Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Routing.exe and Perfmonss.exe Trojans - Need Help removing [RESOLVED]


  • This topic is locked This topic is locked

#1
thejomo

thejomo

    Member

  • Member
  • PipPip
  • 11 posts
I've read the forums and run the scans, and nothing seems to be able to find these executables except HijackThis. My machine recently started playing random audio clips which led me to investigating what was causing it.

In advance, thank you for your help!

Here are my HJT logs:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:46:36 AM, on 3/13/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Joe\Desktop\HiJackThis.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar44.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar44.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O13 - Gopher Prefix:
O15 - Trusted Zone: *.kodakgallery.com
O15 - Trusted Zone: *.osmh.net
O15 - Trusted Zone: *.salesforce.com
O15 - Trusted Zone: *.shutterfly.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfi...IOS/tgctlcm.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgree...eensActivia.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab2.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgall..._2/axofupld.cab
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds...ransferCtrl.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.su...ows-i586-jc.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...trl.cab?lmi=100
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O22 - SharedTaskScheduler: Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DesktopControlPanel.dll
O22 - SharedTaskScheduler: StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DreamControl.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPCAgent - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPCAgent.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\Windows\system32\perfmonss.exe
O23 - Service: Routing Service (Routing) - Unknown owner - C:\Windows\system32\routing.exe
O23 - Service: SCM_Service - Unknown owner - C:\Windows\System32\WinService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: VAIO TV Tuner Library Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\TVTunerLib\TunerLibSvc.exe

--
End of file - 13987 bytes
  • 0

Advertisements


#2
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello thejomo

Welcome to G2Go. :)
=====================
Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
thejomo

thejomo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Appreciate the help. Here are the results of those scans:

Main.txt:
--------------------

Deckard's System Scanner v20071014.68
Run by Joe on 2008-03-13 07:41:45
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 3 Restore Point(s) --
3: 2008-03-12 07:00:48 UTC - RP479 - Windows Update
2: 2008-03-12 04:00:04 UTC - RP478 - Scheduled Checkpoint
1: 2008-03-11 05:42:31 UTC - RP477 - Scheduled Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Joe.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:48:45 AM, on 3/13/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Joe\Desktop\dss.exe
C:\Windows\system32\DllHost.exe
C:\Users\Joe\Desktop\Joe.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar44.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar44.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O13 - Gopher Prefix:
O15 - Trusted Zone: *.kodakgallery.com
O15 - Trusted Zone: *.osmh.net
O15 - Trusted Zone: *.salesforce.com
O15 - Trusted Zone: *.shutterfly.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfi...IOS/tgctlcm.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgree...eensActivia.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab2.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgall..._2/axofupld.cab
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds...ransferCtrl.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.su...ows-i586-jc.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...trl.cab?lmi=100
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O22 - SharedTaskScheduler: Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DesktopControlPanel.dll
O22 - SharedTaskScheduler: StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DreamControl.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPCAgent - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPCAgent.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\Windows\system32\perfmonss.exe
O23 - Service: Routing Service (Routing) - Unknown owner - C:\Windows\system32\routing.exe
O23 - Service: SCM_Service - Unknown owner - C:\Windows\System32\WinService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: VAIO TV Tuner Library Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\TVTunerLib\TunerLibSvc.exe

--
End of file - 13911 bytes

-- HijackThis Fixed Entries (C:\Users\Joe\Desktop\backups\) --------------------

backup-20080313-010325-120 O23 - Service: Routing Service (Routing) - Unknown owner - C:\Windows\system32\routing.exe
backup-20080313-010325-962 O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\Windows\system32\perfmonss.exe
backup-20080313-010523-367 O23 - Service: Routing Service (Routing) - Unknown owner - C:\Windows\system32\routing.exe
backup-20080313-010523-500 O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\Windows\system32\perfmonss.exe
backup-20080313-011338-352 O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\Windows\system32\perfmonss.exe
backup-20080313-011338-643 O23 - Service: Routing Service (Routing) - Unknown owner - C:\Windows\system32\routing.exe

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys <Not Verified; PowerQuest Corporation; PowerQuest product>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.5.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.5.0>
R2 BrPar - c:\windows\system32\drivers\brpar.sys <Not Verified; Brother Industries Ltd.; Brother Parallel Class Driver>
R2 iPassP (iPass Protocol (IEEE 802.1x) v3.4.9.0) - c:\windows\system32\drivers\ipassp.sys <Not Verified; Meetinghouse Data Communications; iPass Client 3.4.9.0>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 RTL8187 (NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver) - c:\windows\system32\drivers\wg111v2.sys <Not Verified; NETGEAR Inc.; NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NDIS Driver>

S3 wg111nd5 (NETGEAR WG111 802.11g Wireless USB Adapter Driver) - c:\windows\system32\drivers\wg111nd5.sys <Not Verified; NETGEAR, Inc.; NETGEAR 802.11g Wireless LAN>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 iPCAgent - c:\program files\ipass\ipassconnect\ipcagent.exe <Not Verified; iPass, Inc.; iPCAgent Module>
R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe
R2 perfmons (perfmons Service) - c:\windows\system32\perfmonss.exe
R2 Routing (Routing Service) - c:\windows\system32\routing.exe
R2 SCM_Service - c:\windows\system32\winservice.exe

S2 AVP (Kaspersky Anti-Virus 6.0) - "c:\program files\kaspersky lab\kaspersky anti-virus 6.0\avp.exe" -r (file missing)
S4 iPassConnectEngine - c:\program files\ipass\ipassconnect\ipassconnectengine.exe <Not Verified; iPass; iPassConnectEngine Module>
S4 RetroWDSvc (Retrospect WD Service) - c:\program files\dantz\retrospect\wdsvc.exe <Not Verified; Dantz Development Corporation; Retrospect>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-03-12 20:49:09 418 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{2DF07F7E-3CF9-4752-882B-D0C41D3A10C6}.job
2008-03-10 07:37:17 496 --a------ C:\Windows\Tasks\Norton Security Online - Run Full System Scan - Joe.job


-- Files created between 2008-02-13 and 2008-03-13 -----------------------------

2008-03-09 18:44:09 40 --a------ C:\Windows\system32\drmgsZ7Ś†
2008-03-02 16:30:36 31744 --a------ C:\Windows\system32\routing.exe
2008-03-02 16:30:33 40 --a------ C:\Windows\system32\drmgs.sys
2008-03-02 16:30:23 273920 --a------ C:\Windows\system32\andt.sys
2008-03-01 14:08:28 45056 --a------ C:\Windows\system32\Indt2.sys <Not Verified; b; >
2008-03-01 00:38:37 126464 --a------ C:\Windows\2.exe
2008-03-01 00:34:40 0 d-a------ C:\Users\All Users\TEMP
2008-02-25 00:59:39 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-25 00:59:25 0 d-------- C:\Program Files\Windows Live
2008-02-25 00:56:37 0 d-------- C:\Users\All Users\WLInstaller


-- Find3M Report ---------------------------------------------------------------

2008-03-13 01:06:27 0 d-------- C:\Program Files\LogMeIn
2008-03-12 03:15:51 0 d-------- C:\Program Files\Windows Mail
2008-03-10 20:12:45 0 d-------- C:\Program Files\Symantec
2008-03-10 20:12:43 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-01 03:18:44 0 d-------- C:\Program Files\Common Files\Nero
2008-03-01 01:21:39 0 d-------- C:\Users\Joe\AppData\Roaming\uTorrent
2008-02-25 00:59:39 0 d-------- C:\Program Files\Common Files
2008-02-08 08:17:06 0 d-------- C:\Program Files\Common Files\Adobe
2008-02-05 00:22:56 0 d-------- C:\Program Files\Nero
2008-02-05 00:09:06 0 d-------- C:\Program Files\NeroInstall.bak
2008-02-04 23:35:15 0 d-------- C:\Users\Joe\AppData\Roaming\Nero
2008-02-02 21:33:39 0 d-------- C:\Users\Joe\AppData\Roaming\Adobe
2007-12-31 01:35:41 34 --a------ C:\Windows\system32\BD2040.DAT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [04/11/2007 07:58 PM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [08/24/2007 08:00 AM]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [01/07/2005 05:07 PM C:\Windows\System32\HdAShCut.exe]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [04/17/2007 02:03 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [09/11/2007 10:28 PM]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [09/11/2007 10:28 PM]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [09/11/2007 10:28 PM]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [06/26/2007 01:48 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/10/2007 01:59 AM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [03/12/2007 06:30 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [10/19/2007 09:16 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11/02/2007 07:36 PM]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [09/20/2007 09:51 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [03/01/2007 03:57 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [01/09/2008 01:34 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [11/02/2006 05:45 AM]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 12:34 PM]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 08:34 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [05/22/2007 11:15 PM]
"TivoTransfer"="C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" [08/06/2007 11:12 AM]
"TivoNotify"="C:\Program Files\TiVo\Desktop\TiVoNotify.exe" [08/06/2007 11:13 AM]
"TivoServer"="C:\Program Files\TiVo\Desktop\TiVoServer.exe" [08/06/2007 11:14 AM]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [10/23/2007 03:19 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 08:33 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [8/24/2007 5:45:42 AM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WG111v2 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111v2\WG111v2.exe [10/14/2007 1:12:28 AM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON PictureMate Deluxe]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9TA.EXE /P24 "EPSON PictureMate Deluxe" /O6 "USB001" /M "PictureMate Deluxe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
"C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
"C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
"C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Button Manager]
WDBtnMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WudfServiceGroup WUDFSvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7e64e5c9-43d6-11dc-a2d1-00146c610ccf}]
AutoRun\command- I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7e64e5d1-43d6-11dc-a2d1-00146c610ccf}]
AutoRun\command- I:\LaunchU3.exe -a

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-03-13 07:50:06 ------------


Extra.txt:
-------------------------------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Ultimate (build 6000)
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.00GHz
Percentage of Memory in Use: 36%
Physical Memory (total/avail): 2046.81 MiB / 1307.77 MiB
Pagefile Memory (total/avail): 3502.9 MiB / 2451.17 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1909.26 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 78.13 GiB total, 19.55 GiB free.
D: is Fixed (NTFS) - 102.17 GiB total, 74 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
H: is CDROM (No Media)
J: is Fixed (NTFS) - 298.09 GiB total, 149.37 GiB free.
W: is Removable (No Media)
X: is Removable (No Media)
Y: is Removable (No Media)
Z: is Removable (No Media)

\\.\PHYSICALDRIVE0 - WDC WD2000JD-98HBB0 ATA Device - 186.31 GiB - 3 partitions
\PARTITION0 - Unknown - 6.01 GiB
\PARTITION1 (bootable) - Installable File System - 78.13 GiB - C:
\PARTITION2 - Installable File System - 102.17 GiB - D:

