Ok, a few questions. First, what is the best antivirus software to use for a laptop for internet security and for the computer itself? Second, I do not know how I got it but I did. Must have ben when my avast program was down. When i'm watching a movie or on the web I get the sound of an add that plays. Even when im out of the internet it plays once in a while. At other times an add itself will popup. I have done scans but they do not detect it, is it adware? And how do I get rid of this nonsense?
anti virus software
- Thread starter illius
- Start date
What programs did you use to scan?
If you haven't used malwarebytes please do so now.
Please download Malwarebytes' Anti-Malware from here or here and save it to your desktop.
Download the HijackThis installer from here.
Run the installer and choose Install, indicating that you accept the licence agreement. The installer will place a shortcut on your desktop and launch HijackThis.
Click Do a system scan and save a logfile
Most of what HijackThis lists will be harmless or even essential, don't fix anything yet.
Post the logfile that HijackThis produces along with the Malwarebytes Anti-Malware log
If you haven't used malwarebytes please do so now.
Please download Malwarebytes' Anti-Malware from here or here and save it to your desktop.
- Double-click mbam-setup.exe and follow the prompts to install the program.
- At the end, be sure a checkmark is placed next to
- Update Malwarebytes' Anti-Malware
- and Launch Malwarebytes' Anti-Malware
- then click Finish.
- If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
- Once the program has loaded, select Perform quick scan, then click Scan.
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is checked, and click Remove Selected.
- A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware
Download the HijackThis installer from here.
Run the installer and choose Install, indicating that you accept the licence agreement. The installer will place a shortcut on your desktop and launch HijackThis.
Click Do a system scan and save a logfile
Most of what HijackThis lists will be harmless or even essential, don't fix anything yet.
Post the logfile that HijackThis produces along with the Malwarebytes Anti-Malware log
Ok, did a scan and it does not look too good. Here are the logs.
malware program-
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4395
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
8/5/2010 2:00:24 PM
mbam-log-2010-08-05 (14-00-24).txt
Scan type: Quick scan
Objects scanned: 132169
Time elapsed: 6 minute(s), 45 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 4
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rpzlticgatl (Trojan.Agent) -> No action taken.
Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Users\Matthew Litke\AppData\Local\Temp\9234.exe (Adware.BHO) -> No action taken.
C:\Users\Matthew Litke\AppData\Local\Temp\trc3ns.exe (Virus.Agent) -> No action taken.
C:\Users\Matthew Litke\AppData\Local\Temp\svchost.exe (Trojan.Agent) -> No action taken.
C:\Windows\System32\olozenwephst.dll (Trojan.Agent) -> No action taken.
Hijack this-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:01:21 PM, on 8/5/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Windows\PLFSetI.exe
C:\Program Files (x86)\Lexmark 1300 Series\lxdcamon.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Windows\SysWOW64\regsvr32.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_7741&r=273607105106l0458z1l5t4531p200
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_7741&r=273607105106l0458z1l5t4531p200
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_7741&r=273607105106l0458z1l5t4531p200
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_7741&r=273607105106l0458z1l5t4531p200
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: cashtitan browser enhancer - {7459CD38-1D58-BEAD-62E8-9ED9AEF15D82} - C:\Windows\SysWow64\olozenwephst.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [rpzlticgatl] C:\Windows\System32\regsvr32.exe /s "C:\Windows\system32\olozenwephst.dll"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O13 - Gopher Prefix:
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Firewall - ALWIL Software - C:\Program Files\Alwil Software\Avast5\afwServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Manager for Adobe Products (FLEXnet Licensing Manager) - - C:\Windows\system\regsrv.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: lxdcCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\x64\3\\lxdcserv.exe
O23 - Service: lxdc_device - - C:\Windows\system32\lxdccoms.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 13421 bytes
Ok, now what does all this stuff mean? I have avast internet security and spyware doctor But none of those gave me any issues when doing a scan. Thank you for the links by the way. Here is the malware log after removing the checked:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4395
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
8/5/2010 2:12:13 PM
mbam-log-2010-08-05 (14-12-13).txt
Scan type: Quick scan
Objects scanned: 132156
Time elapsed: 4 minute(s), 50 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 4
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rpzlticgatl (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Users\Matthew Litke\AppData\Local\Temp\9234.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\Users\Matthew Litke\AppData\Local\Temp\trc3ns.exe (Virus.Agent) -> Quarantined and deleted successfully.
