Malwarebytes' Anti-Malware 1.11
Database version: 717
Scan type: Quick Scan
Objects scanned: 34260
Time elapsed: 6 minute(s), 47 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\Software\Mirar (AdWare.Mirar) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
SUPERAntiSpyware Scan Log
Generated 05/05/2008 at 05:51 AM
Application Version : 3.6.1000
Core Rules Database Version : 3452
Trace Rules Database Version: 1444
Scan type : Complete Scan
Total Scan Time : 01:55:53
Memory items scanned : 559
Memory threats detected : 0
Registry items scanned : 7004
Registry threats detected : 0
File items scanned : 157116
File threats detected : 17
Adware.Tracking Cookie
C:\Documents and Settings\Paul\Cookies\[email protected][1].txt
C:\Documents and Settings\Paul\Cookies\paul@doubleclick[1].txt
C:\Documents and Settings\Paul\Cookies\paul@kontera[2].txt
C:\Documents and Settings\Paul\Cookies\[email protected][1].txt
C:\Documents and Settings\Paul\Cookies\paul@tacoda[2].txt
C:\Documents and Settings\Paul\Cookies\paul@advertising[2].txt
C:\Documents and Settings\Paul\Cookies\[email protected][1].txt
C:\Documents and Settings\Paul\Cookies\paul@zedo[1].txt
C:\Documents and Settings\Paul\Cookies\paul@mediaplex[1].txt
C:\Documents and Settings\Paul\Cookies\[email protected][3].txt
C:\Documents and Settings\Paul\Cookies\paul@revsci[2].txt
C:\Documents and Settings\Paul\Cookies\paul@bfast[2].txt
C:\Documents and Settings\Paul\Cookies\paul@fastclick[1].txt
C:\Documents and Settings\Paul\Cookies\paul@apmebf[1].txt
C:\Documents and Settings\Paul\Cookies\[email protected][2].txt
C:\Documents and Settings\Paul\Cookies\paul@advertising[1].txt
C:\Documents and Settings\Paul\Cookies\paul@revsci[1].txt
Panda Active Scan
;*******************************************************************************
********************************************************************************
*
*******************
ANALYSIS: 2008-05-06 23:21:59
PROTECTIONS: 1
MALWARE: 35
SUSPECTS: 0
;*******************************************************************************
********************************************************************************
*
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
================================================================================
=
===================
AVG 7.5.524 7.5.524 Yes Yes
;===============================================================================
================================================================================
=
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
================================================================================
=
===================
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Paul\Cookies\paul@casalemedia[8].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\paul@doubleclick[2].txt.msd
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\paul@doubleclick[1].txt.msd
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\paul@doubleclick[3].txt.msd
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Paul\Cookies\paul@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\paul@atdmt[2].txt.msd
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\paul@atdmt[3].txt.msd
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Paul\Cookies\paul@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\56IE47F6e8E1paul@atdmt[3].txt.msd
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\eaC5G5Ba1jB7paul@atdmt[2].txt.msd
00139535 Application/Processor HackTools No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP232\A0025957.exe[smitRem/Process.exe]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\d436ECfg4428paul@247realmedia[1].txt.msd
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\paul@247realmedia[2].txt.msd
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Paul\Cookies\paul@247realmedia[1].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\paul@247realmedia[1].txt.msd
00145453 Cookie/Bfast TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\paul@bfast[1].txt.msd
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\paul@fastclick[1].txt.msd
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\paul@fastclick[2].txt.msd
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\paul@fastclick[3].txt.msd
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Paul\Cookies\[email protected]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\paul@tribalfusion[2].txt.msd
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\paul@tribalfusion[3].txt.msd
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\paul@tribalfusion[1].txt.msd
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Paul\Cookies\paul@tribalfusion[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\paul@mediaplex[3].txt.msd
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Paul\Cookies\paul@mediaplex[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\paul@mediaplex[1].txt.msd
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\paul@mediaplex[2].txt.msd
00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\paul@linksynergy[2].txt.msd
00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\paul@linksynergy[3].txt.msd
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Paul\Cookies\paul@com[1].txt
00167744 Cookie/GoStats TrackingCookie No 0 Yes No C:\Documents and Settings\Paul\Cookies\paul@gostats[2].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\7E5845H6d6BBpaul@statcounter[1].txt.msd
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\paul@statcounter[1].txt.msd
00167760 Cookie/Hitslink TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\[email protected][1].txt.msd
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\[email protected][1].txt.msd
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\[email protected][1].txt.msd
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Paul\Cookies\[email protected]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Paul\Cookies\[email protected]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Paul\Cookies\[email protected]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Paul\Cookies\[email protected]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Paul\Cookies\[email protected]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Paul\Cookies\paul@apmebf[5].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Paul\Cookies\paul@burstnet[3].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Paul\Cookies\[email protected][2].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Paul\Cookies\[email protected][2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\paul@advertising[1].txt.msd
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\[email protected][3].txt.msd
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\[email protected][2].txt.msd