\\.\PHYSICALDRIVE2 - Sony UMH-U HS-CF USB Device

\\.\PHYSICALDRIVE1 - Sony UMH-U HS-MS USB Device

\\.\PHYSICALDRIVE4 - Sony UMH-U HS-SD/MMC USB Device

\\.\PHYSICALDRIVE3 - Sony UMH-U HS-XD USB Device

\\.\PHYSICALDRIVE5 - WD 3200JB External USB Device - 298.09 GiB - 1 partition
\PARTITION0 - Installable File System - 298.09 GiB - J:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: Norton Security Online v2007 (Symantec Corporation)
AV: Norton Security Online v2007 (Symantec Corporation)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation) Disabled
AS: Norton Security Online v2007 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"="C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Microsoft Office Communicator\\communicator.exe"="C:\\Program Files\\Microsoft Office Communicator\\communicator.exe:*:Enabled:Communicator"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MusicIP\\MusicIP Mixer\\mDNSResponder.exe"="C:\\Program Files\\MusicIP\\MusicIP Mixer\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:µTorrent"
"C:\\WINDOWS\\winlogon.exe"="C:\\WINDOWS\\winlogon.exe"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Joe\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=SOCRATES
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Joe
LOCALAPPDATA=C:\Users\Joe\AppData\Local
LOGONSERVER=\\SOCRATES
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0304
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Joe\AppData\Local\Temp
TMP=C:\Users\Joe\AppData\Local\Temp
USERDOMAIN=SOCRATES
USERNAME=Joe
USERPROFILE=C:\Users\Joe
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Joe
Amy
LogMeInRemoteUser (new local, net ready)
LogMeInRemoteUser.SOCRATES (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_2_0_30\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}.exe" /X
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Windows\UNNeroBackItUp.exe /UNINSTALL
--> C:\Windows\UNNeroMediaHome.exe /UNINSTALL
--> C:\Windows\UNNeroShowTime.exe /UNINSTALL
--> C:\Windows\UNNeroVision.exe /UNINSTALL
--> C:\Windows\UNRecode.exe /UNINSTALL
--> msiexec /I {01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}
--> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
--> msiexec /I {2ECE7ECE-D15B-4999-8B8D-01C998F489D5}
--> msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
--> msiexec /I {DD362256-A7A2-4524-9457-213DDC2AFC2A}
--> msiexec /I {FA17A726-B229-4116-B793-A2AB1A4EAE2E}
µTorrent --> "C:\Program Files\uTorrent\uninstall.exe"
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5102}
Adobe Encore DVD FC --> MsiExec.exe /X{F6F6C08A-ED6F-4968-8292-A08E9F02584F}
Adobe ExtendScript Toolkit 1.0 --> MsiExec.exe /I{B74D4E10-0000-0000-0000-EDED00000102}
Adobe ExtendScript Toolkit 1.0 --> MsiExec.exe /I{B74D4E10-0000-0000-0000-EDED00000103}
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 2.0 --> MsiExec.exe /I{8FFC924C-ED06-44CB-8867-3CA778ECE903}
Adobe Premiere Pro FC --> MsiExec.exe /X{57922B53-02D4-4DFC-AC24-A3519DC1F49A}
Adobe Production Studio --> C:\PROGRA~1\INSTAL~1\{AAB06~1\setup.exe /relaunched/rootloc=h:\adobe production studio/lang=0409
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1437-443D-B06E-79A00FE45110}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Adobe Video Suite Extras --> MsiExec.exe /I{B3B7836C-A1AD-4A56-811C-C18ABDE5EAAD}
AnswerWorks 5.0 English Runtime --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}\setup.exe" -l0x9 -uninst -removeonly
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
Brother HL-2040 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D9408062-3577-448B-BE36-32535DB6EF2B}\setup.exe" -l0x9 -removeonly /uninst
BUM --> MsiExec.exe /I{55937F00-A69B-4049-8D3A-1C7729742B6F}
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
Centra Client --> C:\PROGRA~1\Centra\Client\bin\updater.exe -uninstall
DeskScapes --> C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\UNWISE.EXE C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\INSTALL.LOG
Direct Audio Converter & CD Ripper 2.0 --> "C:\Program Files\Direct Audio Converter & CD Ripper\unins000.exe"
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
EasyCleaner --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F5346614-B7C4-4E94-826A-E2363155233D}\setup.exe" -l0x9 -removeonly
EphPod --> C:\PROGRA~1\EphPod\UNWISE.EXE C:\PROGRA~1\EphPod\INSTALL.LOG
EPSON CardMonitor --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{109D28C7-FB38-483A-9C91-001CB59E2699}\Setup.exe" -l0x9 uninst
EPSON PictureMate Deluxe User's Guide --> C:\Program Files\epson\guide\picturemate_dlx_e\uninstall.exe
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
Flash Player Update for Flash MX 2004 --> MsiExec.exe /I{3A61E58F-628D-44AF-923D-D10DD943D00A}
Google Earth --> MsiExec.exe /I{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar44.dll"
HDAUDIO SoftV92 Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030030\HXFSETUP.EXE -U -IHDAUDIO\FUNC_02&VEN_14F1&DEV_2BFA&SUBSYS_20030030
High Definition Audio Driver Package - KB835221 -->
HijackThis 2.0.2 --> "C:\Users\Joe\Desktop\HijackThis.exe" /uninstall
Intel® Network Connections Drivers --> Prounstl.exe
iPassConnect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6FFA58-F491-11D3-8951-000000028494}\setup.exe"
iTunes --> MsiExec.exe /I{E3FEE4E7-4488-4A3F-A6BD-13745936EADB}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
KeePass --> C:\Program Files\KeePass\uninstall.exe
KODAK EASYSHARE Gallery Easy Upload, v2.0 --> C:\Users\Joe\AppData\Local\KodakGallery\EasyShareSetup\$SETUP_140007_591d89\Setup.exe /APR-REMOVE
Live Search Maps Add-In for Microsoft Office Outlook --> MsiExec.exe /I{EB9A4856-C28A-4BC2-9373-975A33BB9CD4}
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Logitech Audio Echo Cancellation Component --> MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870}
Logitech QuickCam --> MsiExec.exe /X{EFA2BBEB-CF93-493B-904B-1B970B8DFAB6}
Logitech Video Enumerator --> MsiExec.exe /X{EA516024-D84D-41F1-814F-83175A6188F2}
Logitech® Camera Driver --> "C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
LogMeIn --> MsiExec.exe /I{A94A7485-7DEA-43FA-9E25-302954C254B9}
Macromedia Dreamweaver MX 2004 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}\Setup.exe" -l0x9 mmUninstall
Macromedia Extension Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall
Macromedia Fireworks MX 2004 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E583ED6F-BD99-4066-A420-C815BF692B69}\Setup.exe" -l0x9 UNINSTALL
Macromedia Flash MX 2004 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F353D44-73BB-4971-B31D-F7642E9E9531}\Setup.exe" -l0x9 UNINSTALL
Macromedia FreeHand MXa --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{939740B5-0064-4779-854A-8C1086181C05}\Setup.exe" -l0x9 UNINSTALL
Microsoft .NET Framework 1.1 --> msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 Hotfix (KB929729) --> "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Communicator 2005 --> MsiExec.exe /X{BE5AD430-9E0C-4243-AB3F-593835869855}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office FrontPage 2003 --> MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office Live Meeting 2005 --> MsiExec.exe /I{5E8858EC-6B09-4939-99F2-5678073A0327}
Microsoft Office Live Meeting 2007 --> MsiExec.exe /I{63BEF36D-1782-4506-ABA6-6672B54641E0}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Ultimate 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ULTIMATER /dll OSETUP.DLL
Microsoft Office Ultimate 2007 --> MsiExec.exe /X{91120000-002E-0000-0000-0000000FF1CE}
Microsoft Office Visio Professional 2003 --> MsiExec.exe /I{90510409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs --> MsiExec.exe /X{90120000-00B2-0409-0000-0000000FF1CE}
Microsoft Virtual PC 2007 --> MsiExec.exe /X{8A7CAA24-7B23-410B-A7C3-F994B0944160}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (2.0.0.2) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Money Investment Toolbox --> "C:\Program Files\MSN Money Investment Toolbox\MNYCoreFiles\Setup\uninst.exe" /s:5
MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
MSXML 4.0 SP2 (KB925672) --> MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 Parser and SDK --> MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MVision --> MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93}
Nero 8 --> MsiExec.exe /X{9BF1DD9D-DB81-46BD-9807-E3D1E5CC1033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Netflix Preview Player --> MsiExec.exe /X{4D758B1D-8CEE-4DE7-89EB-5622FE7DD7F6}
NETGEAR WG111v2 wireless USB 2.0 adapter --> C:\Program Files\InstallShield Installation Information\{4102037D-E8E0-48E0-B203-E521D194FB71}\setup.exe -runfromtemp -l0x0009 -removeonly
Norton AntiVirus --> MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
Norton Internet Security --> MsiExec.exe /I{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}
Norton Internet Security --> MsiExec.exe /I{48185814-A224-447A-81DA-71BD20580E1B}
Norton Internet Security --> MsiExec.exe /I{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}
Norton Internet Security --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Protection Center --> MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
PowerQuest PartitionMagic 8.0 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}
Quicken 2008 --> MsiExec.exe /X{3B0F52AC-EF5C-4831-B221-06C782E41280}
Quicken WillMaker Plus 2007 --> C:\Windows\unvise32.exe C:\Program Files\Quicken WillMaker Plus 2007\uninstal.log
QuickTime --> MsiExec.exe /I{5B09BD67-4C99-46A1-8161-B7208CE18121}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Retrospect 6.5 --> MsiExec.exe /I{73B69C5C-87D6-471E-B695-0BD736C4B644}
RocketDock 1.3.5 --> "C:\Program Files\RocketDock\unins000.exe"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.ex
  • 0

#4
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download ComboFix from Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
  • 0

#5
thejomo

thejomo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
When I came back to my machine this evening, I saw a message from Norton Antivirus telling me it had detected and removed trojan horse routing.exe and perfmonss.exe. I had to reboot my machine, but I still ran ComboFix. Here are the requested logs:

ComboFix 08-03-13.4 - Joe 2008-03-13 21:43:20.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1033.18.1281 [GMT -4:00]
Running from: C:\Users\Joe\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Joe\AppData\Roaming\macromedia\Flash Player\#SharedObjects\YDJHWPVP\www.broadcaster.com
C:\Users\Joe\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Users\Joe\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Windows\2.exe
C:\WINDOWS\Downloaded Program Files\Temp
C:\Windows\system32\andt.sys
C:\Windows\system32\drmgs.sys
C:\Windows\system32\Indt2.sys
C:\Windows\system32\tmp0_108011232000.bk
C:\Windows\system32\tmp0_16520411149.bk
C:\Windows\system32\tmp0_17614747651.bk
C:\Windows\system32\tmp0_205167541919.bk
C:\Windows\system32\tmp0_251534743242.bk
C:\Windows\system32\tmp0_258353526391.bk
C:\Windows\system32\tmp0_365724767275.bk
C:\Windows\system32\tmp0_371869234902.bk
C:\Windows\system32\tmp0_452217340738.bk
C:\Windows\system32\tmp0_468445166754.bk
C:\Windows\system32\tmp0_488799875116.bk
C:\Windows\system32\tmp0_489122437712.bk
C:\Windows\system32\tmp0_560002770922.bk
C:\Windows\system32\tmp0_600459123491.bk
C:\Windows\system32\tmp0_609691214334.bk
C:\Windows\system32\tmp0_667574264159.bk
C:\Windows\system32\tmp0_66860710879.bk
C:\Windows\system32\tmp0_680598741571.bk
C:\Windows\system32\tmp0_712596556343.bk
C:\Windows\system32\tmp0_723773380973.bk
C:\Windows\system32\tmp0_72420423157.bk
C:\Windows\system32\tmp0_752465347067.bk
C:\Windows\system32\tmp0_793648870914.bk
C:\Windows\system32\tmp0_823891720426.bk
C:\Windows\system32\tmp0_826766218826.bk
C:\Windows\system32\tmp0_889797523854.bk
C:\Windows\system32\WinService.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\SCM_Service


((((((((((((((((((((((((( Files Created from 2008-02-14 to 2008-03-14 )))))))))))))))))))))))))))))))
.