C:\Users\Matthew Litke\AppData\Local\Temp\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\olozenwephst.dll (Trojan.Agent) -> Delete on reboot.
malware program-
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4395
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
8/5/2010 2:00:24 PM
mbam-log-2010-08-05 (14-00-24).txt
Scan type: Quick scan
Objects scanned: 132169
Time elapsed: 6 minute(s), 45 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 4
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rpzlticgatl (Trojan.Agent) -> No action taken.
Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Users\Matthew Litke\AppData\Local\Temp\9234.exe (Adware.BHO) -> No action taken.
C:\Users\Matthew Litke\AppData\Local\Temp\trc3ns.exe (Virus.Agent) -> No action taken.
C:\Users\Matthew Litke\AppData\Local\Temp\svchost.exe (Trojan.Agent) -> No action taken.
C:\Windows\System32\olozenwephst.dll (Trojan.Agent) -> No action taken.
Hijack this-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:01:21 PM, on 8/5/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Windows\PLFSetI.exe
C:\Program Files (x86)\Lexmark 1300 Series\lxdcamon.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Windows\SysWOW64\regsvr32.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_7741&r=273607105106l0458z1l5t4531p200
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_7741&r=273607105106l0458z1l5t4531p200
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_7741&r=273607105106l0458z1l5t4531p200
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_7741&r=273607105106l0458z1l5t4531p200
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: cashtitan browser enhancer - {7459CD38-1D58-BEAD-62E8-9ED9AEF15D82} - C:\Windows\SysWow64\olozenwephst.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [rpzlticgatl] C:\Windows\System32\regsvr32.exe /s "C:\Windows\system32\olozenwephst.dll"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O13 - Gopher Prefix:
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Firewall - ALWIL Software - C:\Program Files\Alwil Software\Avast5\afwServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Manager for Adobe Products (FLEXnet Licensing Manager) - - C:\Windows\system\regsrv.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: lxdcCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\x64\3\\lxdcserv.exe
O23 - Service: lxdc_device - - C:\Windows\system32\lxdccoms.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 13421 bytes
Ok, now what does all this stuff mean? I have avast internet security and spyware doctor But none of those gave me any issues when doing a scan. Thank you for the links by the way. Here is the malware log after removing the checked:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4395
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
8/5/2010 2:12:13 PM
mbam-log-2010-08-05 (14-12-13).txt
Scan type: Quick scan
Objects scanned: 132156
Time elapsed: 4 minute(s), 50 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 4
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rpzlticgatl (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Users\Matthew Litke\AppData\Local\Temp\9234.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\Users\Matthew Litke\AppData\Local\Temp\trc3ns.exe (Virus.Agent) -> Quarantined and deleted successfully.
C:\Users\Matthew Litke\AppData\Local\Temp\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\olozenwephst.dll (Trojan.Agent) -> Delete on reboot.
Last edited:
You are still somewhat infected.
Please download and run superantispyware.
http://download.cnet.com/SuperAntiSpyware-Free-Edition/3000-8022_4-10523889.html
Please update it before running. When its done scanning have it remove whatever it finds. Then post the log by clicking on preferences on the main page and then click on the statistics/logs tab and then open the log and copy and paste back here.
It also seems you have some bad programs installed. Please provide me with an uninstall list using hijackthis.
Open hijackthis, click on open misc tools section, click on open uninstall manager, click on save list, then save it and then copy and paste it back here.
Please download and run superantispyware.
http://download.cnet.com/SuperAntiSpyware-Free-Edition/3000-8022_4-10523889.html
Please update it before running. When its done scanning have it remove whatever it finds. Then post the log by clicking on preferences on the main page and then click on the statistics/logs tab and then open the log and copy and paste back here.
It also seems you have some bad programs installed. Please provide me with an uninstall list using hijackthis.
Open hijackthis, click on open misc tools section, click on open uninstall manager, click on save list, then save it and then copy and paste it back here.
Thanks for the reply, here is the uninstall manager list and I will run the program you gave the link to, and save the log and post it.
