Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

WinvirusPro2006...again [RESOLVED]

Started by Hell_Matt , Oct 07 2006 04:20 AM

This topic is locked

#1
Hell_Matt

Posted 07 October 2006 - 04:20 AM

New Member

Member
4 posts

Here is my hyjack this log file...

Logfile of HijackThis v1.99.1
Scan saved at 11:16:38, on 07/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.savewealt...ort/ie6/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0...S01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.savewealth.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0...S01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [jfofvme.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\jfofvme.dll,weajjxd
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?bc1600a0e2c044038e2d15f1f722b483
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?bc1600a0e2c044038e2d15f1f722b483
O14 - IERESET.INF: START_PAGE_URL=http://www.savewealth.com
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

Thank You for your time

#2
Crustyoldbloke

Posted 07 October 2006 - 04:27 AM

Old Malware Surgeon with a shaky scalpel

Retired Staff
15,131 posts

Hello and welcome to Geeks To Go

Some malware has the ability to hide when interrogated by HijackThis; I believe this to be true in your case. Please right click on hijackthis.exe and rename it to crusty.exe

Now please rescan with the newly named file and post the log. I'll have a fresh look.

#3
Hell_Matt

Posted 07 October 2006 - 04:44 AM

New Member

Topic Starter
Member
4 posts

Here you go

Logfile of HijackThis v1.99.1
Scan saved at 11:44:16, on 07/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\MOZILL~1\firefox.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hijackthis\crusty.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.savewealt...ort/ie6/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0...S01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.savewealth.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0...S01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {52A46896-D5B6-4957-89BA-7180FA726585} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {541D89F4-DDE1-5672-A12D-0ADF71D05C25} - C:\WINDOWS\system32\tqnykbe.dll
O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - C:\WINDOWS\system32\imsdxcfa.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O2 - BHO: (no name) - {EB6FD4D5-C6AC-4087-9486-C64BF351E44F} - (no file)
O2 - BHO: (no name) - {EBF45437-D380-430A-9836-41FBA5DE94A0} - C:\WINDOWS\system32\pmkhi.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [jfofvme.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\jfofvme.dll,weajjxd
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?bc1600a0e2c044038e2d15f1f722b483
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?bc1600a0e2c044038e2d15f1f722b483
O14 - IERESET.INF: START_PAGE_URL=http://www.savewealth.com
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: winjyg32 - C:\WINDOWS\SYSTEM32\winjyg32.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

Thank you again

#4
Crustyoldbloke

Posted 07 October 2006 - 06:17 AM

Old Malware Surgeon with a shaky scalpel

Retired Staff
15,131 posts

Hello Matt and welcome to Geeks to Go

As an introduction, please note that I am not Superhuman, I do not know everything, but what I do know has taken me years to learn. I am happy to pass on this information to you, but please bear in mind that I am also fallible.

Please note that you should have Administrator rights to perform the fixes. Also note that multiple identity PC’s (family PC’s) present a different problem; please tell me if your PC has more than one individual’s setting, but continue with the fix.

Before we get underway, you may wish to print these instructions for easy reference during the fix, although please be aware that many of the required URLs are hyperlinks in the red names shown on your screen. Part of the fix may require you to be in Safe Mode, which will not allow you to access the internet, or my instructions! (Click the Options drop down near the upper right of the topic. Select Print this topic.)

The renaming was a good call; look at the 02 and 020 entries now visible. You have quite a mixture of malware and Trojans. Let’s see what we can do.

To start please download the following programmes, we will run them later. Please save them to a place that you will remember, I suggest the Desktop:

Killbox by Option^Explicit
CCleaner
AVG AntiSpyware
combofix.exe

Please install, and update AVG Anti Spyware

Load AVGas and then click the Update tab at the top. Under Manual Update click Start update.
After the update finishes (the status bar at the bottom will display "Update successful")
Please select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"
Select "Automatically generate report after every scan"
Deselect "Only if threats were found"
Close AVGas. Do not run it yet.

Next, please reboot your computer in Safe Mode by doing the following:

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
Instead of Windows loading as normal, a menu should appear
Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:

Safe Mode

In Safe Mode, load AVGas and click on the Scanner tab at the top and then click on Complete System Scan. This scan can take quite a while to run, so be patient.
AVGas will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVGas will display "All actions have been applied" on the right hand side.
Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (I suggest the Desktop).
Please ensure you post that log in your reply.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {52A46896-D5B6-4957-89BA-7180FA726585} - (no file)
O2 - BHO: (no name) - {541D89F4-DDE1-5672-A12D-0ADF71D05C25} - C:\WINDOWS\system32\tqnykbe.dll
O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - C:\WINDOWS\system32\imsdxcfa.dll
O2 - BHO: (no name) - {EB6FD4D5-C6AC-4087-9486-C64BF351E44F} - (no file)
O2 - BHO: (no name) - {EBF45437-D380-430A-9836-41FBA5DE94A0} - C:\WINDOWS\system32\pmkhi.dll (file missing)
O4 - HKLM\..\Run: [jfofvme.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\jfofvme.dll,weajjxd
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.savewealth.com
O20 - Winlogon Notify: winjyg32 - C:\WINDOWS\SYSTEM32\winjyg32.dll
Now close all windows other than HiJackThis, then click Fix Checked. Please now reboot into normal mode.

Please install Killbox by Option^Explicit.

Please double-click Killbox.exe to run it.
Select Delete on Reboot
then Click on the All Files button.
Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\WINDOWS\system32\tqnykbe.dll
C:\WINDOWS\system32\imsdxcfa.dll
C:\WINDOWS\system32\jfofvme.dll
C:\WINDOWS\SYSTEM32\winjyg32.dll

Return to Killbox, go to the File menu, and choose Paste from Clipboard.
Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

There is almost certainly bound to be some junk (leftover bits and pieces) on your system that is doing nothing but taking up space. I would recommend that you run CCleaner. Install it, check the default setting in the left-hand pane, ensure you uncheck old prefetch data found under the system tab, and under the heading of Applications uncheck AVGas Anti-malware log then click Analyze> Run Cleaner. You may be fairly surprised by how much it finds. Also click Issues then Scan for issues – fix selected issues

Double click combofix.exe & follow the prompts.

When it has finished, it will produce a log. Please post that log in your next reply.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post back a fresh HijackThis log (from normal mode) and I will take another look. (3 logs in total please).

#5
Hell_Matt

Posted 08 October 2006 - 06:36 AM

New Member

Topic Starter
Member
4 posts

I recieved the PendingFileRenameOperations Prompt

Here are the logs.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 13:16 06-10-08

+ Scan result:

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\T30Y8CQD\anti4[1].exe -> Adware.Virtumionde : Ignored.
C:\VundoFix Backups\cbxvvtr.dll.bad -> Adware.Virtumionde : Ignored.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\K7WFNOUM\l11[1].exe -> Downloader.Zlob.anw : Cleaned with backup (quarantined).
C:\Program Files\Utilities\NirSoft\AsterWin.exe -> Not-A-Virus.PSWTool.Win32.AsterWin.a : Ignored.
:mozilla.185:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.186:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.187:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.188:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.189:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.190:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.191:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.124:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.125:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.43:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.253:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.254:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.517:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.518:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.519:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.520:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.172:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.173:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.35:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.164:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.290:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.491:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.58:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.28:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.487:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Cqcounter : Cleaned.
:mozilla.37:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.502:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Enhance : Cleaned.
:mozilla.320:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.136:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.137:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.138:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.139:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.140:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.141:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.142:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.335:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Findwhat : Cleaned.
:mozilla.224:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.234:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.589:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.590:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.120:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.121:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.122:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.123:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.128:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.176:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned.
:mozilla.509:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Inet-cash : Cleaned.
:mozilla.526:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.527:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.528:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.529:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.530:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.532:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.533:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.534:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.401:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.51:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.398:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned.
:mozilla.406:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.407:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.408:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.409:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.410:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.79:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.83:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.84:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.85:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.86:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.87:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.88:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.89:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.90:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.91:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.423:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.225:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.226:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.227:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.228:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.229:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.294:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.295:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.296:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.297:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.298:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.299:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.300:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.301:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.302:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.303:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.304:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.305:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.31:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned.
:mozilla.175:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Spylog : Cleaned.
:mozilla.345:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.346:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.347:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.538:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.45:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.46:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.47:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.48:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.49:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.50:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.434:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.435:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.436:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.75:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.76:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.446:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Trafic : Cleaned.
:mozilla.108:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.109:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.110:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.112:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.126:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.485:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.38:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.39:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Administrator\Local Settings\Temp\mst2F.tmp -> Trojan.Agent.vg : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Local Settings\Temp\mstD.tmp -> Trojan.Agent.vg : Cleaned with backup (quarantined).