2008-03-13 11:32 . 2008-03-13 11:32 68 --a------ C:\Windows\System32\tmp4_8891704363.bk
2008-03-13 11:32 . 2008-03-13 11:32 68 --a------ C:\Windows\System32\tmp3_814344684701.bk
2008-03-13 11:32 . 2008-03-13 11:32 68 --a------ C:\Windows\System32\tmp1_318986509866.bk
2008-03-13 07:41 . 2008-03-13 07:41 <DIR> d-------- C:\Deckard
2008-03-13 01:05 . 2008-03-13 01:05 <DIR> d-------- C:\_OTMoveIt
2008-03-13 00:01 . 2008-03-13 00:01 68 --a------ C:\Windows\System32\tmp4_180179832786.bk
2008-03-13 00:01 . 2008-03-13 00:01 68 --a------ C:\Windows\System32\tmp3_370467776061.bk
2008-03-13 00:01 . 2008-03-13 00:01 68 --a------ C:\Windows\System32\tmp1_213578329106.bk
2008-03-12 23:03 . 2008-03-12 23:03 68 --a------ C:\Windows\System32\tmp4_460814415178.bk
2008-03-12 23:03 . 2008-03-12 23:03 68 --a------ C:\Windows\System32\tmp3_571515527837.bk
2008-03-12 23:02 . 2008-03-12 23:02 68 --a------ C:\Windows\System32\tmp1_81385524054.bk
2008-03-12 11:32 . 2008-03-12 11:32 68 --a------ C:\Windows\System32\tmp4_189087146038.bk
2008-03-12 11:32 . 2008-03-12 11:32 68 --a------ C:\Windows\System32\tmp3_372084750695.bk
2008-03-12 11:32 . 2008-03-12 11:32 68 --a------ C:\Windows\System32\tmp1_378265591509.bk
2008-03-12 00:01 . 2008-03-12 00:01 68 --a------ C:\Windows\System32\tmp4_400024455963.bk
2008-03-12 00:01 . 2008-03-12 00:01 68 --a------ C:\Windows\System32\tmp3_738409478291.bk
2008-03-12 00:01 . 2008-03-12 00:01 68 --a------ C:\Windows\System32\tmp1_107332830942.bk
2008-03-11 21:28 . 2007-12-16 18:50 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-03-11 21:28 . 2007-12-16 05:56 41,984 --a------ C:\Windows\System32\drivers\monitor.sys
2008-03-11 11:39 . 2008-03-11 11:39 68 --a------ C:\Windows\System32\tmp4_193417238654.bk
2008-03-11 11:39 . 2008-03-11 11:39 68 --a------ C:\Windows\System32\tmp3_246528241066.bk
2008-03-11 11:39 . 2008-03-11 11:39 68 --a------ C:\Windows\System32\tmp1_714112674920.bk
2008-03-11 00:09 . 2008-03-11 00:09 68 --a------ C:\Windows\System32\tmp4_696056664665.bk
2008-03-11 00:09 . 2008-03-11 00:09 68 --a------ C:\Windows\System32\tmp3_418329142249.bk
2008-03-11 00:09 . 2008-03-11 00:09 68 --a------ C:\Windows\System32\tmp1_33800436225.bk
2008-03-10 11:32 . 2008-03-10 11:32 68 --a------ C:\Windows\System32\tmp4_447073130519.bk
2008-03-10 11:32 . 2008-03-10 11:32 68 --a------ C:\Windows\System32\tmp3_31262231462.bk
2008-03-10 11:31 . 2008-03-10 11:31 68 --a------ C:\Windows\System32\tmp1_13865494944.bk
2008-03-10 00:00 . 2008-03-10 00:00 68 --a------ C:\Windows\System32\tmp4_824586425476.bk
2008-03-10 00:00 . 2008-03-10 00:00 68 --a------ C:\Windows\System32\tmp3_513523392800.bk
2008-03-10 00:00 . 2008-03-10 00:00 68 --a------ C:\Windows\System32\tmp1_696719828490.bk
2008-03-09 18:44 . 40 C:\Windows\System32\drmgsZ7O+
2008-03-09 18:43 . 2008-03-09 18:43 68 --a------ C:\Windows\System32\tmp4_192660288684.bk
2008-03-09 18:43 . 2008-03-09 18:43 68 --a------ C:\Windows\System32\tmp3_463950218618.bk
2008-03-09 18:43 . 2008-03-09 18:43 68 --a------ C:\Windows\System32\tmp1_725838793363.bk
2008-03-09 07:57 . 2008-03-09 07:57 68 --a------ C:\Windows\System32\tmp4_811428211103.bk
2008-03-09 07:56 . 2008-03-09 07:56 68 --a------ C:\Windows\System32\tmp3_462066241266.bk
2008-03-09 07:56 . 2008-03-09 07:56 68 --a------ C:\Windows\System32\tmp1_328863357969.bk
2008-03-09 00:01 . 2008-03-09 00:01 68 --a------ C:\Windows\System32\tmp4_715630791397.bk
2008-03-09 00:01 . 2008-03-09 00:01 68 --a------ C:\Windows\System32\tmp3_585602540263.bk
2008-03-09 00:01 . 2008-03-09 00:01 68 --a------ C:\Windows\System32\tmp1_340703208716.bk
2008-03-08 12:32 . 2008-03-08 12:32 68 --a------ C:\Windows\System32\tmp4_29006704202.bk
2008-03-08 12:32 . 2008-03-08 12:32 68 --a------ C:\Windows\System32\tmp3_677216154790.bk
2008-03-08 12:31 . 2008-03-08 12:31 68 --a------ C:\Windows\System32\tmp1_391790681322.bk
2008-03-08 01:01 . 2008-03-08 01:01 68 --a------ C:\Windows\System32\tmp4_589273127426.bk
2008-03-08 01:01 . 2008-03-08 01:01 68 --a------ C:\Windows\System32\tmp3_142612355527.bk
2008-03-08 01:01 . 2008-03-08 01:01 68 --a------ C:\Windows\System32\tmp1_364241705948.bk
2008-03-07 13:40 . 2008-03-07 13:40 13,035 --a------ C:\Windows\System32\drivers\SymRedir.cat
2008-03-07 13:40 . 2008-03-07 13:40 1,358 --a------ C:\Windows\System32\drivers\SymRedir.inf
2008-03-07 13:39 . 2008-03-07 13:39 191,536 --a------ C:\Windows\System32\drivers\symtdi.sys
2008-03-07 13:39 . 2008-03-07 13:39 145,968 --a------ C:\Windows\System32\drivers\symfw.sys
2008-03-07 13:39 . 2008-03-07 13:39 39,984 --a------ C:\Windows\System32\drivers\symids.sys
2008-03-07 13:39 . 2008-03-07 13:39 37,936 --a------ C:\Windows\System32\drivers\symndisv.sys
2008-03-07 13:39 . 2008-03-07 13:39 27,696 --a------ C:\Windows\System32\drivers\symredrv.sys
2008-03-07 13:39 . 2008-03-07 13:39 12,848 --a------ C:\Windows\System32\drivers\symdns.sys
2008-03-07 01:00 . 2008-03-07 01:00 68 --a------ C:\Windows\System32\tmp4_3147038173.bk
2008-03-07 01:00 . 2008-03-07 01:00 68 --a------ C:\Windows\System32\tmp3_370442141873.bk
2008-03-07 01:00 . 2008-03-07 01:00 68 --a------ C:\Windows\System32\tmp1_199920745655.bk
2008-03-06 22:24 . 2008-03-06 22:24 68 --a------ C:\Windows\System32\tmp4_298338727008.bk
2008-03-06 22:24 . 2008-03-06 22:24 68 --a------ C:\Windows\System32\tmp3_30290061493.bk
2008-03-06 22:23 . 2008-03-06 22:23 68 --a------ C:\Windows\System32\tmp1_83888545989.bk
2008-03-06 21:52 . 2008-03-06 21:52 <DIR> d-------- C:\Users\Amy\AppData\Roaming\Skype
2008-03-06 10:56 . 2008-03-06 10:56 68 --a------ C:\Windows\System32\tmp4_834771184090.bk
2008-03-06 10:56 . 2008-03-06 10:56 68 --a------ C:\Windows\System32\tmp3_515426791227.bk
2008-03-06 10:56 . 2008-03-06 10:56 68 --a------ C:\Windows\System32\tmp2_245733671776.bk
2008-03-06 10:56 . 2008-03-06 10:56 68 --a------ C:\Windows\System32\tmp1_246159806140.bk
2008-03-06 00:01 . 2008-03-06 00:01 68 --a------ C:\Windows\System32\tmp4_30569503796.bk
2008-03-06 00:01 . 2008-03-06 00:01 68 --a------ C:\Windows\System32\tmp3_391890492231.bk
2008-03-06 00:01 . 2008-03-06 00:01 68 --a------ C:\Windows\System32\tmp2_301920540700.bk
2008-03-06 00:01 . 2008-03-06 00:01 68 --a------ C:\Windows\System32\tmp1_23432055393.bk
2008-03-05 12:31 . 2008-03-05 12:31 68 --a------ C:\Windows\System32\tmp4_793197588909.bk
2008-03-05 12:30 . 2008-03-05 12:30 68 --a------ C:\Windows\System32\tmp3_891677372600.bk
2008-03-05 12:30 . 2008-03-05 12:30 68 --a------ C:\Windows\System32\tmp2_685186249029.bk
2008-03-05 12:30 . 2008-03-05 12:30 68 --a------ C:\Windows\System32\tmp1_343050353151.bk
2008-03-05 01:01 . 2008-03-05 01:01 68 --a------ C:\Windows\System32\tmp4_247890193531.bk
2008-03-05 01:01 . 2008-03-05 01:01 68 --a------ C:\Windows\System32\tmp3_702744439923.bk
2008-03-05 01:01 . 2008-03-05 01:01 68 --a------ C:\Windows\System32\tmp2_749556227628.bk
2008-03-05 01:01 . 2008-03-05 01:01 68 --a------ C:\Windows\System32\tmp1_288401137230.bk
2008-03-04 12:31 . 2008-03-04 12:31 68 --a------ C:\Windows\System32\tmp4_202918442622.bk
2008-03-04 12:31 . 2008-03-04 12:31 68 --a------ C:\Windows\System32\tmp3_140036668761.bk
2008-03-04 12:31 . 2008-03-04 12:31 68 --a------ C:\Windows\System32\tmp2_360605270783.bk
2008-03-04 12:31 . 2008-03-04 12:31 68 --a------ C:\Windows\System32\tmp1_494870165978.bk
2008-03-04 01:02 . 2008-03-04 01:02 68 --a------ C:\Windows\System32\tmp4_68282321189.bk
2008-03-04 01:01 . 2008-03-04 01:01 68 --a------ C:\Windows\System32\tmp3_209063572496.bk
2008-03-04 01:01 . 2008-03-04 01:01 68 --a------ C:\Windows\System32\tmp2_784446362273.bk
2008-03-04 01:01 . 2008-03-04 01:01 68 --a------ C:\Windows\System32\tmp1_854588327056.bk
2008-03-03 12:48 . 2008-03-03 12:48 1,191 --a------ C:\Windows\System32\1.tsk
2008-03-03 12:31 . 2008-03-03 12:31 68 --a------ C:\Windows\System32\tmp4_727260392501.bk
2008-03-03 12:31 . 2008-03-03 12:31 68 --a------ C:\Windows\System32\tmp3_79396304230.bk
2008-03-03 12:31 . 2008-03-03 12:31 68 --a------ C:\Windows\System32\tmp2_4784586937.bk
2008-03-03 12:31 . 2008-03-03 12:31 68 --a------ C:\Windows\System32\tmp1_225830683667.bk
2008-03-03 01:01 . 2008-03-03 01:01 68 --a------ C:\Windows\System32\tmp4_254704680177.bk
2008-03-03 01:01 . 2008-03-03 01:01 68 --a------ C:\Windows\System32\tmp3_493930878773.bk
2008-03-03 01:00 . 2008-03-03 01:00 68 --a------ C:\Windows\System32\tmp2_145787625732.bk
2008-03-03 01:00 . 2008-03-03 01:00 68 --a------ C:\Windows\System32\tmp1_587896330325.bk
2008-03-02 16:30 . 2008-03-02 16:30 68 --a------ C:\Windows\System32\tmp4_537290827401.bk
2008-03-02 16:30 . 2008-03-02 16:30 68 --a------ C:\Windows\System32\tmp3_649482313581.bk
2008-03-02 16:29 . 2008-03-02 16:29 68 --a------ C:\Windows\System32\tmp2_341608207747.bk
2008-03-02 16:29 . 2008-03-02 16:29 68 --a------ C:\Windows\System32\tmp1_586070141020.bk
2008-03-01 12:31 . 2008-03-01 12:31 68 --a------ C:\Windows\System32\tmp3_486853368270.bk

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-13 05:06 --------- d-----w C:\Program Files\LogMeIn
2008-03-12 07:15 --------- d-----w C:\Program Files\Windows Mail
2008-03-12 07:09 --------- d-----w C:\ProgramData\Microsoft Help
2008-03-11 00:12 --------- d-----w C:\Program Files\Symantec
2008-03-11 00:12 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-01 07:18 --------- d-----w C:\Program Files\Common Files\Nero
2008-03-01 07:13 --------- d-----w C:\ProgramData\Nero
2008-03-01 05:21 --------- d-----w C:\Users\Joe\AppData\Roaming\uTorrent
2008-02-14 02:28 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-14 02:28 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-14 02:20 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-14 02:20 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-14 02:19 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-14 02:19 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-14 02:19 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-02-14 02:19 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-14 02:19 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-14 02:18 806,400 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-14 02:18 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-14 02:18 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-14 02:18 217,144 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-14 02:18 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-14 02:16 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 02:16 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 02:16 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-14 02:16 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 02:16 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-14 02:16 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-14 02:12 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-14 02:12 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-14 02:12 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-14 02:12 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-14 02:09 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-02-08 12:17 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-05 04:22 --------- d-----w C:\Program Files\Nero
2008-02-05 04:09 --------- d-----w C:\Program Files\NeroInstall.bak
2008-02-05 03:35 --------- d-----w C:\Users\Joe\AppData\Roaming\Nero
2008-02-01 09:03 --------- d-----w C:\ProgramData\Symantec
2008-01-30 19:06 --------- d-----w C:\ProgramData\Applications
2008-01-15 14:54 10,537 ----a-w C:\Windows\system32\drivers\COH_Mon.cat
2008-01-15 10:28 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
2008-01-09 05:34 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2007-12-20 14:43 248,448 ----a-w C:\Windows\System32\Prounstl.exe
2007-12-15 01:05 35,424 ----a-w C:\Windows\System32\e100bmsg.dll
2007-08-29 11:21 174 --sha-w C:\Program Files\desktop.ini
2007-08-06 04:59 262,144 ----a-w C:\ProgramData\ntuser.dat
2006-10-13 01:49 154,983 ----a-w C:\Windows\Internet Logs\vsmon_2nd_2006_09_24_21_39_19_small.dmp.zip
2006-08-26 14:26 96,765 ----a-w C:\Windows\Internet Logs\vsmon_2nd_2006_08_26_04_47_37_small.dmp.zip
2006-08-26 14:26 91,892 ----a-w C:\Windows\Internet Logs\vsmon_2nd_2006_08_26_04_52_46_small.dmp.zip
2006-08-26 14:26 166,991 ----a-w C:\Windows\Internet Logs\vsmon_2nd_2006_08_26_04_42_06_small.dmp.zip
2007-10-23 14:27 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-10-23 14:27 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-10-23 14:27 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 01:34 1232896]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-11-02 05:45 8704]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 08:34 125440]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-05-22 23:15 171448]
"TivoTransfer"="C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" [2007-08-06 11:12 1192960]
"TivoNotify"="C:\Program Files\TiVo\Desktop\TiVoNotify.exe" [2007-08-06 11:13 375808]
"TivoServer"="C:\Program Files\TiVo\Desktop\TiVoServer.exe" [2007-08-06 11:14 1492480]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-10-23 15:19 1410344]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 08:33 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-04-11 19:58 1006264]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 08:00 33648]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\Windows\System32\HdAShCut.exe]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 14:03 63048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-11 22:28 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-11 22:28 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-11 22:28 81920]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2007-06-26 13:48 509224]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 01:59 115816]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30 517768]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 21:16 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 19:36 267048]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51 1836328]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-05-22 23:15 171448]

C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 05:45:42 101784]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WG111v2 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111v2\WG111v2.exe [2007-10-14 01:12:28 1261568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON PictureMate Deluxe]
--a------ 2004-10-17 03:00 98304 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9TA.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-11-02 19:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a------ 2007-05-17 10:52 505368 C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2007-05-17 10:53 780312 C:\Program Files\Logitech\QuickCam10\QuickCam10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-10-19 21:16 286720 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-09-01 00:01 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Button Manager]
--a------ 2006-08-26 01:28 331776 C:\Windows\System32\WDBtnMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe"= %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
"%windir%\system32\sessmgr.exe"= %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\Program Files\MSN Messenger\msncall.exe"= C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
"C:\Program Files\MSN Messenger\msnmsgr.exe"= C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\GloballyOpenPorts\List]
"10243:TCP"= 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP"= 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP"= 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP"= 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP"= 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP"= 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"137:UDP"= 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP"= 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"139:TCP"= 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"1900:UDP"= 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP"= 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"445:TCP"= 445:TCP:*:Enabled:@xpsp2res.dll,-22005