µTorrent
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
7-Zip 4.57
Acer Backup Manager
Acer Crystal Eye webcam Ver:1.1.158.203
Acer ePower Management
Acer eRecovery Management
Acer Game Console
Acer Games
Acer Registration
Acer ScreenSaver
Acer Updater
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Community Help
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Media Player
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader 9.1 MUI
Alcor Micro USB Card Reader
ASIO4ALL
avast! Internet Security
Backup Manager Basic
Bejeweled 2 Deluxe
Blackhawk Striker 2
Bob the Builder Can-Do-Zoo
Browser Defender 2.0.6.15
Build-a-lot 2
Compatibility Pack for the 2007 Office system
CyberLink PowerDVD 10
CyberLink PowerDVD 10
Dungeons & Dragons Online ®: Eberron Unlimited ™ v01.12.00.803
Escape Rosecliff Island
eSobi v2
Faerie Solitaire
Fallout 3
FATE - The Traitor Soul
FL Studio 8
HijackThis 2.0.2
Identity Card
IL Download Manager
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Jewel Quest Solitaire 3
Junk Mail filter update
Launch Manager
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft Choice Guard
Microsoft Default Manager
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Monopoly
MSN Toolbar
MSN Toolbar Platform
MSVCRT
Mystery P.I. - Lost in Los Angeles
MyWinLocker
MyWinLocker Suite
MyWinLocker Suite
Norton Online Backup
NTI Backup Now 5
NTI Media Maker 8
Pando Media Booster
PDF Settings CS5
Penguins!
Plants vs. Zombies
PoiZone
Polar Bowler
Polar Golfer
Realtek High Definition Audio Driver
Scrabble Plus
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB982135)
Shredder
Spyware Doctor 7.0
Tagging System Cashtitan
The Price is Right
Toxic Biohazard
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974631)
Update for Microsoft Office Word 2007 Help (KB963665)
Virtual Families
Virtual Villagers - A New Home
VLC media player 1.1.0
Welcome Center
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Yahtzee
Zuma Deluxe
Alright, and for the superanit spyware program.
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 08/05/2010 at 09:08 PM
Application Version : 4.41.1000
Core Rules Database Version : 5324
Trace Rules Database Version: 3136
Scan type : Quick Scan
Total Scan Time : 00:21:21
Memory items scanned : 623
Memory threats detected : 0
Registry items scanned : 2806
Registry threats detected : 6
File items scanned : 16043
File threats detected : 203
Adware.Tracking Cookie
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\matthew_litke@specificmedia[2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\matthew_litke@questionmarket[1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\matthew_litke@interclick[2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\matthew_litke@adxpose[1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\matthew_litke@collective-media[2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\matthew_litke@media6degrees[1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\matthew_litke@atdmt[1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][9].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][7].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\matthew_litke@burstnet[1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\matthew_litke@serving-sys[1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\matthew_litke@adbrite[2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\matthew_litke@bannertgt[2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\matthew_litke@ru4[1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\matthew_litke@statcounter[1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\matthew_litke@edgeadx[1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\matthew_litke@2o7[1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\matthew_litke@adinterax[1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\matthew_litke@advertising[2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\matthew_litke@casalemedia[1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\matthew_litke@thefind[2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\matthew_litke@revsci[2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\matthew_litke@fastclick[2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\matthew_litke@backcountry[1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\matthew_litke@zedo[1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][6].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][4].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\matthew_litke@chitika[2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\matthew_litke@adxpansion[1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\matthew_litke@cltomedia[1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\matthew_litke@imrworldwide[2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\matthew_litke@trackeet[1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\matthew_litke@pointroll[1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\matthew_litke@legolas-media[1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\matthew_litke@specificclick[2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\matthew_litke@invitemedia[2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\matthew_litke@doubleclick[1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][8].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\matthew_litke@insightexpressai[1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\matthew_litke@eyewonder[1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\matthew_litke@apmebf[2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][5].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\matthew_litke@tacoda[1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\matthew_litke@mediaplex[2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
cdn4.specificclick.net [ C:\Users\Matthew Litke\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8RKQZZBD ]
media.scanscout.com [ C:\Users\Matthew Litke\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8RKQZZBD ]
media1.break.com [ C:\Users\Matthew Litke\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8RKQZZBD ]
objects.tremormedia.com [ C:\Users\Matthew Litke\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8RKQZZBD ]
secure-us.imrworldwide.com [ C:\Users\Matthew Litke\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8RKQZZBD ]
www.sexforums.com [ C:\Users\Matthew Litke\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8RKQZZBD ]
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adbrite[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@doubleclick[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@insightexpressai[1].txt
