Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antimaleware defender removal


  • This topic is locked This topic is locked
15 replies to this topic

#1 tvirgomatt

tvirgomatt

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:06 AM

Posted 13 March 2010 - 12:26 PM

I still have remnants of antimalware defender on my xp machine after going though the automated malwarebytes steps.
We have four logons and two of them still get pop ups from it.
Here is a link to an image of the popup we get.
I received the malware from a pop up on this site, but I can't find the pop up again. hxxp://10starmovies.com
The GMER keeps locking up so I'm not able to provide that.

DDS (Ver_09-12-01.01) - NTFSx86
Run by Matt at 11:35:49.85 on Sat 03/13/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1982.1485 [GMT -5:00]

AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\ATT-SST\McciTrayApp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
c:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Documents and Settings\Matt\Application Data\CBS Interactive\CNET TechTracker\TechTracker.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Matt\Desktop\Defogger.exe
C:\Documents and Settings\Matt\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.gamespot.com/
uSearch Bar = hxxp://www.yahoo.com/search/ie.html
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {85784d94-bfd8-4681-a815-c19eb8a1a556} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: {2AA2FBF8-9C76-4E97-A226-25C5F4AB6358} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\RegistryBooster.exe /S
uRun: [WeatherDPA] "c:\program files\zango\bin\10.3.79.0\Weather.exe" -auto
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [YSearchProtection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [dbf70700.exe] c:\documents and settings\matt\application data\a590201407b3de3e518d856535e32670\dbf70700.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [VTTimer] VTTimer.exe
mRun: [VTTrayp] VTtrayp.exe
mRun: [DSS] c:\windows\bbstore\dss\DSSAGENT.EXE
mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\McciTrayApp.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [nwiz] nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [YMailAdvisor] "c:\program files\yahoo!\common\YMailAdvisor.exe"
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
StartupFolder: c:\docume~1\matt\startm~1\programs\startup\cnette~1.lnk - c:\documents and settings\matt\application data\cbs interactive\cnet techtracker\TechTracker.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
Trusted Zone: motive.com\pattta.att
Trusted Zone: motive.com\patttbc.att
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
DPF: {64D01C7F-810D-446E-A07E-16C764235644} - hxxp://zone.msn.com/bingame/amad/default/atomaders.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229232609765
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl.sun.com/webapps/download/AutoDL?BundleId=26688
DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} - hxxp://zone.msn.com/bingame/burg/default/GoBitGamesPlayer_v6.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {BC0AE9E6-E549-4554-A222-EA083A894683} - hxxp://a02-b02.mypicturetown.com/P2PwebCmdController/x/Upld_47.CAB
DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} - hxxp://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} - hxxp://zone.msn.com/bingame/feed/default/SproutLauncher.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.shockwave.com/content/insaniquarium/sis/popcaploader_v10.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://driveragent.com/files/driveragent.cab
DPF: {F09BFD07-20B5-46D8-A6D5-BE4EF22F1F4D} - hxxp://ev1-2.driverguide.net/DGTx.CAB
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

============= SERVICES / DRIVERS ===============

R0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [2008-12-14 16896]
R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [2008-12-14 52224]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2007-11-20 17920]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2008-12-14 13696]
R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [2008-12-18 6272]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 149040]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-7-6 54752]
S1 pxmzzpyp;pxmzzpyp;\??\c:\windows\system32\drivers\pxmzzpyp.sys --> c:\windows\system32\drivers\pxmzzpyp.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-27 135664]
S3 3xHybrid;SAA713x TV Card Service;c:\windows\system32\drivers\3xhybrid.sys [2008-12-14 906368]
S3 AhnRptTfFRegFNT;AhnRptTfFRegFNT;\??\c:\docume~1\nigel\locals~1\temp\nsk3f.tmp\tffregnt.sys --> c:\docume~1\nigel\locals~1\temp\nsk3f.tmp\TfFRegNt.sys [?]
S3 BS_Flash;BS_Flash;c:\windows\system32\drivers\BS_Flash.sys [2008-12-18 3604]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\etd.sys [2009-12-4 129024]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 tdisnap;tdisnap;\??\c:\windows\system32\tdisnap.sys --> c:\windows\system32\tdisnap.sys [?]

============== File Associations ===============

JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2010-03-11 04:01:26 0 d-----w- c:\windows\pss
2010-03-10 17:45:50 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-09 01:20:21 0 ----a-w- c:\documents and settings\matt\defogger_reenable
2010-03-08 21:40:43 0 d-----w- C:\a536d24029d5a2520419199008f3
2010-03-07 04:26:34 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-03-07 04:26:34 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-03-07 04:26:01 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-03-07 04:26:01 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-03-07 04:24:58 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-03-07 04:24:58 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-03-07 03:20:50 0 d-----w- c:\docume~1\alluse~1\applic~1\GoBit Games
2010-02-25 02:30:38 0 d-----w- c:\docume~1\alluse~1\applic~1\GameHouse
2010-02-25 00:33:22 0 d-----w- c:\docume~1\alluse~1\applic~1\pixelStorm
2010-02-24 23:44:37 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-24 23:42:07 0 d-----w- c:\program files\Microsoft Security Essentials
2010-02-24 00:16:53 0 d-----w- c:\docume~1\matt\applic~1\Malwarebytes
2010-02-24 00:16:49 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-24 00:16:48 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-24 00:16:48 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-24 00:16:48 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-02-18 20:56:31 135 ----a-w- c:\windows\system32\msexcr.ini

==================== Find3M ====================

2010-02-06 16:48:15 1535 -c--a-w- c:\windows\eReg.dat
2010-02-01 16:06:48 262144 ----a-w- C:\ntuser.dat
2010-01-06 06:29:15 1984 ----a-w- c:\windows\system32\d3d9caps.dat
2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll

============= FINISH: 11:36:14.17 ===============

Deactivate link, changed link to appropriate image code. ~ OB

Attached Files


Edited by Orange Blossom, 13 March 2010 - 03:26 PM.


BC AdBot (Login to Remove)

 


#2 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:07:06 AM

Posted 14 March 2010 - 02:00 PM

Hello, tvirgomatt.
My name is aommaster and I will be helping you with your log.

I apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having, I would appreciate you letting us know. If not please perform the following below so I can have a look at the current condition of your machine.

Thanks

Should you still require assistance, please take note of the points below:
  • Please track this topic by either adding it to your favourites or clicking the Options button at the top of this thread and then Track this topic.
  • Please disable word-wrap before posting logs. This can be done by clicking Format and un-ticking the word-wrap feature in notepad.
  • The logs that you post should be copied and pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • If you do not reply within 5 days, I will have to close your topic. Should you not be able to meet this, please notify me so that I will leave the topic open.
  • Please do not install, update, or run any programs for the duration of the fix.
  • If you do not understand the instructions I provide, please don't hesitate to ask. That's what I'm here for smile.gif
  • Please continue to reply to this topic until I give you the all clean. Just because there are no symptoms of infection doesn't mean that the computer is clean.
  • If you are running Vista, please run all the fixes as an administrator. This is done by right-clicking the program and clicking "Run as Administrator".

Please do the following so I can take a look at the current state of your system.

We need to run RSIT
  1. Download random's system information tool (RSIT) by random/random and save it to your desktop.
  2. Double click on RSIT.exe.
  3. Click Continue at the disclaimer screen.
  4. Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

NEXT:
(This step may produce a blank log. Let me know if that is the case)
We need to run a GMER scan
  1. Download GMER and save to your desktop. Note that the file will be randomly named to prevent active malware from stopping the download.
  2. Close all other open programs as there is a slight chance your computer will crash.
  3. Double click the GMER program. Your security programs may detect GMER's driver trying to load. Allow it.
  4. You may see a warning saying "GMER has detected rootkit activity". If so, select NO.
  5. Make sure all options are checked except:
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive, which is typically C:\
    • Show All (This is important, so do not miss it.)
    Note: If GMER crashes or hangs, please retry running a scan. Only this time, in addition to the options mentioned above, uncheck Devices as well.
  6. When the scan is complete, click Save and save the log onto your desktop.

In your next reply, please include the following:
  • Log.txt
  • info.txt
  • gmer.log

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#3 tvirgomatt

tvirgomatt
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:06 AM

Posted 16 March 2010 - 10:13 PM

I did get the popups stoped. I'll get into that tomorrow night though along with the GMER log.
Here's the RSIT logs.

Logfile of random's system information tool 1.06 (written by random/random)
Run by Matt at 2010-03-16 22:24:46
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 155 GB (65%) free of 238 GB
Total RAM: 1982 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:24:55 PM, on 3/16/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\ATT-SST\McciTrayApp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
c:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Documents and Settings\Matt\Application Data\CBS Interactive\CNET TechTracker\TechTracker.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Matt\Desktop\RSIT.exe
C:\Program Files\trend micro\Matt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gamespot.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {85784d94-bfd8-4681-a815-c19eb8a1a556} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [DSS] C:\WINDOWS\BBSTORE\DSS\DSSAGENT.EXE
O4 - HKLM\..\Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\McciTrayApp.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [YMailAdvisor] "C:\Program Files\Yahoo!\Common\YMailAdvisor.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\Zango\bin\10.3.79.0\Weather.exe" -auto
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [dbf70700.exe] C:\Documents and Settings\Matt\Application Data\A590201407B3DE3E518D856535E32670\dbf70700.exe
O4 - Startup: CNET TechTracker.lnk = C:\Documents and Settings\Matt\Application Data\CBS Interactive\CNET TechTracker\TechTracker.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6087.cab
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/bingame/amad/default/atomaders.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1229232609765
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=26688
O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} (P3DActiveX Control) - http://panda-plugin.disney.go.com/plugin/w.../p3dactivex.cab
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player) - http://zone.msn.com/bingame/burg/default/G...esPlayer_v6.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...k.cab102118.cab
O16 - DPF: {BC0AE9E6-E549-4554-A222-EA083A894683} (QuickUpload) - http://a02-b02.mypicturetown.com/P2PwebCmd...r/x/Upld_47.CAB
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/insaniqua...ploader_v10.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {F09BFD07-20B5-46D8-A6D5-BE4EF22F1F4D} (DGTx.uc1) - http://ev1-2.driverguide.net/DGTx.CAB
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
O24 - Desktop Component AutorunsDisabled: (no name) - (no file)

--
End of file - 11168 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{0CE5BFFD-155D-4D18-992D-BF4A5BF77D16}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2009-09-19 1172280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-14 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{85784d94-bfd8-4681-a815-c19eb8a1a556}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-14 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-14 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2009-09-19 158008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2009-09-19 1172280]
Locked

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]
"IntelliPoint"=c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2008-06-10 1406024]
"itype"=c:\Program Files\Microsoft IntelliType Pro\itype.exe [2008-06-10 1442888]
"VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2006-09-14 53248]
"VTTrayp"=C:\WINDOWS\system32\VTtrayp.exe [2007-04-25 176128]
"DSS"=C:\WINDOWS\BBSTORE\DSS\DSSAGENT.EXE []
"ATT-SST_McciTrayApp"=C:\Program Files\ATT-SST\McciTrayApp.exe [2008-09-18 1529856]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]
"nwiz"=nwiz.exe /install []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
"YMailAdvisor"=C:\Program Files\Yahoo!\Common\YMailAdvisor.exe [2009-05-08 174424]
"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2009-02-03 111856]
"MSSE"=c:\Program Files\Microsoft Security Essentials\msseces.exe [2010-02-21 1093208]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe -silent []
"Uniblue RegistryBooster 2009"=C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S []
"WeatherDPA"=C:\Program Files\Zango\bin\10.3.79.0\Weather.exe -auto []
"Search Protection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2009-02-03 111856]
"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2009-02-03 111856]
"dbf70700.exe"=C:\Documents and Settings\Matt\Application Data\A590201407B3DE3E518D856535E32670\dbf70700.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\85784d94-bfd8-4687-a815-c19eb8a1a556_26]
C:\WINDOWS\system32\85784d94-bfd8-4687-a815-c19eb8a1a556_26.avi, start minimized []

C:\Documents and Settings\Matt\Start Menu\Programs\Startup
CNET TechTracker.lnk - C:\Documents and Settings\Matt\Application Data\CBS Interactive\CNET TechTracker\TechTracker.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\dxdiag.exe"="C:\WINDOWS\system32\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Ena

I did get the popups stoped. I'll get into that tomorrow night though along with the GMER log.
Here's the RSIT logs.

Logfile of random's system information tool 1.06 (written by random/random)
Run by Matt at 2010-03-16 22:24:46
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 155 GB (65%) free of 238 GB
Total RAM: 1982 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:24:55 PM, on 3/16/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\ATT-SST\McciTrayApp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
c:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Documents and Settings\Matt\Application Data\CBS Interactive\CNET TechTracker\TechTracker.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Matt\Desktop\RSIT.exe
C:\Program Files\trend micro\Matt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gamespot.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {85784d94-bfd8-4681-a815-c19eb8a1a556} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [DSS] C:\WINDOWS\BBSTORE\DSS\DSSAGENT.EXE
O4 - HKLM\..\Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\McciTrayApp.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [YMailAdvisor] "C:\Program Files\Yahoo!\Common\YMailAdvisor.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\Zango\bin\10.3.79.0\Weather.exe" -auto
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [dbf70700.exe] C:\Documents and Settings\Matt\Application Data\A590201407B3DE3E518D856535E32670\dbf70700.exe
O4 - Startup: CNET TechTracker.lnk = C:\Documents and Settings\Matt\Application Data\CBS Interactive\CNET TechTracker\TechTracker.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6087.cab
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/bingame/amad/default/atomaders.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1229232609765
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=26688
O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} (P3DActiveX Control) - http://panda-plugin.disney.go.com/plugin/w.../p3dactivex.cab
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player) - http://zone.msn.com/bingame/burg/default/G...esPlayer_v6.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...k.cab102118.cab
O16 - DPF: {BC0AE9E6-E549-4554-A222-EA083A894683} (QuickUpload) - http://a02-b02.mypicturetown.com/P2PwebCmd...r/x/Upld_47.CAB
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/insaniqua...ploader_v10.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {F09BFD07-20B5-46D8-A6D5-BE4EF22F1F4D} (DGTx.uc1) - http://ev1-2.driverguide.net/DGTx.CAB
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
O24 - Desktop Component AutorunsDisabled: (no name) - (no file)

--
End of file - 11168 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{0CE5BFFD-155D-4D18-992D-BF4A5BF77D16}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2009-09-19 1172280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-14 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{85784d94-bfd8-4681-a815-c19eb8a1a556}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-14 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-14 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2009-09-19 158008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2009-09-19 1172280]
Locked

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]
"IntelliPoint"=c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2008-06-10 1406024]
"itype"=c:\Program Files\Microsoft IntelliType Pro\itype.exe [2008-06-10 1442888]
"VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2006-09-14 53248]
"VTTrayp"=C:\WINDOWS\system32\VTtrayp.exe [2007-04-25 176128]
"DSS"=C:\WINDOWS\BBSTORE\DSS\DSSAGENT.EXE []
"ATT-SST_McciTrayApp"=C:\Program Files\ATT-SST\McciTrayApp.exe [2008-09-18 1529856]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]
"nwiz"=nwiz.exe /install []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
"YMailAdvisor"=C:\Program Files\Yahoo!\Common\YMailAdvisor.exe [2009-05-08 174424]
"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2009-02-03 111856]
"MSSE"=c:\Program Files\Microsoft Security Essentials\msseces.exe [2010-02-21 1093208]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe -silent []
"Uniblue RegistryBooster 2009"=C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S []
"WeatherDPA"=C:\Program Files\Zango\bin\10.3.79.0\Weather.exe -auto []
"Search Protection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2009-02-03 111856]
"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2009-02-03 111856]
"dbf70700.exe"=C:\Documents and Settings\Matt\Application Data\A590201407B3DE3E518D856535E32670\dbf70700.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\85784d94-bfd8-4687-a815-c19eb8a1a556_26]
C:\WINDOWS\system32\85784d94-bfd8-4687-a815-c19eb8a1a556_26.avi, start minimized []