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"C:\Program Files\MSN Messenger\msnmsgr.exe-UDP-Domain"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:Windows Live Messenger 8.0
"C:\Program Files\MSN Messenger\msnmsgr.exe-TCP-Domain"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:Windows Live Messenger 8.0
"C:\Program Files\MSN Messenger\msncall.exe-UDP-Domain"= TCP:C:\Program Files\MSN Messenger\msncall.exe:Windows Live Messenger 8.0 (Phone)
"C:\Program Files\MSN Messenger\msncall.exe-TCP-Domain"= UDP:C:\Program Files\MSN Messenger\msncall.exe:Windows Live Messenger 8.0 (Phone)
"%windir%\Network Diagnostic\xpnetdiag.exe-UDP-Domain"= TCP:%windir%\Network Diagnostic\xpnetdiag.exe:@xpsp3res.dll,-20000
"%windir%\Network Diagnostic\xpnetdiag.exe-TCP-Domain"= UDP:%windir%\Network Diagnostic\xpnetdiag.exe:@xpsp3res.dll,-20000
"10284:UDP-Domain"= TCP:10284:LocalSubnet:LocalSubnet:Windows Media Player Network Sharing Service
"10283:UDP-Domain"= TCP:10283:LocalSubnet:LocalSubnet:Windows Media Player Network Sharing Service
"10282:UDP-Domain"= TCP:10282:LocalSubnet:LocalSubnet:Windows Media Player Network Sharing Service
"10281:UDP-Domain"= TCP:10281:LocalSubnet:LocalSubnet:Windows Media Player Network Sharing Service
"10280:UDP-Domain"= TCP:10280:LocalSubnet:LocalSubnet:Windows Media Player Network Sharing Service
"10243:TCP-Domain"= UDP:10243:LocalSubnet:LocalSubnet:Windows Media Player Network Sharing Service
"C:\Program Files\uTorrent\utorrent.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\uTorrent\utorrent.exe:µTorrent
"C:\Program Files\uTorrent\utorrent.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\uTorrent\utorrent.exe:µTorrent
"C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe-UDP-Standard"= TCP:C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe:SmartFTP Client 2.0
"C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe-TCP-Standard"= UDP:C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe:SmartFTP Client 2.0
"C:\Program Files\Skype\Phone\Skype.exe-UDP-Standard"= TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"C:\Program Files\Skype\Phone\Skype.exe-TCP-Standard"= UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"C:\Program Files\MusicIP\MusicIP Mixer\mDNSResponder.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\MusicIP\MusicIP Mixer\mDNSResponder.exe:Bonjour
"C:\Program Files\MusicIP\MusicIP Mixer\mDNSResponder.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\MusicIP\MusicIP Mixer\mDNSResponder.exe:Bonjour
"C:\Program Files\MSN Messenger\msnmsgr.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\MSN Messenger\msnmsgr.exe:Windows Live Messenger 8.0
"C:\Program Files\MSN Messenger\msnmsgr.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\MSN Messenger\msnmsgr.exe:Windows Live Messenger 8.0
"C:\Program Files\MSN Messenger\msncall.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\MSN Messenger\msncall.exe:Windows Live Messenger 8.0 (Phone)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE-UDP-Standard"= TCP:Profile=Public|C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:Microsoft Office Outlook
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE-TCP-Standard"= UDP:Profile=Public|C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:Microsoft Office Outlook
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE-UDP-Standard"= TCP:Profile=Public|C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE-TCP-Standard"= UDP:Profile=Public|C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE-UDP-Standard"= TCP:Profile=Public|C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE-TCP-Standard"= UDP:Profile=Public|C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"C:\Program Files\Microsoft Office Communicator\communicator.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\Microsoft Office Communicator\communicator.exe:Communicator
"C:\Program Files\Microsoft Office Communicator\communicator.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\Microsoft Office Communicator\communicator.exe:Communicator
"C:\Program Files\Messenger\msmsgs.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\Messenger\msmsgs.exe:Windows Messenger
"C:\Program Files\Messenger\msmsgs.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\Messenger\msmsgs.exe:Windows Messenger
"C:\Program Files\iTunes\iTunes.exe-UDP-Standard"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"C:\Program Files\iTunes\iTunes.exe-TCP-Standard"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"%windir%\Network Diagnostic\xpnetdiag.exe-UDP-Standard"= TCP:Profile=Public|%windir%\Network Diagnostic\xpnetdiag.exe:@xpsp3res.dll,-20000
"%windir%\Network Diagnostic\xpnetdiag.exe-TCP-Standard"= UDP:Profile=Public|%windir%\Network Diagnostic\xpnetdiag.exe:@xpsp3res.dll,-20000
"10284:UDP-Standard"= TCP:10284:LocalSubnet:LocalSubnet:Windows Media Player Network Sharing Service
"10283:UDP-Standard"= TCP:10283:LocalSubnet:LocalSubnet:Windows Media Player Network Sharing Service
"10282:UDP-Standard"= TCP:10282:LocalSubnet:LocalSubnet:Windows Media Player Network Sharing Service
"10281:UDP-Standard"= TCP:10281:LocalSubnet:LocalSubnet:Windows Media Player Network Sharing Service
"10280:UDP-Standard"= TCP:10280:LocalSubnet:LocalSubnet:Windows Media Player Network Sharing Service
"10243:TCP-Standard"= UDP:10243:LocalSubnet:LocalSubnet:Windows Media Player Network Sharing Service
"{715D0F7B-DF63-452E-84B5-8C4ECF754C8E}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)|Edge=TRUE|
"{66B21F60-D284-450B-83DB-43FA29D3308C}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)|Edge=TRUE|
"{3C9921BB-E099-49E1-A3C3-5D4200595E96}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{29E177BA-366C-46C4-B5AF-1FDF31FE6D62}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{836CD222-B431-47FD-96A1-CA53215CFC7C}"= UDP:2190:TivoBeacon-Port2190
"{617CA2F7-2E94-418D-84E8-D25A10F93072}"= UDP:C:\Program Files\Yahoo!\Intellisync for Yahoo!\IS4Yahoo.exe:IS4Yahoo!
"{4E651503-09CD-405D-BBC7-5677F7E8A220}"= TCP:C:\Program Files\Yahoo!\Intellisync for Yahoo!\IS4Yahoo.exe:IS4Yahoo!
"{5B296AE9-E319-452B-9DF3-3A0F5D40EFFD}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)|Edge=TRUE|
"{D56225BB-8DB0-4755-AC16-B0B3D591B5A1}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)|Edge=TRUE|
"{436051B3-2303-4AD3-82DF-CD1655D34E44}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)|Edge=TRUE|
"{A387CFB7-2DBF-416C-B3FD-893C29C66C50}"= UDP:C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe:SmartFTP Client
"{D30ED345-6ABA-4DCA-A5B9-93EB77837766}"= TCP:C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe:SmartFTP Client
"{DE20175E-F9C8-41DE-9D69-5801EA4BB4FC}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)|Edge=TRUE|
"{0315835E-3F64-4740-BFDE-84C4CD7AF6B1}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{151A7F3C-BCA1-480D-B4E9-66E68F08B294}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{DBF94E6A-8031-46F3-BD50-E0F1C4ABA9BB}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{5A13E575-2B25-4AE3-B17F-0D6EE74E26C5}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{82D628D7-8136-421D-9F64-771651D8398F}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{79856095-7965-4776-B958-1A3EB749B226}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{CC51D0FC-C309-49B3-9EBC-4D17A732E412}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{2DA90A09-6E17-428E-9527-C0DC4F9E3465}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{BED99D26-C0E5-4FA0-9F05-EAB0452D24D9}C:\program files\internet explorer\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer|Desc=Internet Explorer
"UDP Query User{116C20C9-57CE-453A-8A42-662B5469F9DB}C:\program files\internet explorer\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer|Desc=Internet Explorer
"{6726E7F6-0F1A-4AD1-B0EF-46C0D610EFF9}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{BE03829F-5E87-4652-A0F7-B4D7B5381A39}"= UDP:50100:OpenScape Toolbar - Outbound
"{56F2CDB4-AE16-4B29-A291-D1EF0DBA2AA8}"= UDP:40001:OpenScape Toolbar - Inbound
"{9B65081F-283E-452C-B9F0-FFC12B958202}"= UDP:40002:OpenScape Toolbar - Inbound2
"{6C4464A2-69D5-4351-A0AD-3CCD62F853A3}"= Disabled:TCP:5353:LocalSubnet:LocalSubnet:mDNS-SD/Bonjour
"{31DC2CDE-8E3B-414E-A3FB-DDC3D1A3A2F2}"= UDP:C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe:TiVo Beacon Service
"{68796B4D-3B48-46A6-A524-FD023C28ABE8}"= TCP:C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe:TiVo Beacon Service
"{0676E983-6999-488C-A3B4-FDB867B99573}"= UDP:C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe:TiVo Transfer Service
"{4CAF1A9B-EA36-4285-A0DC-736A39E76740}"= TCP:C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe:TiVo Transfer Service
"{8D267463-251D-4CB3-9830-13BF11B629AB}"= UDP:C:\Program Files\TiVo\Desktop\TiVoServer.exe:TiVo Server Service
"{5E00A58F-C64A-43C6-8724-5A6738B1A199}"= TCP:C:\Program Files\TiVo\Desktop\TiVoServer.exe:TiVo Server Service
"{5815106C-E59D-4553-83F6-7D357D4F9B0A}"= UDP:C:\Program Files\TiVo\Desktop\TiVoDesktop.exe:TiVo Desktop User Interface
"{2CF684D5-F321-4069-A621-1B9DDF986CA4}"= TCP:C:\Program Files\TiVo\Desktop\TiVoDesktop.exe:TiVo Desktop User Interface
"{9BB3933C-9EBC-48E6-9D41-910C99984E62}"= Disabled:UDP:7289:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7289
"{1EC0CB35-3F40-4CC9-827C-66AC17B83B8E}"= Disabled:UDP:7290:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7290
"{58FAE405-4DA9-4319-8D84-A3B0AAD59DCE}"= Disabled:UDP:7291:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7291
"{97EC8265-2C40-4414-8196-0670C48AFFBF}"= Disabled:UDP:7292:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7292
"{C7D2DE48-62F0-4226-9E69-7A2188F689B6}"= Disabled:UDP:7293:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7293
"{AB37D5B7-D22E-4166-9265-F235869B2242}"= Disabled:UDP:7294:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7294
"{D33285DE-29A8-42BD-929F-7AD6474EDED8}"= Disabled:UDP:7295:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7295
"{3FFB6E12-8502-4E9B-AAA1-B48BFCDBC5E4}"= Disabled:UDP:7296:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7296
"{628C7E2C-4047-48E5-9489-93AF182B1A56}"= Disabled:UDP:7297:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7297
"{1A4BFEEE-56E2-4A7C-A68B-8494377D33D1}"= UDP:1099:TiVo HME Host: Port 1099
"{59E8C21B-1A96-43DB-AC6C-955B002BA16C}"= UDP:5353:as
"{2BC43936-53AA-4F2B-8C57-2BF331B48823}"= UDP:1527:TiVo HME Host: Port 1527
"{6AE7B46D-76D0-4E3E-BE87-7D615C391B19}"= UDP:8081:TiVo HME Host: Port 8081
"TCP Query User{7341BD67-C381-4CED-93CE-D2D5F0210DBE}C:\windows\system32\javaw.exe"= UDP:C:\windows\system32\javaw.exe:Java™ Platform SE binary|Desc=Java™ Platform SE binary
"UDP Query User{C3DFD784-693E-4196-B9A0-0E70A432F642}C:\windows\system32\javaw.exe"= TCP:C:\windows\system32\javaw.exe:Java™ Platform SE binary|Desc=Java™ Platform SE binary
"TCP Query User{B0384BDE-264C-44FD-9DD4-D26B6051D7D3}C:\program files\tivo\desktop\tivoserver.exe"= UDP:C:\program files\tivo\desktop\tivoserver.exe:TiVo Server Service Process|Desc=TiVo Server Service Process
"UDP Query User{64324745-BE18-4FA9-9964-DC361B94793C}C:\program files\tivo\desktop\tivoserver.exe"= TCP:C:\program files\tivo\desktop\tivoserver.exe:TiVo Server Service Process|Desc=TiVo Server Service Process
"{FFC2B937-1C99-4211-8649-A5C6C7AB485D}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{0BA566B6-8801-4760-86AE-A4ED36EE32A1}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{9A208CB5-DB72-44CD-B8E8-50E715656778}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe"= %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
"%windir%\system32\sessmgr.exe"= %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe"= C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4
"C:\Program Files\iTunes\iTunes.exe"= C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
"C:\Program Files\Messenger\msmsgs.exe"= C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
"C:\Program Files\Microsoft Office Communicator\communicator.exe"= C:\Program Files\Microsoft Office Communicator\communicator.exe:*:Enabled:Communicator
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"= C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"= C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"= C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
"C:\Program Files\MSN Messenger\msncall.exe"= C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
"C:\Program Files\MSN Messenger\msnmsgr.exe"= C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0
"C:\Program Files\MusicIP\MusicIP Mixer\mDNSResponder.exe"= C:\Program Files\MusicIP\MusicIP Mixer\mDNSResponder.exe:*:Enabled:Bonjour
"C:\Program Files\Skype\Phone\Skype.exe"= C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
"C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe"= C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0
"C:\Program Files\uTorrent\utorrent.exe"= C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent
"C:\WINDOWS\winlogon.exe"= C:\WINDOWS\winlogon.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\GloballyOpenPorts\List]
"10243:TCP"= 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP"= 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP"= 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP"= 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP"= 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP"= 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"137:UDP"= 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP"= 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"139:TCP"= 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"1900:UDP"= 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP"= 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"445:TCP"= 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\system32\DRIVERS\scmndisp.sys [2007-01-18 12:20]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080312.001\IDSvix86.sys [2008-02-13 12:18]
R2 iPCAgent;iPCAgent;C:\Program Files\iPass\iPassConnect\iPCAgent.exe [2006-01-19 20:06]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2007-04-17 14:00]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\system32\drivers\LMIRfsDriver.sys [2007-04-05 11:55]
R2 TivoBeacon2;TiVo Beacon;"C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe" /service []
R3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\Windows\system32\DRIVERS\wg111v2.sys [2007-01-05 11:54]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-03-07 13:39]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\Windows\system32\DRIVERS\wg111v2.sys [2007-01-05 11:54]
S3 VAIO TV Tuner Library Service;VAIO TV Tuner Library Service;"C:\Program Files\Common Files\Sony Shared\TVTunerLib\TunerLibSvc.exe" [2006-10-23 14:06]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WudfServiceGroup REG_MULTI_SZ WUDFSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7e64e5c9-43d6-11dc-a2d1-00146c610ccf}]
\shell\AutoRun\command - I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7e64e5d1-43d6-11dc-a2d1-00146c610ccf}]
\shell\AutoRun\command - I:\LaunchU3.exe -a

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-03-10 11:37:17 C:\Windows\Tasks\Norton Security Online - Run Full System Scan - Joe.job"
- C:\PROGRA~1\Symantec\Norton AntiVirus\Navw32.exeB/TASK:
"2008-03-14 01:35:06 C:\Windows\Tasks\User_Feed_Synchronization-{2DF07F7E-3CF9-4752-882B-D0C41D3A10C6}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-13 21:59:02
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Yahoo!\YOP\yop.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-03-13 22:02:59 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-14 02:02:51
.
2008-03-12 07:09:49 --- E O F ---

Edited by thejomo, 13 March 2008 - 08:09 PM.

  • 0

#6
thejomo

thejomo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
And here are the HJT logs:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:07:02 PM, on 3/13/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\Explorer.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Users\Joe\Desktop\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe
c:\program files\google\googletoolbar44user.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar44.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar44.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O13 - Gopher Prefix:
O15 - Trusted Zone: *.kodakgallery.com
O15 - Trusted Zone: *.osmh.net
O15 - Trusted Zone: *.salesforce.com
O15 - Trusted Zone: *.shutterfly.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfi...IOS/tgctlcm.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgree...eensActivia.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab2.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgall..._2/axofupld.cab
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds...ransferCtrl.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.su...ows-i586-jc.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...trl.cab?lmi=100
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O22 - SharedTaskScheduler: Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DesktopControlPanel.dll
O22 - SharedTaskScheduler: StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DreamControl.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPCAgent - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPCAgent.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: VAIO TV Tuner Library Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\TVTunerLib\TunerLibSvc.exe

--
End of file - 13632 bytes
  • 0

#7
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
1. Please open Notepad
  • Click Start , then Run
  • type in notepad in the Run Box then hit ok.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\Windows\System32\tmp4_8891704363.bk
C:\Windows\System32\tmp3_814344684701.bk
C:\Windows\System32\tmp1_318986509866.bk
C:\Windows\System32\tmp4_180179832786.bk
C:\Windows\System32\tmp3_370467776061.bk
C:\Windows\System32\tmp1_213578329106.bk
C:\Windows\System32\tmp4_460814415178.bk
C:\Windows\System32\tmp3_571515527837.bk
C:\Windows\System32\tmp1_81385524054.bk
C:\Windows\System32\tmp4_189087146038.bk
C:\Windows\System32\tmp3_372084750695.bk
C:\Windows\System32\tmp1_378265591509.bk
C:\Windows\System32\tmp4_400024455963.bk
C:\Windows\System32\tmp3_738409478291.bk
C:\Windows\System32\tmp1_107332830942.bk
C:\Windows\System32\tmp4_193417238654.bk
C:\Windows\System32\tmp3_246528241066.bk
C:\Windows\System32\tmp1_714112674920.bk
C:\Windows\System32\tmp4_696056664665.bk
C:\Windows\System32\tmp3_418329142249.bk
C:\Windows\System32\tmp1_33800436225.bk
C:\Windows\System32\tmp4_447073130519.bk
C:\Windows\System32\tmp3_31262231462.bk
C:\Windows\System32\tmp1_13865494944.bk
C:\Windows\System32\tmp4_824586425476.bk
C:\Windows\System32\tmp3_513523392800.bk
C:\Windows\System32\tmp1_696719828490.bk
C:\Windows\System32\tmp4_192660288684.bk
C:\Windows\System32\tmp3_463950218618.bk
C:\Windows\System32\tmp1_725838793363.bk
C:\Windows\System32\tmp4_811428211103.bk
C:\Windows\System32\tmp3_462066241266.bk
C:\Windows\System32\tmp1_328863357969.bk
C:\Windows\System32\tmp4_715630791397.bk
C:\Windows\System32\tmp3_585602540263.bk
C:\Windows\System32\tmp1_340703208716.bk
C:\Windows\System32\tmp4_29006704202.bk
C:\Windows\System32\tmp3_677216154790.bk
C:\Windows\System32\tmp1_391790681322.bk
C:\Windows\System32\tmp4_589273127426.bk
C:\Windows\System32\tmp3_142612355527.bk
C:\Windows\System32\tmp1_364241705948.bk
C:\Windows\System32\tmp4_3147038173.bk
C:\Windows\System32\tmp3_370442141873.bk
C:\Windows\System32\tmp1_199920745655.bk
C:\Windows\System32\tmp4_298338727008.bk
C:\Windows\System32\tmp3_30290061493.bk
C:\Windows\System32\tmp1_83888545989.bk
C:\Windows\System32\tmp4_834771184090.bk
C:\Windows\System32\tmp3_515426791227.bk
C:\Windows\System32\tmp2_245733671776.bk
C:\Windows\System32\tmp1_246159806140.bk
C:\Windows\System32\tmp4_30569503796.bk
C:\Windows\System32\tmp3_391890492231.bk
C:\Windows\System32\tmp2_301920540700.bk
C:\Windows\System32\tmp1_23432055393.bk
C:\Windows\System32\tmp4_793197588909.bk
C:\Windows\System32\tmp3_891677372600.bk
C:\Windows\System32\tmp2_685186249029.bk
C:\Windows\System32\tmp1_343050353151.bk
C:\Windows\System32\tmp4_247890193531.bk
C:\Windows\System32\tmp3_702744439923.bk
C:\Windows\System32\tmp2_749556227628.bk
C:\Windows\System32\tmp1_288401137230.bk
C:\Windows\System32\tmp4_202918442622.bk
C:\Windows\System32\tmp3_140036668761.bk
C:\Windows\System32\tmp2_360605270783.bk
C:\Windows\System32\tmp1_494870165978.bk
C:\Windows\System32\tmp4_68282321189.bk
C:\Windows\System32\tmp3_209063572496.bk
C:\Windows\System32\tmp2_784446362273.bk
C:\Windows\System32\tmp1_854588327056.bk
C:\Windows\System32\tmp4_727260392501.bk
C:\Windows\System32\tmp3_79396304230.bk
C:\Windows\System32\tmp2_4784586937.bk
C:\Windows\System32\tmp1_225830683667.bk
C:\Windows\System32\tmp4_254704680177.bk
C:\Windows\System32\tmp3_493930878773.bk
C:\Windows\System32\tmp2_145787625732.bk
C:\Windows\System32\tmp1_587896330325.bk
C:\Windows\System32\tmp4_537290827401.bk
C:\Windows\System32\tmp3_649482313581.bk
C:\Windows\System32\tmp2_341608207747.bk
C:\Windows\System32\tmp1_586070141020.bk
C:\Windows\System32\tmp3_486853368270.bk
C:\WINDOWS\winlogon.exe
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\winlogon.exe"=-
DirLook::
C:\Windows\System32\1.tsk
C:\Windows\System32\drmgsZ7O+


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:[*]Combofix.txt
  • 0

#8
thejomo

thejomo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Here is the log:

ComboFix 08-03-13.4 - Joe 2008-03-14 0:16:39.2 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1033.18.1076 [GMT -4:00]
Running from: C:\Users\Joe\Desktop\ComboFix.exe
Command switches used :: C:\Users\Joe\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Windows\System32\tmp1_107332830942.bk
C:\Windows\System32\tmp1_13865494944.bk
C:\Windows\System32\tmp1_199920745655.bk
C:\Windows\System32\tmp1_213578329106.bk
C:\Windows\System32\tmp1_225830683667.bk
C:\Windows\System32\tmp1_23432055393.bk
C:\Windows\System32\tmp1_246159806140.bk
C:\Windows\System32\tmp1_288401137230.bk
C:\Windows\System32\tmp1_318986509866.bk
C:\Windows\System32\tmp1_328863357969.bk
C:\Windows\System32\tmp1_33800436225.bk
C:\Windows\System32\tmp1_340703208716.bk
C:\Windows\System32\tmp1_343050353151.bk
C:\Windows\System32\tmp1_364241705948.bk
C:\Windows\System32\tmp1_378265591509.bk
C:\Windows\System32\tmp1_391790681322.bk
C:\Windows\System32\tmp1_494870165978.bk
C:\Windows\System32\tmp1_586070141020.bk
C:\Windows\System32\tmp1_587896330325.bk
C:\Windows\System32\tmp1_696719828490.bk
C:\Windows\System32\tmp1_714112674920.bk
C:\Windows\System32\tmp1_725838793363.bk
C:\Windows\System32\tmp1_81385524054.bk
C:\Windows\System32\tmp1_83888545989.bk
C:\Windows\System32\tmp1_854588327056.bk
C:\Windows\System32\tmp2_145787625732.bk
C:\Windows\System32\tmp2_245733671776.bk
C:\Windows\System32\tmp2_301920540700.bk
C:\Windows\System32\tmp2_341608207747.bk
C:\Windows\System32\tmp2_360605270783.bk
C:\Windows\System32\tmp2_4784586937.bk
C:\Windows\System32\tmp2_685186249029.bk
C:\Windows\System32\tmp2_749556227628.bk
C:\Windows\System32\tmp2_784446362273.bk
C:\Windows\System32\tmp3_140036668761.bk
C:\Windows\System32\tmp3_142612355527.bk
C:\Windows\System32\tmp3_209063572496.bk
C:\Windows\System32\tmp3_246528241066.bk
C:\Windows\System32\tmp3_30290061493.bk
C:\Windows\System32\tmp3_31262231462.bk
C:\Windows\System32\tmp3_370442141873.bk
C:\Windows\System32\tmp3_370467776061.bk
C:\Windows\System32\tmp3_372084750695.bk
C:\Windows\System32\tmp3_391890492231.bk
C:\Windows\System32\tmp3_418329142249.bk
C:\Windows\System32\tmp3_462066241266.bk
C:\Windows\System32\tmp3_463950218618.bk
C:\Windows\System32\tmp3_486853368270.bk
C:\Windows\System32\tmp3_493930878773.bk
C:\Windows\System32\tmp3_513523392800.bk
C:\Windows\System32\tmp3_515426791227.bk
C:\Windows\System32\tmp3_571515527837.bk
C:\Windows\System32\tmp3_585602540263.bk
C:\Windows\System32\tmp3_649482313581.bk
C:\Windows\System32\tmp3_677216154790.bk
C:\Windows\System32\tmp3_702744439923.bk
C:\Windows\System32\tmp3_738409478291.bk
C:\Windows\System32\tmp3_79396304230.bk
C:\Windows\System32\tmp3_814344684701.bk
C:\Windows\System32\tmp3_891677372600.bk
C:\Windows\System32\tmp4_180179832786.bk
C:\Windows\System32\tmp4_189087146038.bk
C:\Windows\System32\tmp4_192660288684.bk
C:\Windows\System32\tmp4_193417238654.bk
C:\Windows\System32\tmp4_202918442622.bk
C:\Windows\System32\tmp4_247890193531.bk
C:\Windows\System32\tmp4_254704680177.bk
C:\Windows\System32\tmp4_29006704202.bk
C:\Windows\System32\tmp4_298338727008.bk
C:\Windows\System32\tmp4_30569503796.bk
C:\Windows\System32\tmp4_3147038173.bk
C:\Windows\System32\tmp4_400024455963.bk
C:\Windows\System32\tmp4_447073130519.bk
C:\Windows\System32\tmp4_460814415178.bk
C:\Windows\System32\tmp4_537290827401.bk
C:\Windows\System32\tmp4_589273127426.bk
C:\Windows\System32\tmp4_68282321189.bk
C:\Windows\System32\tmp4_696056664665.bk
C:\Windows\System32\tmp4_715630791397.bk
C:\Windows\System32\tmp4_727260392501.bk
C:\Windows\System32\tmp4_793197588909.bk
C:\Windows\System32\tmp4_811428211103.bk
C:\Windows\System32\tmp4_824586425476.bk
C:\Windows\System32\tmp4_834771184090.bk
C:\Windows\System32\tmp4_8891704363.bk
C:\WINDOWS\winlogon.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\System32\tmp1_107332830942.bk
C:\Windows\System32\tmp1_13865494944.bk
C:\Windows\System32\tmp1_199920745655.bk
C:\Windows\System32\tmp1_213578329106.bk
C:\Windows\System32\tmp1_225830683667.bk
C:\Windows\System32\tmp1_23432055393.bk
C:\Windows\System32\tmp1_246159806140.bk
C:\Windows\System32\tmp1_288401137230.bk
C:\Windows\System32\tmp1_318986509866.bk
C:\Windows\System32\tmp1_328863357969.bk
C:\Windows\System32\tmp1_33800436225.bk
C:\Windows\System32\tmp1_340703208716.bk
C:\Windows\System32\tmp1_343050353151.bk
C:\Windows\System32\tmp1_364241705948.bk
C:\Windows\System32\tmp1_378265591509.bk
C:\Windows\System32\tmp1_391790681322.bk
C:\Windows\System32\tmp1_494870165978.bk
C:\Windows\System32\tmp1_586070141020.bk
C:\Windows\System32\tmp1_587896330325.bk
C:\Windows\System32\tmp1_696719828490.bk
C:\Windows\System32\tmp1_714112674920.bk
C:\Windows\System32\tmp1_725838793363.bk
C:\Windows\System32\tmp1_81385524054.bk
C:\Windows\System32\tmp1_83888545989.bk
C:\Windows\System32\tmp1_854588327056.bk
C:\Windows\System32\tmp2_145787625732.bk
C:\Windows\System32\tmp2_245733671776.bk
C:\Windows\System32\tmp2_301920540700.bk
C:\Windows\System32\tmp2_341608207747.bk
C:\Windows\System32\tmp2_360605270783.bk
C:\Windows\System32\tmp2_4784586937.bk
C:\Windows\System32\tmp2_685186249029.bk
C:\Windows\System32\tmp2_749556227628.bk
C:\Windows\System32\tmp2_784446362273.bk
C:\Windows\System32\tmp3_140036668761.bk
C:\Windows\System32\tmp3_142612355527.bk
C:\Windows\System32\tmp3_209063572496.bk
C:\Windows\System32\tmp3_246528241066.bk
C:\Windows\System32\tmp3_30290061493.bk
C:\Windows\System32\tmp3_31262231462.bk
C:\Windows\System32\tmp3_370442141873.bk
C:\Windows\System32\tmp3_370467776061.bk
C:\Windows\System32\tmp3_372084750695.bk
C:\Windows\System32\tmp3_391890492231.bk
C:\Windows\System32\tmp3_418329142249.bk
C:\Windows\System32\tmp3_462066241266.bk
C:\Windows\System32\tmp3_463950218618.bk
C:\Windows\System32\tmp3_486853368270.bk
C:\Windows\System32\tmp3_493930878773.bk
C:\Windows\System32\tmp3_513523392800.bk
C:\Windows\System32\tmp3_515426791227.bk
C:\Windows\System32\tmp3_571515527837.bk
C:\Windows\System32\tmp3_585602540263.bk
C:\Windows\System32\tmp3_649482313581.bk
C:\Windows\System32\tmp3_677216154790.bk
C:\Windows\System32\tmp3_702744439923.bk
C:\Windows\System32\tmp3_738409478291.bk
C:\Windows\System32\tmp3_79396304230.bk
C:\Windows\System32\tmp3_814344684701.bk
C:\Windows\System32\tmp3_891677372600.bk
C:\Windows\System32\tmp4_180179832786.bk
C:\Windows\System32\tmp4_189087146038.bk
C:\Windows\System32\tmp4_192660288684.bk
C:\Windows\System32\tmp4_193417238654.bk
C:\Windows\System32\tmp4_202918442622.bk
C:\Windows\System32\tmp4_247890193531.bk
C:\Windows\System32\tmp4_254704680177.bk
C:\Windows\System32\tmp4_29006704202.bk
C:\Windows\System32\tmp4_298338727008.bk
C:\Windows\System32\tmp4_30569503796.bk
C:\Windows\System32\tmp4_3147038173.bk
C:\Windows\System32\tmp4_400024455963.bk
C:\Windows\System32\tmp4_447073130519.bk
C:\Windows\System32\tmp4_460814415178.bk
C:\Windows\System32\tmp4_537290827401.bk
C:\Windows\System32\tmp4_589273127426.bk
C:\Windows\System32\tmp4_68282321189.bk
C:\Windows\System32\tmp4_696056664665.bk
C:\Windows\System32\tmp4_715630791397.bk
C:\Windows\System32\tmp4_727260392501.bk
C:\Windows\System32\tmp4_793197588909.bk
C:\Windows\System32\tmp4_811428211103.bk
C:\Windows\System32\tmp4_824586425476.bk
C:\Windows\System32\tmp4_834771184090.bk
C:\Windows\System32\tmp4_8891704363.bk