cdn4.specificclick.net [ C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\YJBH323X ]
core.insightexpressai.com [ C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\YJBH323X ]
media.scanscout.com [ C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\YJBH323X ]
media1.break.com [ C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\YJBH323X ]
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@dmtracker[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@realmedia[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@apmebf[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@chitika[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@burstnet[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adxpose[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@invitemedia[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@advertising[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@pointroll[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@serving-sys[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clicksor[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@questionmarket[3].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@imrworldwide[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@casalemedia[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@insightexpressai[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@edgeadx[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@chitika[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@invitemedia[3].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@nakedsoul[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@revsci[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bannertgt[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@marketingstatsmanager[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tacoda[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@trafficare[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@questionmarket[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clicksor[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@cheaphotelfinds[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@media6degrees[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@overture[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@zedo[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ru4[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adecn[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@cheaphotelfinds[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@pointclickhome[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@zedo[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@doubleclick[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@countrystate[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@pointroll[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@specificclick[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@yieldmanager[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mediaplex[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@statcounter[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@specificmedia[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@myroitracking[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@fastclick[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@atdmt[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@trafficmp[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adbrite[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@interclick[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@revenue[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@trafficrevenue[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@crackle[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@traveladvertising[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@collective-media[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@nakedsoul[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@trafficrevenue[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@insightexpressai[3].txt
Gezda/Gaggle Variant Worm Component
(x86) HKLM\System\ControlSet001\Services\FLEXnet Licensing Manager
C:\WINDOWS\SYSTEM\REGSRV.EXE
(x86) HKLM\System\ControlSet001\Enum\Root\LEGACY_FLEXnet Licensing Manager
(x86) HKLM\System\ControlSet002\Services\FLEXnet Licensing Manager
(x86) HKLM\System\ControlSet002\Enum\Root\LEGACY_FLEXnet Licensing Manager
(x86) HKLM\System\CurrentControlSet\Services\FLEXnet Licensing Manager
(x86) HKLM\System\CurrentControlSet\Enum\Root\LEGACY_FLEXnet Licensing Manager
Trojan.Agent/Gen-CDesc[Broad]
C:\WINDOWS\FIXUVC.EXE
µTorrent
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
7-Zip 4.57
Acer Backup Manager
Acer Crystal Eye webcam Ver:1.1.158.203
Acer ePower Management
Acer eRecovery Management
Acer Game Console
Acer Games
Acer Registration
Acer ScreenSaver
Acer Updater
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Community Help
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Media Player
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader 9.1 MUI
Alcor Micro USB Card Reader
ASIO4ALL
avast! Internet Security
Backup Manager Basic
Bejeweled 2 Deluxe
Blackhawk Striker 2
Bob the Builder Can-Do-Zoo
Browser Defender 2.0.6.15
Build-a-lot 2
Compatibility Pack for the 2007 Office system
CyberLink PowerDVD 10
CyberLink PowerDVD 10
Dungeons & Dragons Online ®: Eberron Unlimited ™ v01.12.00.803
Escape Rosecliff Island
eSobi v2
Faerie Solitaire
Fallout 3
FATE - The Traitor Soul
FL Studio 8
HijackThis 2.0.2
Identity Card
IL Download Manager
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Jewel Quest Solitaire 3
Junk Mail filter update
Launch Manager
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft Choice Guard
Microsoft Default Manager
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Monopoly
MSN Toolbar
MSN Toolbar Platform
MSVCRT
Mystery P.I. - Lost in Los Angeles
MyWinLocker
MyWinLocker Suite
MyWinLocker Suite
Norton Online Backup
NTI Backup Now 5
NTI Media Maker 8
Pando Media Booster
PDF Settings CS5
Penguins!
Plants vs. Zombies
PoiZone
Polar Bowler
Polar Golfer
Realtek High Definition Audio Driver
Scrabble Plus
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB982135)
Shredder
Spyware Doctor 7.0
Tagging System Cashtitan
The Price is Right
Toxic Biohazard
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974631)
Update for Microsoft Office Word 2007 Help (KB963665)
Virtual Families
Virtual Villagers - A New Home
VLC media player 1.1.0
Welcome Center
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Yahtzee
Zuma Deluxe
Alright, and for the superanit spyware program.