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\[email protected][1].txt.msd
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Paul\Cookies\[email protected][3].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\[email protected][1].txt.msd
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\paul@overture[4].txt.msd
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\paul@overture[2].txt.msd
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\fd8222b8h857paul@overture[1].txt.msd
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Paul\Cookies\paul@overture[1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\paul@overture[1].txt.msd
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\paul@realmedia[3].txt.msd
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\paul@realmedia[1].txt.msd
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\paul@realmedia[4].txt.msd
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\paul@realmedia[8].txt.msd
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Paul\Cookies\paul@realmedia[3].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\paul@questionmarket[2].txt.msd
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Paul\Cookies\paul@questionmarket[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\paul@zedo[2].txt.msd
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\CBdF3Cj7cgicpaul@zedo[2].txt.msd
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Paul\Cookies\paul@zedo[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\paul@zedo[3].txt.msd
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Paul\Cookies\paul@bluestreak[5].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\paul@bluestreak[3].txt.msd
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\a9D2c44fIi3dpaul@bluestreak[3].txt.msd
00182104 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\[email protected][1].txt.msd
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Paul\Cookies\paul@adrevolver[2].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\aGei6E796f44paul@atwola[2].txt.msd
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\57J58EI35dc2paul@atwola[3].txt.msd
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\paul@atwola[1].txt.msd
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\paul@atwola[2].txt.msd
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\paul@atwola[3].txt.msd
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Paul\Cookies\paul@atwola[3].txt
00286734 Cookie/Adserver TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\[email protected][2].txt.msd
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\[email protected][2].txt.msd
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\[email protected][1].txt.msd
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\[email protected][2].txt.msd
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\[email protected][1].txt.msd
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\[email protected][3].txt.msd
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\Program Files\Hazard Shield\backups\[email protected][1].txt.msd
;===============================================================================
================================================================================
=
===================
SUSPECTS
Sent Location ?
;===============================================================================
================================================================================
=
===================
;===============================================================================
================================================================================
=
===================
VULNERABILITIES
Id Severity Description ?
;===============================================================================
================================================================================
=
===================
;===============================================================================
================================================================================
=
===================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:49:33 AM, on 5/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\hzrTray.exe
C:\Program Files\Lexmark 7300 Series\lxcimon.exe
C:\Program Files\Lexmark 7300 Series\ezprint.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\hzrController.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\hzrService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AOL 9.1\waol.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\lxcicoms.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AOL 9.1\shellmon.exe
C:\Program Files\Common Files\AOL\1197692180\ee\aolsoftware.exe
c:\program files\common files\aol\1197692180\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1197692180\ee\aolsoftware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1071212
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://middlegeorgia.cox.net/cci/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1071212
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Hazard Shield] C:\WINDOWS\system32\hzrTray.exe
O4 - HKLM\..\Run: [lxcimon.exe] "C:\Program Files\Lexmark 7300 Series\lxcimon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7300 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCICATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCItime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX 5.5 Basic) - http://www.bestmark....ort/ScriptX.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinn...GamesLoader.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1197693557968
O16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} (UnagiAx Class) - http://radaol-prod-w...agi3.0.84.2.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinn...v46/sol/sol.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineco...loadcontrol.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadbl...ivex/sabspx.cab
O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} (DinerDash Control) - http://www.worldwinn...h/dinerdash.cab
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - http://www.worldwinn.../familyfeud.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O20 - AppInit_DLLs:
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: HazardShield - Unknown owner - C:\WINDOWS\system32\hzrController.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxci_device - - C:\WINDOWS\system32\lxcicoms.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 12702 bytes
Uninstall List
AI RoboForm (All Users)
Baseball Mogul 2007
Easy Uninstaller
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.0 Service Pack 1
Panda ActiveScan 2.0
SUPERAntiSpyware Free Edition
Update for Windows XP (KB920342)
Windows Presentation Foundation
Edited by dalejrfan5874, 07 May 2008 - 06:12 AM.