::Report end

CLEANING COMPLETE - (4.320 secs)
------------------------------------------------------------------------------------------
1,156.9MB removed.
------------------------------------------------------------------------------------------

Details of files deleted
------------------------------------------------------------------------------------------
IE Temporary Internet Files (2791 files) 138.9MB
Cookie:[email protected]/(&H100001) 95 bytes
Cookie:[email protected]/(&H100001) 262 bytes
Cookie:[email protected]/(&H100001) 445 bytes
Cookie:[email protected]/s(&H100001) 92 bytes
Cookie:[email protected]/(&H100001) 690 bytes
Cookie:[email protected]/(&H100001) 121 bytes
Cookie:[email protected]/a(&H100001) 94 bytes
Cookie:[email protected]/(&H100001) 258 bytes
Cookie:[email protected]/(&H100001) 87 bytes
Cookie:[email protected]/(&H100001) 240 bytes
Cookie:[email protected]/(&H100001) 204 bytes
Cookie:[email protected]/(&H100001) 119 bytes
Cookie:[email protected]/(&H100001) 103 bytes
Cookie:[email protected]/(&H100001) 180 bytes
Cookie:[email protected]/(&H100001) 145 bytes
Cookie:[email protected]/adrevolver/(&H100001) 421 bytes
Cookie:[email protected]/en-gb/(&H100001) 71 bytes
Cookie:[email protected]/(&H100001) 259 bytes
Cookie:[email protected]/(&H100001) 184 bytes
Cookie:[email protected]/(&H100001) 120 bytes
Cookie:[email protected]/(&H100001) 104 bytes
Cookie:[email protected]/(&H100001) 327 bytes
Cookie:[email protected]/(&H100001) 102 bytes
Cookie:[email protected]/(&H100001) 131 bytes
Cookie:[email protected]/(&H100001) 174 bytes
Cookie:[email protected]/(&H100001) 153 bytes
Cookie:[email protected]/(&H100001) 968 bytes
Cookie:[email protected]/(&H100001) 244 bytes
Cookie:[email protected]/(&H100001) 597 bytes
Cookie:[email protected]/(&H100001) 269 bytes
Cookie:[email protected]/(&H100001) 160 bytes
Cookie:[email protected]/(&H100001) 682 bytes
Cookie:[email protected]/(&H100001) 83 bytes
Cookie:[email protected]/(&H100001) 96 bytes
Cookie:[email protected]/cgi-bin/check/autoaff3/(&H100001) 121 bytes
Cookie:[email protected]/(&H100001) 132 bytes
Cookie:[email protected]/(&H100001) 165 bytes
Cookie:[email protected]/serviceswitching/(&H100001) 145 bytes
Cookie:[email protected]/(&H100001) 79 bytes
Cookie:[email protected]/(&H100001) 528 bytes
Cookie:[email protected]/(&H100001) 118 bytes
Cookie:[email protected]/(&H100001) 565 bytes
Cookie:[email protected]/(&H100001) 79 bytes
Cookie:[email protected]/(&H100001) 504 bytes
Cookie:[email protected]/(&H100001) 750 bytes
Cookie:[email protected]/(&H100001) 71 bytes
Cookie:[email protected]/(&H100001) 127 bytes
Cookie:[email protected]/(&H100001) 266 bytes
Cookie:[email protected]/(&H100001) 232 bytes
Cookie:[email protected]/(&H100001) 417 bytes
Cookie:[email protected]/(&H100001) 258 bytes
Cookie:[email protected]/redirect/(&H100001) 357 bytes
Cookie:[email protected]/(&H100001) 102 bytes
Cookie:[email protected]/(&H100001) 601 bytes
Cookie:[email protected]/(&H100001) 264 bytes
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\desktop.ini 113 bytes
Marked for deletion: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Marked for deletion: C:\Documents and Settings\Administrator\Cookies\index.dat
Marked for deletion: C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Marked for deletion: C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\mshist012006100820061009\index.dat
Emptied Recycle Bin (47 files) 427.8MB
C:\WINDOWS\TEMP\ASPNETSetup.log 7.12KB
C:\WINDOWS\TEMP\java_install.log 22.91KB
C:\WINDOWS\TEMP\java_install_reg.log 462 bytes
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\05EE1EEF.TMP 260 bytes
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\0nbA.tmp 0 bytes
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\0x0409.ini 4.01KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\14514.tmp 0 bytes
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\2it4B.tmp 0 bytes
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\2st5.tmp 0 bytes
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\30FD0CBD.TMP 95 bytes
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\3dsMax8.msi 103.9MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\backburner\backburner3.cab 3.97MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\backburner\backburner3.exe 39.50KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\backburner\backburner3.ini 678 bytes
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\backburner\backburner3.msi 3.51MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\backburner\EULA\AdskLicense.ini 16.95KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\backburner\EULA\All Other Countries.rtf 0.11MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\backburner\EULA\Americas All Other.rtf 0.11MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\backburner\EULA\APac English.rtf 0.11MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\backburner\EULA\Belgie.rtf 0.12MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\backburner\EULA\Belgique.rtf 87.40KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\backburner\EULA\Ceska Republika.rtf 0.12MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\backburner\EULA\Danmark.rtf 0.11MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\backburner\EULA\Deutschland.rtf 0.13MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\backburner\EULA\Espana.rtf 0.13MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\backburner\EULA\France.rtf 87.34KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\backburner\EULA\Greece.rtf 0.11MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\backburner\EULA\Ireland.rtf 0.11MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\backburner\EULA\Italia.rtf 0.18MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\backburner\EULA\Japanese.rtf 0.37MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\backburner\EULA\Korean.rtf 0.98MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\backburner\EULA\LA Brazil.rtf 0.14MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\backburner\EULA\LA Spanish.rtf 0.13MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\backburner\EULA\Luxembourg-Luxemburg.rtf 87.36KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\backburner\EULA\Magyar.rtf 0.19MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\backburner\EULA\Nederland.rtf 0.12MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\backburner\EULA\Norge.rtf 0.11MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\backburner\EULA\Oesterreich.rtf 0.13MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\backburner\EULA\Polska.rtf 0.16MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\backburner\EULA\Portugal.rtf 0.14MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\backburner\EULA\Russia.rtf 0.28MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\backburner\EULA\Schweiz.rtf 0.13MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\backburner\EULA\Simplified Chinese.rtf 0.29MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\backburner\EULA\Slovenska Republika.rtf 0.13MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\backburner\EULA\Suisse.rtf 87.30KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\backburner\EULA\Suomi.rtf 0.11MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\backburner\EULA\Sverige.rtf 0.11MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\backburner\EULA\Traditional Chinese.rtf 0.24MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\backburner\EULA\Turkiye.rtf 0.11MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\backburner\EULA\United Kingdom.rtf 0.11MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\backburner\EULA\US Canada.rtf 0.11MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\DirectX\BDANT.cab 1.10MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\DirectX\BDAXP.cab 0.93MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\DirectX\DSETUP.dll 73.70KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\DirectX\dsetup32.dll 2.14MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\DirectX\dxnt.cab 12.7MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\DirectX\dxsetup.exe 0.46MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\DirectX\dxupdate.cab 65.86KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\DirectX\Jun2005_d3dx9_26_x64.cab 1.27MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\DirectX\Jun2005_d3dx9_26_x86.cab 1.02MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\DWFViewer\DwfViewerSetup.exe 5.30MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\EULA\AdskLicense.ini 16.95KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\EULA\All Other Countries.rtf 0.11MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\EULA\Americas All Other.rtf 0.11MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\EULA\APac English.rtf 0.11MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\EULA\Belgie.rtf 0.12MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\EULA\Belgique.rtf 87.40KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\EULA\Ceska Republika.rtf 0.12MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\EULA\Danmark.rtf 0.11MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\EULA\Deutschland.rtf 0.13MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\EULA\Espana.rtf 0.13MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\EULA\France.rtf 87.34KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\EULA\Greece.rtf 0.11MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\EULA\Ireland.rtf 0.11MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\EULA\Italia.rtf 0.18MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\EULA\Japanese.rtf 0.37MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\EULA\Korean.rtf 0.98MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\EULA\LA Brazil.rtf 0.14MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\EULA\LA Spanish.rtf 0.13MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\EULA\Luxembourg-Luxemburg.rtf 87.36KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\EULA\Magyar.rtf 0.19MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\EULA\Nederland.rtf 0.12MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\EULA\Norge.rtf 0.11MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\EULA\Oesterreich.rtf 0.13MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\EULA\Polska.rtf 0.16MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\EULA\Portugal.rtf 0.14MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\EULA\Russia.rtf 0.28MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\EULA\Schweiz.rtf 0.13MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\EULA\Simplified Chinese.rtf 0.29MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\EULA\Slovenska Republika.rtf 0.13MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\EULA\Suisse.rtf 87.30KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\EULA\Suomi.rtf 0.11MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\EULA\Sverige.rtf 0.11MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\EULA\Traditional Chinese.rtf 0.24MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\EULA\Turkiye.rtf 0.11MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\EULA\United Kingdom.rtf 0.11MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\EULA\US Canada.rtf 0.11MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\exe.cab 45.41KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\MSI\WindowsInstaller-KB893803-v2-x86.exe 2.47MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\setup.exe 76.00KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8\setup.ini 1.04KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8.0Install.log 11.9MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsMax8.log 2.13KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3dsmax_minidump.dmp 0.20MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\53s10.tmp 0 bytes
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7vj155.tmp 0 bytes
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\9b599.tmp 0 bytes
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\9en12.tmp 0 bytes
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\9kh16.tmp 0 bytes
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aax10.tmp 0 bytes
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aax2.tmp 0 bytes
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aax2C.tmp 0 bytes
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aax2D.tmp 0 bytes
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aax2E.tmp 0 bytes
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aax30.tmp 0 bytes
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aax31.tmp 0 bytes
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aax45.tmp 0 bytes
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aax46.tmp 0 bytes
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aax48.tmp 0 bytes
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aax49.tmp 0 bytes
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aax4A.tmp 0 bytes
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aax4C.tmp 0 bytes
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aax4D.tmp 0 bytes
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aax4E.tmp 0 bytes
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aax50.tmp 0 bytes
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aax51.tmp 0 bytes
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aax53.tmp 0 bytes
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aax54.tmp 0 bytes
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aax55.tmp 0 bytes
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aax6E.tmp 0 bytes
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aax6F.tmp 0 bytes
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aax70.tmp 0 bytes
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aax72.tmp 0 bytes
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aax73.tmp 0 bytes
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aax74.tmp 0 bytes
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aax75.tmp 0 bytes
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aax76.tmp 0 bytes
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aax77.tmp 0 bytes
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aax79.tmp 0 bytes