.
((((((((((((((((((((((((( Files Created from 2008-02-14 to 2008-03-14 )))))))))))))))))))))))))))))))
.

2008-03-13 22:29 . 2008-03-13 22:33 <DIR> d-------- C:\Windows\LastGood
2008-03-13 22:27 . 2008-03-13 22:28 <DIR> d-------- C:\Program Files\Microsoft IntelliPoint
2008-03-13 07:41 . 2008-03-13 07:41 <DIR> d-------- C:\Deckard
2008-03-13 01:05 . 2008-03-13 01:05 <DIR> d-------- C:\_OTMoveIt
2008-03-11 21:28 . 2007-12-16 18:50 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-03-11 21:28 . 2007-12-16 05:56 41,984 --a------ C:\Windows\System32\drivers\monitor.sys
2008-03-09 18:44 . 2008-03-09 18:44 40 --a------ C:\Windows\System32\drmgsZ7Ś†
2008-03-07 13:40 . 2008-03-07 13:40 13,035 --a------ C:\Windows\System32\drivers\SymRedir.cat
2008-03-07 13:40 . 2008-03-07 13:40 1,358 --a------ C:\Windows\System32\drivers\SymRedir.inf
2008-03-07 13:39 . 2008-03-07 13:39 191,536 --a------ C:\Windows\System32\drivers\symtdi.sys
2008-03-07 13:39 . 2008-03-07 13:39 145,968 --a------ C:\Windows\System32\drivers\symfw.sys
2008-03-07 13:39 . 2008-03-07 13:39 39,984 --a------ C:\Windows\System32\drivers\symids.sys
2008-03-07 13:39 . 2008-03-07 13:39 37,936 --a------ C:\Windows\System32\drivers\symndisv.sys
2008-03-07 13:39 . 2008-03-07 13:39 27,696 --a------ C:\Windows\System32\drivers\symredrv.sys
2008-03-07 13:39 . 2008-03-07 13:39 12,848 --a------ C:\Windows\System32\drivers\symdns.sys
2008-03-06 21:52 . 2008-03-06 21:52 <DIR> d-------- C:\Users\Amy\AppData\Roaming\Skype
2008-03-03 12:48 . 2008-03-03 12:48 1,191 --a------ C:\Windows\System32\1.tsk
2008-03-01 12:31 . 2008-03-01 12:31 68 --a------ C:\Windows\System32\tmp2_774872335599.bk
2008-03-01 12:31 . 2008-03-01 12:31 68 --a------ C:\Windows\System32\tmp1_564451576936.bk
2008-03-01 00:34 . 2008-03-01 00:39 <DIR> d-a------ C:\Users\All Users\TEMP
2008-03-01 00:34 . 2008-03-01 00:39 <DIR> d-a------ C:\ProgramData\TEMP
2008-02-29 23:25 . 2008-02-29 23:25 0 --a------ C:\Windows\Irremote.ini
2008-02-25 00:59 . 2008-02-25 01:03 <DIR> d-------- C:\Program Files\Windows Live
2008-02-25 00:59 . 2008-02-25 01:01 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-25 00:56 . 2008-02-25 00:56 <DIR> d-------- C:\Users\All Users\WLInstaller
2008-02-25 00:56 . 2008-02-25 00:56 <DIR> d-------- C:\ProgramData\WLInstaller

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-14 04:16 --------- d-----w C:\Program Files\LogMeIn
2008-03-12 07:15 --------- d-----w C:\Program Files\Windows Mail
2008-03-12 07:09 --------- d-----w C:\ProgramData\Microsoft Help
2008-03-11 00:12 --------- d-----w C:\Program Files\Symantec
2008-03-11 00:12 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-01 07:18 --------- d-----w C:\Program Files\Common Files\Nero
2008-03-01 07:13 --------- d-----w C:\ProgramData\Nero
2008-03-01 05:21 --------- d-----w C:\Users\Joe\AppData\Roaming\uTorrent
2008-02-14 02:28 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-14 02:28 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-14 02:20 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-14 02:20 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-14 02:19 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-14 02:19 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-14 02:19 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-02-14 02:19 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-14 02:19 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-14 02:18 806,400 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-14 02:18 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-14 02:18 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-14 02:18 217,144 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-14 02:18 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-14 02:16 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 02:16 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 02:16 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-14 02:16 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 02:16 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-14 02:16 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-14 02:12 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-14 02:12 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-14 02:12 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-14 02:12 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-14 02:09 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-02-08 12:17 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-05 04:22 --------- d-----w C:\Program Files\Nero
2008-02-05 04:09 --------- d-----w C:\Program Files\NeroInstall.bak
2008-02-05 03:35 --------- d-----w C:\Users\Joe\AppData\Roaming\Nero
2008-02-01 09:03 --------- d-----w C:\ProgramData\Symantec
2008-01-30 19:06 --------- d-----w C:\ProgramData\Applications
2008-01-15 14:54 10,537 ----a-w C:\Windows\system32\drivers\COH_Mon.cat
2008-01-15 10:28 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
2008-01-09 05:34 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2007-12-20 14:43 248,448 ----a-w C:\Windows\System32\Prounstl.exe
2007-12-15 01:05 35,424 ----a-w C:\Windows\System32\e100bmsg.dll
2007-08-29 11:21 174 --sha-w C:\Program Files\desktop.ini
2007-08-06 04:59 262,144 ----a-w C:\ProgramData\ntuser.dat
2006-10-13 01:49 154,983 ----a-w C:\Windows\Internet Logs\vsmon_2nd_2006_09_24_21_39_19_small.dmp.zip
2006-08-26 14:26 96,765 ----a-w C:\Windows\Internet Logs\vsmon_2nd_2006_08_26_04_47_37_small.dmp.zip
2006-08-26 14:26 91,892 ----a-w C:\Windows\Internet Logs\vsmon_2nd_2006_08_26_04_52_46_small.dmp.zip
2006-08-26 14:26 166,991 ----a-w C:\Windows\Internet Logs\vsmon_2nd_2006_08_26_04_42_06_small.dmp.zip
2007-10-23 14:27 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-10-23 14:27 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-10-23 14:27 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Windows\System32\1.tsk ----

C:\Windows\System32\1.tsk\

---- Directory of C:\Windows\System32\drmgsZ7O+ ----

C:\Windows\System32\drmgsZ7O+\


((((((((((((((((((((((((((((( [email protected]_22.01.54.69 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-12 07:15:43 51,200 ----a-w C:\Windows\inf\infpub.dat
+ 2008-03-14 02:33:17 51,200 ----a-w C:\Windows\inf\infpub.dat
- 2008-03-12 07:15:39 86,016 ----a-w C:\Windows\inf\infstor.dat
+ 2008-03-14 02:33:16 86,016 ----a-w C:\Windows\inf\infstor.dat
- 2008-03-12 07:15:39 86,016 ----a-w C:\Windows\inf\infstrng.dat
+ 2008-03-14 02:33:16 86,016 ----a-w C:\Windows\inf\infstrng.dat
+ 2008-03-14 02:28:09 25,214 ----a-r C:\Windows\Installer\{8C5FAD77-F678-4758-A296-C12F08D179E0}\ARPPRODUCTICON.exe
+ 2008-03-14 02:28:10 25,214 ----a-r C:\Windows\Installer\{8C5FAD77-F678-4758-A296-C12F08D179E0}\CPL_DTSC.exe
+ 2008-03-14 02:28:10 25,214 ----a-r C:\Windows\Installer\{8C5FAD77-F678-4758-A296-C12F08D179E0}\CPL_SC.exe
+ 2008-03-14 02:28:10 25,214 ----a-r C:\Windows\Installer\{8C5FAD77-F678-4758-A296-C12F08D179E0}\HCG_SC.exe
+ 2008-03-14 02:28:10 4,846 ----a-r C:\Windows\Installer\{8C5FAD77-F678-4758-A296-C12F08D179E0}\MouseUG.exe
+ 2008-03-14 02:28:10 29,926 ----a-r C:\Windows\Installer\{8C5FAD77-F678-4758-A296-C12F08D179E0}\NewShortcut1_6463554370E7436D8D6D4A721595029E.exe
+ 2008-03-14 02:28:10 29,926 ----a-r C:\Windows\Installer\{8C5FAD77-F678-4758-A296-C12F08D179E0}\NewShortcut2_6463554370E7436D8D6D4A721595029E.exe
+ 2008-03-14 02:28:10 65,536 ----a-r C:\Windows\Installer\{8C5FAD77-F678-4758-A296-C12F08D179E0}\NewShortcut3_4748AC220AD3439FA5EECE4BB6C12AAC.exe
- 2008-03-14 01:58:47 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-03-14 04:20:47 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-03-14 04:20:47 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-03-14 01:56:13 262,144 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-03-14 04:08:38 262,144 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-03-14 01:56:13 245,760 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-14 04:08:38 245,760 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-03-14 01:56:13 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-03-14 04:08:38 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-08-21 05:13:04 24,064 ----a-w C:\Windows\System32\drivers\point32k.sys
+ 2007-08-31 15:58:20 18,856 ----a-w C:\Windows\System32\DriverStore\FileRepository\nuidfltr.inf_08a963fb\nuidfltr.sys
+ 2007-08-31 16:01:28 1,421,736 ----a-w C:\Windows\System32\DriverStore\FileRepository\nuidfltr.inf_08a963fb\wdfcoinstaller01005.dll
+ 2007-08-21 05:13:04 24,064 ----a-w C:\Windows\System32\DriverStore\FileRepository\pnt32pk.inf_167bee79\point32k.sys
+ 2007-08-21 05:13:04 24,064 ----a-w C:\Windows\System32\DriverStore\FileRepository\pnt32uk.inf_b59e34a6\point32k.sys
- 2008-03-13 05:22:41 11,170 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-73586283-746137067-725345543-1003_UserData.bin
+ 2008-03-14 02:00:32 11,426 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-73586283-746137067-725345543-1003_UserData.bin
- 2008-03-13 05:22:40 80,152 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-03-14 02:00:29 80,458 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 01:34 1232896]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-11-02 05:45 8704]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 08:34 125440]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-05-22 23:15 171448]
"TivoTransfer"="C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" [2007-08-06 11:12 1192960]
"TivoNotify"="C:\Program Files\TiVo\Desktop\TiVoNotify.exe" [2007-08-06 11:13 375808]
"TivoServer"="C:\Program Files\TiVo\Desktop\TiVoServer.exe" [2007-08-06 11:14 1492480]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-10-23 15:19 1410344]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 08:33 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-04-11 19:58 1006264]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 08:00 33648]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\Windows\System32\HdAShCut.exe]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 14:03 63048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-11 22:28 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-11 22:28 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-11 22:28 81920]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2007-06-26 13:48 509224]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 01:59 115816]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30 517768]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 21:16 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 19:36 267048]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51 1836328]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 12:01 1037736]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-05-22 23:15 171448]

C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 05:45:42 101784]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WG111v2 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111v2\WG111v2.exe [2007-10-14 01:12:28 1261568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON PictureMate Deluxe]
--a------ 2004-10-17 03:00 98304 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9TA.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-11-02 19:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a------ 2007-05-17 10:52 505368 C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2007-05-17 10:53 780312 C:\Program Files\Logitech\QuickCam10\QuickCam10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-10-19 21:16 286720 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-09-01 00:01 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Button Manager]
--a------ 2006-08-26 01:28 331776 C:\Windows\System32\WDBtnMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe"= %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
"%windir%\system32\sessmgr.exe"= %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\Program Files\MSN Messenger\msncall.exe"= C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
"C:\Program Files\MSN Messenger\msnmsgr.exe"= C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\GloballyOpenPorts\List]
"10243:TCP"= 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP"= 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP"= 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP"= 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP"= 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP"= 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"137:UDP"= 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP"= 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"139:TCP"= 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"1900:UDP"= 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP"= 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"445:TCP"= 445:TCP:*:Enabled:@xpsp2res.dll,-22005

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"C:\Program Files\MSN Messenger\msnmsgr.exe-UDP-Domain"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:Windows Live Messenger 8.0
"C:\Program Files\MSN Messenger\msnmsgr.exe-TCP-Domain"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:Windows Live Messenger 8.0
"C:\Program Files\MSN Messenger\msncall.exe-UDP-Domain"= TCP:C:\Program Files\MSN Messenger\msncall.exe:Windows Live Messenger 8.0 (Phone)
"C:\Program Files\MSN Messenger\msncall.exe-TCP-Domain"= UDP:C:\Program Files\MSN Messenger\msncall.exe:Windows Live Messenger 8.0 (Phone)
"%windir%\Network Diagnostic\xpnetdiag.exe-UDP-Domain"= TCP:%windir%\Network Diagnostic\xpnetdiag.exe:@xpsp3res.dll,-20000
"%windir%\Network Diagnostic\xpnetdiag.exe-TCP-Domain"= UDP:%windir%\Network Diagnostic\xpnetdiag.exe:@xpsp3res.dll,-20000
"10284:UDP-Domain"= TCP:10284:LocalSubnet:LocalSubnet:Windows Media Player Network Sharing Service
"10283:UDP-Domain"= TCP:10283:LocalSubnet:LocalSubnet:Windows Media Player Network Sharing Service
"10282:UDP-Domain"= TCP:10282:LocalSubnet:LocalSubnet:Windows Media Player Network Sharing Service
"10281:UDP-Domain"= TCP:10281:LocalSubnet:LocalSubnet:Windows Media Player Network Sharing Service
"10280:UDP-Domain"= TCP:10280:LocalSubnet:LocalSubnet:Windows Media Player Network Sharing Service
"10243:TCP-Domain"= UDP:10243:LocalSubnet:LocalSubnet:Windows Media Player Network Sharing Service
"C:\Program Files\uTorrent\utorrent.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\uTorrent\utorrent.exe:µTorrent
"C:\Program Files\uTorrent\utorrent.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\uTorrent\utorrent.exe:µTorrent
"C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe-UDP-Standard"= TCP:C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe:SmartFTP Client 2.0
"C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe-TCP-Standard"= UDP:C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe:SmartFTP Client 2.0
"C:\Program Files\Skype\Phone\Skype.exe-UDP-Standard"= TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"C:\Program Files\Skype\Phone\Skype.exe-TCP-Standard"= UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"C:\Program Files\MusicIP\MusicIP Mixer\mDNSResponder.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\MusicIP\MusicIP Mixer\mDNSResponder.exe:Bonjour
"C:\Program Files\MusicIP\MusicIP Mixer\mDNSResponder.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\MusicIP\MusicIP Mixer\mDNSResponder.exe:Bonjour
"C:\Program Files\MSN Messenger\msnmsgr.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\MSN Messenger\msnmsgr.exe:Windows Live Messenger 8.0
"C:\Program Files\MSN Messenger\msnmsgr.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\MSN Messenger\msnmsgr.exe:Windows Live Messenger 8.0
"C:\Program Files\MSN Messenger\msncall.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\MSN Messenger\msncall.exe:Windows Live Messenger 8.0 (Phone)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE-UDP-Standard"= TCP:Profile=Public|C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:Microsoft Office Outlook
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE-TCP-Standard"= UDP:Profile=Public|C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:Microsoft Office Outlook
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE-UDP-Standard"= TCP:Profile=Public|C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE-TCP-Standard"= UDP:Profile=Public|C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE-UDP-Standard"= TCP:Profile=Public|C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE-TCP-Standard"= UDP:Profile=Public|C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"C:\Program Files\Microsoft Office Communicator\communicator.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\Microsoft Office Communicator\communicator.exe:Communicator
"C:\Program Files\Microsoft Office Communicator\communicator.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\Microsoft Office Communicator\communicator.exe:Communicator
"C:\Program Files\Messenger\msmsgs.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\Messenger\msmsgs.exe:Windows Messenger
"C:\Program Files\Messenger\msmsgs.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\Messenger\msmsgs.exe:Windows Messenger
"C:\Program Files\iTunes\iTunes.exe-UDP-Standard"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"C:\Program Files\iTunes\iTunes.exe-TCP-Standard"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"%windir%\Network Diagnostic\xpnetdiag.exe-UDP-Standard"= TCP:Profile=Public|%windir%\Network Diagnostic\xpnetdiag.exe:@xpsp3res.dll,-20000
"%windir%\Network Diagnostic\xpnetdiag.exe-TCP-Standard"= UDP:Profile=Public|%windir%\Network Diagnostic\xpnetdiag.exe:@xpsp3res.dll,-20000
"10284:UDP-Standard"= TCP:10284:LocalSubnet:LocalSubnet:Windows Media Player Network Sharing Service
"10283:UDP-Standard"= TCP:10283:LocalSubnet:LocalSubnet:Windows Media Player Network Sharing Service
"10282:UDP-Standard"= TCP:10282:LocalSubnet:LocalSubnet:Windows Media Player Network Sharing Service
"10281:UDP-Standard"= TCP:10281:LocalSubnet:LocalSubnet:Windows Media Player Network Sharing Service
"10280:UDP-Standard"= TCP:10280:LocalSubnet:LocalSubnet:Windows Media Player Network Sharing Service
"10243:TCP-Standard"= UDP:10243:LocalSubnet:LocalSubnet:Windows Media Player Network Sharing Service
"{715D0F7B-DF63-452E-84B5-8C4ECF754C8E}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)|Edge=TRUE|
"{66B21F60-D284-450B-83DB-43FA29D3308C}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)|Edge=TRUE|
"{3C9921BB-E099-49E1-A3C3-5D4200595E96}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{29E177BA-366C-46C4-B5AF-1FDF31FE6D62}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{836CD222-B431-47FD-96A1-CA53215CFC7C}"= UDP:2190:TivoBeacon-Port2190
"{617CA2F7-2E94-418D-84E8-D25A10F93072}"= UDP:C:\Program Files\Yahoo!\Intellisync for Yahoo!\IS4Yahoo.exe:IS4Yahoo!
"{4E651503-09CD-405D-BBC7-5677F7E8A220}"= TCP:C:\Program Files\Yahoo!\Intellisync for Yahoo!\IS4Yahoo.exe:IS4Yahoo!
"{5B296AE9-E319-452B-9DF3-3A0F5D40EFFD}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)|Edge=TRUE|
"{D56225BB-8DB0-4755-AC16-B0B3D591B5A1}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)|Edge=TRUE|
"{436051B3-2303-4AD3-82DF-CD1655D34E44}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)|Edge=TRUE|
"{A387CFB7-2DBF-416C-B3FD-893C29C66C50}"= UDP:C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe:SmartFTP Client
"{D30ED345-6ABA-4DCA-A5B9-93EB77837766}"= TCP:C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe:SmartFTP Client
"{DE20175E-F9C8-41DE-9D69-5801EA4BB4FC}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)|Edge=TRUE|
"{0315835E-3F64-4740-BFDE-84C4CD7AF6B1}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{151A7F3C-BCA1-480D-B4E9-66E68F08B294}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{DBF94E6A-8031-46F3-BD50-E0F1C4ABA9BB}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{5A13E575-2B25-4AE3-B17F-0D6EE74E26C5}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{82D628D7-8136-421D-9F64-771651D8398F}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{79856095-7965-4776-B958-1A3EB749B226}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{CC51D0FC-C309-49B3-9EBC-4D17A732E412}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{2DA90A09-6E17-428E-9527-C0DC4F9E3465}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{BED99D26-C0E5-4FA0-9F05-EAB0452D24D9}C:\program files\internet explorer\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer|Desc=Internet Explorer
"UDP Query User{116C20C9-57CE-453A-8A42-662B5469F9DB}C:\program files\internet explorer\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer|Desc=Internet Explorer
"{6726E7F6-0F1A-4AD1-B0EF-46C0D610EFF9}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{BE03829F-5E87-4652-A0F7-B4D7B5381A39}"= UDP:50100:OpenScape Toolbar - Outbound
"{56F2CDB4-AE16-4B29-A291-D1EF0DBA2AA8}"= UDP:40001:OpenScape Toolbar - Inbound
"{9B65081F-283E-452C-B9F0-FFC12B958202}"= UDP:40002:OpenScape Toolbar - Inbound2
"{6C4464A2-69D5-4351-A0AD-3CCD62F853A3}"= Disabled:TCP:5353:LocalSubnet:LocalSubnet:mDNS-SD/Bonjour
"{31DC2CDE-8E3B-414E-A3FB-DDC3D1A3A2F2}"= UDP:C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe:TiVo Beacon Service
"{68796B4D-3B48-46A6-A524-FD023C28ABE8}"= TCP:C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe:TiVo Beacon Service
"{0676E983-6999-488C-A3B4-FDB867B99573}"= UDP:C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe:TiVo Transfer Service
"{4CAF1A9B-EA36-4285-A0DC-736A39E76740}"= TCP:C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe:TiVo Transfer Service
"{8D267463-251D-4CB3-9830-13BF11B629AB}"= UDP:C:\Program Files\TiVo\Desktop\TiVoServer.exe:TiVo Server Service
"{5E00A58F-C64A-43C6-8724-5A6738B1A199}"= TCP:C:\Program Files\TiVo\Desktop\TiVoServer.exe:TiVo Server Service
"{5815106C-E59D-4553-83F6-7D357D4F9B0A}"= UDP:C:\Program Files\TiVo\Desktop\TiVoDesktop.exe:TiVo Desktop User Interface
"{2CF684D5-F321-4069-A621-1B9DDF986CA4}"= TCP:C:\Program Files\TiVo\Desktop\TiVoDesktop.exe:TiVo Desktop User Interface
"{9BB3933C-9EBC-48E6-9D41-910C99984E62}"= Disabled:UDP:7289:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7289
"{1EC0CB35-3F40-4CC9-827C-66AC17B83B8E}"= Disabled:UDP:7290:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7290
"{58FAE405-4DA9-4319-8D84-A3B0AAD59DCE}"= Disabled:UDP:7291:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7291
"{97EC8265-2C40-4414-8196-0670C48AFFBF}"= Disabled:UDP:7292:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7292
"{C7D2DE48-62F0-4226-9E69-7A2188F689B6}"= Disabled:UDP:7293:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7293
"{AB37D5B7-D22E-4166-9265-F235869B2242}"= Disabled:UDP:7294:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7294
"{D33285DE-29A8-42BD-929F-7AD6474EDED8}"= Disabled:UDP:7295:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7295
"{3FFB6E12-8502-4E9B-AAA1-B48BFCDBC5E4}"= Disabled:UDP:7296:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7296
"{628C7E2C-4047-48E5-9489-93AF182B1A56}"= Disabled:UDP:7297:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7297
"{1A4BFEEE-56E2-4A7C-A68B-8494377D33D1}"= UDP:1099:TiVo HME Host: Port 1099
"{59E8C21B-1A96-43DB-AC6C-955B002BA16C}"= UDP:5353:as
"{2BC43936-53AA-4F2B-8C57-2BF331B48823}"= UDP:1527:TiVo HME Host: Port 1527
"{6AE7B46D-76D0-4E3E-BE87-7D615C391B19}"= UDP:8081:TiVo HME Host: Port 8081
"TCP Query User{7341BD67-C381-4CED-93CE-D2D5F0210DBE}C:\windows\system32\javaw.exe"= UDP:C:\windows\system32\javaw.exe:Java™ Platform SE binary|Desc=Java™ Platform SE binary
"UDP Query User{C3DFD784-693E-4196-B9A0-0E70A432F642}C:\windows\system32\javaw.exe"= TCP:C:\windows\system32\javaw.exe:Java™ Platform SE binary|Desc=Java™ Platform SE binary
"TCP Query User{B0384BDE-264C-44FD-9DD4-D26B6051D7D3}C:\program files\tivo\desktop\tivoserver.exe"= UDP:C:\program files\tivo\desktop\tivoserver.exe:TiVo Server Service Process|Desc=TiVo Server Service Process
"UDP Query User{64324745-BE18-4FA9-9964-DC361B94793C}C:\program files\tivo\desktop\tivoserver.exe"= TCP:C:\program files\tivo\desktop\tivoserver.exe:TiVo Server Service Process|Desc=TiVo Server Service Process
"{FFC2B937-1C99-4211-8649-A5C6C7AB485D}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{0BA566B6-8801-4760-86AE-A4ED36EE32A1}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{9A208CB5-DB72-44CD-B8E8-50E715656778}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe"= %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
"%windir%\system32\sessmgr.exe"= %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe"= C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4
"C:\Program Files\iTunes\iTunes.exe"= C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
"C:\Program Files\Messenger\msmsgs.exe"= C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
"C:\Program Files\Microsoft Office Communicator\communicator.exe"= C:\Program Files\Microsoft Office Communicator\communicator.exe:*:Enabled:Communicator
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"= C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"= C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"= C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
"C:\Program Files\MSN Messenger\msncall.exe"= C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
"C:\Program Files\MSN Messenger\msnmsgr.exe"= C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0
"C:\Program Files\MusicIP\MusicIP Mixer\mDNSResponder.exe"= C:\Program Files\MusicIP\MusicIP Mixer\mDNSResponder.exe:*:Enabled:Bonjour
"C:\Program Files\Skype\Phone\Skype.exe"= C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
"C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe"= C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0
"C:\Program Files\uTorrent\utorrent.exe"= C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent
"C:\WINDOWS\winlogon.exe"= C:\WINDOWS\winlogon.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\GloballyOpenPorts\List]
"10243:TCP"= 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP"= 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP"= 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP"= 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP"= 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP"= 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"137:UDP"= 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP"= 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"139:TCP"= 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"1900:UDP"= 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP"= 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"445:TCP"= 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\system32\DRIVERS\scmndisp.sys [2007-01-18 12:20]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080312.001\IDSvix86.sys [2008-02-13 12:18]
R2 iPCAgent;iPCAgent;C:\Program Files\iPass\iPassConnect\iPCAgent.exe [2006-01-19 20:06]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2007-04-17 14:00]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\system32\drivers\LMIRfsDriver.sys [2007-04-05 11:55]
R2 TivoBeacon2;TiVo Beacon;"C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe" /service []
R3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\Windows\system32\DRIVERS\wg111v2.sys [2007-01-05 11:54]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-03-07 13:39]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\Windows\system32\DRIVERS\wg111v2.sys [2007-01-05 11:54]
S3 VAIO TV Tuner Library Service;VAIO TV Tuner Library Service;"C:\Program Files\Common Files\Sony Shared\TVTunerLib\TunerLibSvc.exe" [2006-10-23 14:06]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WudfServiceGroup REG_MULTI_SZ WUDFSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7e64e5c9-43d6-11dc-a2d1-00146c610ccf}]
\shell\AutoRun\command - I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7e64e5d1-43d6-11dc-a2d1-00146c610ccf}]
\shell\AutoRun\command - I:\LaunchU3.exe -a

