program Files\Windows NT
2008-09-04 05:14:04 ----D---- C:\WINDOWS\system32\OOBE
2008-09-04 05:14:00 ----D---- C:\WINDOWS\SYSTEM
2008-09-04 05:08:49 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-09-04 05:08:28 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-09-04 05:03:03 ----D---- C:\WINDOWS\EHome

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ATMhelpr;ATMhelpr; C:\WINDOWS\system32\drivers\ATMhelpr.sys [1997-06-17 4064]
R1 Avg7Core;AVG7 Kernel; C:\WINDOWS\System32\Drivers\avg7core.sys [2007-10-23 821856]
R1 Avg7RsW;AVG7 Wrap Driver; C:\WINDOWS\System32\Drivers\avg7rsw.sys [2006-11-01 4224]
R1 Avg7RsXP;AVG7 Rezident Driver; C:\WINDOWS\System32\Drivers\avg7rsxp.sys [2007-02-27 27776]
R1 AvgClean;AVG7 Clean Driver; C:\WINDOWS\System32\Drivers\avgclean.sys [2007-12-31 10760]
R1 incdrm;InCD EasyWrite Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2003-04-21 7582]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2007-07-19 127768]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\System32\DRIVERS\omci.sys [2002-07-19 17153]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-07-09 394952]
R2 ATIBTCAP;ATI TV Wonder Video Capture; C:\WINDOWS\system32\drivers\atibtcap.sys [2002-11-04 58240]
R2 ATIBTXBAR;ATI TV Wonder Video Crossbar; C:\WINDOWS\system32\drivers\atibtxbr.sys [2002-11-04 6912]
R2 ATIVTUTW;ATI TV Wonder TV Tuner; C:\WINDOWS\system32\drivers\ativtutw.sys [2002-11-04 17664]
R2 ATIVXSTW;ATI TV Wonder Audio Crossbar; C:\WINDOWS\system32\drivers\ativxstw.sys [2002-11-04 28416]
R2 AvgTdi;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdi.sys [2006-11-01 4960]
R2 CommAgnt;ADI COMMAGNT; C:\WINDOWS\System32\DRIVERS\commagnt.sys [2002-03-19 8360]
R2 NIOC;NIOC Service; \??\C:\WINDOWS\system32\NIOC.SYS []
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2006-08-11 502272]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2006-08-11 499584]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2006-08-11 7168]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2006-08-11 143872]
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2002-04-30 139776]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2006-08-11 78336]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\System32\drivers\ha10kx2k.sys [2006-08-11 766976]
R3 hap17v2k;Creative P17V HAL Driver; C:\WINDOWS\System32\drivers\hap17v2k.sys [2006-08-11 180224]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-16 6557408]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2006-08-11 116224]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2004-04-01 10368]
R3 QCDonner;Logitech QuickCam Express(PID_0840); C:\WINDOWS\System32\DRIVERS\LVCD.sys [2002-06-10 39936]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2002-06-20 10144]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2002-06-20 39776]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-13 42752]
S3 a3620xz6;a3620xz6; C:\WINDOWS\system32\drivers\a3620xz6.sys []
S3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\System32\drivers\ctdvda2k.sys [2005-11-10 340704]
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\System32\drivers\hap16v2k.sys [2006-08-11 154112]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-03 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-03 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-03 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-03 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-03 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-03 19455]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-03 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-03 19551]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys []
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-03 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-03 23615]
S3 jbridgep;jbridgep; \??\C:\DOCUME~1\ROBMUR~1\LOCALS~1\Temp\jbridgep.sys []
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MR97310_VGA_DUAL_CAMERA;Dual-Mode Digital Camera; C:\WINDOWS\System32\DRIVERS\mr97310v.sys [2002-11-27 116126]
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\c:\PROGRA~1\COMMON~1\motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\c:\PROGRA~1\COMMON~1\motive\MRENDIS5.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NETMDUSB;Net MD; C:\WINDOWS\System32\Drivers\NETMDUSB.sys [2002-08-08 38951]
S3 nicadsl;DW-8000P Service; C:\WINDOWS\System32\DRIVERS\nicadsl.sys [2002-03-19 72332]
S3 NMSCFG;NIC Management Service Configuration Driver; \??\C:\WINDOWS\System32\drivers\NMSCFG.SYS []
S3 PRISM_USB;D-Link Air Wireless USB Adapter Driver; C:\WINDOWS\System32\DRIVERS\PRISMUSB.sys [2003-10-02 666624]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2002-08-05 545208]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WmFilter;Logitech WingMan HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2002-06-20 20128]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2002-06-20 5728]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 BsUDF;InCD UDF Driver; C:\WINDOWS\system32\drivers\BsUDF.sys [2002-08-21 364800]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 sr;System Restore Filter Driver; C:\WINDOWS\System32\DRIVERS\sr.sys [2008-04-13 73472]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-07-07 611664]
R2 Avg7Alrt;AVG7 Alert Manager Server; C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe [2007-10-23 418816]
R2 Avg7UpdSvc;AVG7 Update Service; C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe [2006-11-01 49664]
R2 AVGEMS;AVG E-mail Scanner; C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe [2007-12-31 406528]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-12 44032]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2007-11-13 66872]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe [2008-07-09 75304]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 WZCBDLService;WZCBDL Service; C:\Program Files\WZCBDL Service\WZCBDLS.exe [2002-03-19 36864]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-01-15 266240]
S2 MySql;MySql; C:/mysql/bin/mysqld-nt.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-26 138168]
S3 NBService;NBService; D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-15 774144]
S3 NMSSvc;Intel® NMS; C:\WINDOWS\System32\NMSSvc.exe [2002-05-03 1118208]
S3 SPTISRV;Sony SPTI Service; C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe [2002-12-24 65536]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:39 PM

Posted 29 November 2008 - 06:17 AM

I've followed the steps. I also removed the Registry Cleaner program. Do you have other recommendations for cleaning the registry or is that kind of thing even needed?

The clutters in the registry do no harm, however if you uninstall programs with a good uninstaller (Revo Uninstaller is good free uninstaller), it removes the clutters right away.

CCleander is a good cleaning tool with a registry cleaner. But even in that case using its registry cleaner should be with caution. If you want to install CCleaner in the process of installation you get the option to install Yahoo toolbar. Choose not to install Yahoo toolbar.

++++++++++++++++++++++++
  • Open your Malwarebytes' Anti-Malware, first update it, run a "quick scan", let reboot if needed and copy/paste the log to your reply.

    Note: If program needed to reboot to delete some items let it reboot and post the log produced after reboot
    .

  • Download ComboFix from one of these locations:

    Link 1
    Link 2
    Link 3

    * IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the [b]C:\ComboFix.txt
in your next reply.
[b]Please copy/paste in your next reply
:
  • The log of MBAM.
  • The Combofix log.
  • Any comment or feedback about how it went.


#7 mr_toad80

mr_toad80
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:39 PM

Posted 29 November 2008 - 01:22 PM

Hi again,

I've run both processes. I'm no longer getting the advapi3.dll Threat popup from AVG but the file still exists. Overall my computer seems to be running much better than it was before!

The MBAM log was created before the restart - not sure how to make it create one after the restart.

Malwarebytes' Anti-Malware 1.30
Database version: 1434
Windows 5.1.2600 Service Pack 3

11/29/08 10:21:14 AM
mbam-log-2008-11-29 (10-21-14).txt

Scan type: Quick Scan
Objects scanned: 67511
Time elapsed: 19 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e2c68274-7256-405a-9495-4c945e8bc31c} (Trojan.BHO.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{e2c68274-7256-405a-9495-4c945e8bc31c} (Trojan.BHO.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e2c68274-7256-405a-9495-4c945e8bc31c} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Delete on reboot.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\SYSTEM32\advapi3.dll (Trojan.BHO.H) -> Delete on reboot.




ComboFix 08-11-28.03 - Rob Murray 2008-11-29 10:38:37.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.375 [GMT -7:00]
Running from: c:\documents and settings\Rob Murray\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\INSTALL.LOG
C:\test.txt
c:\windows\Readme.txt
c:\windows\system32\advapi3.dll . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2008-10-28 to 2008-11-29 )))))))))))))))))))))))))))))))
.

2008-11-28 18:15 . 2008-11-28 18:15 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-28 18:15 . 2008-11-28 18:15 <DIR> d-------- c:\documents and settings\Rob Murray\Application Data\Malwarebytes
2008-11-28 18:15 . 2008-11-28 18:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-28 18:15 . 2008-10-22 16:28 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys
2008-11-28 18:15 . 2008-10-22 16:28 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys
2008-11-28 17:56 . 2008-11-28 17:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2008-11-28 14:59 . 2008-11-28 14:59 <DIR> d-------- C:\rsit
2008-11-25 20:38 . 2002-12-29 01:14 81,920 --a------ c:\windows\SYSTEM32\Startup.cpl
2008-11-21 17:17 . 2008-11-21 17:17 <DIR> d-------- c:\program files\Trend Micro
2008-11-21 13:24 . 2008-11-21 17:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-19 21:01 . 2008-11-29 10:56 3,262,496 --ahs---- c:\windows\SYSTEM32\DRIVERS\fidbox.dat
2008-11-19 21:01 . 2008-11-29 10:49 40,280 --ahs---- c:\windows\SYSTEM32\DRIVERS\fidbox.idx
2008-11-19 20:55 . 2008-11-19 20:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\MailFrontier
2008-11-19 20:55 . 2008-07-09 09:05 75,248 --a------ c:\windows\zllsputility.exe
2008-11-19 20:55 . 2004-04-27 04:40 11,264 --a------ c:\windows\SYSTEM32\SpOrder.dll
2008-11-19 20:55 . 2008-11-19 20:58 4,212 ---h----- c:\windows\SYSTEM32\zllictbl.dat
2008-11-19 20:53 . 2008-07-09 09:05 1,086,952 --a------ c:\windows\SYSTEM32\zpeng24.dll
2008-11-19 20:53 . 2008-11-29 10:53 352,918 --a------ c:\windows\SYSTEM32\vsconfig.xml
2008-11-16 11:45 . 2008-11-16 12:48 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-11-16 09:20 . 2008-11-16 09:22 <DIR> d-------- c:\documents and settings\Rob Murray\Application Data\Stardock
2008-11-16 09:19 . 2008-11-16 09:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\Stardock
2008-11-16 09:05 . 2008-11-16 09:19 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{C8EE221B-B5DA-4C2D-878A-57DAFBB8622E}
2008-11-16 08:50 . 2008-04-13 17:11 94,720 --a------ c:\windows\SYSTEM32\advapi3.dll
2008-11-12 12:50 . 2008-10-24 04:21 455,296 --------- c:\windows\SYSTEM32\DLLCACHE\mrxsmb.sys
2008-11-12 12:49 . 2008-09-04 10:15 1,106,944 --------- c:\windows\SYSTEM32\DLLCACHE\msxml3.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-29 01:01 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-24 20:03 --------- d-----w c:\documents and settings\All Users\Application Data\AVG7
2008-11-16 18:37 --------- d-----w c:\documents and settings\Rob Murray\Application Data\FrostWire
2008-11-13 21:34 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-08 16:04 --------- d-----w c:\program files\Common Files\Adobe
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 03:56 --------- d-----w c:\program files\Lavasoft
2008-10-23 03:55 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-10-23 03:54 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-10-15 22:12 --------- d-----w c:\documents and settings\Rob Murray\Application Data\Azureus
2008-07-06 00:30 62,464 ----a-w c:\documents and settings\Rob Murray\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E2C68274-7256-405A-9495-4C945E8BC31C}]
2008-04-13 17:11 94720 --a------ c:\windows\system32\advapi3.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-19 68856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 147456]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-09-28 700416]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-08 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-16 28738]
"AVG7_CC"="c:\progra~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-10-17 590848]
"CTSysVol"="c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"CTDVDDET"="c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2003-06-18 45056]
"SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"ZoneAlarm Client"="d:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"nwiz"="nwiz.exe" [2008-05-16 c:\windows\SYSTEM32\nwiz.exe]
"CTHelper"="CTHELPER.EXE" [2006-08-11 c:\windows\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 c:\windows\SYSTEM32\CTXFIHLP.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="c:\progra~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-23 219136]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-19 68856]

c:\documents and settings\Rob Murray\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2004-07-03 256000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-20 113664]
Microsoft Works Calendar Reminders.lnk - c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2001-08-07 24633]
ymetray.lnk - c:\program files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2008-02-05 54512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.UYVY"= c:\windows\system32\msyuv.DLL
"VIDC.I263"= i263_32.drv
"VIDC.YU12"= ATIYUV12.DLL
"VIDC.YUY2"= ATIVYUY.DLL
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"vidc.wmv3"= c:\progra~1\COMBIN~1\Filters\wmv9vcm.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmileboxTray]
--a------ 2008-01-28 16:27 201352 c:\documents and settings\Rob Murray\Application Data\Smilebox\SmileboxTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitTorrent\\btdownloadgui.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\NES\\NESTCL95.EXE"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"d:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"d:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"d:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe"=
"d:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"=
"d:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"d:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"d:\\Program Files\\FrostWire\\FrostWire.exe"=

R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\DRIVERS\bsstor.sys [2003-04-21 9344]
R0 qiojgegp;qiojgegp;c:\windows\system32\drivers\qiojgegp.sys [2002-08-29 23424]
R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMhelpr.sys [2003-03-07 4064]
R2 ATIBTCAP;ATI TV Wonder Video Capture;c:\windows\system32\drivers\atibtcap.sys [2004-07-08 58240]
R2 ATIBTXBAR;ATI TV Wonder Video Crossbar;c:\windows\system32\drivers\atibtxbr.sys [2004-07-08 6912]
R2 ATIVTUTW;ATI TV Wonder TV Tuner;c:\windows\system32\drivers\ativtutw.sys [2004-07-08 17664]
R2 ATIVXSTW;ATI TV Wonder Audio Crossbar;c:\windows\system32\drivers\ativxstw.sys [2004-07-08 28416]
R2 CommAgnt;ADI COMMAGNT;c:\windows\system32\DRIVERS\commagnt.sys [2002-03-19 8360]
R2 NIOC;NIOC Service;\??\c:\windows\system32\NIOC.SYS [2002-09-27 22912]
R2 WZCBDLService;WZCBDL Service;"c:\program files\WZCBDL Service\WZCBDLS.exe" [2002-03-19 36864]
S3 jbridgep;jbridgep;\??\c:\docume~1\ROBMUR~1\LOCALS~1\Temp\jbridgep.sys []
S3 MR97310_VGA_DUAL_CAMERA;Dual-Mode Digital Camera;c:\windows\system32\DRIVERS\mr97310v.sys [2003-09-23 116126]
S3 nicadsl;DW-8000P Service;c:\windows\system32\DRIVERS\nicadsl.sys [2002-03-19 72332]
S3 PRISM_USB;D-Link Air Wireless USB Adapter Driver;c:\windows\system32\DRIVERS\PRISMUSB.sys [2004-09-17 666624]
S4 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\BsUDF.sys [2003-04-21 364800]
.
Contents of the 'Scheduled Tasks' folder

2008-11-29 c:\windows\Tasks\User_Feed_Synchronization-{025436F7-1634-4426-82EF-BB905DBC90EE}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:58]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = 127.0.0.1

O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

c:\windows\Downloaded Program Files\ThereInstallHelper.dll - c:\windows\Downloaded Program Files\ThereInstallHelper.2.0.1953.0.dll
c:\windows\Downloaded Program Files\ThereInstallHelper.2.0.2106.0.dll
O16 -: {88D8E8B7-A33B-4417-A385-8373484D43ED}
file://c:\docume~1\ROBMUR~1\LOCALS~1\Temp\ThereInstallHelper.2.0.2106.0.dll

c:\windows\Downloaded Program Files\ThereVoiceTrainer.dll - O16 -: {8B486EF6-6B2A-4A1E-BB0D-236CB2DBB8D2}
file://c:\program files\There\ThereClient\ThereVoiceTrainer.dll

c:\windows\Downloaded Program Files\ThereLauncher.dll - O16 -: {AAF421E6-7914-430A-9981-72B31AFF3BF4}
file://c:\program files\There\ThereClient\ThereLauncher.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-29 10:51:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]
"ImagePath"="C:/mysql/bin/mysqld-nt.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]
"ImagePath"="C:/mysql/bin/mysqld-nt.exe"
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\ZoneLabs\vsmon.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\progra~1\Grisoft\AVGFRE~1\avgamsvr.exe
c:\windows\SYSTEM32\rundll32.exe
c:\progra~1\Grisoft\AVGFRE~1\avgupsvc.exe
c:\progra~1\Grisoft\AVGFRE~1\avgemc.exe
c:\windows\SYSTEM32\CTSVCCDA.EXE
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\SYSTEM32\nvsvc32.exe
c:\windows\SYSTEM32\PnkBstrA.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
.
**************************************************************************
.
Completion time: 2008-11-29 11:02:42 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-29 18:02:30

Pre-Run: 11,169,308,672 bytes free
Post-Run: 11,832,156,160 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

206 --- E O F --- 2008-11-13 04:36:54

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:39 PM

Posted 29 November 2008 - 05:20 PM

Well done and thanks for feedback. :thumbsup:

This is going to be a long session but it is a major (and due to AVG scan a long) session. We might round up soon if it goes well.
  • Open notepad and copy/paste the text in the code box below into it:

    http://www.bleepingcomputer.com/forums/t/181341/agentamaw-advapi3dll-and-offersfortoday-infection/?p=1023560
    
    Driver::
    qiojgegp
    jbridgep
    
    File::
    C:\WINDOWS\SYSTEM32\advapi3.dll
    
    Collect::[4]
    c:\windows\system32\drivers\qiojgegp.sys
    
    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E2C68274-7256-405A-9495-4C945E8BC31C}]

    Save this as CFScript.txt


    Posted Image


    Referring to the picture above, drag CFScript.txt into ComboFix.exe

    When finished, it shall produce a log for you. Post that log in your next reply.

    **Important Note**

    When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
    • Ensure you are connected to the internet and click OK on the message box.
    • A browser will open.
    • Simply follow the instructions to copy/paste/send the requested file.
  • Open your Malwarebytes' Anti-Malware, first update it, run a "quick scan", let reboot if needed and copy/paste the log to your reply.

  • AVG 7 is outdated. You need protection from an updated Antivirus.

    Visit http://free.avg.com/download?prd=afe to download AVG 8 free setup file to your desktop. Don't install it yet.

    • Go to Add/Remove programs and uninstall AVG 7.
    • Reboot.
    • Double click the downloaded setup file to Install AVG 8 then update it.
    • On the left side click Computer scanner and select Scan whole computer.
    • When the scan finished under Result Overview tap at the end of scan result click Export overview to file
    • Select File Type: All files Name:scan.txt and save it on your desktop.
    • Under Warnings tap press Remove all unhealed infections. Then close the application.
    • Copy/paste the content of scan.txt located on your desktop to your reply.
Please copy/paste in your next reply:
  • The Combofix log.
  • The log of MBAM.
  • The AVG 8 scan.
  • Any comment or feedback about how it went.


#9 mr_toad80

mr_toad80
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:39 PM

Posted 30 November 2008 - 03:55 AM

ComboFix never gave the option to submit anything for analysis. Other than that, everything went pretty smoothly - MBAM didn't even seem to detect anything this time.

ComboFix 08-11-29.03 - Rob Murray 2008-11-29 15:38:30.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.324 [GMT -7:00]
Running from: c:\documents and settings\Rob Murray\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Rob Murray\Desktop\CFscript.txt
* Created a new restore point

FILE ::
c:\windows\SYSTEM32\advapi3.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\SYSTEM32\advapi3.dll
c:\windows\system32\drivers\qiojgegp.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_JBRIDGEP
-------\Legacy_QIOJGEGP
-------\Service_jbridgep
-------\Service_qiojgegp


((((((((((((((((((((((((( Files Created from 2008-10-28 to 2008-11-29 )))))))))))))))))))))))))))))))
.