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aax7A.tmp 0 bytes
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aax7B.tmp 0 bytes
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aaxAD.tmp 0 bytes
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aaxAE.tmp 0 bytes
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aaxAF.tmp 0 bytes
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aaxD.tmp 0 bytes
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aaxF.tmp 0 bytes
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ACIB595A.ac$ 0 bytes
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ACIS.ac$ 0 bytes
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\AdskCleanup.0001 58.56KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Arabic.bin 19.05KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ASPNETSetup_00000.log 5.02KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ASPNETSetup_00001.log 4.89KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\avg7inst.log 0.15MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\b104.exe 82.71KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bb3_install.log 0.27MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\calog.txt 49 bytes
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Click.wav 5.79KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Command & Conquer Generals Demo.msi 28.7MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cts153.tmp 0 bytes
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Czech.bin 22.33KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Danish.bin 20.84KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Data1.cab 373.3MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Dutch.bin 23.61KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\English.bin 21.26KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\events.log 153 bytes
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ff_temp\xpcom.ns\bin\components\jar50.dll 59.11KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ff_temp\xpcom.ns\bin\components\xpinstal.dll 0.16MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ff_temp\xpcom.ns\bin\js3250.dll 0.40MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ff_temp\xpcom.ns\bin\nspr4.dll 0.15MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ff_temp\xpcom.ns\bin\plc4.dll 28.11KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ff_temp\xpcom.ns\bin\plds4.dll 24.11KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ff_temp\xpcom.ns\bin\xpcom_compat.dll 66.61KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ff_temp\xpcom.ns\bin\xpcom_core.dll 0.38MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Finnish.bin 21.06KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fla143.tmp 0 bytes
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\French.bin 25.06KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\g0eC.tmp 0 bytes
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\German.bin 23.71KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Greek.bin 22.92KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Hebrew.bin 18.00KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Hungarian.bin 23.87KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ihm154.tmp 0 bytes
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IMT11.xml 1.95KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IMT12.xml 426 bytes
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IMT13.xml 0.67MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IMT14.xml 1.95KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IMT15.xml 426 bytes
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IMT16.xml 0.67MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IMT17.xml 1.95KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IMT18.xml 426 bytes
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IMT19.xml 0.67MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IMT1A.xml 1.95KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IMT1B.xml 426 bytes
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IMT1C.xml 0.67MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Install-log.txt 529 bytes
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\InstallSplash.BMP 1.37MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\InstHelp.dll 56.00KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\instmsia.exe 1.63MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\instmsiw.exe 1.74MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\isp41.tmp\_Setup.dll 0.35MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\isp8E.tmp\_Setup.dll 0.14MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\isscript.msi 0.60MB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Italian.bin 25.22KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Japanese.bin 22.27KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\java_install_reg.log 1.01KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kfjD.tmp 0 bytes
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Korean.bin 18.53KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\0hOHazUrUyRH0B0xoOhIGSbG+9A= 23.23KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\12JV2FK3N+ixt9vg3pgYapdFWmjU= 26.17KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\1eyJjey7IrF4WqUVo32rVdtD0OE= 794 bytes
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\1IdYd37S3qbtZKAqZDQM0tlpXjs= 25.58KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\1QADAghVvsTOcM6eukTogZclFpk= 17.17KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\1rejLKH0vddlloEneZJ2F2FXziqrw= 27.40KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\26YQtcUr2Fjcz7m+cEk1Eo2Z8Xgs= 26.57KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\2FDZXVrGKFOeZF5sCXTkexZHTQHc= 16.88KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\2jrWggULO7FdHnUFZgd4pRFWLew= 23.00KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\3Ccachedsoap id=22-54426782222 2F3E 4.22KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\3Ccachedsoap id=22176085859822 2F3E 4.25KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\3HyeXnqK+xh16mcy+9oaMxU8cCU= 25.19KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\3Itest7YG2FKAJcZdCe1RznakEmU= 21.27KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\5Figi6ss7hgpOJ2WRXp2F9ao65E= 20.09KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\5wyN2FRaZdmKe7nJa02FJzw4o4Wp8= 1.48KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\6Z5PO5BESNo7qRLCEiYhdTsv4o4= 11.47KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\7gzAYuEaY+G74wQEq0Rd2cimPr8= 19.81KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\A1jsQAjcUYyDLIV3Buj83xWSXeE= 27.38KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\A6LYitKeYfh1DYli9EaiXOxiaj8= 8.17KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\bdiuRUBQcBjznCgtrnvVutHI2F+4= 25.38KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\BLyWl99T1fus1d512FEQ80M4EvUE= 15.54KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\c5ud1ZzXJST3kkv9ZGTcE8WT2Fdg= 27.33KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\CPRG+o+AIIdwLLxpOSqFk6XPFME= 13.51KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\CPt9GYyRO+Oq9ooRC0rfJWM94Sk= 28.96KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\CvuEm8CpXHiNcs6mppRHbUzGDDg= 17.55KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\d7aA4MVvutWE42l8rOhq16UfFT4= 7.40KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\dOHLKUUh1KiecdymT13RnHNVWSU= 49.71KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\dW0VZfrFH4igpqB+aknu+YLVPQc= 24.70KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\ej3Jlfndq2FvQ2FwMqtWDSkqrgFBE= 13.67KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\eLmcgB1oKBF2MjLxwai2F9VhZ2x4= 20.53KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\EylzxUJMM5ED1wAG4EmF2EQd+sY= 9.49KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\FAIsG+weLcPsv5ah4MVIuqfwDos= 19.46KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\fnJg0BYNtbWSlG6Eg2FFjgOtiWP8= 16.91KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\fSwDBsjunVVT6MEmcyoF+8xwqL0= 20.63KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\ft5GmXPYgedo2TM68Lz7xdYUcaA= 11.14KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\g7GrsijEs42FGMOslNgDEbKQWm20= 27.55KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\G9WamZKKViIhr5ALKKu7O2FYMY2F4= 26.84KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\gc5xewwYKmysI1Q0W0aHQYCLzo8= 19.29KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\gEyYT6dupmoZGzkE+FaAjlQE2Fa8= 25.91KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\Gg8lKQ9zJFkRot1xHV+9Me2Rogs= 27.58KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\GibdDxqIMZR9rBHsT62FPLJGIv2FA= 27.76KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\gu+BA7G17D0tCUErX2FHbF9iX3SQ= 12.69KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\Hi70pl3BpIWbiSAxp2FK2F1ghoRug= 14.33KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\Hl0IIM2Fgv9NnvxWgzwlZF3oQho0= 27.70KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\HLVkgNly9jhxwKTuA22z9P6VraU= 13.19KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\http3A2F2Fshared.live.com2FIdgrgrOt32xLjp0m0zyeUg2Fblack2Fimg2Fblk_card_bkgd.gif 637 bytes
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\HwrCM2+0oY2b2Fw9TRsvVRM8hdZQ= 19.58KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\I2F++ILv2FwipGlHRSgf+6xnqW5XE= 16.65KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\j2l1qxlwgBK2Fa9wR9Ng9fwfSEkI= 27.89KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\J3I2XY6wTBEKlcYp0f51ML3WQWQ= 16.95KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\Jg4Y9tGxlV6K50GfpthIWhmMhNQ= 22.88KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\JOU9fFgZKIF9GBfCEjX2FU8GwCMA= 158 bytes
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\Jrjp4i6Loxsdnvx2FT0t4oT+OPtc= 11.23KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\K5QjmXz49mIYlDjq0SBhRoBxw7Q= 17.58KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\kiUPOBgsRs5kRWGPCNa04wAmbnk= 1.06KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\LdfNGzOQ+RY29vwIoo2FFyyUChl8= 27.19KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\lgFQbwxH3XZYrH+9KOP6z81d2FQI= 28.63KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\lT9W1igISud4L6ykrRiNJLy6zEc= 9.63KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\LU9e09HVMsArY6nIgkUK7RfyqQo= 14.50KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\MalUTr7TDC3U2qLuyAJUq49dWc4= 959 bytes
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\MEOyL4rkAYIgVfgmt3NkX7NxL2F8= 23.08KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\MKfBM6S3WglJC2mjSiafkBcoPNY= 24.39KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\mW7MfHUhXfGj2FMzw2GAHWck7kvM= 11.56KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\NcoEHDnxKrdSs2FoYcyrL6VJdMJI= 20.19KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\nLCqJMuSljKGN2F7iGN6UT92GFbg= 24.70KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\npIbg+dyYcfhLrPk7EjM7Y0Y5zs= 18.99KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\NYQGIvDOC2UL8TSv8YtYiau5z2w= 1.16KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\OgfSEiCLHJhWINkmnNZqwkoAqgE= 17.69KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\ojHBOhP0P808HZBWLzwcAKDdKmg= 22.84KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\OJNlvVvsVYnTdNJZUgX8Y3r8lLs= 17.70KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\OlykyPoFMip2FwM8TIq0ikv2FkSqY= 26.88KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\PHj4CV2FcEETHen3J9VGLFOXZG1E= 21.35KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\PJ1slJ9WKE1MxEVpGTU9rH2ThCI= 14.52KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\PWqIYC9VXLNczZNyg0F6Rt8T+Yg= 13.41KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\Q9weHZKaSmDzeP2F9V4ALf0FiZOM= 14.26KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\Qgm1+B917DGOqGoxavTGhbdFxiQ= 2.88KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\qjYctKfkUE+QRg3XDx+kF+ElevE= 16.59KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\qRCD5XU9mub0jQ5yZcm2mbBqMOE= 22.09KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\qS9+4GxOBkr2jjDE1MWl98Lgjm0= 26.09KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\Qwr9qWjfuOfZrDj1lhM4kxcKCMk= 28.24KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\Qxe6IrUVTdDb9uoMP4PnXRbJVoE= 9.89KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\r2Fde5xfHNRBZCa3jeO8MPY9aJ70= 19.50KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\R6kp5dfPIIf5LhbxJYVGDnZf1qY= 15.20KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\r7LIymawUEdxDujc4TQcNooiZ9E= 17.12KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\rlEau8QAf5pPalEyZqGT6WeZ0AM= 21.93KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\rnIFMOYFTXkIgK8rJyeBxfGwNJU= 14.09KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\RUpnLiKJDspBtDcXzGalJKKwzCo= 9.49KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\S4gUrfdjo5D22FhwJc86Et8YIPpE= 23.49KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\swUPIhe4BE6kDksiMKFq0BECRgw= 18.81KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\SzeSKrO2RYG4BoLmE5iaHWzzWGE= 15.01KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\TElYIb+9NiX+DLsD5Qzkq1ZsbnY= 24.03KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\tkVj544M49dB+heRtSy6L8DeavQ= 6.91KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\TtYN3dDUn4Ky1v4AIGgzUdyT3d0= 19.00KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\u6mbBHzZStLGuH9xzRaD6tDSrf8= 21.82KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\Ue51u2F0YFGnXWWSqPCYLJ6WbMN0= 20.64KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\ufbDTiBQlHcSRMBlBDePpAnFYXc= 21.95KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\uOTfnPQJE8Na93+0gmxYaDRnh9E= 27.73KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\vAaPaYA9Gw42jjWJfLBs63wzmos= 10.95KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\VHZrM9uK5B6gWyKJPofkHgICKV8= 22.37KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\VOiCOo9yjYbP2JvqMKdXagPp+6o= 22.52KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\VpA+7l4CZSMc8ujFYEykR1SiBYg= 30.29KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\vT8TboCZilpoUVRztBDDzQfFPSs= 6.07KB
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache\W2F8BpJT2FOUfggqBFSN3KhSgaYnA= 792 bytes
C:\DOCUME~1\ADMINI~1\

#6
Crustyoldbloke

Posted 08 October 2006 - 07:05 AM

Old Malware Surgeon with a shaky scalpel

Retired Staff
15,131 posts

Hello again Matt

We appear to have a slight problem in understanding each other here.

If you look at the end of my fix, you'll see that I am awaiting 3 logs in total. They are:

AVGas - got it but it is not right. The instructions tell you to change the recommended actions to Quarantine.

Once in the Settings screen click on "Recommended actions" and then select "Quarantine"

. Your log tells me that you have left this setting alone and as a result, some findings have been ignored. You will need to run this scan again. Please follow the instructions carefully.

I wanted a further HJT log - not provided.

I wanted a ComboFix log - not provided. It will be at C:\combofix.txt

I am not sure what the other you posted is; could it be a Ccleaner? I don't want one of those.

Please rerun the AVGas scan and in the reply post the three logs so I can analyse what else needs to be done.

#7
Hell_Matt

Posted 08 October 2006 - 07:45 AM

New Member

Topic Starter
Member
4 posts

I am very sorry about this.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 14:35:08 08/10/2006

+ Scan result:

C:\VundoFix Backups\cbxvvtr.dll.bad -> Adware.Virtumionde : Cleaned.
C:\Program Files\Utilities\NirSoft\AsterWin.exe -> Not-A-Virus.PSWTool.Win32.AsterWin.a : Cleaned.
:mozilla.10:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\glvzrzt2.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.