C:\Documents and Settings\Matt\Start Menu\Programs\Startup
CNET TechTracker.lnk - C:\Documents and Settings\Matt\Application Data\CBS Interactive\CNET TechTracker\TechTracker.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\dxdiag.exe"="C:\WINDOWS\system32\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Microsoft Games\Viva Pinata\Viva Pinata.exe"="C:\Program Files\Microsoft Games\Viva Pinata\Viva Pinata.exe:*:Enabled:Viva Piñata"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"C:\Program Files\Electronic Arts\Need For Speed III\nfs3.exe"="C:\Program Files\Electronic Arts\Need For Speed III\nfs3.exe:*:Enabled:Need For Speed III for Win32"
"C:\My Games\Red Ace Squadron\acenet_client_release.exe"="C:\My Games\Red Ace Squadron\acenet_client_release.exe:*:Enabled:acenet_client_release"
"C:\Program Files\Fighter Ace Anniversary Edition\rsync.exe"="C:\Program Files\Fighter Ace Anniversary Edition\rsync.exe:*:Enabled:rsync Application"
"C:\Program Files\Microsoft Games\Halo Trial\halo.exe"="C:\Program Files\Microsoft Games\Halo Trial\halo.exe:*:Enabled:Halo"
"C:\Program Files\Microsoft Games\Halo Trial\Copy of halo.exe"="C:\Program Files\Microsoft Games\Halo Trial\Copy of halo.exe:*:Enabled:Halo"
"C:\Program Files\Microsoft Games\Halo backup 3\halo.exe"="C:\Program Files\Microsoft Games\Halo backup 3\halo.exe:*:Enabled:Halo"
"C:\Program Files\Microsoft Games\Copy (3) of Halo backup\halo.exe"="C:\Program Files\Microsoft Games\Copy (3) of Halo backup\halo.exe:*:Enabled:Halo"
"C:\Program Files\Microsoft Games\Copy (2) of Halo backup\halo.exe"="C:\Program Files\Microsoft Games\Copy (2) of Halo backup\halo.exe:*:Enabled:Halo"
"C:\Program Files\Microsoft Games\Halo backup\halo.exe"="C:\Program Files\Microsoft Games\Halo backup\halo.exe:*:Enabled:Halo"
"C:\Program Files\Microsoft Games\Halo weird plice\halo.exe"="C:\Program Files\Microsoft Games\Halo weird plice\halo.exe:*:Disabled:Halo"
"C:\Program Files\Microsoft Games\Copy of Halo Trial\Copy of halo.exe"="C:\Program Files\Microsoft Games\Copy of Halo Trial\Copy of halo.exe:*:Enabled:Halo"
"C:\Program Files\Microsoft Games\XTREM\Copy of halo.exe"="C:\Program Files\Microsoft Games\XTREM\Copy of halo.exe:*:Enabled:Halo"
"C:\Program Files\Microsoft Games\Copy (2) of Halo Trial\Copy of halo.exe"="C:\Program Files\Microsoft Games\Copy (2) of Halo Trial\Copy of halo.exe:*:Enabled:Halo"
"C:\Program Files\Microsoft Games\Copy (3) of Halo Trial\Copy of halo.exe"="C:\Program Files\Microsoft Games\Copy (3) of Halo Trial\Copy of halo.exe:*:Enabled:Halo"
"C:\Program Files\Microsoft Games\Halo\Halo backup\halo.exe"="C:\Program Files\Microsoft Games\Halo\Halo backup\halo.exe:*:Enabled:Halo"
"C:\Program Files\Microsoft Games\Halo\Copy of Halo Trial\Copy of halo.exe"="C:\Program Files\Microsoft Games\Halo\Copy of Halo Trial\Copy of halo.exe:*:Enabled:Halo"
"C:\Program Files\Microsoft Games\Halo\Wooden glory\Copy of halo.exe"="C:\Program Files\Microsoft Games\Halo\Wooden glory\Copy of halo.exe:*:Enabled:Halo"
"C:\Program Files\Microsoft Games\Halo\Gruntz\Copy of halo.exe"="C:\Program Files\Microsoft Games\Halo\Gruntz\Copy of halo.exe:*:Enabled:Halo"
"C:\Program Files\Microsoft Games\Halo\XTREM\Copy of halo.exe"="C:\Program Files\Microsoft Games\Halo\XTREM\Copy of halo.exe:*:Enabled:Halo"
"C:\Program Files\Microsoft Games\Halo\Pistol Godz\Copy of halo.exe"="C:\Program Files\Microsoft Games\Halo\Pistol Godz\Copy of halo.exe:*:Enabled:Halo"
"C:\Program Files\Microsoft Games\Halo\Copy of Halo Trial\Copy (2) of Halo Trial\Copy of halo.exe"="C:\Program Files\Microsoft Games\Halo\Copy of Halo Trial\Copy (2) of Halo Trial\Copy of halo.exe:*:Enabled:Halo"
"C:\Program Files\Microsoft Games\Halo\Copy (3) of Halo Trial\Copy of halo.exe"="C:\Program Files\Microsoft Games\Halo\Copy (3) of Halo Trial\Copy of halo.exe:*:Enabled:Halo"
"C:\Program Files\Microsoft Games\Halo\Halo Trial\Copy of halo.exe"="C:\Program Files\Microsoft Games\Halo\Halo Trial\Copy of halo.exe:*:Enabled:Halo"
"C:\Program Files\Microsoft Games\Halo\Rifle Powerz\Copy of halo.exe"="C:\Program Files\Microsoft Games\Halo\Rifle Powerz\Copy of halo.exe:*:Enabled:Halo"
"C:\Program Files\Microsoft Games\Halo\Team Slayer\Copy of halo.exe"="C:\Program Files\Microsoft Games\Halo\Team Slayer\Copy of halo.exe:*:Enabled:Halo"
"C:\Program Files\Microsoft Games\Halo\KABOOM\Copy of halo.exe"="C:\Program Files\Microsoft Games\Halo\KABOOM\Copy of halo.exe:*:Enabled:Halo"
"C:\Games\Gruntz\GRUNTZ.EXE"="C:\Games\Gruntz\GRUNTZ.EXE:*:Enabled:The Ultimate Puzzle-Strategy-Action Game"
"C:\Program Files\Microsoft Games\Halo\Vehiclez\Copy of halo.exe"="C:\Program Files\Microsoft Games\Halo\Vehiclez\Copy of halo.exe:*:Enabled:Halo"
"C:\Program Files\Microsoft Games\Halo\Copy of Halo backup\halo.exe"="C:\Program Files\Microsoft Games\Halo\Copy of Halo backup\halo.exe:*:Enabled:Halo"
"C:\Program Files\Microsoft Games\Halo\War\halo.exe"="C:\Program Files\Microsoft Games\Halo\War\halo.exe:*:Enabled:Halo"
"C:\Program Files\Microsoft Games\Halo\Gruntz (better)\Copy of halo.exe"="C:\Program Files\Microsoft Games\Halo\Gruntz (better)\Copy of halo.exe:*:Enabled:Halo"
"C:\Program Files\Microsoft Games\Halo\Copy (3) of Halo backup\halo.exe"="C:\Program Files\Microsoft Games\Halo\Copy (3) of Halo backup\halo.exe:*:Enabled:Halo"
"C:\Program Files\Microsoft Games\Halo\Copy (2) of Halo backup\halo.exe"="C:\Program Files\Microsoft Games\Halo\Copy (2) of Halo backup\halo.exe:*:Enabled:Halo"
"C:\Program Files\Microsoft Games\Halo\Freaky\halo.exe"="C:\Program Files\Microsoft Games\Halo\Freaky\halo.exe:*:Enabled:Halo"
"C:\Program Files\Microsoft Games\Halo\Copy of Halo Trial\halo.exe"="C:\Program Files\Microsoft Games\Halo\Copy of Halo Trial\halo.exe:*:Enabled:Halo"
"C:\Program Files\Microsoft Games\Halo\Elitez\Copy of halo.exe"="C:\Program Files\Microsoft Games\Halo\Elitez\Copy of halo.exe:*:Enabled:Halo"
"C:\Program Files\Microsoft Games\Halo\Halo weird police\halo.exe"="C:\Program Files\Microsoft Games\Halo\Halo weird police\halo.exe:*:Enabled:Halo"
"C:\Program Files\Microsoft Games\Halo\Paintball\Copy of halo.exe"="C:\Program Files\Microsoft Games\Halo\Paintball\Copy of halo.exe:*:Enabled:Halo"
"C:\Program Files\Microsoft Games\Halo\Flyerz\Copy of halo.exe"="C:\Program Files\Microsoft Games\Halo\Flyerz\Copy of halo.exe:*:Enabled:Halo"
"C:\Program Files\Microsoft Games\Halo\Auto Elites\halo.exe"="C:\Program Files\Microsoft Games\Halo\Auto Elites\halo.exe:*:Enabled:Halo"
"C:\Program Files\Microsoft Games\Halo\Spongebob\halo.exe"="C:\Program Files\Microsoft Games\Halo\Spongebob\halo.exe:*:Enabled:Halo"
"C:\Program Files\Microsoft Games\Halo\Halo backup\Copy of halo.exe"="C:\Program Files\Microsoft Games\Halo\Halo backup\Copy of halo.exe:*:Enabled:Halo"
"C:\Program Files\Microsoft Games\Halo\Copy (2) of Halo Trial\Copy of halo.exe"="C:\Program Files\Microsoft Games\Halo\Copy (2) of Halo Trial\Copy of halo.exe:*:Enabled:Halo"
"C:\Program Files\Microsoft Games\Halo\Cryophobia\Copy of halo.exe"="C:\Program Files\Microsoft Games\Halo\Cryophobia\Copy of halo.exe:*:Enabled:Halo"
"C:\Program Files\Microsoft Games\Halo\Cryosis\Copy of halo.exe"="C:\Program Files\Microsoft Games\Halo\Cryosis\Copy of halo.exe:*:Enabled:Halo"
"C:\Program Files\Microsoft Games\Halo\Great Bloody Gulch\Copy of halo.exe"="C:\Program Files\Microsoft Games\Halo\Great Bloody Gulch\Copy of halo.exe:*:Enabled:Halo"
"C:\Program Files\Microsoft Games\Halo\Customizable\Copy of halo.exe"="C:\Program Files\Microsoft Games\Halo\Customizable\Copy of halo.exe:*:Enabled:Halo"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary"
"C:\Documents and Settings\Matt\My Documents\pokemmorgps\worldonline\pwoClient\pwoClient\PokemonWorldOnline\Pokemon Game.exe"="C:\Documents and Settings\Matt\My Documents\pokemmorgps\worldonline\pwoClient\pwoClient\PokemonWorldOnline\Pokemon Game.exe:*:Enabled:Pokemon Game"
"C:\Program Files\ATT-SST\McciBrowser.exe"="C:\Program Files\ATT-SST\McciBrowser.exe:*:Enabled:mcci+McciBrowser"
"C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\age2_x1.icd"="C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\age2_x1.icd:*:Enabled:Age of Empires II Expansion"
"C:\Program Files\Steam\steamapps\tvirgomatt\team fortress 2\hl2.exe"="C:\Program Files\Steam\steamapps\tvirgomatt\team fortress 2\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\steamapps\tvirgomatt\rag doll kung fu demo\Rag_Doll_Kung_Fu_Steam.exe"="C:\Program Files\Steam\steamapps\tvirgomatt\rag doll kung fu demo\Rag_Doll_Kung_Fu_Steam.exe:*:Enabled:Rag_Doll_Kung_Fu_Steam"
"C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe"="C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe:*:Enabled:Zoo Tycoon 2 Executable"
"C:\Program Files\Microsoft Games\Age of Empires III\age3.exe"="C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:*:Enabled:Age of Empires 3"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\Program Files\Microsoft Games\Impossible Creatures\IC.exe"="C:\Program Files\Microsoft Games\Impossible Creatures\IC.exe:*:Enabled:IC"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Program Files\Microsoft Games\Age of Empires\EMPIRESX.EXE"="C:\Program Files\Microsoft Games\Age of Empires\EMPIRESX.EXE:*:Enabled:Age of Empires, the Rise of Rome"
"C:\Program Files\Microsoft Games\Age of Empires\Empires.exe"="C:\Program Files\Microsoft Games\Age of Empires\Empires.exe:*:Enabled:Age of Empires"
"C:\Program Files\Microsoft Games\Copy of Age of Empires II\age2_x1\age2_x1.icd"="C:\Program Files\Microsoft Games\Copy of Age of Empires II\age2_x1\age2_x1.icd:*:Enabled:Age of Empires II Expansion"
"C:\Program Files\Microsoft Games\Copy (2) of Age of Empires II\age2_x1\age2_x1.icd"="C:\Program Files\Microsoft Games\Copy (2) of Age of Empires II\age2_x1\age2_x1.icd:*:Enabled:Age of Empires II Expansion"
"C:\Program Files\Microsoft Games\Copy (3) of Age of Empires II\age2_x1\age2_x1.icd"="C:\Program Files\Microsoft Games\Copy (3) of Age of Empires II\age2_x1\age2_x1.icd:*:Enabled:Age of Empires II Expansion"
"C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD"="C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD:*:Enabled:Age of Empires II"
"C:\Program Files\Microsoft Games\Copy (3) of Age of Empires II\EMPIRES2.ICD"="C:\Program Files\Microsoft Games\Copy (3) of Age of Empires II\EMPIRES2.ICD:*:Enabled:Age of Empires II"
"C:\Program Files\Microsoft Games\Copy (4) of Age of Empires II\age2_x1\age2_x1.icd"="C:\Program Files\Microsoft Games\Copy (4) of Age of Empires II\age2_x1\age2_x1.icd:*:Enabled:Age of Empires II Expansion"
"C:\Program Files\Microsoft Games\Copy (5) of Age of Empires II\age2_x1\age2_x1.icd"="C:\Program Files\Microsoft Games\Copy (5) of Age of Empires II\age2_x1\age2_x1.icd:*:Enabled:Age of Empires II Expansion"
"C:\Program Files\Microsoft Games\Halo\Halo Trial\halo.exe"="C:\Program Files\Microsoft Games\Halo\Halo Trial\halo.exe:*:Enabled:Halo"
"C:\Program Files\Microsoft Games\Halo\Snow\Copy of halo.exe"="C:\Program Files\Microsoft Games\Halo\Snow\Copy of halo.exe:*:Enabled:Halo"
"C:\Sierra\Empire Earth - The Art of Conquest\EE-AOC.exe"="C:\Sierra\Empire Earth - The Art of Conquest\EE-AOC.exe:*:Enabled:EE-AOC"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Microsoft Corporation\Tinker\Tinker.exe"="C:\Program Files\Microsoft Corporation\Tinker\Tinker.exe:*:Enabled:Tinker"
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe"="C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*:Disabled:Combat Arms"
"C:\Documents and Settings\Matt\Local Settings\Temp\alg.exe"="C:\Documents and Settings\Matt\Local Settings\Temp\alg.exe:*:Enabled:Application Layer Gateway Service"
"C:\WINDOWS\system32\lsass.exe"="C:\WINDOWS\system32\lsass.exe:*:Enabled:LSA Shell"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"C:\Documents and Settings\Matt\Local Settings\Temp\alg.exe"="C:\Documents and Settings\Matt\Local Settings\Temp\alg.exe:*:Enabled:Application Layer Gateway Service"
"C:\WINDOWS\system32\lsass.exe"="C:\WINDOWS\system32\lsass.exe:*:Enabled:LSA Shell"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\autorun.exe


======File associations======

.js - open - NOTEPAD.EXE %1
.vbs - open - NOTEPAD.EXE %1

======List of files/folders created in the last 1 months======

2010-03-16 22:24:46 ----D---- C:\rsit
2010-03-16 22:24:46 ----D---- C:\Program Files\trend micro
2010-03-14 09:01:17 ----D---- C:\Documents and Settings\All Users\Application Data\Age of Empires 3 YPack Trial
2010-03-13 14:05:33 ----D---- C:\Documents and Settings\Matt\Application Data\vlc
2010-03-13 13:29:29 ----D---- C:\Program Files\Alwil Software
2010-03-11 00:01:26 ----D---- C:\WINDOWS\pss
2010-03-10 17:05:58 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-03-08 17:40:43 ----D---- C:\a536d24029d5a2520419199008f3
2010-03-07 00:24:58 ----D---- C:\Documents and Settings\All Users\Application Data\Macromedia
2010-03-07 00:24:05 ----D---- C:\Program Files\Mozilla Firefox
2010-03-06 23:20:50 ----D---- C:\Documents and Settings\All Users\Application Data\GoBit Games
2010-03-06 21:35:28 ----D---- C:\Program Files\Windows Live Safety Center
2010-02-24 22:30:38 ----D---- C:\Documents and Settings\All Users\Application Data\GameHouse
2010-02-24 20:33:22 ----D---- C:\Documents and Settings\All Users\Application Data\pixelStorm
2010-02-24 19:44:37 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2010-02-24 19:42:07 ----D---- C:\Program Files\Microsoft Security Essentials
2010-02-24 17:00:16 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-02-23 20:16:53 ----D---- C:\Documents and Settings\Matt\Application Data\Malwarebytes
2010-02-23 20:16:48 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-02-23 20:16:48 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-02-18 16:56:31 ----A---- C:\WINDOWS\system32\msexcr.ini