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-03-10 11:37:17 C:\Windows\Tasks\Norton Security Online - Run Full System Scan - Joe.job"
- C:\PROGRA~1\Symantec\Norton AntiVirus\Navw32.exe
"2008-03-14 01:35:06 C:\Windows\Tasks\User_Feed_Synchronization-{2DF07F7E-3CF9-4752-882B-D0C41D3A10C6}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-14 00:21:00
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-14 0:22:38
ComboFix-quarantined-files.txt 2008-03-14 04:22:34
ComboFix2.txt 2008-03-14 02:03:01
.
2008-03-12 07:09:49 --- E O F ---
  • 0

#9
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Make sure that you paste the following file paths under the yellow bar within the OTMoveit2 program or it will not work correctly.

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\Windows\System32\drmgsZ7Ś†
    C:\Windows\System32\1.tsk
    C:\Windows\System32\tmp2_774872335599.bk
    C:\Windows\System32\tmp1_564451576936.bk
  • Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

=======================
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.

Edited by kahdah, 14 March 2008 - 10:38 AM.

  • 0

#10
thejomo

thejomo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Looks like all positive signs:

MBAM log:
Malwarebytes' Anti-Malware 1.08
Database version: 492

Scan type: Full Scan (A:\|C:\|D:\|J:\|W:\|X:\|Y:\|Z:\|)
Objects scanned: 247006
Time elapsed: 2 hour(s), 32 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

OTMoveIt log:

[Custom Input]
< C:\Windows\System32\drmgsZ7Ś† >
C:\Windows\System32\drmgsZ7Ś† moved successfully.
< C:\Windows\System32\1.tsk >
C:\Windows\System32\1.tsk moved successfully.
< C:\Windows\System32\tmp2_774872335599.bk >
C:\Windows\System32\tmp2_774872335599.bk moved successfully.
< C:\Windows\System32\tmp1_564451576936.bk >
C:\Windows\System32\tmp1_564451576936.bk moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.21 log created on 03142008_145733
  • 0

Advertisements


#11
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Great please uninstall Malwarebytes antimalware.
===================================
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
================================================================
Please go HERE to run Panda's TotalScan
  • Select the bubble for Full scan
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • Then the scan will begin
  • When the scan completes, click the Save button on the right of Scan details
  • Save it to a convenient location. Post the contents of the TotalScan report

  • 0

#12
thejomo

thejomo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I did not run ATF Cleaner since I have Vista, and it mentions that it is only for XP and 2000.

Here is the panda logs:

;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-03-15 02:14:27
PROTECTIONS: 1
MALWARE: 78
SUSPECTS: 0
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
Norton Security Online 2007 Yes Yes
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\ba2txnr2.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\uwlki1jv.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\ba2txnr2.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\ba2txnr2.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\ba2txnr2.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\uwlki1jv.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\ba2txnr2.default\cookies.txt[.trafficmp.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\uwlki1jv.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\uwlki1jv.default\cookies.txt[.doubleclick.net/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\ba2txnr2.default\cookies.txt[.doubleclick.net/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\uwlki1jv.default\cookies.txt[.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\ba2txnr2.default\cookies.txt[.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
00145433 Cookie/Mammamediasolutions TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\ba2txnr2.default\cookies.txt[.targetnet.com/]
00145433 Cookie/Mammamediasolutions TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
00145433 Cookie/Mammamediasolutions TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\ba2txnr2.default\cookies.txt[.targetnet.com/]
00145453 Cookie/Bfast TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\uwlki1jv.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\ba2txnr2.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\uwlki1jv.default\cookies.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\ba2txnr2.default\cookies.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\ba2txnr2.default\cookies.txt[.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\uwlki1jv.default\cookies.txt[.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\uwlki1jv.default\cookies.txt[.mediaplex.com/]
00145770 Cookie/CentrPort TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
00145881 Cookie/NewMedia TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
00147796 Cookie/Entrepreneur TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
00149064 Cookie/Maxserving TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
00149064 Cookie/Maxserving TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\ba2txnr2.default\cookies.txt[.maxserving.com/]
00149064 Cookie/Maxserving TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\uwlki1jv.default\cookies.txt[.maxserving.com/]
00149064 Cookie/Maxserving TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
00152401 Cookie/Belnk TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
00167430 Cookie/myaffiliateprogram TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
00167430 Cookie/myaffiliateprogram TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\ba2txnr2.default\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
00167665 Cookie/Clicktracks TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
00167672 Cookie/DomainSponsor TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
00167724 Cookie/HotLog TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
00167730 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
00167730 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\ba2txnr2.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\uwlki1jv.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\ba2txnr2.default\cookies.txt[.statcounter.com/]
00167760 Cookie/Hitslink TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
00167778 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
00167795 Cookie/Cd Freaks TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\uwlki1jv.default\cookies.txt[.perf.overture.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\ba2txnr2.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\ba2txnr2.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\uwlki1jv.default\cookies.txt[.ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\uwlki1jv.default\cookies.txt[.ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\uwlki1jv.default\cookies.txt[.ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\ba2txnr2.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\ba2txnr2.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\ba2txnr2.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\ba2txnr2.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\ba2txnr2.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\uwlki1jv.default\cookies.txt[.apmebf.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\ba2txnr2.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\uwlki1jv.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\ba2txnr2.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\uwlki1jv.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\ba2txnr2.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\uwlki1jv.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\uwlki1jv.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\ba2txnr2.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\uwlki1jv.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\ba2txnr2.default\cookies.txt[.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
00168101 Cookie/Falkag TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
00168105 Cookie/Cd Freaks TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\uwlki1jv.default\cookies.txt[.server.iad.liveperson.net/hc/23635342]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\uwlki1jv.default\cookies.txt[.server.iad.liveperson.net/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\uwlki1jv.default\cookies.txt[.server.iad.liveperson.net/hc/41409448]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\uwlki1jv.default\cookies.txt[.server.iad.liveperson.net/hc/41409448]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\uwlki1jv.default\cookies.txt[.server.iad.liveperson.net/hc/23635342]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\uwlki1jv.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\uwlki1jv.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\uwlki1jv.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\ba2txnr2.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected]ertising[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\uwlki1jv.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\ba2txnr2.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\ba2txnr2.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\ba2txnr2.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\uwlki1jv.default\cookies.txt[.advertising.com/]
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
00170087 Cookie/Hbmediapro TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
00170087 Cookie/Hbmediapro TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\ba2txnr2.default\cookies.txt[statse.webtrendslive.com/]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\ba2txnr2.default\cookies.txt[.statse.webtrendslive.com/]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\ba2txnr2.default\cookies.txt[.statse.webtrendslive.com/S126079]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\uwlki1jv.default\cookies.txt[.statse.webtrendslive.com/]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][8].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\uwlki1jv.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\uwlki1jv.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\uwlki1jv.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\uwlki1jv.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
00170550 Cookie/Humanclick TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
00170550 Cookie/Humanclick TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\uwlki1jv.default\cookies.txt[.hc2.humanclick.com/]
00170550 Cookie/Humanclick TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\uwlki1jv.default\cookies.txt[.hc2.humanclick.com/hc/88277737]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\uwlki1jv.default\cookies.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\uwlki1jv.default\cookies.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\ba2txnr2.default\cookies.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\uwlki1jv.default\cookies.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\uwlki1jv.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\uwlki1jv.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\uwlki1jv.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\ba2txnr2.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\ba2txnr2.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\uwlki1jv.default\cookies.txt[.questionmarket.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\ba2txnr2.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\ba2txnr2.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\ba2txnr2.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\uwlki1jv.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\ba2txnr2.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\ba2txnr2.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\uwlki1jv.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
00182104 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
00182104 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\ba2txnr2.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\ba2txnr2.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\ba2txnr2.default\cookies.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\ba2txnr2.default\cookies.txt[.adultfriendfinder.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\ba2txnr2.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\ba2txnr2.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
00199983 Cookie/Valueclick TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\uwlki1jv.default\cookies.txt[.valueclick.com/]
00199983 Cookie/Valueclick TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\uwlki1jv.default\cookies.txt[.searchportal.information.com/]
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\ba2txnr2.default\cookies.txt[.searchportal.information.com/]
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\uwlki1jv.default\cookies.txt[.target.com/]
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\uwlki1jv.default\cookies.txt[.target.com/]
00207712 Cookie/360i TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
00207712 Cookie/360i TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Users\Amy\AppData\Roaming\Mic
  • 0

#13
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Sorry about that it will run on Vista I need to update my instructions.

Anyway go ahead and delete your cookies.
============================
Time for some housekeeping
  • Click START then Search then type in RUN
  • Now type Combofix /u in the runbox and click OK

  • Posted Image

Doing this unistalls Combofix and does the following:

  • Deletes ComboFix and its associated files and folders.
  • Deletes VundoFix backups, if present
  • Deletes the C:\Deckard folder, if present
  • Deletes the C:_OtMoveIt folder, if present
  • Resets the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Clean System Restore points.

Also delete\uninstall anything that we used that is left over.
=============================================
After that please update your Java:
Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Ugrading Java:After that
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
=============================
After that Your log is clean. :)

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein ->Here
  • 0

#14
thejomo

thejomo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Programs unistalled; cookies cleared out; most recent version of Java installed; older versions of Java unistalled.

Appreciate all your help! Thank you. One last request, if possible can you give me a summary of what we actually did? Just curious as to what you were seeing the logs and what we were removing from the system.

Thanks again,
Joe

Edited by thejomo, 16 March 2008 - 07:06 AM.

  • 0

#15
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Combofix and dss can see things that were recently downloaded and hidden files that are not normally shown in most logs.
I anylized what was in the logs and deleted the bad files.
The routing.exe and perfmons.exe are also services so that when you delete the files without deleting the services it will reappear.

That is why you had troubles originally plus it brings more files that are malware to your computer.

Hope that helps. :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP