Hi Chuck,
Below is the logs you requested EXCEPT now when I go to add/ delete programs it won't let me select and copy the list there. Any suggestions?
Dave
Malware log:
Microsoft Windows Vista Home Basic Service Pack 1
6.00 build 6001 Service Pack 1
Username: Wray Family
In groups: LOCAL Administrators Everyone Users None INTERACTIVE NTLM Authentication Authenticated Users Medium Mandatory Level This Organization
2009/01/25 09:33:34:962: Application Version: 1.9.3163.891
2009/01/25 09:33:34:966: Module Version: 1.0.3163.888
2009/01/25 09:33:34:966: Service Version: 1.0.3163.888
2009/01/25 09:33:34:966: ===============================================================
2009/01/25 09:33:34:967: Switching to PIERemote.
2009/01/25 09:33:34:967: Creating pipe: \\.\pipe\MalwareRemovalBot.service.communication
2009/01/25 09:33:34:988: Checking for bad run key.
2009/01/25 09:33:34:994: Windows directory: C:\Windows
2009/01/25 09:33:34:995: System directory: C:\Windows\system32
2009/01/25 09:33:34:995: Program Files directory: C:\Program Files
2009/01/25 09:33:34:995: Application Data: C:\Users\Wray Family\AppData\Roaming
2009/01/25 09:33:34:995: User Profile: C:\Users\Wray Family
2009/01/25 09:33:34:995: User Temp: C:\Users\WRAYFA~1\AppData\Local\Temp\
2009/01/25 09:33:34:995: Start Menu: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Start Menu
2009/01/25 09:33:34:995: User Desktop: C:\Users\Wray Family\Desktop
2009/01/25 09:33:34:995: Common Desktop: C:\Users\Public\Desktop
2009/01/25 09:33:34:995: Common Profile: C:\ProgramData
2009/01/25 09:33:34:996: SID set to: S-1-5-21-3681265779-323896581-920976360-1000
2009/01/25 09:33:36:104: version was called, but is not defined in this dll version.
2009/01/25 09:33:36:104: Database Version:
2009/01/25 09:33:36:106: version was called, but is not defined in this dll version.
2009/01/25 09:33:36:106: Database Version:
2009/01/25 09:33:36:982: Loading Scan Results...
2009/01/25 09:33:36:983: ResultAdded[8]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:985: ResultAdded[10]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:985: ResultAdded[39583]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:985: ResultAdded[17]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:985: ResultAdded[20]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:985: ResultAdded[609751]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:985: ResultAdded[525911]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:985: ResultAdded[582163]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:985: ResultAdded[50]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:985: ResultAdded[526114]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:985: ResultAdded[63]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:985: ResultAdded[66]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:985: ResultAdded[538634]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:985: ResultAdded[25147]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:985: ResultAdded[82]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:985: ResultAdded[102]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:985: ResultAdded[106]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:985: ResultAdded[109]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:985: ResultAdded[112]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:985: ResultAdded[113]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:986: ResultAdded[526841]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:986: ResultAdded[129]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:986: ResultAdded[621434]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:986: ResultAdded[154]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:986: ResultAdded[164]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:986: ResultAdded[203]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:986: ResultAdded[235]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:986: ResultAdded[526392]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:986: ResultAdded[327]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:986: ResultAdded[261]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:986: ResultAdded[619538]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:986: ResultAdded[292]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:986: ResultAdded[295]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:986: ResultAdded[316]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:986: ResultAdded[550076]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:986: ResultAdded[323]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:986: ResultAdded[582162]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:986: ResultAdded[582161]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:986: ResultAdded[609753]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:986: ResultAdded[25142]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:986: ResultAdded[526442]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:986: ResultAdded[404]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:986: ResultAdded[409]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:987: ResultAdded[526147]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:987: ResultAdded[464]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:987: ResultAdded[599226]: Adware, AdBand
2009/01/25 09:33:36:989: ResultAdded[599221]: Adware, AdBand
2009/01/25 09:33:36:989: ResultAdded[587216]: Adware, Agent
2009/01/25 09:33:36:989: ResultAdded[587212]: Adware, Agent
2009/01/25 09:33:36:989: ResultAdded[620415]: Adware, SmartShopper
2009/01/25 09:33:36:989: ResultAdded[620416]: Adware, SmartShopper
2009/01/25 09:33:36:989: ResultAdded[45426]: Adware, SmartShopper
2009/01/25 09:33:36:989: ResultAdded[45424]: Adware, SmartShopper
2009/01/25 09:33:36:989: ResultAdded[620432]: Adware, SmartShopper
2009/01/25 09:33:36:990: ResultAdded[45430]: Adware, SmartShopper
2009/01/25 09:33:36:990: ResultAdded[45432]: Adware, SmartShopper
2009/01/25 09:33:36:990: ResultAdded[365410]: Browser Helper Object, Malicious
2009/01/25 09:33:36:990: ResultAdded[373214]: Browser Helper Object, Malicious
2009/01/25 09:33:36:990: ResultAdded[528924]: Browser Helper Object, Malicious
2009/01/25 09:33:36:990: ResultAdded[528925]: Browser Helper Object, Malicious
2009/01/25 09:33:36:991: ResultAdded[44354]: Browser Helper Object, My Web Search
2009/01/25 09:33:36:991: ResultAdded[621101]: Downloader, Agent
2009/01/25 09:33:36:991: ResultAdded[621113]: Downloader, Agent
2009/01/25 09:33:36:992: ResultAdded[621117]: Downloader, Agent
2009/01/25 09:33:36:992: ResultAdded[621119]: Downloader, Agent
2009/01/25 09:33:36:992: ResultAdded[621120]: Downloader, Agent
2009/01/25 09:33:36:992: ResultAdded[389540]: Downloader, Delf
2009/01/25 09:33:36:992: ResultAdded[27405]: p2p, Grokster
2009/01/25 09:33:36:993: No command line.
2009/01/25 09:33:37:034: Parsing command line:
2009/01/25 09:33:37:034: launch
2009/01/25 09:33:37:037: OnitDialog...
2009/01/25 09:33:37:978: Checking for database update...
2009/01/25 09:33:43:308: Updating Security Center Info: MalwareRemovalBot, C:\Program Files\MalwareRemovalBot\MalwareRemovalBot.exe, 1, 1
2009/01/25 09:33:43:312: ConnectServer: service
2009/01/25 09:33:43:313: ExecQuery: pResults
2009/01/25 09:33:43:314: Next: 1
2009/01/25 09:33:43:314: Next: 1
2009/01/25 09:33:43:315: Found app's entry
2009/01/25 09:33:43:315: Put: displayName
2009/01/25 09:33:43:315: Put: productEnabled
2009/01/25 09:33:43:315: Put: productUptoDate
2009/01/25 09:33:43:316: PutInstance
2009/01/25 09:33:43:317: Done
2009/01/25 09:33:43:318: Database Version: 11.1.8 1231948693
2009/01/25 09:33:43:322: Setting Timer to Hide Splash
2009/01/25 09:33:43:824: Hiding Splash
2009/01/25 09:33:58:496: Database Version: 11.1.8 1231948693
2009/01/25 09:34:12:872: Driver check:
2009/01/25 09:34:12:872: SC manager open.
2009/01/25 09:34:12:872: MalwareRemovalBot not found. Attemping install.
2009/01/25 09:34:12:872: Checking for C:\Program Files\MalwareRemovalBot\FilterDrv\MalwareRemovalBot.inf
2009/01/25 09:34:12:873: StartDriver:
2009/01/25 09:34:12:873: This is a driver version.
2009/01/25 09:34:12:873: Channel: \AntiSpyFilter
2009/01/25 09:34:12:873: SC manager open.
2009/01/25 09:34:12:874: Driver is not connected.
2009/01/25 09:34:15:288: Database Version: 11.1.8 1231948693
2009/01/25 09:34:15:294: Database Version: 11.1.8 1231948693
2009/01/25 09:34:58:979: Saving scan results...
2009/01/25 09:34:58:990: Building result tree.
2009/01/25 09:35:53:084: Quarantining items: debug version 1.0
2009/01/25 09:35:53:084: Selecting quarantine folder: C:\Users\Wray Family\AppData\Roaming\MalwareRemovalBot\Quarantine\25-01-2009-09-35-53
2009/01/25 09:35:53:242: Thread created.
2009/01/25 09:35:53:245: PreQuarantine
2009/01/25 09:35:53:262: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@247realmedia[2].txt
2009/01/25 09:35:53:264: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@247realmedia[3].txt
2009/01/25 09:35:53:266: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@7search[2].txt
2009/01/25 09:35:53:269: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@ad.yieldmanager[1].txt
2009/01/25 09:35:53:270: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@iacas.adbureau[2].txt
2009/01/25 09:35:53:272: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@ads.addynamix[2].txt
2009/01/25 09:35:53:274: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@admagnet[1].txt
2009/01/25 09:35:53:276: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@admagnet[2].txt
2009/01/25 09:35:53:278: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@adopt.euroclick[1].txt
2009/01/25 09:35:53:280: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@ads.pointroll[1].txt
2009/01/25 09:35:53:283: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@ads.pointroll[2].txt
2009/01/25 09:35:53:285: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@adserver.adtechus[1].txt
2009/01/25 09:35:53:288: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@adserver.easyad[1].txt
2009/01/25 09:35:53:290: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@adserver.easyad[2].txt
2009/01/25 09:35:53:292: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@adshuffle[1].txt
2009/01/25 09:35:53:294: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@adshuffle[2].txt
2009/01/25 09:35:53:296: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@by.adshuffle[1].txt
2009/01/25 09:35:53:298: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@by.adshuffle[3].txt
2009/01/25 09:35:53:300: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@this.content.served.by.adshuffle[1].txt
2009/01/25 09:35:53:302: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@adtech[1].txt
2009/01/25 09:35:53:306: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@advertising.marketnetwork[1].txt
2009/01/25 09:35:53:309: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@advertising[2].txt
2009/01/25 09:35:53:311: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@apmebf[1].txt
2009/01/25 09:35:53:313: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@ask[2].txt
2009/01/25 09:35:53:315: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\low\wray_family@ask[1].txt
2009/01/25 09:35:53:317: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@atdmt[2].txt
2009/01/25 09:35:53:318: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@bizrate[2].txt
2009/01/25 09:35:53:321: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@bluestreak[1].txt
2009/01/25 09:35:53:323: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@bravenet[1].txt
2009/01/25 09:35:53:325: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@bravenet[2].txt
2009/01/25 09:35:53:329: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@bs.serving-sys[1].txt
2009/01/25 09:35:53:358: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@bs.serving-sys[2].txt
2009/01/25 09:35:53:360: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@bet.burstnet[1].txt
2009/01/25 09:35:53:362: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@bet.burstnet[2].txt
2009/01/25 09:35:53:364: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@burstnet[2].txt
2009/01/25 09:35:53:366: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@burstnet[3].txt
2009/01/25 09:35:53:368: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@www.burstnet[2].txt
2009/01/25 09:35:53:370: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@serw.clicksor[1].txt
2009/01/25 09:35:53:372: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@www.clickxchange[1].txt
2009/01/25 09:35:53:374: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@content.yieldmanager.edgesuite[1].txt
2009/01/25 09:35:53:378: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@content.yieldmanager[1].txt
2009/01/25 09:35:53:380: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@content.yieldmanager[2].txt
2009/01/25 09:35:53:418: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@content.yieldmanager[4].txt
2009/01/25 09:35:53:420: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@content.yieldmanager[5].txt
2009/01/25 09:35:53:422: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@doubleclick[2].txt
2009/01/25 09:35:53:424: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@ehg-bestbuy.hitbox[1].txt
2009/01/25 09:35:53:426: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@fastclick[1].txt
2009/01/25 09:35:53:428: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@fastclick[2].txt
2009/01/25 09:35:53:430: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@fastclick[3].txt
2009/01/25 09:35:53:432: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@hypertracker[2].txt
2009/01/25 09:35:53:435: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@imiclk[1].txt
2009/01/25 09:35:53:438: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@imrworldwide[2].txt
2009/01/25 09:35:53:481: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@imrworldwide[3].txt
2009/01/25 09:35:53:492: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@looksmart[2].txt
2009/01/25 09:35:53:494: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@looksmart[3].txt
2009/01/25 09:35:53:496: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@media6degrees[1].txt
2009/01/25 09:35:53:498: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@media6degrees[2].txt
2009/01/25 09:35:53:500: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@media6degrees[3].txt
2009/01/25 09:35:53:502: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@stat.onestat[2].txt
2009/01/25 09:35:53:504: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@overture[2].txt
2009/01/25 09:35:53:508: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@overture[3].txt
2009/01/25 09:35:53:510: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@pricegrabber[2].txt
2009/01/25 09:35:53:512: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@quantserve[2].txt
2009/01/25 09:35:53:530: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@realmedia[1].txt
2009/01/25 09:35:53:532: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@rotator.adjuggler[1].txt
2009/01/25 09:35:53:535: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@rotator.its.adjuggler[1].txt
2009/01/25 09:35:53:537: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@rotator.its.adjuggler[2].txt
2009/01/25 09:35:53:539: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@rotator.its.adjuggler[3].txt
2009/01/25 09:35:53:541: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@servedby.topqualityads[2].txt
2009/01/25 09:35:53:543: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@serving-sys[1].txt
2009/01/25 09:35:53:546: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@serving-sys[2].txt
2009/01/25 09:35:53:548: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@tacoda[1].txt
2009/01/25 09:35:53:550: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@cms.trafficmp[2].txt
2009/01/25 09:35:53:565: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@trafficmp[1].txt
2009/01/25 09:35:53:567: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@trafficmp[2].txt
2009/01/25 09:35:53:568: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@tribalfusion[1].txt
2009/01/25 09:35:53:570: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@tribalfusion[2].txt
2009/01/25 09:35:53:573: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@voicefive[2].txt
2009/01/25 09:35:53:575: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@zedo[2].txt
2009/01/25 09:35:53:577: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@zedo[3].txt
2009/01/25 09:35:53:580: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@zedo[4].txt
2009/01/25 09:35:53:582: Directory item: Path: C:\Program Files\vnrblock
2009/01/25 09:35:53:591: Regisry item: Path: hkey_current_user\software\vnrblock\Installed
2009/01/25 09:35:53:594: Regisry item: Path: hkey_current_user\software\vnrblock\aid
2009/01/25 09:35:53:613: Regisry item: Path: HKEY_CURRENT_USER\SOFTWARE\VNRBLOCK
2009/01/25 09:35:53:618: File item: Path: c:\program files\icheck\Uninstall.exe
2009/01/25 09:35:53:622: Directory item: Path: C:\Program Files\icheck
2009/01/25 09:35:53:630: Regisry item: Path: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\icheck\DisplayName
2009/01/25 09:35:53:633: Regisry item: Path: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\icheck\UninstallString
2009/01/25 09:35:53:635: Regisry item: Path: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ICHECK
2009/01/25 09:35:53:640: Regisry item: Path: hkey_classes_root\smart-shopper.hbinfoband\clsid\
2009/01/25 09:35:53:643: Regisry item: Path: HKEY_CLASSES_ROOT\SMART-SHOPPER.HBINFOBAND\CLSID
2009/01/25 09:35:53:645: Regisry item: Path: hkey_classes_root\smart-shopper.hbinfoband\curver\