::Report end

Administrator - 06-10-08 14:40:11.57 Service Pack 2
ComboFix 06.09.28 - Running from: "C:\Program Files\Free Download Manager"

((((((((((((((((((((((((((((((( Files Created from 2006-09-08 to 2006-10-08 ))))))))))))))))))))))))))))))))))

2006-10-08 01:29 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-10-05 15:02 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2006-10-05 15:02 249,856 --------- C:\WINDOWS\Setup1.exe
2006-10-04 15:48 90,112 --a------ C:\WINDOWS\system32\mp4_lib.dll
2006-10-04 15:48 761,856 --a------ C:\WINDOWS\system32\xvidcore.dll
2006-10-04 15:48 217,088 --a------ C:\WINDOWS\system32\avformat-50.dll
2006-10-04 15:48 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2006-10-04 15:48 16,896 --a------ C:\WINDOWS\system32\avutil-49.dll
2006-10-04 15:48 1,839,104 --a------ C:\WINDOWS\system32\avcodec-51.dll
2006-10-04 12:09 778,656 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-10-04 12:09 4,992 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-10-04 12:09 4,288 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-10-04 12:09 27,904 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-10-04 12:09 23,104 --a------ C:\WINDOWS\system32\drivers\avgmfrs.sys
2006-10-03 16:03 78,488 --a------ C:\WINDOWS\system32\XMD5.dll
2006-10-03 16:03 101,888 --a------ C:\WINDOWS\system32\vb6stkit.dll
2006-10-03 16:00 967 --a------ C:\WINDOWS\ScUnin.pif
2006-10-03 16:00 94,208 --a------ C:\WINDOWS\ScUnin.exe
2006-10-02 19:47 298,496 --a------ C:\WINDOWS\uninst.exe
2006-09-29 18:26 673,546 --a------ C:\WINDOWS\unins000.exe
2006-09-28 16:19 9,856 --a------ C:\WINDOWS\system32\drivers\pfc.sys
2006-09-28 16:19 671,744 --a------ C:\WINDOWS\system32\DolbyHph.dll
2006-09-28 16:19 60,416 --a------ C:\WINDOWS\system32\DSETUP.dll
2006-09-28 16:19 4,608 --a------ C:\WINDOWS\system32\drivers\nvport.sys
2006-09-27 12:43 180,276 --a------ C:\WINDOWS\system32\Mspdb50.dll
2006-09-27 07:45 26,368 --a------ C:\WINDOWS\system32\drivers\USBSTOR.SYS
2006-09-27 07:42 90,112 --------- C:\WINDOWS\snymsico.dll
2006-09-27 07:42 38,951 --------- C:\WINDOWS\system32\drivers\NETMDUSB.sys
2006-09-27 07:42 36,679 --------- C:\WINDOWS\system32\drivers\NETMD052.sys
2006-09-27 07:42 36,232 --------- C:\WINDOWS\system32\drivers\NETMD033.sys
2006-09-27 07:42 35,319 --------- C:\WINDOWS\system32\drivers\NETMD031.sys
2006-09-27 07:41 770,048 --a------ C:\WINDOWS\system32\CDDBUISony.dll
2006-09-27 07:41 73,728 --a------ C:\WINDOWS\system32\CddbLinkSony.dll
2006-09-27 07:41 643,072 --a------ C:\WINDOWS\system32\CDDBControlSony.dll
2006-09-27 07:41 585,728 --a------ C:\WINDOWS\system32\CddbMusicIDSony.dll
2006-09-27 07:41 520,192 --a------ C:\WINDOWS\system32\CddbPlaylist2Sony.dll
2006-09-27 07:41 20,640 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2006-09-27 07:41 151,552 --------- C:\WINDOWS\system32\pxwma.dll
2006-09-27 07:41 109,568 --------- C:\WINDOWS\system32\pxinsi64.exe
2006-09-27 07:41 108,544 --------- C:\WINDOWS\system32\pxcpyi64.exe
2006-09-27 03:15 3,972 --------- C:\WINDOWS\system32\drivers\PciBus.sys
2006-09-27 03:15 21,664 --a------ C:\WINDOWS\system32\drivers\Entech.sys
2006-09-27 03:07 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe
2006-09-27 03:06 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2006-09-27 03:06 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2006-09-27 02:51 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2006-09-27 02:50 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2006-09-27 02:49 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2006-09-27 02:48 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2006-09-27 02:48 8,704 --a------ C:\WINDOWS\system32\batt.dll
2006-09-27 02:48 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2006-09-27 02:48 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2006-09-27 02:48 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2006-09-27 02:48 69,120 --a------ C:\WINDOWS\NOTEPAD.EXE
2006-09-27 02:48 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2006-09-27 02:48 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2006-09-27 02:48 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2006-09-27 02:48 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2006-09-27 02:48 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2006-09-27 02:48 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2006-09-27 02:48 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2006-09-27 02:48 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2006-09-27 02:48 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2006-09-27 02:48 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2006-09-27 02:48 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2006-09-27 02:48 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2006-09-27 02:48 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2006-09-27 02:48 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2006-09-27 02:48 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2006-09-27 02:48 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2006-09-27 02:48 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2006-09-27 02:48 5,632 -ra------ C:\WINDOWS\system32\kbdycc.dll
2006-09-27 02:48 5,632 -ra------ C:\WINDOWS\system32\kbduzb.dll
2006-09-27 02:48 5,632 -ra------ C:\WINDOWS\system32\kbdur.dll
2006-09-27 02:48 5,632 -ra------ C:\WINDOWS\system32\kbdtat.dll
2006-09-27 02:48 5,632 -ra------ C:\WINDOWS\system32\kbdru1.dll
2006-09-27 02:48 5,632 -ra------ C:\WINDOWS\system32\kbdru.dll
2006-09-27 02:48 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2006-09-27 02:48 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2006-09-27 02:48 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2006-09-27 02:48 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2006-09-27 02:48 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2006-09-27 02:48 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2006-09-27 02:48 5,632 -ra------ C:\WINDOWS\system32\kbdkaz.dll
2006-09-27 02:48 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2006-09-27 02:48 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2006-09-27 02:48 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2006-09-27 02:48 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2006-09-27 02:48 5,632 -ra------ C:\WINDOWS\system32\kbdbu.dll
2006-09-27 02:48 5,632 -ra------ C:\WINDOWS\system32\kbdblr.dll
2006-09-27 02:48 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2006-09-27 02:48 5,632 -ra------ C:\WINDOWS\system32\kbdaze.dll
2006-09-27 02:48 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2006-09-27 02:48 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2006-09-27 02:48 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2006-09-27 02:48 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2006-09-27 02:48 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2006-09-27 02:48 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2006-09-27 02:27 61,184 -ra------ C:\WINDOWS\system32\drivers\mv614x.sys
2006-09-27 02:23 31,104 -ra------ C:\WINDOWS\system32\drivers\atl01_xp.sys
2006-09-27 02:20 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2006-09-27 02:20 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2006-09-27 02:20 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2006-09-27 02:20 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2006-09-27 02:20 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2006-09-27 02:20 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2006-09-27 02:20 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2006-09-27 02:20 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2006-09-27 02:20 40,960 -r------- C:\WINDOWS\system32\ChCfg.exe
2006-09-27 02:20 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2006-09-27 02:20 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2006-09-27 02:20 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-09-27 02:20 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2006-09-27 02:20 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2006-09-27 02:20 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2006-09-27 02:20 135,168 -r------- C:\WINDOWS\system32\RtlCPAPI.dll
2006-09-27 02:19 9,711,104 -r------- C:\WINDOWS\RTLCPL.exe
2006-09-27 02:19 86,016 -r------- C:\WINDOWS\SoundMan.exe
2006-09-27 02:19 69,632 -r------- C:\WINDOWS\Alcmtr.exe
2006-09-27 02:19 487,424 -r------- C:\WINDOWS\RtlExUpd.dll
2006-09-27 02:19 4,262,912 -r------- C:\WINDOWS\system32\drivers\RtkHDAud.Sys
2006-09-27 02:19 364,544 -r------- C:\WINDOWS\RtlUpd.exe
2006-09-27 02:19 2,809,344 -r------- C:\WINDOWS\alcwzrd.exe
2006-09-27 02:19 2,158,592 -r------- C:\WINDOWS\MicCal.exe
2006-09-27 02:19 16,143,872 -r------- C:\WINDOWS\RTHDCPL.exe
2006-09-27 02:14 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2006-09-27 02:08 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2006-09-27 02:02 107,132 --a------ C:\WINDOWS\UninstallThunderbird.exe
2006-09-27 02:01 476,320 --a------ C:\WINDOWS\system32\imagXpr7.dll
2006-09-27 02:01 471,040 --a------ C:\WINDOWS\system32\imagXRA7.dll
2006-09-27 02:01 364,544 --a------ C:\WINDOWS\system32\TwnLib4.dll
2006-09-27 02:01 262,144 --a------ C:\WINDOWS\system32\imagXR7.dll
2006-09-27 02:01 1,568,768 --a------ C:\WINDOWS\system32\imagX7.dll
2006-09-27 02:01 1,047,552 --a------ C:\WINDOWS\system32\mfc71u.dll
2006-09-27 01:59 0 -rahs---- C:\MSDOS.SYS
2006-09-27 01:59 0 -rahs---- C:\IO.SYS
2006-09-27 01:59 0 --a------ C:\CONFIG.SYS
2006-09-27 01:59 0 --a------ C:\AUTOEXEC.BAT
2006-09-27 01:58 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2006-09-27 01:57 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2006-09-27 01:57 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2006-09-27 01:57 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2006-09-27 01:57 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-09-27 01:57 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2006-09-27 01:57 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2006-09-27 01:57 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-09-27 01:57 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2006-09-27 01:57 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2006-09-27 01:57 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2006-09-27 01:57 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2006-09-27 01:57 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2006-09-27 01:57 41,240 --a------ C:\WINDOWS\system32\wups.dll
2006-09-27 01:57 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2006-09-27 01:57 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2006-09-27 01:57 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2006-09-27 01:57 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2006-09-27 01:57 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2006-09-27 01:57 23,040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-09-27 01:57 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2006-09-27 01:57 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2006-09-27 01:57 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-09-27 01:57 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2006-09-27 01:57 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2006-09-27 01:57 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2006-09-27 01:57 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-09-27 01:57 128,896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2006-09-27 01:57 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2006-09-27 01:57 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2006-09-27 01:57 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2006-09-27 01:57 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2006-09-27 01:57 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2006-09-27 01:57 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2006-09-27 01:56 98,816 --a------ C:\WINDOWS\system32\mfcm80ud.dll
2006-09-27 01:56 950,272 --a------ C:\WINDOWS\system32\msvcp80d.dll
2006-09-27 01:56 94,208 --a------ C:\WINDOWS\system32\MSSTKPRP.DLL
2006-09-27 01:56 935,632 --a------ C:\WINDOWS\system32\Vb40016.dll
2006-09-27 01:56 93,696 --a------ C:\WINDOWS\system32\ATL80.dll
2006-09-27 01:56 929,844 --a------ C:\WINDOWS\system32\mfc42d.dll
2006-09-27 01:56 86,016 --a------ C:\WINDOWS\system32\OpenAL32.dll
2006-09-27 01:56 828,416 --a------ C:\WINDOWS\system32\mmm.exe
2006-09-27 01:56 722,192 --a------ C:\WINDOWS\system32\Vb40032.dll
2006-09-27 01:56 69,632 --a------ C:\WINDOWS\system32\mfcm80.dll
2006-09-27 01:56 65,536 --a------ C:\WINDOWS\system32\mfc80DEU.dll
2006-09-27 01:56 614,400 --a------ C:\WINDOWS\system32\msvcr80.dll
2006-09-27 01:56 61,440 --a------ C:\WINDOWS\system32\vcomp.dll
2006-09-27 01:56 61,440 --a------ C:\WINDOWS\system32\mfc80ITA.dll
2006-09-27 01:56 61,440 --a------ C:\WINDOWS\system32\mfc80FRA.dll
2006-09-27 01:56 61,440 --a------ C:\WINDOWS\system32\mfc80ESP.dll
2006-09-27 01:56 57,344 --a------ C:\WINDOWS\system32\mfc80ENU.dll
2006-09-27 01:56 540,672 --a------ C:\WINDOWS\system32\msvcp80.dll
2006-09-27 01:56 54,272 --a------ C:\WINDOWS\system32\mfcm80u.dll
2006-09-27 01:56 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2006-09-27 01:56 49,152 --a------ C:\WINDOWS\system32\mfc80KOR.dll
2006-09-27 01:56 49,152 --a------ C:\WINDOWS\system32\mfc80JPN.dll
2006-09-27 01:56 487,424 --a------ C:\WINDOWS\system32\MSVCP70.DLL
2006-09-27 01:56 483,328 --a------ C:\WINDOWS\system32\msvcm80.dll
2006-09-27 01:56 45,056 --a------ C:\WINDOWS\system32\mfc80CHT.dll
2006-09-27 01:56 434,252 --a------ C:\WINDOWS\system32\msvcrtd.dll
2006-09-27 01:56 409,600 --a------ C:\WINDOWS\system32\wrap_oal.dll
2006-09-27 01:56 40,960 --a------ C:\WINDOWS\system32\mfc80CHS.dll
2006-09-27 01:56 4,608 --a------ C:\WINDOWS\system32\W95INF32.DLL
2006-09-27 01:56 398,416 --a------ C:\WINDOWS\system32\Vbrun300.dll
2006-09-27 01:56 356,992 --a------ C:\WINDOWS\system32\vbrun200.dll
2006-09-27 01:56 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2006-09-27 01:56 339,968 --a------ C:\WINDOWS\system32\msvcr70.dll
2006-09-27 01:56 271,264 --a------ C:\WINDOWS\system32\vbrun100.dll
2006-09-27 01:56 2,324,480 --a------ C:\WINDOWS\system32\mfc80ud.dll
2006-09-27 01:56 2,318,336 --a------ C:\WINDOWS\system32\mfc80d.dll
2006-09-27 01:56 2,272 --a------ C:\WINDOWS\system32\W95INF16.DLL
2006-09-27 01:56 175,616 --a------ C:\WINDOWS\system32\mmm.dll
2006-09-27 01:56 119,808 --a------ C:\WINDOWS\system32\msstdfmt.dll
2006-09-27 01:56 110,592 --a------ C:\WINDOWS\system32\mfcm80d.dll
2006-09-27 01:56 102,400 --a------ C:\WINDOWS\system32\vcompd.dll
2006-09-27 01:56 1,146,880 --a------ C:\WINDOWS\system32\msvcr80d.dll
2006-09-27 01:56 1,089,536 --a------ C:\WINDOWS\system32\msvcm80d.dll
2006-09-27 01:56 1,073,152 --a------ C:\WINDOWS\system32\mfc80.dll
2006-09-27 01:56 1,063,424 --a------ C:\WINDOWS\system32\mfc80u.dll
2006-09-27 01:56 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2006-09-27 01:55 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2006-09-27 01:55 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2006-09-27 01:55 946,448 --a------ C:\WINDOWS\system32\calc.exe
2006-09-27 01:55 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-09-27 01:55 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
2006-09-27 01:55 9,728 --a------ C:\WINDOWS\system32\reset.exe
2006-09-27 01:55 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-09-27 01:55 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2006-09-27 01:55 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2006-09-27 01:55 753,664 --a------ C:\WINDOWS\system32\mstscax.dll
2006-09-27 01:55 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2006-09-27 01:55 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll
2006-09-27 01:55 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-09-27 01:55 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2006-09-27 01:55 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2006-09-27 01:55 60,416 --a------ C:\WINDOWS\system32\colbact.dll
2006-09-27 01:55 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2006-09-27 01:55 59,392 --a------ C:\WINDOWS\system32\stclient.dll
2006-09-27 01:55 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2006-09-27 01:55 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2006-09-27 01:55 56,832 --a------ C:\WINDOWS\system32\sol.exe
2006-09-27 01:55 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2006-09-27 01:55 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2006-09-27 01:55 539,648 --a------ C:\WINDOWS\system32\comuid.dll
2006-09-27 01:55 538,624 --a------ C:\WINDOWS\system32\spider.exe
2006-09-27 01:55 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2006-09-27 01:55 498,688 --a------ C:\WINDOWS\system32\clbcatq.dll
2006-09-27 01:55 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-09-27 01:55 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2006-09-27 01:55 420,352 --a------ C:\WINDOWS\system32\mstsc.exe
2006-09-27 01:55 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2006-09-27 01:55 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2006-09-27 01:55 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2006-09-27 01:55 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-09-27 01:55 33,792 --a------ C:\WINDOWS\system32\regini.exe
2006-09-27 01:55 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2006-09-27 01:55 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2006-09-27 01:55 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2006-09-27 01:55 225,792 --a------ C:\WINDOWS\system32\catsrv.dll
2006-09-27 01:55 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2006-09-27 01:55 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2006-09-27 01:55 20,992 --a------ C:\WINDOWS\system32\msg.exe
2006-09-27 01:55 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2006-09-27 01:55 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2006-09-27 01:55 195,200 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2006-09-27 01:55 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-09-27 01:55 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2006-09-27 01:55 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2006-09-27 01:55 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2006-09-27 01:55 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2006-09-27 01:55 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2006-09-27 01:55 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2006-09-27 01:55 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2006-09-27 01:55 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2006-09-27 01:55 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2006-09-27 01:55 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2006-09-27 01:55 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2006-09-27 01:55 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2006-09-27 01:55 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2006-09-27 01:55 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2006-09-27 01:55 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2006-09-27 01:55 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2006-09-27 01:55 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2006-09-27 01:55 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2006-09-27 01:55 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-09-27 01:55 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2006-09-27 01:55 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2006-09-27 01:55 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2006-09-27 01:55 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2006-09-27 01:55 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2006-09-27 01:55 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2006-09-27 01:55 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2006-09-27 01:55 1,267,712 --a------ C:\WINDOWS\system32\comsvcs.dll
2006-09-27 01:55 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2006-09-18 19:11 778,240 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-09-18 19:11 778,240 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-09-18 19:11 761,856 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-09-18 19:11 620,180 --a------ C:\WINDOWS\system32\DivX.dll

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-10-08 14:40 -------- d-------- C:\Program Files\Free Download Manager
2006-10-08 14:35 -------- d-------- C:\Program Files\Hijackthis
2006-10-08 14:12 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Free Download Manager
2006-10-08 14:08 -------- d-------- C:\Program Files\Common Files
2006-10-08 13:44 -------- d-------- C:\Program Files\Mozilla Firefox
2006-10-08 01:29 -------- d-------- C:\Program Files\Grisoft
2006-10-08 01:25 -------- d-------- C:\Program Files\Yahoo!
2006-10-08 01:25 -------- d-------- C:\Program Files\CCleaner
2006-10-07 11:23 -------- d-------- C:\Program Files\Lavasoft
2006-10-07 11:23 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2006-10-05 15:03 -------- d-------- C:\Program Files\Recorder
2006-10-05 15:03 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Recorder
2006-10-05 15:00 -------- d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2006-10-05 14:52 -------- d-------- C:\Program Files\Workspace Macro 4.5
2006-10-05 14:43 -------- d-------- C:\Program Files\Aldo's Macro Recorder
2006-10-05 12:43 -------- d-------- C:\Program Files\Internet Explorer
2006-10-04 23:31 -------- d-------- C:\Program Files\Guild Wars
2006-10-04 16:01 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2006-10-04 15:49 -------- d-------- C:\Program Files\AoA DVD Ripper
2006-10-04 15:48 -------- d-------- C:\Program Files\XviD
2006-10-04 12:15 -------- d-------- C:\Program Files\CleanUp!
2006-10-04 12:09 -------- d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2006-10-03 16:32 -------- d-------- C:\Program Files\Starcraft
2006-10-02 19:48 -------- d-------- C:\Program Files\Scorched3D
2006-10-02 19:47 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-01 12:54 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2006-10-01 11:51 -------- d-------- C:\Program Files\GIMP-2.0
2006-10-01 11:50 -------- d-------- C:\Program Files\Common Files\GTK
2006-10-01 11:48 -------- d-------- C:\Program Files\Paint.NET
2006-09-28 16:19 -------- d-------- C:\Program Files\NVIDIA Corporation
2006-09-28 16:07 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2006-09-28 16:04 -------- d-------- C:\Documents and Settings\Administrator\Application Data\dvdcss
2006-09-27 21:21 -------- d-------- C:\Documents and Settings\Administrator\Application Data\vlc
2006-09-27 21:20 -------- d-------- C:\Program Files\VideoLAN
2006-09-27 17:41 -------- d-------- C:\Program Files\Common Files\Autodesk Shared
2006-09-27 17:41 -------- d-------- C:\Program Files\Autodesk
2006-09-27 13:40 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2006-09-27 12:57 -------- d-------- C:\Program Files\DivX
2006-09-27 12:49 -------- d-------- C:\Program Files\QuickTime
2006-09-27 12:49 -------- d-------- C:\Program Files\Apple Software Update
2006-09-27 12:43 -------- d-------- C:\Program Files\Avid
2006-09-27 10:30 -------- d-------- C:\Program Files\Power Tab Software
2006-09-27 08:25 -------- d-------- C:\Program Files\Windows Live Toolbar
2006-09-27 08:25 -------- d-------- C:\Program Files\MSN Messenger
2006-09-27 08:25 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-09-27 07:43 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Sony Corporation
2006-09-27 07:42 -------- d-------- C:\Program Files\Sony
2006-09-27 07:41 -------- d-------- C:\Program Files\Common Files\Sony Shared
2006-09-27 07:41 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-09-27 03:31 -------- d-------- C:\Program Files\Valve
2006-09-27 03:15 -------- d-------- C:\Program Files\Futuremark
2006-09-27 02:50 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2006-09-27 02:48 62 --ahs---- C:\Documents and Settings\Administrator\Application Data\desktop.ini
2006-09-27 02:48 -------- d-------- C:\Program Files\Common Files\SpeechEngines
2006-09-27 02:48 -------- d-------- C:\Program Files\Common Files\ODBC
2006-09-27 02:41 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2006-09-27 02:23 -------- d-------- C:\Program Files\Attansic
2006-09-27 02:19 -------- d-------- C:\Program Files\Realtek
2006-09-27 02:15 -------- d-------- C:\Program Files\VIA
2006-09-27 02:08 -------- d--h----- C:\Program Files\Uninstall Information
2006-09-27 02:08 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2006-09-27 02:02 -------- d-------- C:\Program Files\WinPcap
2006-09-27 02:02 -------- d-------- C:\Program Files\Utilities
2006-09-27 02:02 -------- d-------- C:\Program Files\Mozilla Thunderbird
2006-09-27 02:01 -------- d-------- C:\Program Files\Resource Kits
2006-09-27 02:01 -------- d-------- C:\Program Files\Nero
2006-09-27 02:01 -------- d-------- C:\Program Files\Java
2006-09-27 02:01 -------- d-------- C:\Program Files\Common Files\Ahead
2006-09-27 02:00 -------- d-------- C:\Program Files\Common Files\Java
2006-09-27 01:59 -------- d-------- C:\Program Files\Windows Media Player
2006-09-27 01:59 -------- d-------- C:\Program Files\Common Files\Adobe
2006-09-27 01:59 -------- d-------- C:\Program Files\Adobe
2006-09-27 01:58 -------- d--h----- C:\Program Files\WindowsUpdate
2006-09-27 01:57 -------- d-------- C:\Program Files\Outlook Express
2006-09-27 01:57 -------- d-------- C:\Program Files\Common Files\System
2006-09-27 01:57 -------- d-------- C:\Program Files\Common Files\Services
2006-09-27 01:57 -------- d-------- C:\Program Files\Common Files\MSSoap
2006-09-27 01:56 -------- d-------- C:\Program Files\Windows Media Connect 2
2006-09-27 01:56 -------- d-------- C:\Program Files\Unlocker
2006-09-27 01:56 -------- d-------- C:\Program Files\TaskSwitchXP
2006-09-27 01:56 -------- d-------- C:\Program Files\RegShot
2006-09-27 01:56 -------- d-------- C:\Program Files\OpenExpert
2006-09-27 01:56 -------- d-------- C:\Program Files\Microsoft
2006-09-27 01:56 -------- d-------- C:\Program Files\Internet
2006-09-27 01:56 -------- d-------- C:\Program Files\Desktop
2006-09-27 01:56 -------- d-------- C:\Program Files\ComPlus Applications
2006-09-27 01:56 -------- d-------- C:\Program Files\Attribute Changer
2006-09-27 01:56 -------- d-------- C:\Program Files\7-Zip
2006-09-27 01:55 -------- d-------- C:\Program Files\Windows NT
2006-09-27 01:55 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-08-11 21:45 888832 --a------ C:\WINDOWS\system32\nvmobls.dll
2006-08-11 21:45 581632 --a------ C:\WINDOWS\system32\nvhwvid.dll
2006-08-11 21:45 5611520 --a------ C:\WINDOWS\system32\nvdisps.dll
2006-08-11 21:45 5251072 --a------ C:\WINDOWS\system32\nvdispsr.dll
2006-08-11 21:45 458752 --a------ C:\WINDOWS\system32\nvmccssr.dll
2006-08-11 21:45 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2006-08-11 21:45 3039232 --a------ C:\WINDOWS\system32\nvgames.dll
2006-08-11 21:45 2953216 --a------ C:\WINDOWS\system32\nvvitvsr.dll
2006-08-11 21:45 2928640 --a------ C:\WINDOWS\system32\nvgamesr.dll
2006-08-11 21:45 2904064 --a------ C:\WINDOWS\system32\nvvitvs.dll
2006-08-11 21:45 2859008 --a------ C:\WINDOWS\system32\nvmoblsr.dll
2006-08-11 21:45 229376 --a------ C:\WINDOWS\system32\nvmccs.dll
2006-08-11 21:45 188416 --a------ C:\WINDOWS\system32\nvmccss.dll
2006-08-11 21:45 1732608 --a------ C:\WINDOWS\system32\nvwssr.dll
2006-08-11 21:45 1236992 --a------ C:\WINDOWS\system32\nvwss.dll
2006-08-11 21:44 147456 --a------ C:\WINDOWS\system32\nvcolor.exe
2006-08-11 21:43 86016 --a------ C:\WINDOWS\system32\nvmctray.dll
2006-08-11 21:43 81920 --a------ C:\WINDOWS\system32\nvwddi.dll
2006-08-11 21:43 794624 --a------ C:\WINDOWS\system32\nvcplui.exe
2006-08-11 21:43 7630848 --a------ C:\WINDOWS\system32\nvcpl.dll
2006-08-11 21:43 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2006-08-11 21:43 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2006-08-11 21:43 425984 --a------ C:\WINDOWS\system32\keystone.exe
2006-08-11 21:43 311296 --a------ C:\WINDOWS\system32\nvexpbar.dll
2006-08-11 21:43 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2006-08-11 21:43 196608 --a------ C:\WINDOWS\system32\nvapi.dll
2006-08-11 21:43 1662976 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2006-08-11 21:43 1519616 --a------ C:\WINDOWS\system32\nwiz.exe
2006-08-11 21:43 1470464 --a------ C:\WINDOWS\system32\nview.dll
2006-08-11 21:43 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2006-08-11 21:43 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2006-08-11 21:43 1011712 --a------ C:\WINDOWS\system32\nvcpluir.dll
2006-08-11 21:42 5636096 --a------ C:\WINDOWS\system32\nvoglnt.dll
2006-08-11 21:42 4496128 --a------ C:\WINDOWS\system32\nv4_disp.dll
2006-08-11 21:42 3958496 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2006-08-11 21:42 35840 --a------ C:\WINDOWS\system32\nvcodins.dll
2006-08-11 21:42 35840 --a------ C:\WINDOWS\system32\nvcod.dll
2006-08-11 21:42 155715 --a------ C:\WINDOWS\system32\nvsvc32.exe
2006-08-11 18:35 520192 --a------ C:\WINDOWS\system32\DivXsm.exe
2006-08-11 18:35 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2006-08-11 18:35 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2006-08-11 18:35 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2006-08-11 18:31 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2006-08-11 18:31 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2006-08-11 18:31 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2006-08-11 18:31 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2006-08-11 18:31 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2006-08-11 18:31 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2006-08-11 18:31 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2006-08-11 18:31 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2006-08-11 18:31 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2006-08-11 18:31 118784 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-07-21 09:24 72704 --a------ C:\WINDOWS\system32\hlink.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TaskSwitchXP"="C:\\Program Files\\TaskSwitchXP\\TaskSwitchXP.exe"
"Free Download Manager"="C:\\Program Files\\Free Download Manager\\fdm.exe -autorun"
"Steam"="\"C:\\Program Files\\Valve\\Steam\\Steam.exe\" -silent"
"SsAAD.exe"="C:\\PROGRA~1\\Sony\\SONICS~1\\SsAAD.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,20,01,00,00,00,00,00,00,80,04,00,00,66,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f2,01,00,00,23,00,00,00,7c,00,00,00,72,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"TaskSwitchXP"="C:\\Program Files\\TaskSwitchXP\\TaskSwitchXP.exe"
"Free Download Manager"="C:\\Program Files\\Free Download Manager\\fdm.exe -autorun"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce]
"nlsf"=hex(2):63,6d,64,2e,65,78,65,20,2f,43,20,6d,6f,76,65,20,2f,59,20,22,25,\
53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,73,79,73,73,\
65,74,75,62,2e,64,6c,6c,22,20,22,25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,\
79,73,74,65,6d,33,32,5c,73,79,73,73,65,74,75,70,2e,64,6c,6c,22,00
"tscuninstall"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,74,73,63,75,70,67,72,64,2e,65,78,65,00

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"TaskSwitchXP"="C:\\Program Files\\TaskSwitchXP\\TaskSwitchXP.exe"
"Free Download Manager"="C:\\Program Files\\Free Download Manager\\fdm.exe -autorun"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce]
"nlsf"=hex(2):63,6d,64,2e,65,78,65,20,2f,43,20,6d,6f,76,65,20,2f,59,20,22,25,\
53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,73,79,73,73,\
65,74,75,62,2e,64,6c,6c,22,20,22,25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,\
79,73,74,65,6d,33,32,5c,73,79,73,73,65,74,75,70,2e,64,6c,6c,22,00
"tscuninstall"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,74,73,63,75,70,67,72,64,2e,65,78,65,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"DisableCAD"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoSharedDocuments"=dword:00000001
"NoRecentDocsMenu"=dword:00000001
"NoRecentDocsHistory"=dword:00000001
"NoSMConfigurePrograms"=dword:00000001
"NoSaveSettings"=dword:00000000
"DisableCAD"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"NoInternetOpenWith"=dword:00000001
"DisableCAD"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDesktopCleanupWizard"=dword:00000001
"ForceClassicControlPanel"=dword:00000001
"NoRemoteRecursiveEvents"=dword:00000001
"MemCheckBoxInRunDlg"=dword:00000001
"DisableCAD"=dword:00000001
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoSharedDocuments"=dword:00000001
"NoRecentDocsMenu"=dword:00000001
"NoRecentDocsHistory"=dword:00000001
"NoSMConfigurePrograms"=dword:00000001

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoSharedDocuments"=dword:00000001
"NoRecentDocsMenu"=dword:00000001
"NoRecentDocsHistory"=dword:00000001
"NoSMConfigurePrograms"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job

Completion time: 08/10/2006 14:40:30.31
ComboFix.txt
ComboFix2.txt

Logfile of HijackThis v1.99.1
Scan saved at 14:41:47, on 08/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\NOTEPAD2.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD2.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD2.EXE
C:\Program Files\Hijackthis\crusty.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.savewealt...ort/ie6/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0...S01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.savewealth.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0...S01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?bc1600a0e2c044038e2d15f1f722b483
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?bc1600a0e2c044038e2d15f1f722b483
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

Thank you

#8
Crustyoldbloke

Posted 08 October 2006 - 08:55 AM

Old Malware Surgeon with a shaky scalpel

Retired Staff
15,131 posts

Congratulations! your new log is clean. :whistling:

Just a little bit more to do to prevent further infection.

Reset and Re-enable your System Restore to remove bad files that have been backed up by Windows. The files in System Restore are protected to prevent any programmes changing them. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected.)

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)
1. Turn off System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Reboot.

3. Turn ON System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
I recommend going to the following link and update as recommended by Microsoft. This adds more security and extra features including a pop-up blocker for Internet Explorer. Microsoft Update

MVPS Hosts file This replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.

SiteAdvisor download this plug-in for your browser and it will alert you of a known bad site for FREE.

Now that everything is fixed, I suggest that you consider getting these programmes to help keep the computer clean:

SPYWARE BLASTER - Blocks bad ActiveX items from installing on your computer.
WINDOWS DEFENDER - With daily updates and scans, this programme offers good security against malware.
AD-AWARE PERSONAL – A fine free malware detector and removal programme
SPYBOT S&D – Excellent free spyware detector and removal programme
GOOGLE TOOLBAR - Blocks many unwanted pop-ups in Internet Explorer.
FIREFOX - Safer alternative to the Internet Explorer web browser.
AVG ANTIVIRUS FREE EDITION - Free antivirus programme if you currently are not using one.
ZONEALARM - Free firewall programme if you currently are not using one (Windows XP has a built-in firewall).

Remember to update these frequently.

Please note that whilst there is nothing wrong in having more than one antispyware programme for “on demand” scanning, having two or more antivirus systems is not recommended as they may well cause conflicts and slowness.

You may also want to read "How did I get infected in the first place" to learn how to better secure your computer.

Be sure to keep your Windows, antispyware and antivirus updated. :blink:

It just remains for me to wish you happy safe surfing; I hope you found my advice helpful.

#9
Crustyoldbloke

Posted 18 October 2006 - 01:33 AM

Old Malware Surgeon with a shaky scalpel

Retired Staff
15,131 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :whistling:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.