2008-11-28 18:15 . 2008-11-28 18:15 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-28 18:15 . 2008-11-28 18:15 <DIR> d-------- c:\documents and settings\Rob Murray\Application Data\Malwarebytes
2008-11-28 18:15 . 2008-11-28 18:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-28 18:15 . 2008-10-22 16:28 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys
2008-11-28 18:15 . 2008-10-22 16:28 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys
2008-11-28 17:56 . 2008-11-28 17:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2008-11-28 14:59 . 2008-11-28 14:59 <DIR> d-------- C:\rsit
2008-11-25 20:38 . 2002-12-29 01:14 81,920 --a------ c:\windows\SYSTEM32\Startup.cpl
2008-11-21 17:17 . 2008-11-21 17:17 <DIR> d-------- c:\program files\Trend Micro
2008-11-21 13:24 . 2008-11-21 17:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-19 21:01 . 2008-11-29 15:55 3,751,968 --ahs---- c:\windows\SYSTEM32\DRIVERS\fidbox.dat
2008-11-19 21:01 . 2008-11-29 15:50 46,040 --ahs---- c:\windows\SYSTEM32\DRIVERS\fidbox.idx
2008-11-19 20:55 . 2008-11-19 20:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\MailFrontier
2008-11-19 20:55 . 2008-07-09 09:05 75,248 --a------ c:\windows\zllsputility.exe
2008-11-19 20:55 . 2004-04-27 04:40 11,264 --a------ c:\windows\SYSTEM32\SpOrder.dll
2008-11-19 20:55 . 2008-11-19 20:58 4,212 ---h----- c:\windows\SYSTEM32\zllictbl.dat
2008-11-19 20:53 . 2008-07-09 09:05 1,086,952 --a------ c:\windows\SYSTEM32\zpeng24.dll
2008-11-19 20:53 . 2008-11-29 15:55 352,918 --a------ c:\windows\SYSTEM32\vsconfig.xml
2008-11-16 11:45 . 2008-11-16 12:48 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-11-16 09:20 . 2008-11-16 09:22 <DIR> d-------- c:\documents and settings\Rob Murray\Application Data\Stardock
2008-11-16 09:19 . 2008-11-16 09:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\Stardock
2008-11-16 09:05 . 2008-11-16 09:19 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{C8EE221B-B5DA-4C2D-878A-57DAFBB8622E}
2008-11-12 12:50 . 2008-10-24 04:21 455,296 --------- c:\windows\SYSTEM32\DLLCACHE\mrxsmb.sys
2008-11-12 12:49 . 2008-09-04 10:15 1,106,944 --------- c:\windows\SYSTEM32\DLLCACHE\msxml3.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-29 22:52 864,975 ----a-w c:\windows\Internet Logs\tvDebug.zip
2008-11-29 01:01 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-24 20:03 --------- d-----w c:\documents and settings\All Users\Application Data\AVG7
2008-11-19 01:37 4,586 ----a-w c:\windows\SYSTEM32\tmp.reg
2008-11-16 18:37 --------- d-----w c:\documents and settings\Rob Murray\Application Data\FrostWire
2008-11-13 21:34 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-08 16:04 --------- d-----w c:\program files\Common Files\Adobe
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 03:56 --------- d-----w c:\program files\Lavasoft
2008-10-23 03:55 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-10-23 03:54 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-10-16 21:13 202,776 ----a-w c:\windows\SYSTEM32\wuweb.dll
2008-10-16 21:13 202,776 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuweb.dll
2008-10-16 21:13 1,809,944 ----a-w c:\windows\SYSTEM32\wuaueng.dll
2008-10-16 21:13 1,809,944 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuaueng.dll
2008-10-16 21:12 561,688 ----a-w c:\windows\SYSTEM32\wuapi.dll
2008-10-16 21:12 561,688 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuapi.dll
2008-10-16 21:12 323,608 ----a-w c:\windows\SYSTEM32\wucltui.dll
2008-10-16 21:12 323,608 ----a-w c:\windows\SYSTEM32\DLLCACHE\wucltui.dll
2008-10-16 21:09 92,696 ----a-w c:\windows\SYSTEM32\DLLCACHE\cdm.dll
2008-10-16 21:09 92,696 ----a-w c:\windows\SYSTEM32\cdm.dll
2008-10-16 21:09 51,224 ----a-w c:\windows\SYSTEM32\wuauclt.exe
2008-10-16 21:09 51,224 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuauclt.exe
2008-10-16 21:09 43,544 ----a-w c:\windows\SYSTEM32\wups2.dll
2008-10-16 21:08 34,328 ----a-w c:\windows\SYSTEM32\wups.dll
2008-10-16 21:08 34,328 ----a-w c:\windows\SYSTEM32\DLLCACHE\wups.dll
2008-10-16 21:06 268,648 ----a-w c:\windows\SYSTEM32\mucltui.dll
2008-10-16 21:06 208,744 ----a-w c:\windows\SYSTEM32\muweb.dll
2008-10-15 22:12 --------- d-----w c:\documents and settings\Rob Murray\Application Data\Azureus
2008-10-15 16:34 337,408 ------w c:\windows\SYSTEM32\DLLCACHE\netapi32.dll
2008-10-03 17:41 6,066,176 ------w c:\windows\SYSTEM32\DLLCACHE\ieframe.dll
2008-09-30 23:43 1,286,152 ----a-w c:\windows\SYSTEM32\msxml4.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\SYSTEM32\win32k.sys
2008-09-15 12:12 1,846,400 ------w c:\windows\SYSTEM32\DLLCACHE\win32k.sys
2008-09-10 01:14 1,307,648 ------w c:\windows\SYSTEM32\msxml6.dll
2008-09-10 01:14 1,307,648 ------w c:\windows\SYSTEM32\DLLCACHE\msxml6.dll
2008-09-08 10:41 333,824 ------w c:\windows\SYSTEM32\DLLCACHE\srv.sys
2008-09-04 17:15 1,106,944 ----a-w c:\windows\SYSTEM32\msxml3.dll
2008-07-06 00:30 62,464 ----a-w c:\documents and settings\Rob Murray\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( snapshot@2008-11-29_11.01.06.98 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-21 03:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-19 68856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 147456]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-09-28 700416]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-08 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-16 28738]
"AVG7_CC"="c:\progra~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-10-17 590848]
"CTSysVol"="c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"CTDVDDET"="c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2003-06-18 45056]
"SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"ZoneAlarm Client"="d:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"nwiz"="nwiz.exe" [2008-05-16 c:\windows\SYSTEM32\nwiz.exe]
"CTHelper"="CTHELPER.EXE" [2006-08-11 c:\windows\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 c:\windows\SYSTEM32\CTXFIHLP.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="c:\progra~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-23 219136]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-19 68856]

c:\documents and settings\Rob Murray\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2004-07-03 256000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-20 113664]
Microsoft Works Calendar Reminders.lnk - c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2001-08-07 24633]
ymetray.lnk - c:\program files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2008-02-05 54512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.UYVY"= c:\windows\system32\msyuv.DLL
"VIDC.I263"= i263_32.drv
"VIDC.YU12"= ATIYUV12.DLL
"VIDC.YUY2"= ATIVYUY.DLL
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"vidc.wmv3"= c:\progra~1\COMBIN~1\Filters\wmv9vcm.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmileboxTray]
--a------ 2008-01-28 16:27 201352 c:\documents and settings\Rob Murray\Application Data\Smilebox\SmileboxTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitTorrent\\btdownloadgui.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\NES\\NESTCL95.EXE"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"d:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"d:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"d:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe"=
"d:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"=
"d:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"d:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"d:\\Program Files\\FrostWire\\FrostWire.exe"=

R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\DRIVERS\bsstor.sys [2003-04-21 9344]
R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMhelpr.sys [2003-03-07 4064]
R2 ATIBTCAP;ATI TV Wonder Video Capture;c:\windows\system32\drivers\atibtcap.sys [2004-07-08 58240]
R2 ATIBTXBAR;ATI TV Wonder Video Crossbar;c:\windows\system32\drivers\atibtxbr.sys [2004-07-08 6912]
R2 ATIVTUTW;ATI TV Wonder TV Tuner;c:\windows\system32\drivers\ativtutw.sys [2004-07-08 17664]
R2 ATIVXSTW;ATI TV Wonder Audio Crossbar;c:\windows\system32\drivers\ativxstw.sys [2004-07-08 28416]
R2 CommAgnt;ADI COMMAGNT;c:\windows\system32\DRIVERS\commagnt.sys [2002-03-19 8360]
R2 NIOC;NIOC Service;\??\c:\windows\system32\NIOC.SYS [2002-09-27 22912]
R2 WZCBDLService;WZCBDL Service;"c:\program files\WZCBDL Service\WZCBDLS.exe" [2002-03-19 36864]
S3 MR97310_VGA_DUAL_CAMERA;Dual-Mode Digital Camera;c:\windows\system32\DRIVERS\mr97310v.sys [2003-09-23 116126]
S3 nicadsl;DW-8000P Service;c:\windows\system32\DRIVERS\nicadsl.sys [2002-03-19 72332]
S3 PRISM_USB;D-Link Air Wireless USB Adapter Driver;c:\windows\system32\DRIVERS\PRISMUSB.sys [2004-09-17 666624]
S4 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\BsUDF.sys [2003-04-21 364800]

*Newly Created Service* - QIOJGEGP
.
Contents of the 'Scheduled Tasks' folder

2008-11-29 c:\windows\Tasks\User_Feed_Synchronization-{025436F7-1634-4426-82EF-BB905DBC90EE}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:58]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-29 15:52:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]
"ImagePath"="C:/mysql/bin/mysqld-nt.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]
"ImagePath"="C:/mysql/bin/mysqld-nt.exe"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3128)
c:\windows\system32\ctagent.dll
c:\program files\Microsoft Office\Office10\msohev.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\ZoneLabs\vsmon.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\progra~1\Grisoft\AVGFRE~1\avgamsvr.exe
c:\progra~1\Grisoft\AVGFRE~1\avgupsvc.exe
c:\progra~1\Grisoft\AVGFRE~1\avgemc.exe
c:\windows\SYSTEM32\CTSVCCDA.EXE
c:\windows\SYSTEM32\nvsvc32.exe
c:\windows\SYSTEM32\PnkBstrA.exe
c:\windows\SYSTEM32\rundll32.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
.
**************************************************************************
.
Completion time: 2008-11-29 16:02:25 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-29 23:02:12
ComboFix2.txt 2008-11-29 18:02:52

Pre-Run: 11,725,537,280 bytes free
Post-Run: 11,644,956,672 bytes free

223 --- E O F --- 2008-11-13 04:36:54



Malwarebytes' Anti-Malware 1.30
Database version: 1435
Windows 5.1.2600 Service Pack 3

11/29/08 4:13:11 PM
mbam-log-2008-11-29 (16-13-11).txt

Scan type: Quick Scan
Objects scanned: 54712
Time elapsed: 7 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)





"Scan ""Scan whole computer"" was finished."
"Infections found:";"7"
"Infected objects removed or healed:";"7"
"Not removed or healed:";"0"
"Spyware found:";"2"
"Spyware removed:";"2"
"Not removed:";"0"
"Warnings count:";"473"
"Information count:";"0"
"Scan started:";"November 29, 2008, 4:31:27 PM"
"Scan finished:";"November 29, 2008, 7:34:11 PM (3 hour(s) 2 minute(s) 44 second(s))"
"Total object scanned:";"862659"
"User who launched the scan:";"Rob Murray"

"Infections"
"File";"Infection";"Result"
"C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\_advapi3_.dll.zip";"Trojan horse Agent.4.O";"Moved to Virus Vault"
"C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\_advapi3_.dll.zip:\advapi3.dll";"Trojan horse Agent.4.O";"Moved to Virus Vault"
"D:\Classic Games\Interactive Girls\CAMMAN\FXNOSHOW.EXE";"Suspicion: unknown virus .EXE.COM";"Moved to Virus Vault"
"D:\Classic Games\Interactive Girls\JO\IGC.EXE";"Suspicion: unknown virus .EXE.COM";"Moved to Virus Vault"
"D:\Classic Games\Interactive Girls\PROGRAM\FXNOSHOW.EXE";"Suspicion: unknown virus .EXE.COM";"Moved to Virus Vault"
"D:\Classic Games\Interactive Girls\TERESA\IGC.EXE";"Suspicion: unknown virus .EXE.COM";"Moved to Virus Vault"
"D:\Classic Games\Interactive Girls\VIDA\IGC.EXE";"Suspicion: unknown virus .EXE.COM";"Moved to Virus Vault"

"Spyware"
"File";"Infection";"Result"
"C:\Program Files\GameSpy Arcade\GSAPak.exe";"Adware Generic2.ZHX";"Moved to Virus Vault"
"C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP5\A0000591.exe";"Adware Generic2.ZHX";"Moved to Virus Vault"

"Warnings"
"File";"Infection";"Result"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@247realmedia[2].txt";"Found Tracking cookie.247realmedia";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@247realmedia[2].txt:\247realmedia.com.855b46d";"Found Tracking cookie.247realmedia";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@247realmedia[2].txt:\247realmedia.com.964cd308";"Found Tracking cookie.247realmedia";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@247realmedia[2].txt:\247realmedia.com.d90d45cf";"Found Tracking cookie.247realmedia";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@247realmedia[3].txt";"Found Tracking cookie.247realmedia";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@247realmedia[3].txt:\247realmedia.com.855b46d";"Found Tracking cookie.247realmedia";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@247realmedia[3].txt:\247realmedia.com.d90d45cf";"Found Tracking cookie.247realmedia";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@2o7[2].txt";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@2o7[2].txt:\2o7.net.2de2fa10";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@2o7[2].txt:\2o7.net.3bcedd4f";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@2o7[2].txt:\2o7.net.41207ad0";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@2o7[2].txt:\2o7.net.4692d914";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@2o7[2].txt:\2o7.net.706680ba";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@2o7[2].txt:\2o7.net.bcfe2971";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@2o7[2].txt:\2o7.net.6df8268d";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@2o7[2].txt:\2o7.net.7815c7ab";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@2o7[2].txt:\2o7.net.85055f96";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@2o7[2].txt:\2o7.net.8f944226";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@2o7[2].txt:\2o7.net.c4154c4c";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@2o7[2].txt:\2o7.net.ca30b7c8";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@2o7[2].txt:\2o7.net.71ff4456";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@2o7[2].txt:\2o7.net.89d7a751";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@2o7[2].txt:\2o7.net.d3932de8";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@2o7[2].txt:\2o7.net.db91628d";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@2o7[2].txt:\2o7.net.f203d064";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@ad.yieldmanager[2].txt";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@ad.yieldmanager[2].txt:\ad.yieldmanager.com.539b0606";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@ad.yieldmanager[2].txt:\ad.yieldmanager.com.557bf2b0";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@ad.yieldmanager[2].txt:\ad.yieldmanager.com.830b6f08";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@ad.yieldmanager[2].txt:\ad.yieldmanager.com.b68f2b7b";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@ad.yieldmanager[2].txt:\ad.yieldmanager.com.e762f029";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@ad.yieldmanager[2].txt:\ad.yieldmanager.com.ff92306";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@ad.yieldmanager[3].txt";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@ad.yieldmanager[3].txt:\ad.yieldmanager.com.539b0606";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@ad.yieldmanager[3].txt:\ad.yieldmanager.com.557bf2b0";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@ad.yieldmanager[3].txt:\ad.yieldmanager.com.830b6f08";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@ad.yieldmanager[3].txt:\ad.yieldmanager.com.87a9ab5d";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@ad.yieldmanager[3].txt:\ad.yieldmanager.com.8a47878";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@ad.yieldmanager[3].txt:\ad.yieldmanager.com.b4be891c";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@ad.yieldmanager[3].txt:\ad.yieldmanager.com.e762f029";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@ad.yieldmanager[3].txt:\ad.yieldmanager.com.eec26c3e";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@ad.yieldmanager[3].txt:\ad.yieldmanager.com.b68f2b7b";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@ad.yieldmanager[3].txt:\ad.yieldmanager.com.c982816c";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@ad.yieldmanager[3].txt:\ad.yieldmanager.com.cfb9f79a";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@ad.yieldmanager[3].txt:\ad.yieldmanager.com.ff92306";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@ad.yieldmanager[5].txt";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@ad.yieldmanager[5].txt:\ad.yieldmanager.com.539b0606";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@ad.yieldmanager[5].txt:\ad.yieldmanager.com.557bf2b0";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@ad.yieldmanager[5].txt:\ad.yieldmanager.com.830b6f08";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@ad.yieldmanager[5].txt:\ad.yieldmanager.com.8a47878";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@ad.yieldmanager[5].txt:\ad.yieldmanager.com.b68f2b7b";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@ad.yieldmanager[5].txt:\ad.yieldmanager.com.e762f029";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@ad.yieldmanager[5].txt:\ad.yieldmanager.com.ff92306";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@adbrite[1].txt";"Found Tracking cookie.Adbrite";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@adbrite[1].txt:\adbrite.com.557c9f74";"Found Tracking cookie.Adbrite";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@adbrite[1].txt:\adbrite.com.71beeff9";"Found Tracking cookie.Adbrite";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@adbrite[1].txt:\adbrite.com.d5e309c2";"Found Tracking cookie.Adbrite";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@adbrite[3].txt";"Found Tracking cookie.Adbrite";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@adbrite[3].txt:\adbrite.com.44f92a69";"Found Tracking cookie.Adbrite";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@adbrite[3].txt:\adbrite.com.557c9f74";"Found Tracking cookie.Adbrite";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@adbrite[3].txt:\adbrite.com.71beeff9";"Found Tracking cookie.Adbrite";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@adbrite[3].txt:\adbrite.com.d5e309c2";"Found Tracking cookie.Adbrite";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@adbrite[4].txt";"Found Tracking cookie.Adbrite";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@adbrite[4].txt:\adbrite.com.44f92a69";"Found Tracking cookie.Adbrite";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@adbrite[4].txt:\adbrite.com.71beeff9";"Found Tracking cookie.Adbrite";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@adbrite[4].txt:\adbrite.com.d5e309c2";"Found Tracking cookie.Adbrite";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@admarketplace[1].txt";"Found Tracking cookie.Admarketplace";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@admarketplace[1].txt:\admarketplace.net.69780f9f";"Found Tracking cookie.Admarketplace";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@adopt.euroclick[1].txt";"Found Tracking cookie.Euroclick";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@adopt.euroclick[1].txt:\adopt.euroclick.com.17044b51";"Found Tracking cookie.Euroclick";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@adopt.euroclick[1].txt:\adopt.euroclick.com.6d7740f7";"Found Tracking cookie.Euroclick";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@adopt.euroclick[1].txt:\adopt.euroclick.com.891542da";"Found Tracking cookie.Euroclick";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@adopt.euroclick[1].txt:\adopt.euroclick.com.8b1bd7bc";"Found Tracking cookie.Euroclick";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@adopt.euroclick[1].txt:\adopt.euroclick.com.ffe11db7";"Found Tracking cookie.Euroclick";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@adopt.euroclick[2].txt";"Found Tracking cookie.Euroclick";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@adopt.euroclick[2].txt:\adopt.euroclick.com.17044b51";"Found Tracking cookie.Euroclick";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@adopt.euroclick[2].txt:\adopt.euroclick.com.6d7740f7";"Found Tracking cookie.Euroclick";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@adopt.euroclick[2].txt:\adopt.euroclick.com.891542da";"Found Tracking cookie.Euroclick";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@adopt.euroclick[2].txt:\adopt.euroclick.com.8b1bd7bc";"Found Tracking cookie.Euroclick";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@adopt.euroclick[2].txt:\adopt.euroclick.com.fb764ef7";"Found Tracking cookie.Euroclick";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@adopt.euroclick[2].txt:\adopt.euroclick.com.ffe11db7";"Found Tracking cookie.Euroclick";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@adopt.euroclick[3].txt";"Found Tracking cookie.Euroclick";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@adopt.euroclick[3].txt:\adopt.euroclick.com.17044b51";"Found Tracking cookie.Euroclick";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@adopt.euroclick[3].txt:\adopt.euroclick.com.6d7740f7";"Found Tracking cookie.Euroclick";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@adopt.euroclick[3].txt:\adopt.euroclick.com.891542da";"Found Tracking cookie.Euroclick";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@adopt.euroclick[3].txt:\adopt.euroclick.com.8b1bd7bc";"Found Tracking cookie.Euroclick";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@adopt.euroclick[3].txt:\adopt.euroclick.com.fb764ef7";"Found Tracking cookie.Euroclick";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@adrevolver[2].txt";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@adrevolver[2].txt:\adrevolver.com.9b9d670a";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@adrevolver[2].txt:\adrevolver.com.f6cfcad4";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@adrevolver[3].txt";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@adrevolver[3].txt:\adrevolver.com.4a719aa9";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@adrevolver[3].txt:\adrevolver.com.9b9d670a";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@adrevolver[3].txt:\adrevolver.com.b595d4db";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@adrevolver[3].txt:\adrevolver.com.f6cfcad4";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@advertising[1].txt";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@advertising[1].txt:\advertising.com.1820df7a";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@advertising[1].txt:\advertising.com.1dfa2206";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@advertising[1].txt:\advertising.com.203aa218";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@advertising[1].txt:\advertising.com.525a5fb9";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@advertising[1].txt:\advertising.com.b624fa46";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@advertising[1].txt:\advertising.com.f62113d5";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@advertising[2].txt";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@advertising[2].txt:\advertising.com.1820df7a";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@advertising[2].txt:\advertising.com.203aa218";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@advertising[2].txt:\advertising.com.525a5fb9";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@advertising[2].txt:\advertising.com.b624fa46";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@advertising[2].txt:\advertising.com.f62113d5";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@atdmt[2].txt";"Found Tracking cookie.Atdmt";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@atdmt[2].txt:\atdmt.com.b3e33b5f";"Found Tracking cookie.Atdmt";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@atdmt[3].txt";"Found Tracking cookie.Atdmt";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@atdmt[3].txt:\atdmt.com.b3e33b5f";"Found Tracking cookie.Atdmt";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@atdmt[4].txt";"Found Tracking cookie.Atdmt";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@atdmt[4].txt:\atdmt.com.b3e33b5f";"Found Tracking cookie.Atdmt";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@atdmt[5].txt";"Found Tracking cookie.Atdmt";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@atdmt[5].txt:\atdmt.com.b3e33b5f";"Found Tracking cookie.Atdmt";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@atdmt[6].txt";"Found Tracking cookie.Atdmt";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@atdmt[6].txt:\atdmt.com.b3e33b5f";"Found Tracking cookie.Atdmt";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@bluestreak[1].txt";"Found Tracking cookie.Bluestreak";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@bluestreak[1].txt:\bluestreak.com.bf396750";"Found Tracking cookie.Bluestreak";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@bs.serving-sys[1].txt";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@bs.serving-sys[1].txt:\bs.serving-sys.com.5bf1f00f";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@bs.serving-sys[3].txt";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@bs.serving-sys[3].txt:\bs.serving-sys.com.5bf1f00f";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@burstnet[2].txt";"Found Tracking cookie.Burstnet";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@burstnet[2].txt:\burstnet.com.27341d57";"Found Tracking cookie.Burstnet";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@burstnet[2].txt:\burstnet.com.c4fe2ebb";"Found Tracking cookie.Burstnet";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@casalemedia[1].txt";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@casalemedia[1].txt:\casalemedia.com.1773afc";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@casalemedia[1].txt:\casalemedia.com.1d158016";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@casalemedia[1].txt:\casalemedia.com.5e43734d";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@casalemedia[1].txt:\casalemedia.com.6a12b080";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@casalemedia[1].txt:\casalemedia.com.80ad4799";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@casalemedia[1].txt:\casalemedia.com.837115b5";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@casalemedia[1].txt:\casalemedia.com.987e6b46";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@casalemedia[2].txt";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@casalemedia[2].txt:\casalemedia.com.80ad4799";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@casalemedia[2].txt:\casalemedia.com.1773afc";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@casalemedia[2].txt:\casalemedia.com.1d158016";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@casalemedia[2].txt:\casalemedia.com.6a12b080";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@casalemedia[2].txt:\casalemedia.com.987e6b46";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@casalemedia[3].txt";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@casalemedia[3].txt:\casalemedia.com.1773afc";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@casalemedia[3].txt:\casalemedia.com.1d158016";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@casalemedia[3].txt:\casalemedia.com.6a12b080";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@casalemedia[3].txt:\casalemedia.com.80ad4799";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@casalemedia[3].txt:\casalemedia.com.987e6b46";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@casalemedia[5].txt";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@casalemedia[5].txt:\casalemedia.com.1773afc";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@casalemedia[5].txt:\casalemedia.com.1d158016";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@casalemedia[5].txt:\casalemedia.com.6a12b080";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@casalemedia[5].txt:\casalemedia.com.837115b5";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@casalemedia[5].txt:\casalemedia.com.80ad4799";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@casalemedia[5].txt:\casalemedia.com.987e6b46";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@clickbank[1].txt";"Found Tracking cookie.Clickbank";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@clickbank[1].txt:\clickbank.net.82079eb1";"Found Tracking cookie.Clickbank";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@clickbank[2].txt";"Found Tracking cookie.Clickbank";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@clickbank[2].txt:\clickbank.net.82079eb1";"Found Tracking cookie.Clickbank";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@doubleclick[1].txt";"Found Tracking cookie.Doubleclick";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@doubleclick[1].txt:\doubleclick.net.bf396750";"Found Tracking cookie.Doubleclick";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@doubleclick[2].txt";"Found Tracking cookie.Doubleclick";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@doubleclick[2].txt:\doubleclick.net.bf396750";"Found Tracking cookie.Doubleclick";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@doubleclick[3].txt";"Found Tracking cookie.Doubleclick";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@doubleclick[3].txt:\doubleclick.net.bf396750";"Found Tracking cookie.Doubleclick";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@doubleclick[5].txt";"Found Tracking cookie.Doubleclick";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@doubleclick[5].txt:\doubleclick.net.bf396750";"Found Tracking cookie.Doubleclick";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@enhance[1].txt";"Found Tracking cookie.Enhance";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@enhance[1].txt:\enhance.com.2ff9c31e";"Found Tracking cookie.Enhance";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@enhance[1].txt:\enhance.com.378d31e7";"Found Tracking cookie.Enhance";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@fastclick[1].txt";"Found Tracking cookie.Fastclick";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@fastclick[1].txt:\fastclick.net.8a6435e9";"Found Tracking cookie.Fastclick";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@fastclick[1].txt:\fastclick.net.8dd1284a";"Found Tracking cookie.Fastclick";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@fastclick[1].txt:\fastclick.net.9b41aa53";"Found Tracking cookie.Fastclick";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@fortunecity[2].txt";"Found Tracking cookie.Fortunecity";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@fortunecity[2].txt:\fortunecity.com.7e17098e";"Found Tracking cookie.Fortunecity";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@fortunecity[2].txt:\fortunecity.com.855b46d";"Found Tracking cookie.Fortunecity";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@fortunecity[2].txt:\fortunecity.com.ce59db3e";"Found Tracking cookie.Fortunecity";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@fortunecity[2].txt:\fortunecity.com.d90d45cf";"Found Tracking cookie.Fortunecity";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@fortunecity[2].txt:\fortunecity.com.ef906bac";"Found Tracking cookie.Fortunecity";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@gamershell[1].txt";"Found Tracking cookie.Gamershell";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@gamershell[1].txt:\gamershell.com.13a6979d";"Found Tracking cookie.Gamershell";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@gamershell[1].txt:\gamershell.com.99c35e71";"Found Tracking cookie.Gamershell";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@hitbox[2].txt";"Found Tracking cookie.Hitbox";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@hitbox[2].txt:\hitbox.com.2b95f8a3";"Found Tracking cookie.Hitbox";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@hitbox[2].txt:\hitbox.com.bbf2a6e8";"Found Tracking cookie.Hitbox";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@hitbox[3].txt";"Found Tracking cookie.Hitbox";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@hitbox[3].txt:\hitbox.com.2b95f8a3";"Found Tracking cookie.Hitbox";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@hitbox[3].txt:\hitbox.com.bbf2a6e8";"Found Tracking cookie.Hitbox";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@hitbox[4].txt";"Found Tracking cookie.Hitbox";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@hitbox[4].txt:\hitbox.com.2b95f8a3";"Found Tracking cookie.Hitbox";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@hitbox[4].txt:\hitbox.com.bbf2a6e8";"Found Tracking cookie.Hitbox";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@hypertracker[1].txt";"Found Tracking cookie.Hypertracker";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@hypertracker[1].txt:\hypertracker.com.5d424ee9";"Found Tracking cookie.Hypertracker";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@m.webtrends[1].txt";"Found Tracking cookie.Webtrends";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@m.webtrends[1].txt:\m.webtrends.com.b4ca7df0";"Found Tracking cookie.Webtrends";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@m.webtrends[3].txt";"Found Tracking cookie.Webtrends";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@m.webtrends[3].txt:\m.webtrends.com.b4ca7df0";"Found Tracking cookie.Webtrends";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@media.adrevolver[1].txt";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@media.adrevolver[1].txt:\media.adrevolver.com.5fed601d";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@media.adrevolver[3].txt";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@media.adrevolver[3].txt:\media.adrevolver.com.2be00b0";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@media.adrevolver[3].txt:\media.adrevolver.com.5fed601d";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@media.adrevolver[5].txt";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@media.adrevolver[5].txt:\media.adrevolver.com.2be00b0";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@media.adrevolver[5].txt:\media.adrevolver.com.5fed601d";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@mediaplex[1].txt";"Found Tracking cookie.Mediaplex";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@mediaplex[1].txt:\mediaplex.com.f652b123";"Found Tracking cookie.Mediaplex";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@mediaplex[2].txt";"Found Tracking cookie.Mediaplex";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@mediaplex[2].txt:\mediaplex.com.f652b123";"Found Tracking cookie.Mediaplex";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@mediaplex[4].txt";"Found Tracking cookie.Mediaplex";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@mediaplex[4].txt:\mediaplex.com.dc30fb3c";"Found Tracking cookie.Mediaplex";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@mediaplex[4].txt:\mediaplex.com.f652b123";"Found Tracking cookie.Mediaplex";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@msnportal.112.2o7[1].txt";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@msnportal.112.2o7[1].txt:\msnportal.112.2o7.net.7225be6f";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@msnportal.112.2o7[2].txt";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@msnportal.112.2o7[2].txt:\msnportal.112.2o7.net.7225be6f";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@msnportal.112.2o7[3].txt";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@msnportal.112.2o7[3].txt:\msnportal.112.2o7.net.7225be6f";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@msnportal.112.2o7[4].txt";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@msnportal.112.2o7[4].txt:\msnportal.112.2o7.net.7225be6f";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@msnportal.112.2o7[5].txt";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@msnportal.112.2o7[5].txt:\msnportal.112.2o7.net.7225be6f";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@overture[1].txt";"Found Tracking cookie.Overture";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@overture[1].txt:\overture.com.52ca467a";"Found Tracking cookie.Overture";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@overture[1].txt:\overture.com.bbef524a";"Found Tracking cookie.Overture";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@overture[1].txt:\overture.com.d727de6f";"Found Tracking cookie.Overture";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@overture[2].txt";"Found Tracking cookie.Overture";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@overture[2].txt:\overture.com.52ca467a";"Found Tracking cookie.Overture";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@overture[2].txt:\overture.com.d727de6f";"Found Tracking cookie.Overture";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@overture[3].txt";"Found Tracking cookie.Overture";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@overture[3].txt:\overture.com.52ca467a";"Found Tracking cookie.Overture";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@overture[3].txt:\overture.com.d727de6f";"Found Tracking cookie.Overture";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@pro-market[1].txt";"Found Tracking cookie.Pro-market";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@pro-market[1].txt:\pro-market.net.266912e2";"Found Tracking cookie.Pro-market";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@pro-market[1].txt:\pro-market.net.bbf67f2d";"Found Tracking cookie.Pro-market";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@pro-market[2].txt";"Found Tracking cookie.Pro-market";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@pro-market[2].txt:\pro-market.net.bbf67f2d";"Found Tracking cookie.Pro-market";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@questionmarket[1].txt";"Found Tracking cookie.Questionmarket";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@questionmarket[1].txt:\questionmarket.com.3eb5a9f1";"Found Tracking cookie.Questionmarket";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@questionmarket[1].txt:\questionmarket.com.4dd5e426";"Found Tracking cookie.Questionmarket";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@questionmarket[1].txt:\questionmarket.com.767e4302";"Found Tracking cookie.Questionmarket";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@questionmarket[1].txt:\questionmarket.com.958a9ac9";"Found Tracking cookie.Questionmarket";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@questionmarket[2].txt";"Found Tracking cookie.Questionmarket";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@questionmarket[2].txt:\questionmarket.com.3eb5a9f1";"Found Tracking cookie.Questionmarket";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@questionmarket[2].txt:\questionmarket.com.4dd5e426";"Found Tracking cookie.Questionmarket";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@questionmarket[3].txt";"Found Tracking cookie.Questionmarket";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@questionmarket[3].txt:\questionmarket.com.3eb5a9f1";"Found Tracking cookie.Questionmarket";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@questionmarket[3].txt:\questionmarket.com.4dd5e426";"Found Tracking cookie.Questionmarket";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@questionmarket[4].txt";"Found Tracking cookie.Questionmarket";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@questionmarket[4].txt:\questionmarket.com.3eb5a9f1";"Found Tracking cookie.Questionmarket";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@questionmarket[4].txt:\questionmarket.com.4dd5e426";"Found Tracking cookie.Questionmarket";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@questionmarket[5].txt";"Found Tracking cookie.Questionmarket";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@questionmarket[5].txt:\questionmarket.com.3eb5a9f1";"Found Tracking cookie.Questionmarket";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@questionmarket[5].txt:\questionmarket.com.4dd5e426";"Found Tracking cookie.Questionmarket";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@questionmarket[5].txt:\questionmarket.com.767e4302";"Found Tracking cookie.Questionmarket";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@realmedia[2].txt";"Found Tracking cookie.Realmedia";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@realmedia[2].txt:\realmedia.com.855b46d";"Found Tracking cookie.Realmedia";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@realmedia[2].txt:\realmedia.com.ef906bac";"Found Tracking cookie.Realmedia";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@revenue[2].txt";"Found Tracking cookie.Revenue";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@revenue[2].txt:\revenue.net.bcf44ea1";"Found Tracking cookie.Revenue";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@revenue[3].txt";"Found Tracking cookie.Revenue";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@revenue[3].txt:\revenue.net.bcf44ea1";"Found Tracking cookie.Revenue";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@revsci[1].txt";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@revsci[1].txt:\revsci.net.26b016c3";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@revsci[1].txt:\revsci.net.44927ec";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@revsci[1].txt:\revsci.net.55564293";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@revsci[1].txt:\revsci.net.2df99d79";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@revsci[1].txt:\revsci.net.50e13b1b";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@revsci[1].txt:\revsci.net.6ac59ebd";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@revsci[1].txt:\revsci.net.80477c7f";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@revsci[1].txt:\revsci.net.80ab30e9";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@revsci[1].txt:\revsci.net.9890547d";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@revsci[1].txt:\revsci.net.a64c3767";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@revsci[1].txt:\revsci.net.d7f89994";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@revsci[1].txt:\revsci.net.e9dbeb91";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@revsci[2].txt";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@revsci[2].txt:\revsci.net.2df99d79";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@revsci[2].txt:\revsci.net.3f4566dd";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@revsci[2].txt:\revsci.net.44927ec";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@revsci[2].txt:\revsci.net.55564293";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@revsci[2].txt:\revsci.net.a64c3767";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@revsci[2].txt:\revsci.net.d14b07f1";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@revsci[2].txt:\revsci.net.e9dbeb91";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@revsci[2].txt:\revsci.net.f1b6b2e";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@revsci[3].txt";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@revsci[3].txt:\revsci.net.2df99d79";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@revsci[3].txt:\revsci.net.44927ec";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@revsci[3].txt:\revsci.net.55564293";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@revsci[3].txt:\revsci.net.e9dbeb91";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@searchportal.information[1].txt";"Found Tracking cookie.Information";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@searchportal.information[1].txt:\searchportal.information.com.3a8d7204";"Found Tracking cookie.Information";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@searchportal.information[1].txt:\searchportal.information.com.44e78b2";"Found Tracking cookie.Information";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@searchportal.information[1].txt:\searchportal.information.com.ec46ff45";"Found Tracking cookie.Information";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@searchportal.information[2].txt";"Found Tracking cookie.Information";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@searchportal.information[2].txt:\searchportal.information.com.3a8d7204";"Found Tracking cookie.Information";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@searchportal.information[2].txt:\searchportal.information.com.44e78b2";"Found Tracking cookie.Information";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@searchportal.information[2].txt:\searchportal.information.com.df941593";"Found Tracking cookie.Information";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@serving-sys[1].txt";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@serving-sys[1].txt:\serving-sys.com.255d6f2f";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@serving-sys[1].txt:\serving-sys.com.400f83f";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@serving-sys[1].txt:\serving-sys.com.4b416ef8";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@serving-sys[1].txt:\serving-sys.com.606c3d3b";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@serving-sys[1].txt:\serving-sys.com.6a1cf9e8";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@serving-sys[1].txt:\serving-sys.com.c9034af6";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@serving-sys[2].txt";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@serving-sys[2].txt:\serving-sys.com.255d6f2f";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@serving-sys[2].txt:\serving-sys.com.400f83f";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@serving-sys[2].txt:\serving-sys.com.4b416ef8";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@serving-sys[2].txt:\serving-sys.com.606c3d3b";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@serving-sys[2].txt:\serving-sys.com.6a1cf9e8";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@serving-sys[2].txt:\serving-sys.com.c9034af6";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@serving-sys[3].txt";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@serving-sys[3].txt:\serving-sys.com.255d6f2f";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@serving-sys[3].txt:\serving-sys.com.400f83f";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@serving-sys[3].txt:\serving-sys.com.4b416ef8";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@serving-sys[3].txt:\serving-sys.com.606c3d3b";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@serving-sys[3].txt:\serving-sys.com.6a1cf9e8";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@serving-sys[3].txt:\serving-sys.com.c9034af6";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@serving-sys[4].txt";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@serving-sys[4].txt:\serving-sys.com.255d6f2f";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@serving-sys[4].txt:\serving-sys.com.400f83f";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@serving-sys[4].txt:\serving-sys.com.4b416ef8";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@serving-sys[4].txt:\serving-sys.com.606c3d3b";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@serving-sys[4].txt:\serving-sys.com.6a1cf9e8";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@serving-sys[4].txt:\serving-sys.com.c9034af6";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@serving-sys[5].txt";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@serving-sys[5].txt:\serving-sys.com.255d6f2f";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@serving-sys[5].txt:\serving-sys.com.400f83f";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@serving-sys[5].txt:\serving-sys.com.4b416ef8";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@serving-sys[5].txt:\serving-sys.com.606c3d3b";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@serving-sys[5].txt:\serving-sys.com.6a1cf9e8";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@serving-sys[5].txt:\serving-sys.com.c9034af6";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@spylog[1].txt";"Found Tracking cookie.Spylog";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@spylog[1].txt:\spylog.com.a99d3bed";"Found Tracking cookie.Spylog";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@statcounter[1].txt";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@statcounter[1].txt:\statcounter.com.d267b29b";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@statcounter[1].txt:\statcounter.com.dd06c460";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@statcounter[1].txt:\statcounter.com.e0ebdba8";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@statcounter[2].txt";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@statcounter[2].txt:\statcounter.com.593dea9a";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@statcounter[2].txt:\statcounter.com.c7f76d47";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@statcounter[3].txt";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@statcounter[3].txt:\statcounter.com.89cbe8c8";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@statcounter[3].txt:\statcounter.com.a512c206";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@statcounter[4].txt";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@statcounter[4].txt:\statcounter.com.1087d01a";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@statcounter[4].txt:\statcounter.com.274978a1";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@statcounter[4].txt:\statcounter.com.2a4da1a";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@statcounter[4].txt:\statcounter.com.2a7881dc";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@statcounter[4].txt:\statcounter.com.2c8838";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@statcounter[4].txt:\statcounter.com.37327508";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@statcounter[4].txt:\statcounter.com.3e289c7e";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@statcounter[4].txt:\statcounter.com.4848a17f";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@statcounter[4].txt:\statcounter.com.58f97e56";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@statcounter[4].txt:\statcounter.com.8c29157a";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@statcounter[4].txt:\statcounter.com.12a3ae11";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@statcounter[4].txt:\statcounter.com.12f2d9e7";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@statcounter[4].txt:\statcounter.com.1efb5d5";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@statcounter[4].txt:\statcounter.com.24a5da52";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@statcounter[4].txt:\statcounter.com.2771088e";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@statcounter[4].txt:\statcounter.com.2d2351fc";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@statcounter[4].txt:\statcounter.com.3c2115ad";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@statcounter[4].txt:\statcounter.com.4b352d7c";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@statcounter[4].txt:\statcounter.com.4ba8cc1";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@statcounter[4].txt:\statcounter.com.4be7ab34";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@statcounter[4].txt:\statcounter.com.5b7cba25";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@statcounter[4].txt:\statcounter.com.6075db7";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@statcounter[4].txt:\statcounter.com.6728e6f4";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@statcounter[4].txt:\statcounter.com.67902eac";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@statcounter[4].txt:\statcounter.com.85d92d";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@statcounter[4].txt:\statcounter.com.872c3391";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@statcounter[4].txt:\statcounter.com.93ea7ee1";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@statcounter[4].txt:\statcounter.com.9c4fbb82";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@statcounter[4].txt:\statcounter.com.9eef0d7c";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@statcounter[4].txt:\statcounter.com.a512c206";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@statcounter[4].txt:\statcounter.com.a8cb1901";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@statcounter[4].txt:\statcounter.com.aa19e483";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@statcounter[4].txt:\statcounter.com.abff6d8a";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@statcounter[4].txt:\statcounter.com.c8a25c22";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@statcounter[4].txt:\statcounter.com.ccfe853f";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@statcounter[4].txt:\statcounter.com.cdc9ca6";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@statcounter[4].txt:\statcounter.com.accfc927";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@statcounter[4].txt:\statcounter.com.b59ea51c";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@statcounter[4].txt:\statcounter.com.baba06bf";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@statcounter[4].txt:\statcounter.com.c0895ef8";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@statcounter[4].txt:\statcounter.com.d267b29b";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@statcounter[4].txt:\statcounter.com.c48c01c8";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@statcounter[4].txt:\statcounter.com.d072e380";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@statcounter[4].txt:\statcounter.com.e0ebdba8";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@statcounter[4].txt:\statcounter.com.e3c832f0";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@statcounter[4].txt:\statcounter.com.eaad91c8";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@statcounter[4].txt:\statcounter.com.f7bdb03";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@statcounter[4].txt:\statcounter.com.f897733f";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@statcounter[4].txt:\statcounter.com.f9b27e2e";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@statcounter[4].txt:\statcounter.com.fe735fdd";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@tacoda[2].txt";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@tacoda[2].txt:\tacoda.net.27341d57";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@tacoda[2].txt:\tacoda.net.5935e89";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@tacoda[2].txt:\tacoda.net.c4fe2ebb";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@tacoda[2].txt:\tacoda.net.e9f57f8";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@tacoda[2].txt:\tacoda.net.ed9c50d1";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@tacoda[3].txt";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@tacoda[3].txt:\tacoda.net.27341d57";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@tacoda[3].txt:\tacoda.net.4366831a";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@tacoda[3].txt:\tacoda.net.5935e89";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@tacoda[3].txt:\tacoda.net.c4fe2ebb";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@tacoda[3].txt:\tacoda.net.d323296e";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@tacoda[3].txt:\tacoda.net.e9f57f8";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@tacoda[4].txt";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@tacoda[4].txt:\tacoda.net.27341d57";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@tacoda[4].txt:\tacoda.net.4366831a";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@tacoda[4].txt:\tacoda.net.5935e89";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@tacoda[4].txt:\tacoda.net.c4fe2ebb";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@tacoda[4].txt:\tacoda.net.cd7ce44f";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@tacoda[4].txt:\tacoda.net.e9f57f8";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@tacoda[4].txt:\tacoda.net.ed9c50d1";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@tradedoubler[1].txt";"Found Tracking cookie.Tradedoubler";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@tradedoubler[1].txt:\tradedoubler.com.ba12c0e9";"Found Tracking cookie.Tradedoubler";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@tradedoubler[1].txt:\tradedoubler.com.eab0972e";"Found Tracking cookie.Tradedoubler";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@tradedoubler[2].txt";"Found Tracking cookie.Tradedoubler";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@tradedoubler[2].txt:\tradedoubler.com.ba12c0e9";"Found Tracking cookie.Tradedoubler";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@tradedoubler[2].txt:\tradedoubler.com.eab0972e";"Found Tracking cookie.Tradedoubler";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@trafficmp[1].txt";"Found Tracking cookie.Trafficmp";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@trafficmp[1].txt:\trafficmp.com.ae53b8b";"Found Tracking cookie.Trafficmp";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@tribalfusion[1].txt";"Found Tracking cookie.Tribalfusion";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@tribalfusion[1].txt:\tribalfusion.com.7610f0e0";"Found Tracking cookie.Tribalfusion";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@tribalfusion[1].txt:\tribalfusion.com.8b22ad8c";"Found Tracking cookie.Tribalfusion";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@tribalfusion[1].txt:\tribalfusion.com.9bc3e98f";"Found Tracking cookie.Tribalfusion";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@tribalfusion[1].txt:\tribalfusion.com.dcc03271";"Found Tracking cookie.Tribalfusion";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@tribalfusion[2].txt";"Found Tracking cookie.Tribalfusion";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@tribalfusion[2].txt:\tribalfusion.com.7610f0e0";"Found Tracking cookie.Tribalfusion";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@tribalfusion[2].txt:\tribalfusion.com.8b22ad8c";"Found Tracking cookie.Tribalfusion";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@tribalfusion[2].txt:\tribalfusion.com.9bc3e98f";"Found Tracking cookie.Tribalfusion";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@tribalfusion[2].txt:\tribalfusion.com.dcc03271";"Found Tracking cookie.Tribalfusion";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@valueclick[1].txt";"Found Tracking cookie.Valueclick";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@valueclick[1].txt:\valueclick.net.85648628";"Found Tracking cookie.Valueclick";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@web-stat[1].txt";"Found Tracking cookie.Web-stat";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@web-stat[1].txt:\web-stat.com.a176928a";"Found Tracking cookie.Web-stat";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@web-stat[1].txt:\web-stat.com.ba6642a2";"Found Tracking cookie.Web-stat";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@web-stat[1].txt:\web-stat.com.dd597ebf";"Found Tracking cookie.Web-stat";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@web-stat[2].txt";"Found Tracking cookie.Web-stat";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@web-stat[2].txt:\web-stat.com.1c779fa9";"Found Tracking cookie.Web-stat";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@web-stat[2].txt:\web-stat.com.ca1f3501";"Found Tracking cookie.Web-stat";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@web-stat[2].txt:\web-stat.com.e2b75c5d";"Found Tracking cookie.Web-stat";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@web-stat[2].txt:\web-stat.com.e6bd112c";"Found Tracking cookie.Web-stat";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@web-stat[2].txt:\web-stat.com.ef741d67";"Found Tracking cookie.Web-stat";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@web-stat[2].txt:\web-stat.com.fe014e32";"Found Tracking cookie.Web-stat";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@yadro[1].txt";"Found Tracking cookie.Yadro";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@yadro[1].txt:\yadro.ru.c77afad5";"Found Tracking cookie.Yadro";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@yadro[3].txt";"Found Tracking cookie.Yadro";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@yadro[3].txt:\yadro.ru.a4842f54";"Found Tracking cookie.Yadro";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@yadro[3].txt:\yadro.ru.c77afad5";"Found Tracking cookie.Yadro";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@yadro[4].txt";"Found Tracking cookie.Yadro";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@yadro[4].txt:\yadro.ru.c77afad5";"Found Tracking cookie.Yadro";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@yieldmanager[1].txt";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@yieldmanager[1].txt:\yieldmanager.com.ce59db3e";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@yieldmanager[2].txt";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@yieldmanager[2].txt:\yieldmanager.com.ce59db3e";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@yieldmanager[3].txt";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@yieldmanager[3].txt:\yieldmanager.com.ce59db3e";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@zedo[1].txt";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@zedo[1].txt:\zedo.com.775ee79c";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@zedo[3].txt";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@zedo[3].txt:\zedo.com.27f1639b";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@zedo[3].txt:\zedo.com.775ee79c";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@zedo[3].txt:\zedo.com.a5b6a132";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@zedo[3].txt:\zedo.com.c1dd09f2";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@zedo[4].txt";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@zedo[4].txt:\zedo.com.775ee79c";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@zedo[4].txt:\zedo.com.a5b6a132";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@zedo[4].txt:\zedo.com.c1dd09f2";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@zedo[4].txt:\zedo.com.cef1c7af";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"C:\Documents and Settings\Rob Murray\Cookies\rob_murray@zedo[4].txt:\zedo.com.dd15d628";"Found Tracking cookie.Zedo";"Potentially dangerous object"

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:39 PM

Posted 30 November 2008 - 12:07 PM

ComboFix never gave the option to submit anything for analysis. Other than that, everything went pretty smoothly - MBAM didn't even seem to detect anything this time.


Thanks for the feedback.

We are almost there.

  • Please download ATF Cleaner by Atribune & save it to your desktop.
    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main "Select Files to Delete" choose: Select All.
    • Click the Empty Selected button.
    • If you use Firefox browser click Firefox at the top and choose: Select All
    • Click the Empty Selected button.
      If you would like to keep your saved passwords, please click No at the prompt.
    • If you use Opera browser click Opera at the top and choose: Select All
    • Click the Empty Selected button.
      If you would like to keep your saved passwords, please click No at the prompt.
    • Click Exit on the Main menu to close the program.
    Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

  • Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
    Please follow these steps to remove older version Java components and update:
    • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
    • Go to where it says "Java SE Runtime Environment (JRE) 6 Update 10This release provides a new Java Plug-in that combines features...".
    • Click the "Download" button to the right.
    • Select your Platform: "Windows".
    • Select your Language: "Multi-language".
    • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • Click Continue and the page will refresh.
    • Click on the link to download Windows Offline Installation and save the file to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
    • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-6u10-windows-i586-p.exe to install the newest version.
  • Please run RSIT, set the list of Files/Folders created to 2 Months and copy/paste the content of log.txt to your reply (this time RSIT creates just one log).

  • Tell me also how is your computer running now.


#11 mr_toad80

mr_toad80
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:39 PM

Posted 30 November 2008 - 03:59 PM

My computer is still running pretty well - no noticable changes from the last post.

Logfile of random's system information tool 1.04 (written by random/random)
Run by Rob Murray at 2008-11-30 13:54:15
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 11 GB (39%) free of 29 GB
Total RAM: 767 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:54:54, on 11/30/08
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WZCBDL Service\WZCBDLS.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Rob Murray\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Rob Murray.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/games/clients/y/it1_x.cab
O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potb_x.cab
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {88D8E8B7-A33B-4417-A385-8373484D43ED} (InstallHelper Class) - file://C:\DOCUME~1\ROBMUR~1\LOCALS~1\Temp\ThereInstallHelper.2.0.2106.0.dll
O16 - DPF: {8B486EF6-6B2A-4A1E-BB0D-236CB2DBB8D2} (There Voice Trainer) - file://C:\Program Files\There\ThereClient\ThereVoiceTrainer.dll
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.skibanff.com/skicam/AxisCamControl.ocx
O16 - DPF: {AAF421E6-7914-430A-9981-72B31AFF3BF4} (There Launcher) - file://C:\Program Files\There\ThereClient\ThereLauncher.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://blacks.pnimedia.com/upload/activex/...upv2.0.0.10.cab?
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe (file missing)
O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Program Files\WZCBDL Service\WZCBDLS.exe

--
End of file - 11554 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\User_Feed_Synchronization-{025436F7-1634-4426-82EF-BB905DBC90EE}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-11-29 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - D:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-30 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar5.dll [2007-01-19 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-14 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-30 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-30 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]
C:\Program Files\Microsoft Money\System\mnyviewer.dll [2001-07-25 143420]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar5.dll [2007-01-19 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Update Detection"=C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [2001-08-16 28738]
"CTSysVol"=C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe [2003-09-17 57344]
"CTDVDDET"=C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE [2003-06-18 45056]
"SBDrvDet"=C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe [2002-12-03 45056]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]
"nwiz"=nwiz.exe /install []
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"CTHelper"=C:\WINDOWS\CTHELPER.EXE [2006-08-11 17920]
"CTxfiHlp"=C:\WINDOWS\system32\CTXFIHLP.EXE [2006-08-11 18944]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"ZoneAlarm Client"=D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-07-09 919016]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-11-30 1261336]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-30 136600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-19 68856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-01-15 147456]
"CTSyncU.exe"=C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe [2006-09-28 700416]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-07-08 486856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmileboxTray]
C:\Documents and Settings\Rob Murray\Application Data\Smilebox\SmileboxTray.exe [2008-01-28 201352]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe

C:\Documents and Settings\Rob Murray\Start Menu\Programs\Startup
PowerReg Scheduler.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\BitTorrent\btdownloadgui.exe"="C:\Program Files\BitTorrent\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"D:\NES\NESTCL95.EXE"="D:\NES\NESTCL95.EXE:*:Enabled:NESTCL95"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"D:\Program Files\EA GAMES\Battlefield 2\BF2.exe"="D:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe"="C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox"
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe"="C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup"
"D:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe"="D:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"D:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe"="D:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe:*:Enabled:Sid Meier's Civilization 4 Warlords"
"D:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe"="D:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Pitboss"
"D:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe"="D:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword"
"D:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe"="D:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"D:\Program Files\FrostWire\FrostWire.exe"="D:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 2 months======

2008-11-30 12:49:05 ----A---- C:\WINDOWS\system32\javaws.exe
2008-11-30 12:49:05 ----A---- C:\WINDOWS\system32\javaw.exe
2008-11-30 12:49:05 ----A---- C:\WINDOWS\system32\java.exe
2008-11-30 12:49:05 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-11-30 12:47:48 ----D---- C:\Program Files\Java
2008-11-30 01:50:07 ----SHD---- C:\RECYCLER
2008-11-29 17:07:34 ----HD---- C:\$AVG8.VAULT$
2008-11-29 16:28:22 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-11-29 16:27:52 ----D---- C:\Program Files\AVG
2008-11-29 16:27:52 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-11-29 16:02:31 ----A---- C:\ComboFix.txt
2008-11-29 10:34:32 ----A---- C:\Boot.bak
2008-11-29 10:34:11 ----RASHD---- C:\cmdcons
2008-11-29 10:29:38 ----A---- C:\WINDOWS\zip.exe
2008-11-29 10:29:38 ----A---- C:\WINDOWS\VFIND.exe
2008-11-29 10:29:38 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-11-29 10:29:38 ----A---- C:\WINDOWS\SWSC.exe
2008-11-29 10:29:38 ----A---- C:\WINDOWS\SWREG.exe
2008-11-29 10:29:38 ----A---- C:\WINDOWS\sed.exe
2008-11-29 10:29:38 ----A---- C:\WINDOWS\NIRCMD.exe
2008-11-29 10:29:38 ----A---- C:\WINDOWS\grep.exe
2008-11-29 10:29:38 ----A---- C:\WINDOWS\fdsv.exe
2008-11-29 10:29:16 ----D---- C:\WINDOWS\ERDNT
2008-11-29 10:29:16 ----D---- C:\Qoobox
2008-11-28 18:15:34 ----D---- C:\Documents and Settings\Rob Murray\Application Data\Malwarebytes
2008-11-28 18:15:25 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-28 18:15:25 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-28 17:56:44 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2008-11-28 14:59:09 ----D---- C:\rsit
2008-11-21 17:17:52 ----D---- C:\Program Files\Trend Micro
2008-11-21 13:24:23 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-19 20:55:23 ----D---- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-11-19 20:55:01 ----A---- C:\WINDOWS\zllsputility.exe
2008-11-19 20:55:01 ----A---- C:\WINDOWS\system32\SpOrder.dll
2008-11-19 20:54:11 ----A---- C:\WINDOWS\system32\vsregexp.dll
2008-11-19 20:54:11 ----A---- C:\WINDOWS\system32\libeay32_0.9.6l.dll
2008-11-19 20:54:07 ----A---- C:\WINDOWS\system32\zlcommdb.dll
2008-11-19 20:54:06 ----A---- C:\WINDOWS\system32\zlcomm.dll
2008-11-19 20:53:59 ----A---- C:\WINDOWS\system32\vswmi.dll
2008-11-19 20:53:58 ----A---- C:\WINDOWS\system32\zpeng24.dll
2008-11-19 20:53:58 ----A---- C:\WINDOWS\system32\vsxml.dll
2008-11-19 20:53:56 ----A---- C:\WINDOWS\system32\vspubapi.dll
2008-11-19 20:53:56 ----A---- C:\WINDOWS\system32\vsmonapi.dll
2008-11-19 20:53:07 ----A---- C:\WINDOWS\system32\vsutil.dll
2008-11-19 20:53:07 ----A---- C:\WINDOWS\system32\vsinit.dll
2008-11-19 20:53:07 ----A---- C:\WINDOWS\system32\vsdata.dll
2008-11-16 11:45:26 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-11-16 09:20:33 ----D---- C:\Documents and Settings\Rob Murray\Application Data\Stardock
2008-11-16 09:19:23 ----D---- C:\Documents and Settings\All Users\Application Data\Stardock
2008-11-16 09:05:42 ----HDC---- C:\Documents and Settings\All Users\Application Data\{C8EE221B-B5DA-4C2D-878A-57DAFBB8622E}
2008-11-12 21:32:54 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 21:32:43 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-12 21:32:25 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-10-24 22:10:56 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-22 20:55:43 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-15 20:18:57 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-15 20:18:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-15 20:18:35 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-15 20:17:24 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-15 20:16:38 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$

======List of files/folders modified in the last 2 months======

2008-11-30 13:54:53 ----D---- C:\WINDOWS\Temp
2008-11-30 13:54:35 ----D---- C:\WINDOWS\Prefetch
2008-11-30 13:51:54 ----D---- C:\WINDOWS\Internet Logs
2008-11-30 12:49:21 ----SHD---- C:\WINDOWS\Installer
2008-11-30 12:49:06 ----D---- C:\WINDOWS\SYSTEM32
2008-11-30 12:47:48 ----RD---- C:\Program Files
2008-11-30 12:41:04 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-30 12:39:17 ----A---- C:\WINDOWS\{00000002-00000000-00000001-00001102-00000008-10011102}.BAK
2008-11-30 12:38:30 ----D---- C:\Program Files\Common Files
2008-11-30 10:01:16 ----D---- C:\WINDOWS
2008-11-29 17:07:34 ----D---- C:\Program Files\GameSpy Arcade
2008-11-29 16:28:20 ----D---- C:\WINDOWS\system32\DRIVERS
2008-11-29 16:27:40 ----D---- C:\WINDOWS\WinSxS
2008-11-29 16:27:40 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-11-29 16:26:43 ----SD---- C:\Documents and Settings\Rob Murray\Application Data\Microsoft
2008-11-29 16:17:09 ----D---- C:\Program Files\Grisoft
2008-11-29 16:16:10 ----D---- C:\WINDOWS\SYSTEM
2008-11-29 15:53:25 ----A---- C:\WINDOWS\system.ini
2008-11-29 15:48:52 ----D---- C:\WINDOWS\system32\CONFIG
2008-11-29 15:45:03 ----D---- C:\WINDOWS\AppPatch
2008-11-29 10:34:32 ----RASH---- C:\BOOT.INI
2008-11-29 10:29:36 ----SHD---- C:\System Volume Information
2008-11-29 10:29:36 ----D---- C:\WINDOWS\system32\Restore
2008-11-29 10:21:25 ----A---- C:\WINDOWS\OPLIMIT.INI
2008-11-28 18:13:20 ----SD---- C:\WINDOWS\Tasks
2008-11-28 18:05:34 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-28 18:01:16 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-11-26 14:58:29 ----D---- C:\WINDOWS\Minidump
2008-11-25 20:38:36 ----HD---- C:\WINDOWS\INF
2008-11-24 12:59:30 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2008-11-23 07:45:49 ----D---- C:\WINDOWS\Help
2008-11-21 15:19:52 ----RD---- C:\WINDOWS\Web
2008-11-21 15:19:38 ----AC---- C:\WINDOWS\wininit.ini
2008-11-20 16:06:10 ----A---- C:\WINDOWS\cdPlayer.ini
2008-11-19 20:55:08 ----D---- C:\WINDOWS\system32\ZoneLabs
2008-11-18 20:19:07 ----A---- C:\rapport.txt
2008-11-18 18:37:11 ----A---- C:\WINDOWS\system32\tmp.txt
2008-11-18 18:34:58 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-16 12:42:40 ----A---- C:\WINDOWS\NeroDigital.ini
2008-11-16 11:37:23 ----D---- C:\Documents and Settings\Rob Murray\Application Data\FrostWire
2008-11-16 09:41:27 ----RSD---- C:\WINDOWS\assembly
2008-11-16 09:41:27 ----D---- C:\WINDOWS\Microsoft.NET
2008-11-16 09:14:29 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-13 14:34:19 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-12 21:32:52 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-12 21:32:48 ----A---- C:\WINDOWS\imsins.BAK
2008-11-08 09:04:35 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-11-08 09:04:25 ----D---- C:\Program Files\Common Files\Adobe
2008-11-08 09:04:25 ----D---- C:\Program Files\Adobe
2008-11-03 17:10:25 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-22 20:56:22 ----D---- C:\Program Files\Lavasoft
2008-10-22 20:54:15 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-16 14:07:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\muweb.dll
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-10-15 20:18:15 ----D---- C:\Program Files\Internet Explorer
2008-10-15 15:12:08 ----D---- C:\Documents and Settings\Rob Murray\Application Data\Azureus
2008-10-15 09:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-03 10:41:15 ----A---- C:\WINDOWS\system32\ieframe.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ATMhelpr;ATMhelpr; C:\WINDOWS\system32\drivers\ATMhelpr.sys [1997-06-17 4064]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-11-29 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-11-29 26824]
R1 incdrm;InCD EasyWrite Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2003-04-21 7582]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2007-07-19 127768]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\System32\DRIVERS\omci.sys [2002-07-19 17153]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-07-09 394952]
R2 ATIBTCAP;ATI TV Wonder Video Capture; C:\WINDOWS\system32\drivers\atibtcap.sys [2002-11-04 58240]
R2 ATIBTXBAR;ATI TV Wonder Video Crossbar; C:\WINDOWS\system32\drivers\atibtxbr.sys [2002-11-04 6912]
R2 ATIVTUTW;ATI TV Wonder TV Tuner; C:\WINDOWS\system32\drivers\ativtutw.sys [2002-11-04 17664]
R2 ATIVXSTW;ATI TV Wonder Audio Crossbar; C:\WINDOWS\system32\drivers\ativxstw.sys [2002-11-04 28416]
R2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-11-29 76040]
R2 CommAgnt;ADI COMMAGNT; C:\WINDOWS\System32\DRIVERS\commagnt.sys [2002-03-19 8360]
R2 NIOC;NIOC Service; \??\C:\WINDOWS\system32\NIOC.SYS []
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2006-08-11 502272]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2006-08-11 499584]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2006-08-11 7168]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2006-08-11 143872]
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2002-04-30 139776]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2006-08-11 78336]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\System32\drivers\ha10kx2k.sys [2006-08-11 766976]
R3 hap17v2k;Creative P17V HAL Driver; C:\WINDOWS\System32\drivers\hap17v2k.sys [2006-08-11 180224]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-16 6557408]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2006-08-11 116224]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2004-04-01 10368]
R3 QCDonner;Logitech QuickCam Express(PID_0840); C:\WINDOWS\System32\DRIVERS\LVCD.sys [2002-06-10 39936]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2002-06-20 10144]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2002-06-20 39776]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-13 42752]
S3 a6c5nxfu;a6c5nxfu; C:\WINDOWS\system32\drivers\a6c5nxfu.sys []
S3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\System32\drivers\ctdvda2k.sys [2005-11-10 340704]
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\System32\drivers\hap16v2k.sys [2006-08-11 154112]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-03 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-03 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-03 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-03 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-03 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-03 19455]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-03 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-03 19551]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys []
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-03 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-03 23615]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MR97310_VGA_DUAL_CAMERA;Dual-Mode Digital Camera; C:\WINDOWS\System32\DRIVERS\mr97310v.sys [2002-11-27 116126]
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\c:\PROGRA~1\COMMON~1\motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\c:\PROGRA~1\COMMON~1\motive\MRENDIS5.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NETMDUSB;Net MD; C:\WINDOWS\System32\Drivers\NETMDUSB.sys [2002-08-08 38951]
S3 nicadsl;DW-8000P Service; C:\WINDOWS\System32\DRIVERS\nicadsl.sys [2002-03-19 72332]
S3 NMSCFG;NIC Management Service Configuration Driver; \??\C:\WINDOWS\System32\drivers\NMSCFG.SYS []
S3 PRISM_USB;D-Link Air Wireless USB Adapter Driver; C:\WINDOWS\System32\DRIVERS\PRISMUSB.sys [2003-10-02 666624]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2002-08-05 545208]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WmFilter;Logitech WingMan HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2002-06-20 20128]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2002-06-20 5728]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 BsUDF;InCD UDF Driver; C:\WINDOWS\system32\drivers\BsUDF.sys [2002-08-21 364800]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-07-07 611664]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-11-29 875288]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-11-29 231704]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-12 44032]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-30 152984]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2007-11-13 66872]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe [2008-07-09 75304]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 WZCBDLService;WZCBDL Service; C:\Program Files\WZCBDL Service\WZCBDLS.exe [2002-03-19 36864]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-01-15 266240]
S2 MySql;MySql; C:/mysql/bin/mysqld-nt.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-26 138168]
S3 NBService;NBService; D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-15 774144]
S3 NMSSvc;Intel® NMS; C:\WINDOWS\System32\NMSSvc.exe [2002-05-03 1118208]
S3 SPTISRV;Sony SPTI Service; C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe [2002-12-24 65536]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:39 PM

Posted 30 November 2008 - 04:53 PM

  • Please go to start > All Programs > Stratup.
    Right click PowerReg or PowerReg Scheduler and select Delete to remove it.

  • Reboot your computer.

  • Please set your system to show file extensions:
    • Click Start, open Computer, select the Tools menu and click Folder Options.
    • Select the View Tab.
    • Uncheck: Hide file extensions for known file types
    • Click Apply and OK.
  • Set Windows to show file extensions:
    • Click Start, open My Computer, select the Tools menu and
    • click Folder Options.
    • Select the View Tab.
    • Uncheck: Hide file extensions for known file types
    • Click Yes to confirm.
    Note: When you finished the step set the folder view options to its default again.

  • Use the windows search advanced options:
    • Go to start -> Search -> click All files and folders.
    • Click More advanced options.
    • Put a check mark in the box nest to search system folders, search hidden files and folders and search sub-folders.
    • Make sure Case Sensitive box in not checked.
    • Type Scheduler in the upper box and click on search.
    • If you find a file named Scheduler.exe or Powerreg scheduler.exe rightclick and delete it.
  • Please copy and paste a fresh Hijackthis log to your reply and tell me if you found anything. We will uninstall/clean our tools the next steps.


#13 mr_toad80

mr_toad80
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:39 PM

Posted 30 November 2008 - 05:43 PM

Deleted the powerreg scheduler.exe file. I also found a PF file in the search called POWERREG SCHEDULER.EXE-14C3C690 and deleted that as well.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:42:33, on 11/30/08
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WZCBDL Service\WZCBDLS.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/games/clients/y/it1_x.cab
O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potb_x.cab
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {88D8E8B7-A33B-4417-A385-8373484D43ED} (InstallHelper Class) - file://C:\DOCUME~1\ROBMUR~1\LOCALS~1\Temp\ThereInstallHelper.2.0.2106.0.dll
O16 - DPF: {8B486EF6-6B2A-4A1E-BB0D-236CB2DBB8D2} (There Voice Trainer) - file://C:\Program Files\There\ThereClient\ThereVoiceTrainer.dll
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.skibanff.com/skicam/AxisCamControl.ocx
O16 - DPF: {AAF421E6-7914-430A-9981-72B31AFF3BF4} (There Launcher) - file://C:\Program Files\There\ThereClient\ThereLauncher.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://blacks.pnimedia.com/upload/activex/...upv2.0.0.10.cab?
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe (file missing)
O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon

#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:39 PM

Posted 30 November 2008 - 06:21 PM

Well done! :thumbsup:

Everything looks gooed.
  • Go to start > run and copy and paste or type next command in the field then hit enter:

    ComboFix /u

    Note: There's a space between Combofix and /

    This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

  • Remove RSIT and its folder (C:\rsit). Delete also any tool or fix we have used from your desktop. You may keep ATF-Cleaner.

  • Optional: Install Javacools© SpywareBlaster
    SpywareBlaster will added a large list of programs and sites into your Internet Explorer and Firefox settings and that will protect you from running and downloading known malicious programs. What you need is updating it once in 2-3 weeks and enabling the restriction. You can find more information and a download link here.

  • Let me know if you have any question before closing the topic.


#15 mr_toad80

mr_toad80
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:39 PM

Posted 30 November 2008 - 07:58 PM

Thanks. You've been a tremendous help and I can't thank you enough.

Before this is closed, just one more question. AVG has been giving me threat popups today. The Virus Vault listings for them are:

Infection | Suspicion: unknown virus .EXE.COM | D:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP5\A000060?.EXE

The '?' is a variable - the popup has happened 5 times so the number in the file has changed from 5 through 9. Is this something to be concerned about?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users