2009/01/25 09:35:53:647: Regisry item: Path: HKEY_CLASSES_ROOT\SMART-SHOPPER.HBINFOBAND\CURVER
2009/01/25 09:35:53:650: Regisry item: Path: hkey_classes_root\smart-shopper.hbinfoband\
2009/01/25 09:35:53:652: Regisry item: Path: HKEY_CLASSES_ROOT\SMART-SHOPPER.HBINFOBAND
2009/01/25 09:35:53:655: Regisry item: Path: hkey_classes_root\smart-shopper.hbinfoband.1\clsid\
2009/01/25 09:35:53:658: Regisry item: Path: HKEY_CLASSES_ROOT\SMART-SHOPPER.HBINFOBAND.1\CLSID
2009/01/25 09:35:53:660: Regisry item: Path: hkey_classes_root\smart-shopper.hbinfoband.1\
2009/01/25 09:35:53:662: Regisry item: Path: HKEY_CLASSES_ROOT\SMART-SHOPPER.HBINFOBAND.1
2009/01/25 09:35:53:667: Regisry item: Path: hkey_local_machine\software\microsoft\internet explorer\extensions\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bebf}\Default Visible
2009/01/25 09:35:53:670: Regisry item: Path: hkey_local_machine\software\microsoft\internet explorer\extensions\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bebf}\ButtonText
2009/01/25 09:35:53:673: Regisry item: Path: hkey_local_machine\software\microsoft\internet explorer\extensions\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bebf}\HotIcon
2009/01/25 09:35:53:676: Regisry item: Path: hkey_local_machine\software\microsoft\internet explorer\extensions\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bebf}\Icon
2009/01/25 09:35:53:679: Regisry item: Path: hkey_local_machine\software\microsoft\internet explorer\extensions\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bebf}\CLSID
2009/01/25 09:35:53:682: Regisry item: Path: hkey_local_machine\software\microsoft\internet explorer\extensions\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bebf}\ClsidExtension
2009/01/25 09:35:53:685: Regisry item: Path: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EXTENSIONS\{3CC3D8FE-F0E0-4DD1-A69A-8C56BCC7BEBF}
2009/01/25 09:35:53:687: Regisry item: Path: hkey_local_machine\software\microsoft\internet explorer\extensions\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bec0}\Default Visible
2009/01/25 09:35:53:690: Regisry item: Path: hkey_local_machine\software\microsoft\internet explorer\extensions\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bec0}\ButtonText
2009/01/25 09:35:53:693: Regisry item: Path: hkey_local_machine\software\microsoft\internet explorer\extensions\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bec0}\HotIcon
2009/01/25 09:35:53:697: Regisry item: Path: hkey_local_machine\software\microsoft\internet explorer\extensions\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bec0}\Icon
2009/01/25 09:35:53:715: Regisry item: Path: hkey_local_machine\software\microsoft\internet explorer\extensions\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bec0}\CLSID
2009/01/25 09:35:53:719: Regisry item: Path: hkey_local_machine\software\microsoft\internet explorer\extensions\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bec0}\ClsidExtension
2009/01/25 09:35:53:723: Regisry item: Path: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EXTENSIONS\{3CC3D8FE-F0E0-4DD1-A69A-8C56BCC7BEC0}
2009/01/25 09:35:53:726: Regisry item: Path: hkey_local_machine\software\smart-shopper\affid
2009/01/25 09:35:53:729: Regisry item: Path: hkey_local_machine\software\smart-shopper\Version
2009/01/25 09:35:53:732: Regisry item: Path: hkey_local_machine\software\smart-shopper\ProductName
2009/01/25 09:35:53:734: Regisry item: Path: hkey_local_machine\software\smart-shopper\SG_Not_Set
2009/01/25 09:35:53:737: Regisry item: Path: hkey_local_machine\software\smart-shopper\ie_user_agent
2009/01/25 09:35:53:740: Regisry item: Path: hkey_local_machine\software\smart-shopper\usr_RCT
2009/01/25 09:35:53:745: Regisry item: Path: HKEY_LOCAL_MACHINE\SOFTWARE\SMART-SHOPPER
2009/01/25 09:35:53:748: Regisry item: Path: hkey_current_user\software\microsoft\windows\currentversion\ext\stats\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bebf}\iexplore\Type
2009/01/25 09:35:53:751: Regisry item: Path: hkey_current_user\software\microsoft\windows\currentversion\ext\stats\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bebf}\iexplore\Flags
2009/01/25 09:35:53:753: Regisry item: Path: hkey_current_user\software\microsoft\windows\currentversion\ext\stats\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bebf}\iexplore\Count
2009/01/25 09:35:53:757: Regisry item: Path: hkey_current_user\software\microsoft\windows\currentversion\ext\stats\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bebf}\iexplore\Time
2009/01/25 09:35:53:759: Regisry item: Path: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3CC3D8FE-F0E0-4DD1-A69A-8C56BCC7BEBF}\IEXPLORE
2009/01/25 09:35:53:762: Regisry item: Path: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3CC3D8FE-F0E0-4DD1-A69A-8C56BCC7BEBF}
2009/01/25 09:35:53:765: Regisry item: Path: hkey_current_user\software\microsoft\windows\currentversion\ext\stats\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bec0}\iexplore\Type
2009/01/25 09:35:53:768: Regisry item: Path: hkey_current_user\software\microsoft\windows\currentversion\ext\stats\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bec0}\iexplore\Flags
2009/01/25 09:35:53:770: Regisry item: Path: hkey_current_user\software\microsoft\windows\currentversion\ext\stats\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bec0}\iexplore\Count
2009/01/25 09:35:53:775: Regisry item: Path: hkey_current_user\software\microsoft\windows\currentversion\ext\stats\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bec0}\iexplore\Time
2009/01/25 09:35:53:778: Regisry item: Path: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3CC3D8FE-F0E0-4DD1-A69A-8C56BCC7BEC0}\IEXPLORE
2009/01/25 09:35:53:781: Regisry item: Path: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3CC3D8FE-F0E0-4DD1-A69A-8C56BCC7BEC0}
2009/01/25 09:35:53:783: Regisry item: Path: hkey_classes_root\clsid\{83a2f9b1-01a2-4aa5-87d1-45b6b8505e96}\inprocserver32\
2009/01/25 09:35:53:786: Regisry item: Path: hkey_classes_root\clsid\{83a2f9b1-01a2-4aa5-87d1-45b6b8505e96}\inprocserver32\ThreadingModel
2009/01/25 09:35:53:788: Regisry item: Path: HKEY_CLASSES_ROOT\CLSID\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}\INPROCSERVER32
2009/01/25 09:35:53:791: Regisry item: Path: hkey_classes_root\clsid\{83a2f9b1-01a2-4aa5-87d1-45b6b8505e96}\progid\
2009/01/25 09:35:53:794: Regisry item: Path: HKEY_CLASSES_ROOT\CLSID\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}\PROGID
2009/01/25 09:35:53:796: Regisry item: Path: HKEY_CLASSES_ROOT\CLSID\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}\PROGRAMMABLE
2009/01/25 09:35:53:799: Regisry item: Path: hkey_classes_root\clsid\{83a2f9b1-01a2-4aa5-87d1-45b6b8505e96}\typelib\
2009/01/25 09:35:53:803: Regisry item: Path: HKEY_CLASSES_ROOT\CLSID\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}\TYPELIB
2009/01/25 09:35:53:806: Regisry item: Path: hkey_classes_root\clsid\{83a2f9b1-01a2-4aa5-87d1-45b6b8505e96}\versionindependentprogid\
2009/01/25 09:35:53:810: Regisry item: Path: HKEY_CLASSES_ROOT\CLSID\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}\VERSIONINDEPENDENTPROGID
2009/01/25 09:35:53:812: Regisry item: Path: hkey_classes_root\clsid\{83a2f9b1-01a2-4aa5-87d1-45b6b8505e96}\
2009/01/25 09:35:53:815: Regisry item: Path: HKEY_CLASSES_ROOT\CLSID\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}
2009/01/25 09:35:53:817: Regisry item: Path: hkey_classes_root\clsid\{ca3eb689-8f09-4026-aa10-b9534c691ce0}\inprocserver32\
2009/01/25 09:35:53:820: Regisry item: Path: hkey_classes_root\clsid\{ca3eb689-8f09-4026-aa10-b9534c691ce0}\inprocserver32\ThreadingModel
2009/01/25 09:35:53:823: Regisry item: Path: HKEY_CLASSES_ROOT\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\INPROCSERVER32
2009/01/25 09:35:53:826: Regisry item: Path: hkey_classes_root\clsid\{ca3eb689-8f09-4026-aa10-b9534c691ce0}\progid\
2009/01/25 09:35:53:828: Regisry item: Path: HKEY_CLASSES_ROOT\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\PROGID
2009/01/25 09:35:53:832: Regisry item: Path: hkey_classes_root\clsid\{ca3eb689-8f09-4026-aa10-b9534c691ce0}\typelib\
2009/01/25 09:35:53:835: Regisry item: Path: HKEY_CLASSES_ROOT\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\TYPELIB
2009/01/25 09:35:53:837: Regisry item: Path: hkey_classes_root\clsid\{ca3eb689-8f09-4026-aa10-b9534c691ce0}\versionindependentprogid\
2009/01/25 09:35:53:840: Regisry item: Path: HKEY_CLASSES_ROOT\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\VERSIONINDEPENDENTPROGID
2009/01/25 09:35:53:843: Regisry item: Path: hkey_classes_root\clsid\{ca3eb689-8f09-4026-aa10-b9534c691ce0}\
2009/01/25 09:35:53:845: Regisry item: Path: HKEY_CLASSES_ROOT\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
2009/01/25 09:35:53:848: Regisry item: Path: hkey_current_user\software\microsoft\windows\currentversion\ext\stats\{83a2f9b1-01a2-4aa5-87d1-45b6b8505e96}\iexplore\Type
2009/01/25 09:35:53:851: Regisry item: Path: hkey_current_user\software\microsoft\windows\currentversion\ext\stats\{83a2f9b1-01a2-4aa5-87d1-45b6b8505e96}\iexplore\Flags
2009/01/25 09:35:53:853: Regisry item: Path: hkey_current_user\software\microsoft\windows\currentversion\ext\stats\{83a2f9b1-01a2-4aa5-87d1-45b6b8505e96}\iexplore\Count
2009/01/25 09:35:53:857: Regisry item: Path: hkey_current_user\software\microsoft\windows\currentversion\ext\stats\{83a2f9b1-01a2-4aa5-87d1-45b6b8505e96}\iexplore\Time
2009/01/25 09:35:53:862: Regisry item: Path: hkey_current_user\software\microsoft\windows\currentversion\ext\stats\{83a2f9b1-01a2-4aa5-87d1-45b6b8505e96}\iexplore\Blocked
2009/01/25 09:35:53:864: Regisry item: Path: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}\IEXPLORE
2009/01/25 09:35:53:867: Regisry item: Path: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}
2009/01/25 09:35:53:869: Regisry item: Path: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}
2009/01/25 09:35:53:873: Regisry item: Path: hkey_classes_root\clsid\{9afb8248-617f-460d-9366-d71cdeda3179}\treatas\
2009/01/25 09:35:53:875: Regisry item: Path: HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}\TREATAS
2009/01/25 09:35:53:878: Regisry item: Path: HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
2009/01/25 09:35:53:880: File item: Path: c:\program files\ietoolbar\eco bar\basis.xml
2009/01/25 09:35:54:001: File item: Path: c:\program files\ietoolbar\eco bar\ecobar.dll
2009/01/25 09:35:54:004: File item: Path: c:\program files\ietoolbar\eco bar\icons.bmp
2009/01/25 09:35:54:009: File item: Path: c:\program files\ietoolbar\eco bar\info.txt
2009/01/25 09:35:54:043: File item: Path: c:\program files\ietoolbar\eco bar\tbhelper.dll
2009/01/25 09:35:54:062: File item: Path: c:\program files\ietoolbar\eco bar\tbu05139\ecobar.dll
2009/01/25 09:35:54:069: File item: Path: c:\program files\ietoolbar\eco bar\tbu05139\uninstall.exe
2009/01/25 09:35:54:078: Directory item: Path: c:\program files\ietoolbar\eco bar\tbu05139
2009/01/25 09:35:54:166: File item: Path: c:\program files\ietoolbar\eco bar\uninstall.exe
2009/01/25 09:35:54:169: File item: Path: c:\program files\ietoolbar\eco bar\version.txt
2009/01/25 09:35:54:173: File item: Path: c:\program files\ietoolbar\eco bar\your_logo.png
2009/01/25 09:35:54:176: Directory item: Path: c:\program files\ietoolbar\ECO Bar
2009/01/25 09:35:54:183: Directory item: Path: C:\Program Files\ietoolbar
2009/01/25 09:35:54:196: Regisry item: Path: hkey_classes_root\interface\{4897bba6-48d9-468c-8efa-846275d7701b}\proxystubclsid\
2009/01/25 09:35:54:199: Regisry item: Path: HKEY_CLASSES_ROOT\INTERFACE\{4897BBA6-48D9-468C-8EFA-846275D7701B}\PROXYSTUBCLSID
2009/01/25 09:35:54:203: Regisry item: Path: hkey_classes_root\interface\{4897bba6-48d9-468c-8efa-846275d7701b}\proxystubclsid32\
2009/01/25 09:35:54:207: Regisry item: Path: HKEY_CLASSES_ROOT\INTERFACE\{4897BBA6-48D9-468C-8EFA-846275D7701B}\PROXYSTUBCLSID32
2009/01/25 09:35:54:213: Regisry item: Path: hkey_classes_root\interface\{4897bba6-48d9-468c-8efa-846275d7701b}\typelib\
2009/01/25 09:35:54:216: Regisry item: Path: hkey_classes_root\interface\{4897bba6-48d9-468c-8efa-846275d7701b}\typelib\Version
2009/01/25 09:35:54:220: Regisry item: Path: HKEY_CLASSES_ROOT\INTERFACE\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TYPELIB
2009/01/25 09:35:54:227: Regisry item: Path: hkey_classes_root\interface\{4897bba6-48d9-468c-8efa-846275d7701b}\
2009/01/25 09:35:54:231: Regisry item: Path: HKEY_CLASSES_ROOT\INTERFACE\{4897BBA6-48D9-468C-8EFA-846275D7701B}
2009/01/25 09:35:54:235: Regisry item: Path: hkey_classes_root\typelib\{4509d3cc-b642-4745-b030-645b79522c6d}\1.0\0\win32\
2009/01/25 09:35:54:242: Regisry item: Path: HKEY_CLASSES_ROOT\TYPELIB\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\0\WIN32
2009/01/25 09:35:54:245: Regisry item: Path: HKEY_CLASSES_ROOT\TYPELIB\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\0
2009/01/25 09:35:54:248: Regisry item: Path: hkey_classes_root\typelib\{4509d3cc-b642-4745-b030-645b79522c6d}\1.0\flags\
2009/01/25 09:35:54:251: Regisry item: Path: HKEY_CLASSES_ROOT\TYPELIB\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\FLAGS
2009/01/25 09:35:54:253: Regisry item: Path: hkey_classes_root\typelib\{4509d3cc-b642-4745-b030-645b79522c6d}\1.0\helpdir\
2009/01/25 09:35:54:277: Regisry item: Path: HKEY_CLASSES_ROOT\TYPELIB\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\HELPDIR
2009/01/25 09:35:54:280: Regisry item: Path: hkey_classes_root\typelib\{4509d3cc-b642-4745-b030-645b79522c6d}\1.0\
2009/01/25 09:35:54:283: Regisry item: Path: HKEY_CLASSES_ROOT\TYPELIB\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0
2009/01/25 09:35:54:286: Regisry item: Path: HKEY_CLASSES_ROOT\TYPELIB\{4509D3CC-B642-4745-B030-645B79522C6D}
2009/01/25 09:35:54:289: Regisry item: Path: hkey_classes_root\urlsearchhook.toolbarurlsearchhook\clsid\
2009/01/25 09:35:54:295: Regisry item: Path: HKEY_CLASSES_ROOT\URLSEARCHHOOK.TOOLBARURLSEARCHHOOK\CLSID
2009/01/25 09:35:54:298: Regisry item: Path: hkey_classes_root\urlsearchhook.toolbarurlsearchhook\
2009/01/25 09:35:54:302: Regisry item: Path: HKEY_CLASSES_ROOT\URLSEARCHHOOK.TOOLBARURLSEARCHHOOK
2009/01/25 09:35:54:308: Regisry item: Path: hkey_classes_root\urlsearchhook.toolbarurlsearchhook.1\clsid\
2009/01/25 09:35:54:311: Regisry item: Path: HKEY_CLASSES_ROOT\URLSEARCHHOOK.TOOLBARURLSEARCHHOOK.1\CLSID
2009/01/25 09:35:54:314: Regisry item: Path: hkey_classes_root\urlsearchhook.toolbarurlsearchhook.1\
2009/01/25 09:35:54:317: Regisry item: Path: HKEY_CLASSES_ROOT\URLSEARCHHOOK.TOOLBARURLSEARCHHOOK.1
2009/01/25 09:35:54:330: Regisry item: Path: hkey_local_machine\software\microsoft\windows\currentversion\run\remotecontrol
2009/01/25 09:35:54:335: Regisry item: Path: hkey_classes_root\magnet\defaulticon\
2009/01/25 09:35:54:338: Regisry item: Path: HKEY_CLASSES_ROOT\MAGNET\DEFAULTICON
2009/01/25 09:35:54:344: Regisry item: Path: hkey_classes_root\magnet\shell\open\command\
2009/01/25 09:35:54:347: Regisry item: Path: HKEY_CLASSES_ROOT\MAGNET\SHELL\OPEN\COMMAND
2009/01/25 09:35:54:350: Regisry item: Path: HKEY_CLASSES_ROOT\MAGNET\SHELL\OPEN
2009/01/25 09:35:54:353: Regisry item: Path: HKEY_CLASSES_ROOT\MAGNET\SHELL
2009/01/25 09:35:54:362: Regisry item: Path: hkey_classes_root\magnet\\
2009/01/25 09:35:54:365: Regisry item: Path: HKEY_CLASSES_ROOT\MAGNET\
2009/01/25 09:35:54:367: PostQuarantine
2009/01/25 09:35:54:367: Entering Permission Fix
2009/01/25 09:35:54:411: LSPFix v1.7: Running FixAll
2009/01/25 09:35:54:572: Database Version: 11.1.8 1231948693
2009/01/25 09:36:03:724: Database Version: 11.1.8 1231948693
2009/01/25 09:36:22:131: Database Version: 11.1.8 1231948693
2009/01/25 09:36:26:247: Database Version: 11.1.8 1231948693
2009/01/25 09:36:38:298: Database Version: 11.1.8 1231948693
HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:04:32 AM, on 25/01/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Shaw Secure\Common\FSM32.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Users\Wray Family\AppData\Local\etrmnmon\etrmnmon.exe
C:\Windows\System32\regsvr32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\MalwareRemovalBot\MalwareRemovalBot.exe
C:\Program Files\Pantone\huey\hueyTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\conime.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Shaw Secure\FSGUI\scanwizard.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://homepage.acer.com/rdr.aspx?b=ACA ... pire_m1640R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://homepage.acer.com/rdr.aspx?b=ACA ... pire_m1640R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://en.us.acer.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: EmailBHO - {647FD14A-C4F1-46F4-8FC3-0B40F54226F7} - C:\Program Files\jZip\WebmailPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: adsoftinc browser enhancer - {B7DA9462-6630-5AC2-EE70-437E4B6BF8D6} - C:\Windows\system32\ncvzmhfzhtzc.dll
O2 - BHO: adsoftinc - {b903080c-b4f0-d96c-1332-d22dddc6f61d} - C:\Windows\system32\nsm9B85.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Apanel] C:\ACERSW\config\SetApanel.cmd
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Shaw Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [etrmnmon] "C:\Users\Wray Family\AppData\Local\etrmnmon\etrmnmon.exe"
O4 - HKLM\..\Run: [wlaoscdeccqcv] C:\Windows\System32\regsvr32.exe /s "C:\Windows\system32\ncvzmhfzhtzc.dll"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MalwareRemovalBot] C:\Program Files\MalwareRemovalBot\MalwareRemovalBot.exe -boot
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ASETRES.EXE
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: hueyTray.lnk = C:\Program Files\Pantone\huey\hueyTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: CabBuilder -
http://kiw.imgag.com/imgag/kiw/toolbar/ ... ontrol.cabO20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Shaw Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Shaw Secure\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Shaw Secure\ORSP Client\fsorsp.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MalwareRemovalBot Scanning Engine (MalwareRemovalBotSrv) - Unknown owner - C:\Program Files\MalwareRemovalBot\MalwareRemovalBot.srv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 10906 bytes