======List of files/folders modified in the last 1 months======

2010-03-16 22:24:46 ----D---- C:\Program Files
2010-03-16 22:24:37 ----D---- C:\WINDOWS\Prefetch
2010-03-16 18:21:00 ----D---- C:\WINDOWS\Temp
2010-03-16 18:04:22 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-16 16:19:48 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-15 14:09:27 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-03-14 13:27:29 ----RSH---- C:\boot.ini
2010-03-14 13:27:29 ----A---- C:\WINDOWS\win.ini
2010-03-14 13:27:29 ----A---- C:\WINDOWS\system.ini
2010-03-14 08:45:12 ----D---- C:\WINDOWS\system32
2010-03-14 08:45:12 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-13 19:55:53 ----SD---- C:\WINDOWS\Tasks
2010-03-13 14:19:54 ----D---- C:\WINDOWS\system32\drivers
2010-03-13 14:19:54 ----D---- C:\Documents and Settings\All Users\Application Data\Alwil Software
2010-03-13 13:29:38 ----SHD---- C:\WINDOWS\Installer
2010-03-13 13:29:37 ----D---- C:\WINDOWS\WinSxS
2010-03-13 11:08:24 ----D---- C:\WINDOWS
2010-03-13 10:28:52 ----HD---- C:\Program Files\InstallShield Installation Information
2010-03-13 10:28:24 ----RSD---- C:\WINDOWS\assembly
2010-03-13 10:28:08 ----HD---- C:\WINDOWS\inf
2010-03-13 10:27:28 ----D---- C:\WINDOWS\system32\DirectX
2010-03-13 10:25:38 ----D---- C:\Program Files\Microsoft Games
2010-03-12 19:59:02 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-03-10 23:39:15 ----D---- C:\Documents and Settings
2010-03-10 17:06:36 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2010-03-10 17:06:04 ----A---- C:\WINDOWS\imsins.BAK
2010-03-10 17:06:00 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-10 17:06:00 ----D---- C:\Program Files\Movie Maker
2010-03-10 17:05:52 ----HD---- C:\WINDOWS\$hf_mig$
2010-03-09 14:03:05 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2010-03-08 17:25:15 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2010-03-07 23:42:16 ----D---- C:\51e7046ed38abb2f10b6
2010-03-07 20:08:05 ----D---- C:\WINDOWS\ServicePackFiles
2010-03-07 02:51:37 ----SHD---- C:\System Volume Information
2010-03-07 02:51:37 ----D---- C:\WINDOWS\system32\Restore
2010-03-07 00:27:11 ----D---- C:\Program Files\Common Files\Motive
2010-03-02 01:30:12 ----A---- C:\WINDOWS\system32\MRT.exe
2010-02-26 19:37:52 ----AC---- C:\WINDOWS\ntbtlog.txt
2010-02-24 19:42:10 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-02-24 19:31:34 ----D---- C:\WINDOWS\Minidump
2010-02-24 17:00:31 ----D---- C:\WINDOWS\ie8updates
2010-02-24 10:34:53 ----D---- C:\Program Files\Docking Station
2010-02-23 21:18:50 ----D---- C:\My Games
2010-02-23 21:18:49 ----D---- C:\Program Files\RealArcade
2010-02-23 21:14:44 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-23 20:33:17 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 36864]
R1 BIOS;BIOS; \??\C:\WINDOWS\system32\drivers\BIOS.sys []
R1 BS_I2cIo;BS_I2cIo; \??\C:\WINDOWS\system32\drivers\BS_I2cIo.sys []
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2009-12-02 149040]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2007-04-25 4030144]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-02-27 42496]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NuidFltr;NUID filter driver; C:\WINDOWS\system32\DRIVERS\NuidFltr.sys [2009-05-09 14736]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-16 6557408]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2008-12-04 27784]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2007-04-28 283904]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S1 pxmzzpyp;pxmzzpyp; \??\C:\WINDOWS\system32\drivers\pxmzzpyp.sys []
S3 3xHybrid;SAA713x TV Card Service; C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2008-03-17 906368]
S3 AhnRptTfFRegFNT;AhnRptTfFRegFNT; \??\C:\DOCUME~1\Nigel\LOCALS~1\Temp\nsk3F.tmp\TfFRegNt.sys []
S3 BS_Flash;BS_Flash; C:\WINDOWS\system32\drivers\BS_Flash.sys [2007-08-16 3604]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-07-09 16384]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 ETD;ELAN PS/2 Port Input Device; C:\WINDOWS\system32\DRIVERS\ETD.sys [2009-03-30 129024]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2002-12-12 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 npkcusb;npkcusb; \??\C:\Nexon\MapleStory\npkcusb.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 tdisnap;tdisnap; \??\C:\WINDOWS\system32\tdisnap.sys []
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-14 152984]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2008-08-19 303104]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2009-12-09 17904]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-27 135664]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 GameConsoleService;GameConsoleService; C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe [2009-07-09 250616]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.06 2010-03-16 22:24:56

======Uninstall list======

-->"C:\Program Files\WildGames\Alice Greenfingers 2\Uninstall.exe"
-->"C:\Program Files\WildGames\Belle's Beauty Boutique\Uninstall.exe"
-->"C:\Program Files\WildGames\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files\WildGames\Cooking Academy 2 - World Cuisine\Uninstall.exe"
-->"C:\Program Files\WildGames\Dangerous High School Girls in Trouble\Uninstall.exe"
-->"C:\Program Files\WildGames\FATE Undiscovered Realms\Uninstall.exe"
-->"C:\Program Files\WildGames\Iggle Pop Deluxe\Uninstall.exe"
-->"C:\Program Files\WildGames\Jets 'N' Guns GOLD\Uninstall.exe"
-->"C:\Program Files\WildGames\Mahjongg - Ancient Mayas\Uninstall.exe"
-->"C:\Program Files\WildGames\Sally's Salon\Uninstall.exe"
-->"C:\Program Files\WildGames\Tank-o-Box\Uninstall.exe"
-->"C:\Program Files\WildGames\Wedding Dash - Ready, Aim, Love!\Uninstall.exe"
-->"C:\Program Files\WildGames\Wedding Dash 2 - Rings Around the World\Uninstall.exe"
-->"C:\Program Files\WildGames\Wedding Dash\Uninstall.exe"
-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->MsiExec /X{5DB65884-C963-4454-AABA-4CA3089281FA}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2010 DR PEPPER EA GAMES EVERY BOTTLE/CUP WINS PROMOTION-->"C:\Program Files\InstallShield Installation Information\{59E04C6D-9EE0-4F70-9358-62108888C719}\setup.exe" -runfromtemp -l0x0009 -removeonly
Acrobat.com-->msiexec /qb /x {77DCDCE3-2DED-62F3-8154-05E745472D07}
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.3.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A93000000001}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Age of Empires : Tribalism-->C:\Program Files\Microsoft Games\Copy of Age of Empires\AoET_Uninstaller.exe
Age of Empires III - The Asian Dynasties Trial-->C:\Program Files\InstallShield Installation Information\{63415CB1-3C97-4D9C-980D-336710EB0526}\setup.exe -runfromtemp -l0x0409
Age of Empires III-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}
Age of Empires: Trade War-->C:\AoE-TW Uninstaller.exe
Age of Mythology - The Titans Expansion-->"C:\Program Files\Microsoft Games\Age of Mythology\UNINSTXP.EXE" /runtemp /addremove
Age of Mythology-->"C:\Program Files\Microsoft Games\Age of Mythology\UNINSTAL.EXE" /runtemp /addremove
Aironix-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\aironix.rguninst" "AddRemove"
Ancient Spider Solitaire-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\amg-ancientspidersolitaire.rguninst" "AddRemove"
Ant War-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\antwar.rguninst" "AddRemove"
AOE Roman Modpack 1.0-->C:\Program Files\Microsoft Games\Copy (5) of Age of Empires II\Uninstall_AOE Roman Modpack.exe
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft PhotoBase-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ArcSoft\PhotoBase\Uninst.isu"
ArcSoft PhotoImpression 4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{68D5CEF9-0DA8-47FE-B0EB-4CBFB5AAF662}\setup.exe" -l0x9
ArcSoft PhotoStudio 2000-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ArcSoft\PhotoStudio 2000\Uninst.isu"
Army Men ™: Toys in Space ™-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\3DO\Army Men Toys in Space\Uninst.isu" -c"C:\Program Files\3DO\Army Men Toys in Space\uninst.dll"
Army Men World War™-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\3DO\Army Men World War\Uninst.isu" -c"C:\Program Files\3DO\Army Men World War\uninst.dll"
AT&T Self Support Tool-->C:\Program Files\ATT-SST\Uninstall.exe
Avenue Flo™-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\am-avenueflotm.rguninst" "AddRemove"
BannedStory 3.0-->msiexec /qb /x {62C81505-65E8-BBFF-5A9B-23958770F694}
BannedStory-->MsiExec.exe /I{62C81505-65E8-BBFF-5A9B-23958770F694}
Be a King-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\beaking.rguninst" "AddRemove"
Big City Adventure™ - New York City-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\am-bigcityadventuretmnewyorkcity.rguninst" "AddRemove"
BIOS Update-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C09DB99-F67A-4848-9079-0B5E216AD134}\setup.exe"
Blue's Art Time Activities-->C:\WINDOWS\IsUninst.exe -fC:\HEGames\ArtTime\Uninst.isu -c"C:\HEGames\ArtTime\Uninst.dll
Build-a-lot 4 - Power Source-->"C:\Program Files\WildGames\Build-a-lot 4 - Power Source\Uninstall.exe"
Build-a-lot-->"C:\Program Files\HipSoft\Buildalot\unins000.exe"
Caere Scan Manager 5.1-->MsiExec.exe /I{81D62C32-0984-11D3-86CD-00105AD33021}
Canon S600-->C:\WINDOWS\system32\CNMCP2V.EXE -@C:\WINDOWS\IsUninst.exe -f"C:\BJPrinter\CNMWINDOWS\Canon S600 Installer\Inst\DeIsL3.isu" -pCanon S600-c"C:\BJPrinter\CNMWINDOWS\Canon S600 Installer\Inst\bjinst.dll
Canon S600-->C:\WINDOWS\system32\CNMS600.EXE -@C:\WINDOWS\IsUninst.exe -f"C:\BJPrinter\CNMWINDOWS\Canon S600 Installer\Inst\DeIsL1.isu" -pCanon S600-c"C:\BJPrinter\CNMWINDOWS\Canon S600 Installer\Inst\bjinst.dll
Canon ScanGear Toolbox CS 2.2-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\ScanGear Toolbox CS\Uninst.isu" -c"C:\Program Files\Canon\ScanGear Toolbox CS\uninst.dll"
Cate West - The Velvet Keys™-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\amg-catewestthevelvetkeystm.rguninst" "AddRemove"
Chowder-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\chowder.rguninst" "AddRemove"
Cooking Dash™-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\am-cookingdashtm.rguninst" "AddRemove"
Creature Chaos 4.22-->"C:\Program Files\Microsoft Games\Copy of Impossible Creatures\Impossible Creatures\unins000.exe"
Creatures 3-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creatures 3\Uninst.isu"
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Data Lifeguard Tools-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}\Setup.exe"
Delicious Deluxe-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\deliciousdeluxe.rguninst" "AddRemove"
Diablo-->C:\WINDOWS\DiabUnin.exe C:\WINDOWS\DiabUnin.dat
Docking Station-->C:\Program Files\Docking Station\InstallBlast.exe --uninstall
EA Download Manager UI-->msiexec /qb /x {9901E703-D169-7139-1EA3-11AA788D09E6}
EA Download Manager UI-->MsiExec.exe /I{9901E703-D169-7139-1EA3-11AA788D09E6}
EA Download Manager-->C:\Program Files\Electronic Arts\EADM\EADMUninstall.exe
Edmark Zap! (Remove only)-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Edmark\Zap\Uninst.isu"
Empire Earth - The Art of Conquest-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B49C924C-A651-4378-94F6-5D9BF44A959F}\Setup.exe" -l0x9
Empire Earth-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2447500B-22D7-47BD-9B13-1A927F43A267}\Setup.exe"
EVEREST Home Edition v1.51-->"C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
Family Feud™-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\familyfeudtm.rguninst" "AddRemove"
FATE-->"C:\Program Files\WildGames\FATE\Uninstall.exe"
Feeding Frenzy 2-->"c:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "c:\Program Files\RealArcade\Installer\installerMain.clf" "c:\Program Files\RealArcade\Installer\uninstall\feedingfrenzy2.rguninst" "AddRemove"
Feeding Frenzy-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\am-feedingfrenzy.rguninst" "AddRemove"
Fighter Ace Anniversary Edition-->C:\PROGRA~1\FIGHTE~1\FAUNIN~1.EXE
Fish Tycoon-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\fishtycoon.rguninst" "AddRemove"
FizzBall-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\am-fizzball.rguninst" "AddRemove"
Garden Dreams-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\gardendreams.rguninst" "AddRemove"
Geneforge 5-->MsiExec.exe /X{405FA152-1638-4FC1-9233-62DB6F2D4C98}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Gruntz-->C:\WINDOWS\uninst.exe -fC:\Games\Gruntz\DeIsL1.isu
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hospital Hustle-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\amg-hospitalhustle.rguninst" "AddRemove"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB938759)-->"C:\WINDOWS\$NtUninstallKB938759$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB954708)-->"C:\WINDOWS\$NtUninstallKB954708$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
Impossible Creatures 1.0.1-->MsiExec.exe /X{6B2B0D05-2B4A-4855-A47B-D69CD9E3CDD6}
Impossible Creatures-->"C:\Program Files\Microsoft Games\Impossible Creatures\UNINSTAL.EXE" /runtemp /addremove
Indiana Jones 1.0-->C:\Program Files\Microsoft Games\Copy of Age of Empires II\Indiana Jones Uninstall.exe
Insaniquarium Deluxe-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\insaniquariumdeluxe.rguninst" "AddRemove"
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Jetfighter 2015 (remove only)-->"C:\Documents and Settings\Nigel\Desktop\Jetfighter 2015\Uninstall.exe"
Jets'n'Guns Gold Patch 1.222-->C:\Program Files\Jets'n'Guns Gold\patch_uninst.exe
Jojo’s Fashion Show-->"C:\Program Files\MSN Games\Jojo’s Fashion Show\Uninstall.exe" "C:\Program Files\MSN Games\Jojo’s Fashion Show\install.log"
Jojo's Fashion Show (remove only)-->"C:\Program Files\Yahoo! Games\Jojo's Fashion Show\Uninstall.exe"
JoJo's Fashion Show 2 - Las Cruces-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\am-jojosfashionshow2lascruces.rguninst" "AddRemove"
Jojo's Fashion Show World Tour-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\am-jojosfashionshowworldtour.rguninst" "AddRemove"
Kitchen Brigade-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\am-kitchenbrigade.rguninst" "AddRemove"
LEGO Racers-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\LEGO Media\Games\LEGO Racers Demo\Uninst.isu"
Little Shop - Road Trip-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\am-littleshoproadtrip.rguninst" "AddRemove"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MapleStory-->MsiExec.exe /I{60580317-9E57-4502-B38D-B015F25E7948}
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft Age of Empires Expansion-->"C:\Program Files\Microsoft Games\Age of Empires\UNINSTX.EXE" /runtemp
Microsoft Age of Empires II: The Conquerors Expansion-->"C:\Program Files\Microsoft Games\Age of Empires II\UNINSTALX.EXE" /runtemp /addremove
Microsoft Age of Empires II-->"C:\Program Files\Microsoft Games\Age of Empires II\UNINSTAL.EXE" /runtemp /uninstall
Microsoft Age of Empires-->C:\Program Files\Microsoft Games\Age of Empires\Uninstal.exe /uninstall
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}
Microsoft Games for Windows - LIVE-->MsiExec.exe /X{A1C962E2-2426-49C6-A38B-9A07E40D607C}
Microsoft Halo Custom Edition-->"C:\Program Files\Microsoft Games\Halo Custom Edition\Uninstal.exe" /runtemp /addremove
Microsoft Halo Trial-->"C:\Program Files\Microsoft Games\Halo Trial\UNINSTAL.EXE" /runtemp /addremove
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISER /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{91120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.4-->MsiExec.exe /I{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0122-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Security Essentials-->C:\Program Files\Microsoft Security Essentials\setup.exe /x
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Windows XP Video Decoder Checkup Utility-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\DECCHECK.inf,Uninstall
Monopoly Junior-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hasbro Interactive\Monopoly Junior\Uninst.isu"
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
Need For Speed - Porsche Unleashed-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Electronic Arts\Need For Speed - Porsche Unleashed\uninst.log"
Need For Speed III-->C:\WINDOWS\UNINST.EXE -f"C:\Program Files\Electronic Arts\Need For Speed III\DeIsL1.isu" -c"C:\Program Files\Electronic Arts\Need For Speed III\eauninst.dll"
Netflix Movie Viewer-->MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA nView Desktop Manager-->C:\Program Files\NVIDIA Corporation\nView\nViewSetup.exe -uninstall
NVIDIA PhysX-->MsiExec.exe /X{5DB65884-C963-4454-AABA-4CA3089281FA}
Oasis-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\oasis.rguninst" "AddRemove"
OmniPage Pro 9.0-->C:\Program Files\Caere\OmniPagePro90\uninstall.exe -f"C:\Program Files\Caere\OmniPagePro90\DeIsL1.isu"
Paradise Beach-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\paradisebeach.rguninst" "AddRemove"
PC Wizard 2009.1.9111-->"C:\Program Files\CPUID\PC Wizard 2009\unins000.exe"
Pizza Frenzy-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\pizzafrenzy.rguninst" "AddRemove"
Pure Hidden-->"C:\Program Files\WildGames\Pure Hidden\Uninstall.exe"
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
Reader Rabbit's 1st Grade-->C:\WINDOWS\uninst.exe -fC:\TLCWIN\RRF\uninstal\DeIsL1.isu
Real War-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AD5835F8-909A-11D5-AE12-0050BA40602F}\setup.exe"
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
Rebound Lost Worlds - Recharged-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\reboundlostworldsrecharged.rguninst" "AddRemove"
Red Ace Squadron-->"c:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "c:\Program Files\RealArcade\Installer\installerMain.clf" "c:\Program Files\RealArcade\Installer\uninstall\redacesquadron.rguninst" "AddRemove"
Reign of Evil 1.0-->C:\Program Files\Microsoft Games\Copy (4) of Age of Empires II\Uninstall_Reign of Evil.exe
Ricochet Infinity-->C:\PROGRA~1\GAMEHO~1\RICOCH~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\RICOCH~1\INSTALL.LOG
Risk II-->"c:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "c:\Program Files\RealArcade\Installer\installerMain.clf" "c:\Program Files\RealArcade\Installer\uninstall\riskii.rguninst" "AddRemove"
Sally's Quick Clips-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\am-sallysquickclips.rguninst" "AddRemove"
Sallys Salon-->"C:\Program Files\MSN Games\Sallys Salon\Uninstall.exe" "C:\Program Files\MSN Games\Sallys Salon\install.log"
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB978380)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {667A88D1-0369-4070-A62A-70672D68A9BF}
Security Update for Microsoft Office Excel 2007 (KB978382)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {6DE3DABF-0203-426B-B330-7287D1003E86}
Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Search 4 - KB963093-->"C:\WINDOWS\$NtUninstallKB963093$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Shape Shifter-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\shapeshifter.rguninst" "AddRemove"
Shroomz-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\am-shroomz.rguninst" "AddRemove"
Sid Meier's SimGolf-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8C4504A1-9280-11D5-9F7E-00902712427E}\setup.exe"
SimCity 4-->C:\Program Files\Maxis\SimCity 4\EAUninstall.exe
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
SPORE™ Creepy & Cute Parts Pack-->"C:\Program Files\InstallShield Installation Information\{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}\SPORE_BP1Setup.exe" -runfromtemp -l0x0009 -removeonly
SPORE™ Galactic Adventures-->"C:\Program Files\InstallShield Installation Information\{63CEA2E4-4FE7-4F2C-B388-C1313D24157C}\setup.exe" -runfromtemp -l0x0009 -removeonly
SPORE™-->"C:\Program Files\InstallShield Installation Information\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\setup.exe" -runfromtemp -l0x0009 -removeonly
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Tales of Pirates Online-->"C:\Program Files\Tales of Pirates Online\unins000.exe"
The Sims Unleashed-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C32C567-DC0F-4C80-B06C-7873850A2E06}\setup.exe" -l0009
Time to Play Pet Shop-->C:\Program Files\The Learning Company\Time to Play Pet Shop\uninstal.exe
Tinker-->MsiExec.exe /I{584109EB-4A5E-4467-B3C4-5C1000008300}
Tinker-->MsiExec.exe /X{584109EB-4A5E-4467-B3C4-5C1000008300}
Totem Tribe-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\totemtribe.rguninst" "AddRemove"
Tradewinds Legends-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\tradewindslegends.rguninst" "AddRemove"
Tradewinds Odyssey™-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\tradewindsodysseytm.rguninst" "AddRemove"
Tradewinds® Classic-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\tradewindsrclassic.rguninst" "AddRemove"
Treasure MathStorm!-->C:\WINDOWS\uninst.exe -fC:\Tlcwin\Tmscd\uninstal\DeIsL1.isu
Trespasser-->C:\Program Files\DreamWorks Interactive\Trespasser\setup95.exe /uninstall
TV Expert-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{68CC21AD-B6EC-4DB8-954D-F27AD0D9A83F}\setup.exe" -l0x9 -removeonly
Unix Utilities for Yahoo! Widgets-->C:\Program Files\Yahoo!\Widgets\UnixUtils\uninstall.exe
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for 2007 Microsoft Office System (KB977724)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {CC0E469C-5006-48B9-BBDC-D11B562499B4}
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Access 2007 Help (KB963663)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
Update for Microsoft Office Infopath 2007 Help (KB963662)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {716B81B8-B13C-41DF-8EAC-7A2F656CAB63}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {0451F231-E3E3-4943-AB9F-58EB96171784}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Publisher 2007 Help (KB963667)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2E40DE55-B289-4C8B-8901-5D369B16814F}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 (KB974561)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {0CDDBAA2-2111-4A0E-A1B0-76C40C635331}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Update for Microsoft Windows (KB971513)-->"C:\WINDOWS\$NtUninstallKB971513$\spuninst\spuninst.exe"
Update for Outlook 2007 Junk Email Filter (kb979895)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {D45674C6-9127-4C84-8826-93FBC552DF53}
Update for Windows Internet Explorer 8 (KB969497)-->"C:\WINDOWS\ie8updates\KB969497-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB971180)-->"C:\WINDOWS\ie8updates\KB971180-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB971930)-->"C:\WINDOWS\ie8updates\KB971930-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB978506)-->"C:\WINDOWS\ie8updates\KB978506-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
VIA Platform Device Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VIA Rhine-Family Fast-Ethernet Adapter-->Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
VIA/S3G Display Driver 6.14.10.0364-->C:\PROGRA~1\S3\UChromeP\s3minset.exe /u UChromeP.uns
VIA/S3G Display Driver-->VTsetvga.exe -s -u 'VIA/S3G Display Driver' -rRundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 2 *.inf
Virtual Earth 3D (Beta)-->MsiExec.exe /I{3CCB26F5-E2A7-4C91-8340-9149D7B7C2BE}
Virtual Villagers-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\virtualvillagers.rguninst" "AddRemove"
Viva Piñata-->"C:\Program Files\InstallShield Installation Information\{343EFA17-5BC5-44DA-924F-539ECBEFF68C}\Setup.exe" -runfromtemp -l0x0409 -removeonly
Viva Pinata-->MsiExec.exe /X{343EFA17-5BC5-44DA-924F-539ECBEFF68C}
VLC media player 1.0.5-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Web Games Player Plugin-->"C:\Program Files\Zylom Games\UninstallPlugin.exe" --uninstall
WildTangent Games-->"C:\Program Files\WildGames\Uninstall.exe"
WildTangent ORB Game Console-->"C:\Program Files\WildGames\Game Console - WildGames\Uninstall.exe"
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_C074F64CC74B03BC354BB5DC973CCF768D5A7194\amdk8.inf
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Family Safety-->MsiExec.exe /X{139E303E-1050-497F-98B1-9AE87B15C463}
Windows Live ID Sign-in Assistant-->MsiExec.exe /X{10A44844-4465-456E-8C97-80BDD4F68845}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Sync-->MsiExec.exe /X{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Writer-->MsiExec.exe /X{178832DE-9DE0-4C87-9F82-9315A9B03985}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Yahoo! Mail Advisor-->C:\PROGRA~1\Yahoo!\Common\UNINST~1.EXE
Yahoo! Search Protection-->C:\PROGRA~1\Yahoo!\SEARCH~1\UNINST~1.EXE
Yahoo! Software Update-->C:\PROGRA~1\Yahoo!\SOFTWA~1\UNINST~1.EXE
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
Yahoo! Widgets-->C:\PROGRA~1\Yahoo!\Widgets\uninstall.exe
YOU DON'T KNOW JACK Movies-->C:\Sierra\YOUDON~1\UNWISE.EXE /A C:\Sierra\YOUDON~1\INSTALL.LOG
YOU DON'T KNOW JACK Television-->C:\Sierra\YOUDON~2\UNWISE.EXE /A C:\Sierra\YOUDON~2\INSTALL.LOG
YOU DON'T KNOW JACK Volume 3-->C:\Sierra\YOUDON~3\UNWISE.EXE /A C:\Sierra\YOUDON~3\INSTALL.LOG
Zoo Tycoon 2-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{115B3C94-B59B-4095-AD1C-0FC40354C7F3}
Zoo Tycoon Expanded-->"C:\Program Files\Microsoft Games\Zoo Tycoon\UNINSTAL.EXE" /runtemp /addremove

Hosts File Missing
======Security center information======

AV: Microsoft Security Essentials

======System event log======

Computer Name: FAMILY-6E29FB93
Event Code: 51
Message: An error was detected on device \Device\Harddisk1\D during a paging operation.

Record Number: 36173
Source Name: Disk
Time Written: 20100307004715.000000-300
Event Type: warning
User:

Computer Name: FAMILY-6E29FB93
Event Code: 51
Message: An error was detected on device \Device\Harddisk1\D during a paging operation.

Record Number: 36172
Source Name: Disk
Time Written: 20100307004710.000000-300
Event Type: warning
User:

Computer Name: FAMILY-6E29FB93
Event Code: 51
Message: An error was detected on device \Device\Harddisk1\D during a paging operation.

Record Number: 36171
Source Name: Disk
Time Written: 20100307004706.000000-300
Event Type: warning
User:

Computer Name: FAMILY-6E29FB93
Event Code: 51
Message: An error was detected on device \Device\Harddisk1\D during a paging operation.

Record Number: 36170
Source Name: Disk
Time Written: 20100307004701.000000-300
Event Type: warning
User:

Computer Name: FAMILY-6E29FB93
Event Code: 1006
Message: Microsoft Antimalware has detected spyware or other potentially unwanted software.

For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=370...atid=2147630987

Name: Trojan:WinNT/Bubnix.gen!A

ID: 2147630987

Severity: Severe

Category: Trojan

Path: file:C:\System Volume Information\_restore{79B3018D-24A3-4268-813E-C62CBADD195A}\RP475\A0122220.sys

Detection Origin: Local machine

Detection Type: Generic

Detection Source: Real-Time Protection

Status: Suspended

User: FAMILY-6E29FB93\Matt

Process Name: C:\Program Files\Internet Explorer\iexplore.exe

Signature Version: AV: 1.77.459.0, AS: 1.77.459.0

Engine Version: 1.1.5502.0

Record Number: 36164
Source Name: Microsoft Antimalware
Time Written: 20100307002923.000000-300
Event Type: warning
User:

=====Application event log=====

Computer Name: FAMILY-6E29FB93
Event Code: 1002
Message: Hanging application SporeApp.exe, version 1.3.0.10, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 9320
Source Name: Application Hang
Time Written: 20100125145705.000000-300
Event Type: error
User:

Computer Name: FAMILY-6E29FB93
Event Code: 1002
Message: Hanging application SporeApp.exe, version 3.0.0.2818, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 9319
Source Name: Application Hang
Time Written: 20100125145442.000000-300
Event Type: error
User:

Computer Name: FAMILY-6E29FB93
Event Code: 1002
Message: Hanging application SporeApp.exe, version 1.3.0.10, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 9318
Source Name: Application Hang
Time Written: 20100125145053.000000-300
Event Type: error
User:

Computer Name: FAMILY-6E29FB93
Event Code: 1524
Message: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



Record Number: 9317
Source Name: Userenv
Time Written: 20100125144138.000000-300
Event Type: warning
User: FAMILY-6E29FB93\Matt

Computer Name: FAMILY-6E29FB93
Event Code: 1524
Message: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



Record Number: 9270
Source Name: Userenv
Time Written: 20100121203117.000000-300
Event Type: warning
User: FAMILY-6E29FB93\Matt

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%CommonProgramFiles%\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 107 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=6b02
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

#4 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:07:06 AM

Posted 16 March 2010 - 11:35 PM

Okay! I'll wait for the GMER log smile.gif

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#5 tvirgomatt

tvirgomatt
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:06 AM

Posted 17 March 2010 - 07:56 PM

Thank you for the help.

I was able to stop the popup by running malwarebytes again.
That caused a dll error to start coming up on one logon which happened before but, it was on three of the logon.
I stopped it by going into msconfig and un-ticking the malware under startup.
This time it was still un-ticked so I ticked it rebooted and ticked it again.
So no more annoying popups, but I don't know what's left on here.

I tried GMER again and windows froze as soon as I started it, but GMER was running so I let it run.
After 2hrs something happened, so when I moved the mouse windows logon was there.
I logon and windows error reporting comes up saying the pc recovered from a serious error.
I turned off the monitor power saver and the prompt for password after standby incase that's what caused it.
GMER will have to wait another day to try.


#6 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:07:06 AM

Posted 17 March 2010 - 08:15 PM

Hello, tvirgomatt.
Instead of GMER, let's try a different rootkit scanner. It may save you the hassle of dealing with the computer crashes.

We need to run RootRepeal
  1. Download RootRepeal
  2. Extract RootRepeal.exe from the zip archive.
  3. Open RootRepeal on your desktop.
  4. Click the Report tab.
  5. Click the Scan button.
  6. Check all six boxes present (Drivers, Files, Processes, SSDT, Stealth Objects, Hidden Services)
  7. Push Ok
  8. Check the box for your main system drive (Usually C:), and press Ok.
  9. Allow RootRepeal to run a scan of your system. This may take some time.
  10. Once the scan completes, push the Save Report button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.


In your next reply, please include the following:
  • RootRepeal Log

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#7 tvirgomatt

tvirgomatt
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:06 AM

Posted 18 March 2010 - 04:56 PM

Nice.
That completed in about 20min.
Here's what we got.

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/03/18 17:30
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_ViPrt.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_ViPrt.sys
Address: 0xB4B01000 Size: 65536 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xAE879000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\GameHouse Games\Ancient Spider Solitaire\Spider.exe:{E4262D9D-7255-3514-6B8E-9880E2CCAEA2}
Status: Visible to the Windows API, but not on disk.

Path: C:\GameHouse Games\Avenue Flo™\aveflo.exe:{F23C8746-CECB-02E1-B72F-B4DF498120EB}
Status: Visible to the Windows API, but not on disk.

Path: C:\GameHouse Games\Big City Adventure™ - New York City\BigCityAdventureNY.exe:{CF2E8BB6-F19C-1AC6-82DD-27A9F4CC79A9}
Status: Visible to the Windows API, but not on disk.

Path: C:\GameHouse Games\Cate West - The Velvet Keys™\CateWest2.exe:{714605EF-0CAF-312D-8368-DCFB34C89031}
Status: Visible to the Windows API, but not on disk.

Path: C:\GameHouse Games\Cooking Dash™\cookingdash.exe:{E13882EC-603A-EBA9-5CC0-190EF45BF241}
Status: Visible to the Windows API, but not on disk.

Path: C:\GameHouse Games\Feeding Frenzy\FeedingFrenzy.exe:{FF940743-CEC4-ED77-67F2-4E887C8E7862}
Status: Visible to the Windows API, but not on disk.

Path: C:\GameHouse Games\FizzBall\FizzBall.exe:{F31F3882-01BA-39B8-D879-62ACACAD2984}
Status: Visible to the Windows API, but not on disk.

Path: C:\GameHouse Games\Hospital Hustle\Hospital Hustle.exe:{E7BEEC51-4263-64C0-33FE-28093E7D37C7}
Status: Visible to the Windows API, but not on disk.

Path: C:\GameHouse Games\JoJo's Fashion Show 2 - Las Cruces\JojosFashionShow2.exe:{EB277C1A-DF15-BB87-DB5E-57F028FA8615}
Status: Visible to the Windows API, but not on disk.

Path: C:\GameHouse Games\Jojo's Fashion Show World Tour\Jojos3.exe:{E82466D4-F6D8-A141-DAB3-0343205ED4FF}
Status: Visible to the Windows API, but not on disk.

Path: C:\GameHouse Games\Kitchen Brigade\KitchenBrigade.exe:{F0EF4BF5-AA4C-B8F8-1921-02F0A4CE321D}
Status: Visible to the Windows API, but not on disk.

Path: C:\GameHouse Games\Sally's Quick Clips\QuickClips.exe:{F4C9D848-34B7-B3E7-BC73-EBBD28651F1C}
Status: Visible to the Windows API, but not on disk.

Path: C:\GameHouse Games\Shroomz\shroomz.exe:{E8290BDF-CA3B-A2B4-AB7B-7803C331615B}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Yahoo! Games\Jojo's Fashion Show\JojosFashionShow.exe:{F0BDF493-1E67-1483-E633-4F8A2C9D096D}
Status: Visible to the Windows API, but not on disk.

Path: C:\System Volume Information\_restore{79B3018D-24A3-4268-813E-C62CBADD195A}\RP18\A0008166.data
Status: Visible to the Windows API, but not on disk.

Path: c:\documents and settings\matt\local settings\temp\~dfcd2e.tmp
Status: Size mismatch (API: 16384, Raw: 36864)

Path: C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\6XI55CW6\40x40_JQM2[1].gif
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\6XI55CW6\40x40_ZUM2[1].gif
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\6XI55CW6\arrow_7x4[1].gif
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\6XI55CW6\CardBoard[1].gif
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\6XI55CW6\container_header_bg2[1].gif
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\6XI55CW6\icon32_useroff[1].gif
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\6XI55CW6\imprimage[1].poll
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\6XI55CW6\ipoll[1].swf
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\6XI55CW6\MasterLayout[1].js
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\6XI55CW6\Resources1[1].js
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\8D829KVA\20x20_crsw[1].gif
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\8D829KVA\20x20_WRUP[1].gif
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\8D829KVA\284[1].jpg
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\8D829KVA\40x40_mcr2[1].gif
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\8D829KVA\bkgd_inside_top[1].jpg
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\8D829KVA\common[1].css
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\8D829KVA\gradient_1x36[1].gif
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\8D829KVA\leftEdge_6x36[1].gif
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\8D829KVA\wwgn_pottedplanter_60x60[1].gif
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\8ZC0IH8I\logo_56x29[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\8ZC0IH8I\glow[1].png
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\8ZC0IH8I\ActionArcade[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\8ZC0IH8I\text_twistit_60x60[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\8ZC0IH8I\ts1[1].poll
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\8ZC0IH8I\Puzzle[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\8ZC0IH8I\navbar_on_center[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\8ZC0IH8I\MasterCommon[1].css
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\8ZC0IH8I\sbgo_wishbone_60x60[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\901WS1EN\20x20_jgsw[1].gif
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\901WS1EN\70x70_flrz[1].gif
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\901WS1EN\70x70_MJTC[1].gif
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\901WS1EN\bkgd_inside_bottom[1].jpg
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\901WS1EN\btn_off[2].gif
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\901WS1EN\btn_on[1].gif
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\901WS1EN\container_bg1[1].gif
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\901WS1EN\icon_badges[1].gif
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\B1SYEQAZ\bkrf_islandgetaway_60x60[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\B1SYEQAZ\sblip225_multiplayer[1].jpg
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\B1SYEQAZ\20x20_SPOT[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\B1SYEQAZ\20x20_trgk[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\B1SYEQAZ\WordTrivia[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\B1SYEQAZ\inter_2_248_msn[1].js
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\B1SYEQAZ\70x70_SPOT[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\CPG7TCSM\20x20_WWRD[1].gif
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\CPG7TCSM\ADSAdClient31[1].txt
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\CPG7TCSM\container_header_bg1[1].gif
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\CPG7TCSM\inter_2_248_msn2[1].js
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\CPG7TCSM\msnlogo[1].png
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\CPG7TCSM\omgm_widget_moodsdefault[1].swf
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\CPG7TCSM\PageModulesIE[1].css
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\CPG7TCSM\PokerCasino[1].gif
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\CPG7TCSM\PopCulture[1].gif
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\LFYFFYRJ\20x20_JMBL[1].gif
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\LFYFFYRJ\20x20_sudo[1].gif
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\LFYFFYRJ\container_header_bg3[1].gif
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\LFYFFYRJ\flash[1].js
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\LFYFFYRJ\games[1].png
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\LFYFFYRJ\inter_3007[1].js
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\LFYFFYRJ\navbar_bg[2].gif
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\LFYFFYRJ\SearchIcon[1].gif
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\LFYFFYRJ\ts1[1].poll
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\ZM9LWK89\favicon[4].ico
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\ZM9LWK89\40x40_FF32[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\ZM9LWK89\left[1].htm
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\ZM9LWK89\footer[1].htm
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\ZM9LWK89\right[1].htm
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\ZM9LWK89\evt2[1].poll
Status: Could not get file information (Error 0xc0000008)

==EOF==

#8 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:07:06 AM

Posted 18 March 2010 - 05:07 PM

Hello, tvirgomatt.
Good to hear smile.gif

Let's begin...
Online Gaming Warning!

Online gaming sites are a security risk which can make your computer susceptible to a large number of malware infections, remote attacks, exposure of personal information, and identity theft. They can lead to other sites containing malware which you can inadvertently download without knowledge. Users visiting such sites may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. Gaming sites can put you at risk to fraud, phishing and theft of personal data. Even if the gaming site is a clean site, there is always the potential of some type of malware making its way there and then onto your system. In some instances an infection may have caused so much damage to your system that it cannot be successfully cleaned or repaired. In those cases, recovery is not possible and the only option is to reformat/reinstall the OS.

More specifically, I noticed you had WildTangent on your computer.
WildTangent Program Warning

Wild Tangent is a video game software company specializing in online games. It has even made a partnership with AOL to include itself as part of the AOL Instant Messenger for their AIM games section. The WildTangent Web Driver is their technology that allows you to play 3D games over the Internet. Although its not technically considered spyware it does have built in components to update itself and gather information about the computer system including:
  • Operating System Version
  • CPU Type and Speed
  • Memory Amount
  • Video Card type and Driver Version
  • Sound Card type and Driver Version
  • DirectX Version
  • Location that the Web Driver was installed from
For that reason I would suggest you uninstalled it via add/remove.

Reboot after the uninstallation.<- Important.




We need to download and run ComboFix (by sUBs)
  1. Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan.
    They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". For more details, please check this thread
  2. Please download ComboFix from one of these locations:
    Link 1
    Link 2
    ** IMPORTANT !!! Save ComboFix.exe to your Desktop
  3. Double click on ComboFix.exe & follow the prompts.
  4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  5. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  6. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    The Recovery Console was successfully installed. Click 'Yes' to continue scanning for malware. Click 'No' to exit
  7. Click on Yes, to continue scanning for malware.
  8. When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a new HijackThis log.
**A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
**This tool is not a toy and not for everyday use.
**ComboFix SHOULD NOT be used unless requested by a forum helper


In your next reply, please include the following:
  • ComboFix.txt
  • Fresh HijackThis Log

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#9 tvirgomatt

tvirgomatt
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:06 AM

Posted 18 March 2010 - 07:09 PM

Thanks again.
I've removed the Wild Tangent and telling everyone not to go there anymore.
I still have one of thier games, Fate, should we remove that too?

Here are the logs.

ComboFix 10-03-18.01 - Matt 03/18/2010 19:46:32.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1982.1419 [GMT -4:00]
Running from: c:\documents and settings\Matt\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\data
c:\data\stcdat1.dat
c:\data\stcdate.dat
c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate
c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate\Flags.dtd
c:\documents and settings\Lenore\Application Data\.#
c:\documents and settings\Matt\Application Data\.#
c:\documents and settings\Nigel\39dll.dll
c:\documents and settings\Nigel\Application Data\.#
c:\documents and settings\Sharon\Application Data\.#
c:\program files\driver
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\SIntf16.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4


((((((((((((((((((((((((( Files Created from 2010-02-18 to 2010-03-18 )))))))))))))))))))))))))))))))
.

2010-03-17 02:24 . 2010-03-17 02:24 -------- d-----w- C:\rsit
2010-03-17 02:24 . 2010-03-17 02:24 -------- d-----w- c:\program files\trend micro
2010-03-15 18:09 . 2010-03-18 17:34 -------- d-----w- c:\documents and settings\Nigel\Local Settings\Application Data\Panda3D
2010-03-14 13:01 . 2010-03-14 13:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Age of Empires 3 YPack Trial
2010-03-13 23:49 . 2010-03-13 23:49 70392 ----a-w- c:\documents and settings\Nigel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-13 18:05 . 2010-03-13 18:05 -------- d-----w- c:\documents and settings\Matt\Application Data\vlc
2010-03-13 17:29 . 2010-03-13 17:29 -------- d-----w- c:\program files\Alwil Software
2010-03-11 21:38 . 2010-03-11 21:38 -------- d-----w- c:\documents and settings\Sharon\Application Data\Windows Search
2010-03-10 21:04 . 2010-03-10 21:04 70392 ----a-w- c:\documents and settings\NetworkService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-10 17:45 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-08 21:40 . 2010-03-08 21:40 -------- d-----w- C:\a536d24029d5a2520419199008f3
2010-03-08 00:20 . 2010-03-08 00:20 -------- d-----w- c:\documents and settings\Nigel\Application Data\Malwarebytes
2010-03-07 04:38 . 2010-03-07 04:38 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-03-07 04:26 . 2008-04-13 18:40 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-03-07 04:26 . 2008-04-13 18:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-03-07 04:26 . 2008-04-13 18:41 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-03-07 04:26 . 2008-04-13 18:41 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-03-07 04:24 . 2008-04-13 18:40 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-03-07 04:24 . 2008-04-13 18:40 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-03-07 04:24 . 2010-03-13 14:30 -------- d-----w- c:\documents and settings\Matt\Local Settings\Application Data\Windows Server
2010-03-07 03:20 . 2010-03-07 03:20 -------- d-----w- c:\documents and settings\All Users\Application Data\GoBit Games
2010-03-07 01:35 . 2010-03-07 06:17 -------- d-----w- c:\program files\Windows Live Safety Center
2010-02-25 23:16 . 2010-02-25 23:16 -------- d-----w- c:\documents and settings\Matt\Local Settings\Application Data\Temp
2010-02-25 02:30 . 2010-02-25 02:30 -------- d-----w- c:\documents and settings\All Users\Application Data\GameHouse
2010-02-25 00:33 . 2010-02-25 00:33 -------- d-----w- c:\documents and settings\All Users\Application Data\pixelStorm
2010-02-24 23:44 . 2010-02-24 14:16 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-24 23:42 . 2010-03-10 21:04 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-02-24 00:16 . 2010-02-24 00:16 -------- d-----w- c:\documents and settings\Matt\Application Data\Malwarebytes
2010-02-24 00:16 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-24 00:16 . 2010-02-24 00:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-24 00:16 . 2010-02-24 00:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-24 00:16 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-18 23:21 . 2008-12-18 02:15 -------- d-----w- c:\program files\WildGames
2010-03-18 23:20 . 2008-12-26 18:21 -------- d-----w- c:\documents and settings\Matt\Application Data\WildTangent
2010-03-18 23:20 . 2008-12-18 02:15 -------- d-----w- c:\documents and settings\All Users\Application Data\WildTangent
2010-03-13 18:19 . 2010-01-19 21:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-03-13 14:28 . 2008-12-14 05:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-13 14:25 . 2008-12-26 23:35 -------- d-----w- c:\program files\Microsoft Games
2010-03-10 21:06 . 2008-12-16 01:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-07 04:27 . 2009-05-13 17:53 -------- d-----w- c:\program files\Common Files\Motive
2010-03-03 06:45 . 2008-12-15 06:34 -------- d-----w- c:\documents and settings\Sharon\Application Data\Move Networks
2010-02-25 13:10 . 2009-10-14 01:46 70392 ----a-w- c:\documents and settings\Lenore\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-24 14:34 . 2009-02-11 15:06 -------- d-----w- c:\program files\Docking Station
2010-02-24 01:18 . 2008-12-14 15:45 -------- d-----w- c:\program files\RealArcade
2010-02-19 22:01 . 2010-02-19 22:01 441792 ----a-w- c:\documents and settings\Matt\Application Data\CBS Interactive\CNET TechTracker\data\upgrade\CNET_TechTracker_1_3_1_55_Update.exe
2010-02-12 03:15 . 2010-01-27 09:15 406128 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-02-11 04:16 . 2010-02-11 04:16 98304 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
2010-02-11 04:16 . 2010-02-11 04:16 765952 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMDll.dll
2010-02-11 04:16 . 2010-02-11 04:16 401408 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMResource.dll
2010-02-11 04:16 . 2010-02-11 04:16 258352 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\unicows.dll
2010-02-11 04:16 . 2010-02-11 04:16 172032 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGM.exe
2010-02-11 04:16 . 2010-02-11 04:16 126976 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\nxgameus.dll
2010-02-11 04:16 . 2010-02-11 04:16 -------- d-----w- c:\documents and settings\All Users\Application Data\NexonUS
2010-02-07 13:10 . 2008-12-15 03:48 -------- d-----w- c:\documents and settings\Lenore\Application Data\Yahoo!
2010-02-06 16:48 . 2009-06-16 14:39 1535 -c--a-w- c:\windows\eReg.dat
2010-02-06 16:47 . 2009-06-30 13:11 -------- d-----w- c:\program files\Maxis
2010-02-03 16:15 . 2010-02-03 16:15 1111552 ----a-w- c:\documents and settings\Matt\Application Data\CBS Interactive\CNET TechTracker\TechTracker.exe
2010-02-02 01:16 . 2008-12-15 03:51 -------- d-----w- c:\documents and settings\Sharon\Application Data\Yahoo!
2010-02-01 16:39 . 2008-12-16 17:51 -------- d-----w- c:\documents and settings\Nigel\Application Data\Yahoo!
2010-02-01 16:06 . 2008-12-14 17:01 -------- d-----w- c:\documents and settings\Matt\Application Data\Yahoo!
2010-02-01 16:06 . 2009-03-06 14:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-02-01 16:06 . 2010-02-01 16:06 262144 ----a-w- C:\ntuser.dat
2010-02-01 16:06 . 2008-12-14 17:01 -------- d-----w- c:\program files\Yahoo!
2010-02-01 16:06 . 2010-02-01 16:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-01-28 15:54 . 2009-04-16 01:05 -------- d-----w- c:\program files\Google
2010-01-27 02:14 . 2010-01-27 02:14 -------- d-----w- c:\documents and settings\All Users\Application Data\JollyBear
2010-01-27 01:10 . 2010-01-27 01:10 -------- d-----w- c:\program files\Microsoft Corporation
2010-01-25 19:29 . 2008-12-15 00:36 -------- d-----w- c:\documents and settings\Matt\Application Data\SPORE
2010-01-25 19:28 . 2008-12-15 00:15 -------- d-----w- c:\program files\Electronic Arts
2010-01-24 21:40 . 2009-03-04 20:45 -------- d-----w- c:\program files\Fighter Ace Anniversary Edition
2010-01-22 22:33 . 2009-01-08 22:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2010-01-22 22:33 . 2010-01-22 22:33 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-01-22 22:32 . 2010-01-22 22:33 38784 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-01-22 22:32 . 2010-01-03 16:58 38784 ----a-w- c:\documents and settings\Sharon\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-01-22 22:32 . 2009-08-20 20:58 38784 ----a-w- c:\documents and settings\Matt\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-01-22 22:32 . 2009-08-18 11:59 38784 ----a-w- c:\documents and settings\Nigel\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-01-20 20:59 . 2009-02-06 19:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Fugazo
2010-01-20 20:17 . 2009-10-16 01:30 -------- d-----w- c:\program files\MSN Games
2010-01-20 20:14 . 2010-01-20 20:14 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2010-01-20 20:12 . 2009-07-06 21:14 -------- d-----w- c:\program files\Windows Live
2010-01-20 20:11 . 2009-06-15 21:48 -------- d-----w- c:\program files\Microsoft
2010-01-19 22:12 . 2008-12-14 07:32 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-19 22:08 . 2008-12-14 06:10 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-19 21:54 . 2010-01-19 21:54 100096 ----a-w- c:\documents and settings\Matt\Application Data\CBS Interactive\CNET TechTracker\uninst.exe
2010-01-19 21:54 . 2010-01-19 21:54 -------- d-----w- c:\documents and settings\Matt\Application Data\CBS Interactive
2010-01-06 06:29 . 2008-12-17 13:07 1984 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-05 05:08 . 2009-04-15 04:36 70392 ----a-w- c:\documents and settings\Sharon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-01 19:38 . 2008-12-14 05:29 70392 ----a-w- c:\documents and settings\Matt\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-31 16:50 . 2004-08-04 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"VTTimer"="VTTimer.exe" [2006-09-14 53248]
"VTTrayp"="VTtrayp.exe" [2007-04-25 176128]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2008-09-19 1529856]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"nwiz"="nwiz.exe" [2006-06-01 1519616]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2009-05-08 174424]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]

c:\documents and settings\Matt\Start Menu\Programs\Startup\
CNET TechTracker.lnk - c:\documents and settings\Matt\Application Data\CBS Interactive\CNET TechTracker\TechTracker.exe [2010-2-3 1111552]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf c:\program files\iolo\System Mechanic 6"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
AppSecDll REG_SZ c:\documents and settings\Matt\Local Settings\Application Data\Windows Server\mlthnj.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Games\\Viva Pinata\\Viva Pinata.exe"=
"c:\\Program Files\\Electronic Arts\\Need For Speed III\\nfs3.exe"=
"c:\\My Games\\Red Ace Squadron\\acenet_client_release.exe"=
"c:\\Program Files\\Fighter Ace Anniversary Edition\\rsync.exe"=
"c:\\Program Files\\Microsoft Games\\Halo Trial\\halo.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\Halo backup\\halo.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\Copy of Halo Trial\\Copy of halo.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\Wooden glory\\Copy of halo.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\Gruntz\\Copy of halo.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\XTREM\\Copy of halo.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\Pistol Godz\\Copy of halo.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\Halo Trial\\Copy of halo.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\Rifle Powerz\\Copy of halo.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\Team Slayer\\Copy of halo.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\KABOOM\\Copy of halo.exe"=
"c:\\Games\\Gruntz\\GRUNTZ.EXE"=
"c:\\Program Files\\Microsoft Games\\Halo\\Vehiclez\\Copy of halo.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\Gruntz (better)\\Copy of halo.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\Freaky\\halo.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\Copy of Halo Trial\\halo.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\Elitez\\Copy of halo.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\Halo weird police\\halo.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\Paintball\\Copy of halo.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\Flyerz\\Copy of halo.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\Auto Elites\\halo.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\Spongebob\\halo.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\Halo backup\\Copy of halo.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\Cryophobia\\Copy of halo.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\Cryosis\\Copy of halo.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\Customizable\\Copy of halo.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Documents and Settings\\Matt\\My Documents\\pokemmorgps\\worldonline\\pwoClient\\pwoClient\\PokemonWorldOnline\\Pokemon Game.exe"=
"c:\\Program Files\\ATT-SST\\McciBrowser.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Microsoft Games\\Impossible Creatures\\IC.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"c:\\Program Files\\Microsoft Games\\Halo\\Halo Trial\\halo.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\Snow\\Copy of halo.exe"=
"c:\\Sierra\\Empire Earth - The Art of Conquest\\EE-AOC.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Corporation\\Tinker\\Tinker.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57753:TCP"= 57753:TCP:Pando Media Booster
"57753:UDP"= 57753:UDP:Pando Media Booster
"56481:TCP"= 56481:TCP:Pando Media Booster
"56481:UDP"= 56481:UDP:Pando Media Booster

R0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [12/14/2008 1:32 AM 16896]
R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [12/14/2008 1:32 AM 52224]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [12/14/2008 1:30 AM 13696]
R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [12/18/2008 11:41 PM 6272]
S1 pxmzzpyp;pxmzzpyp;\??\c:\windows\system32\drivers\pxmzzpyp.sys --> c:\windows\system32\drivers\pxmzzpyp.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/27/2010 5:11 AM 135664]
S3 3xHybrid;SAA713x TV Card Service;c:\windows\system32\drivers\3xhybrid.sys [12/14/2008 1:50 AM 906368]
S3 AhnRptTfFRegFNT;AhnRptTfFRegFNT;\??\c:\docume~1\Nigel\LOCALS~1\Temp\nsk3F.tmp\TfFRegNt.sys --> c:\docume~1\Nigel\LOCALS~1\Temp\nsk3F.tmp\TfFRegNt.sys [?]
S3 BS_Flash;BS_Flash;c:\windows\system32\drivers\BS_Flash.sys [12/18/2008 10:04 PM 3604]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\etd.sys [12/4/2009 2:52 PM 129024]
S3 tdisnap;tdisnap;\??\c:\windows\system32\tdisnap.sys --> c:\windows\system32\tdisnap.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-27 09:11]

2010-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-27 09:11]

2010-03-19 c:\windows\Tasks\User_Feed_Synchronization-{0CE5BFFD-155D-4D18-992D-BF4A5BF77D16}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gamespot.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
Trusted Zone: motive.com\pattta.att
Trusted Zone: motive.com\patttbc.att
DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab
DPF: {BC0AE9E6-E549-4554-A222-EA083A894683} - hxxp://a02-b02.mypicturetown.com/P2PwebCmdController/x/Upld_47.CAB
DPF: {F09BFD07-20B5-46D8-A6D5-BE4EF22F1F4D} - hxxp://ev1-2.driverguide.net/DGTx.CAB
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -

BHO-{85784d94-bfd8-4681-a815-c19eb8a1a556} - (no file)
Toolbar-Locked - (no file)
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe
HKCU-Run-dbf70700.exe - c:\documents and settings\Matt\Application Data\A590201407B3DE3E518D856535E32670\dbf70700.exe
MSConfigStartUp-85784d94-bfd8-4687-a815-c19eb8a1a556_26 - c:\windows\system32\85784d94-bfd8-4687-a815-c19eb8a1a556_26.avi
AddRemove-Age of Empires - c:\program files\Microsoft Games\Age of Empires\Uninstal.exe
AddRemove-Age of Empires : Tribalism - c:\program files\Microsoft Games\Copy of Age of Empires\AoET_Uninstaller.exe
AddRemove-Age of Empires Expansion 1.0 - c:\program files\Microsoft Games\Age of Empires\UNINSTX.EXE
AddRemove-Age of Empires: Trade War - C:\AoE-TW Uninstaller.exe
AddRemove-AOE Roman Modpack - c:\program files\Microsoft Games\Copy (5) of Age of Empires II\Uninstall_AOE Roman Modpack.exe
AddRemove-Halo CE - c:\program files\Microsoft Games\Halo Custom Edition\Uninstal.exe
AddRemove-Indiana Jones - c:\program files\Microsoft Games\Copy of Age of Empires II\Indiana Jones Uninstall.exe
AddRemove-Jetfighter 2015 - c:\documents and settings\Nigel\Desktop\Jetfighter 2015\Uninstall.exe
AddRemove-NVIDIA nView Desktop Manager - c:\program files\NVIDIA Corporation\nView\nViewSetup.exe
AddRemove-Reign of Evil - c:\program files\Microsoft Games\Copy (4) of Age of Empires II\Uninstall_Reign of Evil.exe
AddRemove-Tales of Pirates Online_is1 - c:\program files\Tales of Pirates Online\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-18 19:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-515967899-1500820517-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-515967899-1500820517-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:ea,94,94,41,b6,ea,f7,f9,7f,9f,be,40,3f,95,7e,fe,29,a8,f9,f2,1c,
e2,22,b0,2c,79,b1,81,67,e3,25,49,12,d7,8b,80,dc,85,a7,2d,69,03,ad,a0,14,98,\
"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2916)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\SearchIndexer.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\VTTimer.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Microsoft IntelliPoint\dpupdchk.exe
.
**************************************************************************
.
Completion time: 2010-03-18 20:00:53 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-19 00:00

Pre-Run: 163,867,058,176 bytes free
Post-Run: 168,827,203,584 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - 3EB0821934DC59B598C29DF99E783C48

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:09:15 PM, on 3/18/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\ATT-SST\McciTrayApp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Documents and Settings\Matt\Application Data\CBS Interactive\CNET TechTracker\TechTracker.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Matt\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gamespot.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\McciTrayApp.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [YMailAdvisor] "C:\Program Files\Yahoo!\Common\YMailAdvisor.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - Startup: CNET TechTracker.lnk = C:\Documents and Settings\Matt\Application Data\CBS Interactive\CNET TechTracker\TechTracker.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6087.cab
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/bingame/amad/default/atomaders.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1229232609765
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=26688
O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} (P3DActiveX Control) - http://panda-plugin.disney.go.com/plugin/w.../p3dactivex.cab
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player) - http://zone.msn.com/bingame/burg/default/G...esPlayer_v6.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...k.cab102118.cab
O16 - DPF: {BC0AE9E6-E549-4554-A222-EA083A894683} (QuickUpload) - http://a02-b02.mypicturetown.com/P2PwebCmd...r/x/Upld_47.CAB
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {F09BFD07-20B5-46D8-A6D5-BE4EF22F1F4D} (DGTx.uc1) - http://ev1-2.driverguide.net/DGTx.CAB
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 10060 bytes


#10 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:07:06 AM

Posted 18 March 2010 - 08:40 PM

Hello, tvirgomatt.
If I remember correctly, Fate doesn't connect to the internet, so it should be fine. The problem with the WildTangent components are those that are online, which gather information about your computer.

We need to run a Combofix script
  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the codebox below into it. Do not copy the word "code".
    CODE
    http://www.bleepingcomputer.com/forums/t/302339/antimaleware-defender-removal/

    Driver::
    pxmzzpyp
    AhnRptTfFRegFNT
    tdisnap

    Collect::
    c:\windows\system32\drivers\pxmzzpyp.sys
    c:\docume~1\Nigel\LOCALS~1\Temp\nsk3F.tmp\TfFRegNt.sys
    c:\windows\system32\tdisnap.sys

    Folder::
    c:\docume~1\Nigel\LOCALS~1\Temp\nsk3F.tmp
  4. Save this as CFScript.txt, in the same location as ComboFix.exe
  5. Now, drag and drop CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

In your next reply, please include the following:
  • ComboFix.txt
  • Fresh HijackThis Log

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#11 tvirgomatt

tvirgomatt
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:06 AM

Posted 19 March 2010 - 04:14 PM

I did as you said but I'm not sure if that is what was supposed to happen.
When I clicked-and-dragged the CFScript.txt to ComboFix.exe, Combofix started up ran an update then ran a backup.
It said it was deleting some files after 10min then completed. The CFScript.txt file is gone now.
Here are the new logs.

ComboFix 10-03-19.04 - Matt 03/19/2010 16:47:16.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1982.1392 [GMT -4:00]
Running from: c:\documents and settings\Matt\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Matt\Desktop\CFScript.txt
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Matt\Local Settings\Application Data\Windows Server
c:\documents and settings\Matt\Local Settings\Application Data\Windows Server\flags.ini
c:\documents and settings\Matt\Local Settings\Application Data\Windows Server\uses32.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AHNRPTTFFREGFNT
-------\Legacy_TDISNAP
-------\Service_AhnRptTfFRegFNT
-------\Service_pxmzzpyp
-------\Service_tdisnap


((((((((((((((((((((((((( Files Created from 2010-02-19 to 2010-03-19 )))))))))))))))))))))))))))))))
.

2010-03-17 02:24 . 2010-03-17 02:24 -------- d-----w- C:\rsit
2010-03-17 02:24 . 2010-03-17 02:24 -------- d-----w- c:\program files\trend micro
2010-03-15 18:09 . 2010-03-18 17:34 -------- d-----w- c:\documents and settings\Nigel\Local Settings\Application Data\Panda3D
2010-03-14 13:01 . 2010-03-14 13:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Age of Empires 3 YPack Trial
2010-03-13 23:49 . 2010-03-13 23:49 70392 ----a-w- c:\documents and settings\Nigel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-13 18:05 . 2010-03-13 18:05 -------- d-----w- c:\documents and settings\Matt\Application Data\vlc
2010-03-13 17:29 . 2010-03-13 17:29 -------- d-----w- c:\program files\Alwil Software
2010-03-11 21:38 . 2010-03-11 21:38 -------- d-----w- c:\documents and settings\Sharon\Application Data\Windows Search
2010-03-10 21:04 . 2010-03-10 21:04 70392 ----a-w- c:\documents and settings\NetworkService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-10 17:45 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-08 21:40 . 2010-03-08 21:40 -------- d-----w- C:\a536d24029d5a2520419199008f3
2010-03-08 00:20 . 2010-03-08 00:20 -------- d-----w- c:\documents and settings\Nigel\Application Data\Malwarebytes
2010-03-07 04:38 . 2010-03-07 04:38 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-03-07 04:26 . 2008-04-13 18:40 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-03-07 04:26 . 2008-04-13 18:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-03-07 04:26 . 2008-04-13 18:41 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-03-07 04:26 . 2008-04-13 18:41 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-03-07 04:24 . 2008-04-13 18:40 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-03-07 04:24 . 2008-04-13 18:40 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-03-07 03:20 . 2010-03-07 03:20 -------- d-----w- c:\documents and settings\All Users\Application Data\GoBit Games
2010-03-07 01:35 . 2010-03-07 06:17 -------- d-----w- c:\program files\Windows Live Safety Center
2010-02-25 23:16 . 2010-02-25 23:16 -------- d-----w- c:\documents and settings\Matt\Local Settings\Application Data\Temp
2010-02-25 02:30 . 2010-02-25 02:30 -------- d-----w- c:\documents and settings\All Users\Application Data\GameHouse
2010-02-25 00:33 . 2010-02-25 00:33 -------- d-----w- c:\documents and settings\All Users\Application Data\pixelStorm
2010-02-24 23:44 . 2010-02-24 14:16 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-24 23:42 . 2010-03-10 21:04 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-02-24 00:16 . 2010-02-24 00:16 -------- d-----w- c:\documents and settings\Matt\Application Data\Malwarebytes
2010-02-24 00:16 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-24 00:16 . 2010-02-24 00:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-24 00:16 . 2010-02-24 00:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-24 00:16 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-18 23:21 . 2008-12-18 02:15 -------- d-----w- c:\program files\WildGames
2010-03-18 23:20 . 2008-12-26 18:21 -------- d-----w- c:\documents and settings\Matt\Application Data\WildTangent
2010-03-18 23:20 . 2008-12-18 02:15 -------- d-----w- c:\documents and settings\All Users\Application Data\WildTangent
2010-03-13 18:19 . 2010-01-19 21:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-03-13 14:28 . 2008-12-14 05:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-13 14:25 . 2008-12-26 23:35 -------- d-----w- c:\program files\Microsoft Games
2010-03-10 21:06 . 2008-12-16 01:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-07 04:27 . 2009-05-13 17:53 -------- d-----w- c:\program files\Common Files\Motive
2010-03-03 06:45 . 2008-12-15 06:34 -------- d-----w- c:\documents and settings\Sharon\Application Data\Move Networks
2010-02-25 13:10 . 2009-10-14 01:46 70392 ----a-w- c:\documents and settings\Lenore\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-24 14:34 . 2009-02-11 15:06 -------- d-----w- c:\program files\Docking Station
2010-02-24 01:18 . 2008-12-14 15:45 -------- d-----w- c:\program files\RealArcade
2010-02-19 22:01 . 2010-02-19 22:01 441792 ----a-w- c:\documents and settings\Matt\Application Data\CBS Interactive\CNET TechTracker\data\upgrade\CNET_TechTracker_1_3_1_55_Update.exe
2010-02-12 03:15 . 2010-01-27 09:15 406128 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-02-11 04:16 . 2010-02-11 04:16 98304 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
2010-02-11 04:16 . 2010-02-11 04:16 765952 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMDll.dll
2010-02-11 04:16 . 2010-02-11 04:16 401408 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMResource.dll
2010-02-11 04:16 . 2010-02-11 04:16 258352 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\unicows.dll
2010-02-11 04:16 . 2010-02-11 04:16 172032 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGM.exe
2010-02-11 04:16 . 2010-02-11 04:16 126976 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\nxgameus.dll
2010-02-11 04:16 . 2010-02-11 04:16 -------- d-----w- c:\documents and settings\All Users\Application Data\NexonUS
2010-02-07 13:10 . 2008-12-15 03:48 -------- d-----w- c:\documents and settings\Lenore\Application Data\Yahoo!
2010-02-06 16:48 . 2009-06-16 14:39 1535 -c--a-w- c:\windows\eReg.dat
2010-02-06 16:47 . 2009-06-30 13:11 -------- d-----w- c:\program files\Maxis
2010-02-03 16:15 . 2010-02-03 16:15 1111552 ----a-w- c:\documents and settings\Matt\Application Data\CBS Interactive\CNET TechTracker\TechTracker.exe
2010-02-02 01:16 . 2008-12-15 03:51 -------- d-----w- c:\documents and settings\Sharon\Application Data\Yahoo!
2010-02-01 16:39 . 2008-12-16 17:51 -------- d-----w- c:\documents and settings\Nigel\Application Data\Yahoo!
2010-02-01 16:06 . 2008-12-14 17:01 -------- d-----w- c:\documents and settings\Matt\Application Data\Yahoo!
2010-02-01 16:06 . 2009-03-06 14:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-02-01 16:06 . 2010-02-01 16:06 262144 ----a-w- C:\ntuser.dat
2010-02-01 16:06 . 2008-12-14 17:01 -------- d-----w- c:\program files\Yahoo!
2010-02-01 16:06 . 2010-02-01 16:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-01-28 15:54 . 2009-04-16 01:05 -------- d-----w- c:\program files\Google
2010-01-27 02:14 . 2010-01-27 02:14 -------- d-----w- c:\documents and settings\All Users\Application Data\JollyBear
2010-01-27 01:10 . 2010-01-27 01:10 -------- d-----w- c:\program files\Microsoft Corporation
2010-01-25 19:29 . 2008-12-15 00:36 -------- d-----w- c:\documents and settings\Matt\Application Data\SPORE
2010-01-25 19:28 . 2008-12-15 00:15 -------- d-----w- c:\program files\Electronic Arts
2010-01-24 21:40 . 2009-03-04 20:45 -------- d-----w- c:\program files\Fighter Ace Anniversary Edition
2010-01-22 22:33 . 2009-01-08 22:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2010-01-22 22:33 . 2010-01-22 22:33 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-01-22 22:32 . 2010-01-22 22:33 38784 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-01-22 22:32 . 2010-01-03 16:58 38784 ----a-w- c:\documents and settings\Sharon\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-01-22 22:32 . 2009-08-20 20:58 38784 ----a-w- c:\documents and settings\Matt\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-01-22 22:32 . 2009-08-18 11:59 38784 ----a-w- c:\documents and settings\Nigel\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-01-20 20:59 . 2009-02-06 19:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Fugazo
2010-01-20 20:17 . 2009-10-16 01:30 -------- d-----w- c:\program files\MSN Games
2010-01-20 20:14 . 2010-01-20 20:14 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2010-01-20 20:12 . 2009-07-06 21:14 -------- d-----w- c:\program files\Windows Live
2010-01-20 20:11 . 2009-06-15 21:48 -------- d-----w- c:\program files\Microsoft
2010-01-19 22:12 . 2008-12-14 07:32 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-19 22:08 . 2008-12-14 06:10 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-19 21:54 . 2010-01-19 21:54 100096 ----a-w- c:\documents and settings\Matt\Application Data\CBS Interactive\CNET TechTracker\uninst.exe
2010-01-19 21:54 . 2010-01-19 21:54 -------- d-----w- c:\documents and settings\Matt\Application Data\CBS Interactive
2010-01-06 06:29 . 2008-12-17 13:07 1984 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-05 05:08 . 2009-04-15 04:36 70392 ----a-w- c:\documents and settings\Sharon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-01 19:38 . 2008-12-14 05:29 70392 ----a-w- c:\documents and settings\Matt\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-31 16:50 . 2004-08-04 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2004-08-04 12:00 916480 ------w- c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"VTTimer"="VTTimer.exe" [2006-09-14 53248]
"VTTrayp"="VTtrayp.exe" [2007-04-25 176128]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2008-09-19 1529856]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"nwiz"="nwiz.exe" [2006-06-01 1519616]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2009-05-08 174424]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]

c:\documents and settings\Matt\Start Menu\Programs\Startup\
CNET TechTracker.lnk - c:\documents and settings\Matt\Application Data\CBS Interactive\CNET TechTracker\TechTracker.exe [2010-2-3 1111552]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf c:\program files\iolo\System Mechanic 6

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Games\\Viva Pinata\\Viva Pinata.exe"=
"c:\\Program Files\\Electronic Arts\\Need For Speed III\\nfs3.exe"=
"c:\\My Games\\Red Ace Squadron\\acenet_client_release.exe"=
"c:\\Program Files\\Fighter Ace Anniversary Edition\\rsync.exe"=
"c:\\Program Files\\Microsoft Games\\Halo Trial\\halo.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\Halo backup\\halo.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\Copy of Halo Trial\\Copy of halo.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\Wooden glory\\Copy of halo.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\Gruntz\\Copy of halo.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\XTREM\\Copy of halo.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\Pistol Godz\\Copy of halo.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\Halo Trial\\Copy of halo.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\Rifle Powerz\\Copy of halo.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\Team Slayer\\Copy of halo.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\KABOOM\\Copy of halo.exe"=
"c:\\Games\\Gruntz\\GRUNTZ.EXE"=
"c:\\Program Files\\Microsoft Games\\Halo\\Vehiclez\\Copy of halo.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\Gruntz (better)\\Copy of halo.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\Freaky\\halo.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\Copy of Halo Trial\\halo.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\Elitez\\Copy of halo.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\Halo weird police\\halo.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\Paintball\\Copy of halo.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\Flyerz\\Copy of halo.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\Auto Elites\\halo.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\Spongebob\\halo.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\Halo backup\\Copy of halo.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\Cryophobia\\Copy of halo.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\Cryosis\\Copy of halo.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\Customizable\\Copy of halo.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Documents and Settings\\Matt\\My Documents\\pokemmorgps\\worldonline\\pwoClient\\pwoClient\\PokemonWorldOnline\\Pokemon Game.exe"=
"c:\\Program Files\\ATT-SST\\McciBrowser.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Microsoft Games\\Impossible Creatures\\IC.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"c:\\Program Files\\Microsoft Games\\Halo\\Halo Trial\\halo.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\Snow\\Copy of halo.exe"=
"c:\\Sierra\\Empire Earth - The Art of Conquest\\EE-AOC.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Corporation\\Tinker\\Tinker.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57753:TCP"= 57753:TCP:Pando Media Booster
"57753:UDP"= 57753:UDP:Pando Media Booster
"56481:TCP"= 56481:TCP:Pando Media Booster
"56481:UDP"= 56481:UDP:Pando Media Booster

R0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [12/14/2008 1:32 AM 16896]
R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [12/14/2008 1:32 AM 52224]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [12/14/2008 1:30 AM 13696]
R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [12/18/2008 11:41 PM 6272]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/27/2010 5:11 AM 135664]
S3 3xHybrid;SAA713x TV Card Service;c:\windows\system32\drivers\3xhybrid.sys [12/14/2008 1:50 AM 906368]
S3 BS_Flash;BS_Flash;c:\windows\system32\drivers\BS_Flash.sys [12/18/2008 10:04 PM 3604]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\etd.sys [12/4/2009 2:52 PM 129024]
.
Contents of the 'Scheduled Tasks' folder

2010-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-27 09:11]

2010-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-27 09:11]

2010-03-19 c:\windows\Tasks\User_Feed_Synchronization-{0CE5BFFD-155D-4D18-992D-BF4A5BF77D16}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://us.mg4.mail.yahoo.com/dc/launch?.gx=1&.rand=9mev55h8m7oq0
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
Trusted Zone: motive.com\pattta.att
Trusted Zone: motive.com\patttbc.att
DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab
DPF: {BC0AE9E6-E549-4554-A222-EA083A894683} - hxxp://a02-b02.mypicturetown.com/P2PwebCmdController/x/Upld_47.CAB
DPF: {F09BFD07-20B5-46D8-A6D5-BE4EF22F1F4D} - hxxp://ev1-2.driverguide.net/DGTx.CAB
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-19 16:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-515967899-1500820517-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-515967899-1500820517-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:ea,94,94,41,b6,ea,f7,f9,7f,9f,be,40,3f,95,7e,fe,29,a8,f9,f2,1c,
e2,22,b0,2c,79,b1,81,67,e3,25,49,12,d7,8b,80,dc,85,a7,2d,69,03,ad,a0,14,98,\
"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2160)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\SearchIndexer.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\VTTimer.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Microsoft IntelliType Pro\dpupdchk.exe
.
**************************************************************************
.
Completion time: 2010-03-19 17:03:22 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-19 21:03
ComboFix2.txt 2010-03-19 00:00

Pre-Run: 168,581,263,360 bytes free
Post-Run: 168,659,308,544 bytes free

- - End Of File - - 781FF583A6236D77C01A767AC0764104

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:11:28 PM, on 3/19/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\ATT-SST\McciTrayApp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
c:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Documents and Settings\Matt\Application Data\CBS Interactive\CNET TechTracker\TechTracker.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Matt\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.mg4.mail.yahoo.com/dc/launch?.gx...d=9mev55h8m7oq0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\McciTrayApp.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [YMailAdvisor] "C:\Program Files\Yahoo!\Common\YMailAdvisor.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - Startup: CNET TechTracker.lnk = C:\Documents and Settings\Matt\Application Data\CBS Interactive\CNET TechTracker\TechTracker.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6087.cab
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/bingame/amad/default/atomaders.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1229232609765
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=26688
O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} (P3DActiveX Control) - http://panda-plugin.disney.go.com/plugin/w.../p3dactivex.cab
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player) - http://zone.msn.com/bingame/burg/default/G...esPlayer_v6.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...k.cab102118.cab
O16 - DPF: {BC0AE9E6-E549-4554-A222-EA083A894683} (QuickUpload) - http://a02-b02.mypicturetown.com/P2PwebCmd...r/x/Upld_47.CAB
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {F09BFD07-20B5-46D8-A6D5-BE4EF22F1F4D} (DGTx.uc1) - http://ev1-2.driverguide.net/DGTx.CAB
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 10152 bytes


#12 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:07:06 AM

Posted 19 March 2010 - 04:50 PM

Hello, tvirgomatt.
Yes, the script went through fine smile.gif

How's your PC doing, by the way?

We need to update your version of Java

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  1. Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  2. Look for "JDK 6 Update 18 (JDK or JRE)".
  3. Click the Download JRE button to the right.
  4. Select your Platform: "Windows".
  5. Select your Language: "Multi-language".
  6. Read the License Agreement, and then check the box that says: "Accept License Agreement".
  7. Click Continue and the page will refresh.
  8. Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  9. Close any programs you may have running - especially your web browser.
  10. Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  11. Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  12. Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  13. Repeat as many times as necessary to remove each Java versions.
  14. Reboot your computer once all Java components are removed.
  15. Then from your desktop double-click on jre-6u18-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

Please make sure you turn on the Java Automatic Update Feature

Then you will not have to remember to update it when Java introduces a new version.
Java is updated very frequently, and the old versions are malware magnets.

Note: This feature is available only on Windows XP, 2003, 2000 (SP2 or higher) and set by default for these operating systems.

NEXT:

We need to run a Panda Active Scan
  1. Please go here to run Panda's ActiveScan
  2. Once you are on the Panda site click the Scan your PC button
  3. Click the big Scan Now button
  4. If it wants to install an ActiveX component allow it
  5. It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  6. When download is complete, click on My Computer to start the scan
  7. When the scan completes, if anything malicious is detected, click the Export to button, Post the contents of the ActiveScan report

In your next reply, please include the following:
  • ActiveScan Report

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#13 tvirgomatt

tvirgomatt
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:06 AM

Posted 20 March 2010 - 08:13 PM

I updated the Java and ran the scan.
That took a few hours.

Here's the log.

;***********************************************************************************************************************************************************************************
ANALYSIS: 2010-03-20 21:11:13
PROTECTIONS: 1
MALWARE: 67
SUSPECTS: 9
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Microsoft Security Essentials 2.1.6519.0 No Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00091156 adware/popmonster Adware No 0 Yes No c:\documents and settings\matt\favorites\shopping\best buy.url
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No c:\documents and settings\sharon\cookies\sharon@trafficmp[3].txt
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@trafficmp[2].txt
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No c:\documents and settings\sharon\cookies\sharon@trafficmp[1].txt
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@trafficmp[3].txt
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@trafficmp[4].txt
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@trafficmp[5].txt
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@trafficmp[1].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@casalemedia[4].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\documents and settings\sharon\cookies\sharon@casalemedia[2].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@casalemedia[6].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@casalemedia[7].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@casalemedia[9].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\documents and settings\matt\cookies\matt@casalemedia[1].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@casalemedia[3].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@casalemedia[2].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@casalemedia[1].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@casalemedia[5].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\documents and settings\matt\cookies\matt@casalemedia[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@doubleclick[4].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@doubleclick[5].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\documents and settings\sharon\cookies\sharon@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@doubleclick[3].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@doubleclick[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@doubleclick[6].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\documents and settings\matt\cookies\matt@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\documents and settings\matt\cookies\matt@doubleclick[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@doubleclick[7].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@doubleclick[9].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@atdmt[10].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\sharon\cookies\sharon@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@atdmt[11].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@atdmt[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@atdmt[3].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@atdmt[4].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@atdmt[5].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@atdmt[6].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@atdmt[7].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@atdmt[8].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@atdmt[9].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@carq9eea.txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@ca3cyffm.txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\matt\cookies\matt@atdmt[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\matt\cookies\matt@atdmt[6].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\matt\cookies\matt@atdmt[5].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\matt\cookies\matt@atdmt[4].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@ca9c0phq.txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@caa0n80k.txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@caa9luk0.txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@caf235rq.txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@cai80ofd.txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@cailo8pt.txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@can945td.txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@carfmadp.txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\matt\cookies\matt@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\sharon\cookies\sharon@atdmt[1].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@tradedoubler[2].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@tradedoubler[1].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@tradedoubler[3].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@tradedoubler[4].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No c:\documents and settings\sharon\cookies\sharon@247realmedia[4].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@247realmedia[1].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@247realmedia[2].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No c:\documents and settings\matt\cookies\matt@247realmedia[1].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No c:\documents and settings\sharon\cookies\sharon@247realmedia[1].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@247realmedia[8].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@247realmedia[3].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@247realmedia[7].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@247realmedia[6].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@247realmedia[5].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@247realmedia[4].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No c:\documents and settings\sharon\cookies\sharon@247realmedia[3].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\documents and settings\sharon\cookies\sharon@fastclick[3].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\documents and settings\sharon\cookies\sharon@fastclick[2].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\documents and settings\matt\cookies\matt@fastclick[2].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@fastclick[10].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@fastclick[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@fastclick[2].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@fastclick[3].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@fastclick[4].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@fastclick[5].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@fastclick[6].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@fastclick[7].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@fastclick[8].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@fastclick[9].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@caq4y8vx.txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@tribalfusion[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\documents and settings\sharon\cookies\sharon@tribalfusion[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@tribalfusion[7].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@tribalfusion[6].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\documents and settings\matt\cookies\matt@tribalfusion[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\documents and settings\sharon\cookies\sharon@tribalfusion[3].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\documents and settings\sharon\cookies\sharon@tribalfusion[5].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@tribalfusion[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\documents and settings\sharon\cookies\sharon@tribalfusion[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@tribalfusion[3].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@tribalfusion[4].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@mediaplex[5].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@mediaplex[6].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@mediaplex[7].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@mediaplex[8].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@mediaplex[9].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\documents and settings\sharon\cookies\sharon@mediaplex[3].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@mediaplex[4].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@mediaplex[3].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@mediaplex[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@mediaplex[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@ca0cbyrw.txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\documents and settings\sharon\cookies\sharon@mediaplex[4].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\documents and settings\sharon\cookies\sharon@mediaplex[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\documents and settings\matt\cookies\matt@mediaplex[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\documents and settings\matt\cookies\matt@mediaplex[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@mediaplex[10].txt
00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@linksynergy[1].txt
00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@linksynergy[2].txt
00149116 Cookie/Ccbill TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@ccbill[2].txt
00159564 Cookie/WUpd TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@revenue[3].txt
00159564 Cookie/WUpd TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@revenue[4].txt
00159564 Cookie/WUpd TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@revenue[2].txt
00159564 Cookie/WUpd TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@revenue[5].txt
00167430 Cookie/myaffiliateprogram TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@www.myaffiliateprogram[2].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@com[2].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@com[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@com[5].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@com[6].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\documents and settings\matt\cookies\matt@com[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@com[4].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@com[3].txt
00167647 Cookie/Yadro TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@yadro[2].txt
00167647 Cookie/Yadro TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@yadro[1].txt
00167647 Cookie/Yadro TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@yadro[4].txt
00167647 Cookie/Yadro TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@yadro[3].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@xiti[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@xiti[3].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@xiti[2].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@xiti[4].txt
00167724 Cookie/HotLog TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@hotlog[1].txt
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@azjmp[4].txt
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@azjmp[2].txt
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@azjmp[1].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@toplist[7].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@toplist[2].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@toplist[6].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@toplist[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@statcounter[7].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@statcounter[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@statcounter[3].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@statcounter[4].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@statcounter[5].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@statcounter[8].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@statcounter[2].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@statcounter[6].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\documents and settings\matt\cookies\matt@statcounter[2].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@statcounter[10].txt
00167760 Cookie/Hitslink TrackingCookie No 0 Yes No c:\documents and settings\sharon\cookies\sharon@counter.hitslink[1].txt
00167760 Cookie/Hitslink TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@counter.hitslink[2].txt
00167760 Cookie/Hitslink TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@counter.hitslink[1].txt
00167761 Cookie/Sextracker TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@counter8.sextracker[1].txt
00167762 Cookie/Sextracker TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@counter13.sextracker[1].txt
00167770 Cookie/Sextracker TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@counter15.sextracker[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@ad.yieldmanager[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@cayzw3pr.txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\matt\cookies\matt@ad.yieldmanager[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@ad.yieldmanager[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@ad.yieldmanager[3].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@ca7011rr.txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@ca7k2x2d.txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@ca7zzmj6.txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@ca9us7uu.txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\sharon\cookies\sharon@ad.yieldmanager[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\sharon\cookies\sharon@ad.yieldmanager[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@ad.yieldmanager[4].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@ad.yieldmanager[5].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@ad.yieldmanager[6].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@ad.yieldmanager[7].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@ad.yieldmanager[8].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\sharon\cookies\sharon@ad.yieldmanager[3].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@ad.yieldmanager[11].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@ad.yieldmanager[10].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@cab9gepc.txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@caf3huxk.txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\matt\cookies\matt@ad.yieldmanager[4].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@caqruxhu.txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\matt\cookies\matt@ad.yieldmanager[3].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@ad.yieldmanager[9].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\matt\cookies\matt@ad.yieldmanager[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@apmebf[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@apmebf[3].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@apmebf[4].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@apmebf[6].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@apmebf[7].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@apmebf[8].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\sharon\cookies\sharon@apmebf[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\matt\cookies\matt@apmebf[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@apmebf[2].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@burstnet[3].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@burstnet[9].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@burstnet[8].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@burstnet[5].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No c:\documents and settings\sharon\cookies\sharon@burstnet[1].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@burstnet[6].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@burstnet[4].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@burstnet[7].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@burstnet[2].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@burstnet[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@serving-sys[10].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@serving-sys[8].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@serving-sys[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@serving-sys[7].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@serving-sys[9].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@serving-sys[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@serving-sys[3].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\sharon\cookies\sharon@serving-sys[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@serving-sys[4].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@serving-sys[5].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\matt\cookies\matt@serving-sys[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\matt\cookies\matt@serving-sys[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\matt\cookies\matt@serving-sys[4].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@serving-sys[11].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@serving-sys[6].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@bs.serving-sys[6].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@bs.serving-sys[9].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\matt\cookies\matt@bs.serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@bs.serving-sys[8].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\sharon\cookies\sharon@bs.serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@bs.serving-sys[7].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@bs.serving-sys[11].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@bs.serving-sys[5].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@bs.serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@bs.serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@bs.serving-sys[3].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@bs.serving-sys[4].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@www.burstbeacon[4].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@www.burstbeacon[2].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@www.burstbeacon[1].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@www.burstbeacon[5].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@www.burstbeacon[3].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@www.burstbeacon[6].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@weborama[1].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@weborama[2].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@adtech[4].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@adtech[1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@adtech[2].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@adtech[3].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@server.iad.liveperson[2].txt
00168116 Cookie/Comclick TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@fl01.ct2.comclick[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\documents and settings\matt\cookies\matt@advertising[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@advertising[6].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@advertising[7].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@advertising[8].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@advertising[4].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@advertising[3].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@advertising[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@advertising[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\documents and settings\matt\cookies\matt@advertising[3].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\documents and settings\matt\cookies\matt@advertising[4].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\documents and settings\matt\cookies\matt@advertising[5].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@advertising[5].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\documents and settings\sharon\cookies\sharon@advertising[3].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\documents and settings\sharon\cookies\sharon@advertising[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\documents and settings\sharon\cookies\sharon@advertising[1].txt
00169286 Cookie/Sextracker TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@sextracker[2].txt
00169286 Cookie/Sextracker TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@sextracker[1].txt
00169286 Cookie/Sextracker TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@sextracker[3].txt
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@media.adrevolver[3].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@statse.webtrendslive[2].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@statse.webtrendslive[1].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No c:\documents and settings\matt\cookies\matt@statse.webtrendslive[2].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No c:\documents and settings\matt\cookies\matt@statse.webtrendslive[3].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@statse.webtrendslive[3].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\documents and settings\sharon\cookies\sharon@ads.pointroll[4].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@ads.pointroll[8].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\documents and settings\sharon\cookies\sharon@ads.pointroll[2].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\documents and settings\matt\cookies\matt@ads.pointroll[2].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@ads.pointroll[7].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@ads.pointroll[6].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@ads.pointroll[5].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\documents and settings\sharon\cookies\sharon@ads.pointroll[3].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\documents and settings\sharon\cookies\sharon@ads.pointroll[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\documents and settings\matt\cookies\matt@ads.pointroll[4].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\documents and settings\matt\cookies\matt@ads.pointroll[5].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@ads.pointroll[4].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\documents and settings\matt\cookies\matt@ads.pointroll[3].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\documents and settings\sharon\cookies\sharon@ads.pointroll[5].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\documents and settings\matt\cookies\matt@ads.pointroll[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@ads.pointroll[3].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@ads.pointroll[2].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@ads.pointroll[1].txt
00170549 Cookie/FortuneCity TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@fortunecity[1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@overture[4].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No c:\documents and settings\sharon\cookies\sharon@overture[2].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No c:\documents and settings\sharon\cookies\sharon@overture[1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No c:\documents and settings\matt\cookies\matt@overture[3].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No c:\documents and settings\matt\cookies\matt@overture[1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@overture[6].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@overture[3].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@overture[1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@overture[2].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\documents and settings\matt\cookies\matt@realmedia[1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\documents and settings\sharon\cookies\sharon@realmedia[1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@realmedia[1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@realmedia[2].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@realmedia[3].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@realmedia[4].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@realmedia[5].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@realmedia[6].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\documents and settings\sharon\cookies\sharon@realmedia[2].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\documents and settings\sharon\cookies\sharon@realmedia[4].txt
00171633 Cookie/Cgi-bin TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@www5.addfreestats[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@questionmarket[11].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@questionmarket[8].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@questionmarket[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@questionmarket[2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@questionmarket[3].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@questionmarket[4].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@questionmarket[5].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@ca65nxcm.txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@cai9j475.txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@questionmarket[10].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@questionmarket[6].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\documents and settings\sharon\cookies\sharon@questionmarket[3].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\documents and settings\sharon\cookies\sharon@questionmarket[2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\documents and settings\sharon\cookies\sharon@questionmarket[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@questionmarket[7].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\documents and settings\matt\cookies\matt@questionmarket[4].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\documents and settings\matt\cookies\matt@questionmarket[3].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\documents and settings\matt\cookies\matt@questionmarket[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@questionmarket[9].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@zedo[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@zedo[3].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@zedo[4].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@zedo[5].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@zedo[6].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@zedo[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No c:\documents and settings\sharon\cookies\sharon@zedo[1].txt
00172449 Cookie/MetriWeb TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@metriweb[1].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@bluestreak[2].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@bluestreak[1].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@adrevolver[2].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@adultfriendfinder[1].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@adultfriendfinder[3].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@go[3].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@go[6].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No c:\documents and settings\lenore\cookies\lenore@go[2].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@go[2].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No c:\documents and settings\sharon\cookies\sharon@go[1].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No c:\documents and settings\matt\cookies\matt@go[3].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@go[4].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No c:\documents and settings\matt\cookies\matt@go[2].txt
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@searchportal.information[3].txt
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@searchportal.information[1].txt
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@searchportal.information[4].txt
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@searchportal.information[2].txt
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@searchportal.information[5].txt
00205140 Cookie/Research-int TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@research-int[1].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@target[6].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@target[5].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@target[2].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No c:\documents and settings\sharon\cookies\sharon@target[2].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@target[1].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No c:\documents and settings\matt\cookies\matt@target[1].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@target[4].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@target[3].txt
00207862 Cookie/did-it TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@did-it[2].txt
00234869 Cookie/FastClick TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@media.fastclick[1].txt
00249100 Cookie/Cgi-bin TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@www2.addfreestats[1].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@smartadserver[1].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@smartadserver[4].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@smartadserver[3].txt
00286732 Cookie/Cgi-bin TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@www3.addfreestats[2].txt
00286736 Cookie/Cgi-bin TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@www6.addfreestats[1].txt
00286738 Cookie/Cgi-bin TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@www1.addfreestats[1].txt
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@ehg-dig.hitbox[2].txt
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@ads.addynamix[3].txt
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@ads.addynamix[1].txt
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@citi.bridgetrack[3].txt
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@citi.bridgetrack[2].txt
01196325 Cookie/Enhance TrackingCookie No 0 Yes No c:\documents and settings\nigel\cookies\nigel@enhance[1].txt
06082820 Adware/SoftSoldier Adware No 1 Yes No c:\documents and settings\nigel\application data\85784d94-bfd8-4687-a815-c19eb8a1a556_26.avi
06082820 Adware/SoftSoldier Adware No 1 Yes No c:\documents and settings\sharon\application data\85784d94-bfd8-4687-a815-c19eb8a1a556_26.avi
06082820 Adware/SoftSoldier Adware No 1 Yes No c:\documents and settings\sharon\local settings\application data\85784d94-bfd8-4687-a815-c19eb8a1a556_26.avi
06082820 Adware/SoftSoldier Adware No 1 Yes No c:\system volume information\_restore{79b3018d-24a3-4268-813e-c62cbadd195a}\rp5\a0004662.dll
06082820 Adware/SoftSoldier Adware No 1 Yes No c:\system volume information\_restore{79b3018d-24a3-4268-813e-c62cbadd195a}\rp2\a0002084.dll
06082820 Adware/SoftSoldier Adware No 1 Yes No c:\system volume information\_restore{79b3018d-24a3-4268-813e-c62cbadd195a}\rp2\a0002382.dll
06082820 Adware/SoftSoldier Adware No 1 Yes No c:\system volume information\_restore{79b3018d-24a3-4268-813e-c62cbadd195a}\rp3\a0002436.dll
06082820 Adware/SoftSoldier Adware No 1 Yes No c:\system volume information\_restore{79b3018d-24a3-4268-813e-c62cbadd195a}\rp4\a0004476.dll
06082820 Adware/SoftSoldier Adware No 1 Yes No c:\system volume information\_restore{79b3018d-24a3-4268-813e-c62cbadd195a}\rp4\a0004533.dll
06082820 Adware/SoftSoldier Adware No 1 Yes No c:\system volume information\_restore{79b3018d-24a3-4268-813e-c62cbadd195a}\rp6\a0004689.dll
06107609 Bck/Hupigon.AZG Virus/Trojan No 1 Yes No c:\system volume information\_restore{79b3018d-24a3-4268-813e-c62cbadd195a}\rp2\a0000232.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
No c:\documents and settings\matt\desktop\combofix.exe[32788r22fwjfw\pev.exe]
No c:\my games\tradewinds legends\tw3_release.exe
No c:\program files\electronic arts\need for speed - porsche unleashed\porsche.exe
No c:\system volume information\_restore{79b3018d-24a3-4268-813e-c62cbadd195a}\rp19\a0008647.exe
No c:\system volume information\_restore{79b3018d-24a3-4268-813e-c62cbadd195a}\rp19\a0008733.exe[32788r22fwjfw\pev.exe]
No c:\system volume information\_restore{79b3018d-24a3-4268-813e-c62cbadd195a}\rp19\a0008785.exe
No c:\system volume information\_restore{79b3018d-24a3-4268-813e-c62cbadd195a}\rp19\a0008816.exe
No c:\system volume information\_restore{79b3018d-24a3-4268-813e-c62cbadd195a}\rp19\a0008955.exe
No c:\windows\pev.exe
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================


#14 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:07:06 AM

Posted 20 March 2010 - 09:28 PM

Hello, tvirgomatt.
According to the scan, these files appears to be infected:
c:\documents and settings\sharon\application data\85784d94-bfd8-4687-a815-c19eb8a1a556_26.avi
c:\documents and settings\sharon\local settings\application data\85784d94-bfd8-4687-a815-c19eb8a1a556_26.avi

Please navigate through and delete them.

NEXT:

We need to uninstall Combofix
  1. Click on your Start Menu, then Run....
  2. Now type combofix /uninstall in the runbox and click OK. Notice the space between the "x" and "/".




Your Log looks Clean please take the time to read below to secure your machine and take the necessary steps to keep it clean smile.gif

There are many ways to reduce the chance of getting infected in the future. Below, I have listed a few:
  1. Practice Safe Internet
    • Be weary about attachments in emails. Avoid opening .exe, .com, .bat, or .pif files.
    • Watch out for Foistware. More info can be found on Foistware, And how to avoid it.
    • Do not fall for Rogue/Suspect Anti-Spyware Products & Web Sites
    • Do not go to adult sites.
    • When using an Instant Messaging program be cautious about clicking on links people send to you.
    • Stay away from Warez and Crack sites. In addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.
    • Use McAfee Siteadvisor to look up info on a site if you are not sure whether it is legitimate
    • Do not install any software without first reading the End User License Agreement, otherwise known as the EULA.
  2. Make Internet Explorer more secure
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt

        When all these settings have been made, click on the OK button. If it prompts you as to whether or not you want to save the settings, press the Yes button.
    5. Next press the Apply button and then the OK to exit the Internet Properties page.
  3. Keep Windows updated
    Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer. Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install.
  4. Install and update the following programs frequently
    1. An outbound firewall
      A comprehensive tutorial and a list of possible firewalls can be found here
    2. An antivirus software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats. Three good antivirus programs free for non-commercial home use are Avast! and Antivir and AVG Antivirus
    3. An antispyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates. SUPERAntiSpyware is another good scanner with high detection and removal rates. Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    4. SpywareBlaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    5. MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file
  5. Keep your other software updated too
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

Some more links you might find of interest:

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#15 tvirgomatt

tvirgomatt
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:06 AM

Posted 21 March 2010 - 01:33 PM

I couldn't see the files at first but after adjusting the folder options they started showing.
I have deleted the two files.
Thank you for all your help.
These are some great sites to help keep us safe online.

Thank you very much.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users