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 08/05/2010 at 09:08 PM
Application Version : 4.41.1000
Core Rules Database Version : 5324
Trace Rules Database Version: 3136
Scan type : Quick Scan
Total Scan Time : 00:21:21
Memory items scanned : 623
Memory threats detected : 0
Registry items scanned : 2806
Registry threats detected : 6
File items scanned : 16043
File threats detected : 203
Adware.Tracking Cookie
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\matthew_litke@specificmedia[2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\matthew_litke@questionmarket[1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\matthew_litke@interclick[2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\matthew_litke@adxpose[1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\matthew_litke@collective-media[2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\matthew_litke@media6degrees[1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\matthew_litke@atdmt[1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][9].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][7].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\matthew_litke@burstnet[1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\matthew_litke@serving-sys[1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\matthew_litke@adbrite[2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\matthew_litke@bannertgt[2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\matthew_litke@ru4[1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\matthew_litke@statcounter[1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\matthew_litke@edgeadx[1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\matthew_litke@2o7[1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\matthew_litke@adinterax[1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\matthew_litke@advertising[2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\matthew_litke@casalemedia[1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\matthew_litke@thefind[2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\matthew_litke@revsci[2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\matthew_litke@fastclick[2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\matthew_litke@backcountry[1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\matthew_litke@zedo[1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][6].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][4].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\matthew_litke@chitika[2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\matthew_litke@adxpansion[1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\matthew_litke@cltomedia[1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\matthew_litke@imrworldwide[2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\matthew_litke@trackeet[1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\matthew_litke@pointroll[1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\matthew_litke@legolas-media[1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\matthew_litke@specificclick[2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\matthew_litke@invitemedia[2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\matthew_litke@doubleclick[1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][8].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\matthew_litke@insightexpressai[1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\matthew_litke@eyewonder[1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\matthew_litke@apmebf[2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][5].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\matthew_litke@tacoda[1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\matthew_litke@mediaplex[2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Matthew Litke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
cdn4.specificclick.net [ C:\Users\Matthew Litke\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8RKQZZBD ]
media.scanscout.com [ C:\Users\Matthew Litke\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8RKQZZBD ]
media1.break.com [ C:\Users\Matthew Litke\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8RKQZZBD ]
objects.tremormedia.com [ C:\Users\Matthew Litke\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8RKQZZBD ]
secure-us.imrworldwide.com [ C:\Users\Matthew Litke\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8RKQZZBD ]
www.sexforums.com [ C:\Users\Matthew Litke\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8RKQZZBD ]
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adbrite[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@doubleclick[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@insightexpressai[1].txt
cdn4.specificclick.net [ C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\YJBH323X ]
core.insightexpressai.com [ C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\YJBH323X ]
media.scanscout.com [ C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\YJBH323X ]
media1.break.com [ C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\YJBH323X ]
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@dmtracker[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@realmedia[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@apmebf[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@chitika[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@burstnet[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adxpose[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@invitemedia[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@advertising[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@pointroll[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@serving-sys[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clicksor[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@questionmarket[3].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@imrworldwide[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@casalemedia[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@insightexpressai[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@edgeadx[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@chitika[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@invitemedia[3].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@nakedsoul[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@revsci[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bannertgt[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@marketingstatsmanager[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tacoda[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@trafficare[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@questionmarket[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clicksor[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@cheaphotelfinds[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@media6degrees[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@overture[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@zedo[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ru4[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adecn[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@cheaphotelfinds[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@pointclickhome[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@zedo[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@doubleclick[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@countrystate[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@pointroll[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@specificclick[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@yieldmanager[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mediaplex[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@statcounter[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@specificmedia[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@myroitracking[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@fastclick[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@atdmt[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@trafficmp[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adbrite[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@interclick[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@revenue[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@trafficrevenue[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@crackle[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@traveladvertising[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@collective-media[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@nakedsoul[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@trafficrevenue[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@insightexpressai[3].txt
Gezda/Gaggle Variant Worm Component
(x86) HKLM\System\ControlSet001\Services\FLEXnet Licensing Manager
C:\WINDOWS\SYSTEM\REGSRV.EXE
(x86) HKLM\System\ControlSet001\Enum\Root\LEGACY_FLEXnet Licensing Manager
(x86) HKLM\System\ControlSet002\Services\FLEXnet Licensing Manager
(x86) HKLM\System\ControlSet002\Enum\Root\LEGACY_FLEXnet Licensing Manager
(x86) HKLM\System\CurrentControlSet\Services\FLEXnet Licensing Manager
(x86) HKLM\System\CurrentControlSet\Enum\Root\LEGACY_FLEXnet Licensing Manager
Trojan.Agent/Gen-CDesc[Broad]
C:\WINDOWS\FIXUVC.EXE
Last edited: