Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

xp antivirus 2008 /pc-cleaner [RESOLVED]

Started by gciron1 , Aug 06 2008 08:25 AM

  • This topic is locked This topic is locked

#1
gciron1
Posted 06 August 2008 - 08:25 AM

gciron1

    Member

  • Member
  • PipPip
  • 41 posts
good morning all,

my computer had pc cleaner and pc anti virus 2008. the computer kept flashing dowload the program.
it made the computer go to a crawl. i tried to delete but had no luck. i tried using ms dos to delete but i do not think it is done. now when the computer reboots it will only go to 'safemode' and says it cannot boot properly.

i have read the posting on what to do prior to making a hijack this post.

downloaded ATF Cleaner = done
run atf cleaner = done

downloaded malware anti malware = done
ran malware anti malware = found 72 items in scan and cleaned all of them
re-run malware anti malware = found 1 in scan and cleaned it
re-run malware anti malware = found 0

thanks in advance.
  • 0

Advertisements

#2
greyknight17
Posted 10 August 2008 - 12:23 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Is this for the same computer you posted about a week ago?

Go to http://www.bleepingc...to-use-combofix and follow the instructions on how to install the Recovery Console and run ComboFix. Go through all the steps until posting the log part. Post the combofix log here.
  • 0

#3
gciron1
Posted 11 August 2008 - 08:36 AM

gciron1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
thank you for the reply, no it is not the same computer, it was my friend Dan's home computer, but he is not too good with computers. This computer is my computer. it has a problem now.. I read this sight often and try to fix my own stuff rather than post, sometimes i am able to fix quite a bit of the problems and other times i have not luck.

i am going to downloads combifix and will post the results
  • 0

#4
gciron1
Posted 11 August 2008 - 10:18 AM

gciron1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
here is the combofix

ComboFix 08-08-10.04 - Owner 2008-08-11 11:46:02.1 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\#SharedObjects\J75QAEME\interclick.com
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\#SharedObjects\J75QAEME\interclick.com\ud.sol
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Owner\ResErrors.log
C:\Program Files\internet optimizer
C:\Program Files\internet optimizer\sim\lg_1010_closed_32x32.ico
C:\Program Files\internet optimizer\sim\msbb.log
C:\Program Files\internet optimizer\sim\msbb_kyf.dat
C:\Program Files\internet optimizer\sim\msbbau.dat
C:\Program Files\internet optimizer\sim\msbbhook.dll
C:\WINDOWS\btgrab.dll
C:\WINDOWS\system32\5.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DHLP
-------\Legacy_SYSREST.SYS


((((((((((((((((((((((((( Files Created from 2008-07-11 to 2008-08-11 )))))))))))))))))))))))))))))))
.

2008-08-06 10:39 . 2008-08-06 10:39 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-08-06 10:39 . 2008-08-06 10:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-08-06 09:17 . 2008-08-06 09:17 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-06 09:17 . 2008-08-06 09:17 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-08-06 09:17 . 2008-08-06 09:17 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-08-06 09:17 . 2008-08-06 09:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-06 09:17 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-06 09:17 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-11 15:42 --------- d-----w C:\Documents and Settings\Owner\Application Data\AVG7
2008-08-06 14:11 --------- d-----w C:\Program Files\pygrajf
2008-08-06 13:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\lujulety
2004-05-07 20:08 61,224 ----a-w C:\Documents and Settings\Owner\GoToAssistDownloadHelper.exe
2004-03-17 19:34 108,904 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" [X]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 19:44 65536]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-05-30 01:21 868352]
"RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-05-22 19:36 319488]
"WorksFUD"="C:\Program Files\Microsoft Works\wkfud.exe" [2001-10-05 20:34 24576]
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2001-08-23 17:52 331830]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-17 00:41 28738]
"MoneyStartUp10.0"="C:\Program Files\Microsoft Money\System\Activation.exe" [2001-07-25 11:00 241714]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 17:28 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-10-18 12:58 278528]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-11-08 17:33 155648]
"ViewMgr"="C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe" [2004-11-12 13:24 106557]
"shsmart"="C:\WINDOWS\kxczafwz.exe" [2004-07-14 14:32 61440]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2004-08-03 12:24 579584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2004-08-03 12:24 219136]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
HotSync Manager.lnk - C:\Program Files\Palm\HOTSYNC.EXE [2003-09-25 11:47:12 299008]
PowerReg Scheduler.exe [2005-02-25 11:26:54 233472]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Dataviz Messenger.lnk - C:\WINDOWS\DvzCommon\DvzMsgr.exe [2003-07-01 22:16:46 24576]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 05:19:24 237568]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2001-08-07 19:06:54 24633]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=NVDESK32.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebSavingsfromEbates]
wjview [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Palm\\HOTSYNC.EXE"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2002-08-29 01:59]
S3 ChannelHandler;Channel Handler Service;C:\WINDOWS\system32\svchost.exe [2004-08-04 03:56]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ChannelHandler

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2008-08-11 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 17:39]

2006-08-08 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE [2004-12-14 13:24]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-MsnMsgr - C:\Program Files\MSN Messenger\MsnMsgr.Exe
HKLM-Run-mswspl - (no file)
HKLM-Run-POINTER - point32.exe
MSConfigStartUp-Bargains - C:\Program Files\Bargain Buddy\bin\bargains.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-11 11:54:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\BRSS01A.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\hpzipm12.exe
.
**************************************************************************
.
Completion time: 2008-08-11 12:03:07 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2008-08-11 16:03:01

Pre-Run: 4,090,486,784 bytes free
Post-Run: 4,131,475,456 bytes free

141
  • 0

#5
greyknight17
Posted 11 August 2008 - 07:10 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy the text from the quotebox below into Notepad:

File::
C:\WINDOWS\kxczafwz.exe
Folder::
C:\Program Files\pygrajf
C:\Documents and Settings\All Users\Application Data\lujulety
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"shsmart"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebSavingsfromEbates]

Save this as CFScript.txt in the same location as the ComboFix.exe tool.
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not click on combofix's window while it's running. That may cause it to stall.
  • 0

#6
gciron1
Posted 12 August 2008 - 06:55 AM

gciron1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
ComboFix 08-08-10.04 - Owner 2008-08-12 8:36:07.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.77 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\kxczafwz.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\lujulety
C:\Program Files\pygrajf
C:\WINDOWS\kxczafwz.exe

.
((((((((((((((((((((((((( Files Created from 2008-07-12 to 2008-08-12 )))))))))))))))))))))))))))))))
.

2008-08-12 07:41 . 2008-08-12 08:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-08-11 17:00 . 2008-06-13 09:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-08-06 10:39 . 2008-08-06 10:39 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-08-06 10:39 . 2008-08-06 10:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-08-06 09:17 . 2008-08-06 09:17 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-06 09:17 . 2008-08-06 09:17 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-08-06 09:17 . 2008-08-06 09:17 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-08-06 09:17 . 2008-08-06 09:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-06 09:17 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-06 09:17 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-12 12:34 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-12 12:32 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-08-12 12:32 --------- d-----w C:\Documents and Settings\Owner\Application Data\Roxio
2008-08-12 12:10 --------- d-----w C:\Program Files\Symantec
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2004-05-07 20:08 61,224 ----a-w C:\Documents and Settings\Owner\GoToAssistDownloadHelper.exe
2004-03-17 19:34 108,904 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( snapshot@2008-08-11_12.02.26.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-14 07:18:03 450,560 ----a-w C:\WINDOWS\$hf_mig$\KB942840\SP2QFE\jscript.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB942840\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB942840\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB942840\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB942840\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB942840\update\updspapi.dll
+ 2008-01-23 04:56:21 554,008 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\dao360.dll
+ 2007-12-10 12:41:11 518,944 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexch40.dll
+ 2007-12-10 12:41:11 326,432 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexcl40.dll
+ 2007-12-10 12:41:11 1,516,568 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjet40.dll
+ 2007-12-10 12:41:11 355,112 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjetol1.dll
+ 2008-03-27 07:39:13 151,583 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjint40.dll
+ 2007-12-10 12:41:12 60,192 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjter40.dll
+ 2007-12-10 12:41:12 248,608 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjtes40.dll
+ 2007-12-10 12:41:12 219,936 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msltus40.dll
+ 2007-12-10 12:41:12 355,104 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mspbde40.dll
+ 2007-12-10 12:41:13 432,928 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd2x40.dll
+ 2007-12-10 12:41:13 322,336 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd3x40.dll
+ 2007-12-10 12:41:13 559,904 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrepl40.dll
+ 2007-12-10 12:41:13 264,992 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mstext40.dll
+ 2007-12-10 12:41:13 838,432 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswdat10.dll
+ 2007-12-10 12:41:14 621,344 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswstr10.dll
+ 2007-12-10 12:41:14 355,104 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msxbde40.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB950749\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB950749\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\updspapi.dll
+ 2008-04-21 06:56:54 1,024,000 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\browseui.dll
+ 2008-04-21 06:56:54 151,040 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\cdfview.dll
+ 2008-04-21 06:56:55 1,054,208 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\danim.dll
+ 2008-04-21 06:56:55 357,888 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\dxtmsft.dll
+ 2008-04-21 06:56:55 205,312 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\dxtrans.dll
+ 2008-04-21 06:56:55 55,808 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\extmgr.dll
+ 2008-04-17 10:46:59 18,432 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\iedw.exe
+ 2008-04-21 06:56:56 251,904 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\iepeers.dll
+ 2008-04-21 06:56:56 96,256 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\inseng.dll
+ 2008-04-21 06:56:56 16,384 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\jsproxy.dll
+ 2008-04-21 06:56:57 3,066,880 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\mshtml.dll
+ 2008-04-21 06:56:57 449,024 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\mshtmled.dll
+ 2008-04-21 06:56:57 146,432 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\msrating.dll
+ 2008-04-21 06:56:58 532,480 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\mstime.dll
+ 2008-04-21 06:56:58 39,424 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\pngfilt.dll
+ 2008-04-21 06:56:58 1,499,136 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\shdocvw.dll
+ 2008-04-21 06:56:58 474,112 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\shlwapi.dll
+ 2008-04-21 06:56:58 618,496 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\urlmon.dll
+ 2008-04-21 06:56:59 666,624 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\wininet.dll
+ 2008-04-17 10:37:04 351,744 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\xpsp3res.dll
+ 2008-04-21 06:44:29 3,066,880 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP3GDR\mshtml.dll
+ 2008-04-21 06:44:29 666,112 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP3GDR\wininet.dll
+ 2008-04-21 06:24:01 3,067,392 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP3QFE\mshtml.dll
+ 2008-04-21 06:24:02 666,624 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP3QFE\wininet.dll
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB950759\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB950759\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB950759\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB950759\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB950759\update\updspapi.dll
+ 2008-05-07 04:55:40 1,288,192 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP2QFE\quartz.dll
+ 2008-05-07 05:12:40 1,288,192 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3GDR\quartz.dll
+ 2008-05-07 05:04:15 1,288,192 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3QFE\quartz.dll
+ 2007-11-30 11:18:51 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\updspapi.dll
+ 2006-08-16 12:08:32 100,352 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\6to4svc.dll
+ 2008-06-20 10:44:08 138,368 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys
+ 2008-06-20 17:36:11 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\dnsapi.dll
+ 2008-06-20 17:36:11 245,248 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
+ 2008-06-20 10:44:42 360,960 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
+ 2008-06-20 09:32:39 225,920 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip6.sys
+ 2008-06-20 11:40:08 138,496 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys
+ 2008-06-20 17:46:57 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\dnsapi.dll
+ 2008-06-20 17:46:57 245,248 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
+ 2008-06-20 11:51:12 361,600 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
+ 2008-06-20 11:08:27 225,856 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip6.sys
+ 2008-06-20 11:48:03 138,496 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
+ 2008-06-20 17:43:05 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\dnsapi.dll
+ 2008-06-20 17:43:05 245,248 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll
+ 2008-06-20 11:59:02 361,600 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
+ 2008-06-20 11:16:44 225,856 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip6.sys
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951748\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951748\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\spcustom.dll
+ 2007-11-30 12:39:18 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\update.exe
+ 2007-11-30 12:39:19 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\updspapi.dll
+ 2008-06-13 13:10:50 272,128 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
- 2004-08-04 07:56:41 100,352 ----a-w C:\WINDOWS\system32\6to4svc.dll
+ 2006-08-16 11:58:05 100,352 ----a-w C:\WINDOWS\system32\6to4svc.dll
- 2006-05-10 05:22:59 1,022,976 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2008-04-21 07:03:56 1,023,488 ----a-w C:\WINDOWS\system32\browseui.dll
- 2006-05-10 05:22:59 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 2008-04-21 07:03:56 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
- 2006-05-10 05:22:59 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
+ 2008-04-21 07:03:57 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
+ 2006-08-16 11:58:05 100,352 -c----w C:\WINDOWS\system32\dllcache\6to4svc.dll
+ 2008-06-20 10:44:38 138,368 -c----w C:\WINDOWS\system32\dllcache\afd.sys
- 2006-05-10 05:22:59 1,022,976 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll
+ 2008-04-21 07:03:56 1,023,488 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll
- 2006-05-10 05:22:59 151,040 -c----w C:\WINDOWS\system32\dllcache\cdfview.dll
+ 2008-04-21 07:03:56 151,040 -c----w C:\WINDOWS\system32\dllcache\cdfview.dll
- 2006-05-10 05:22:59 1,054,208 -c----w C:\WINDOWS\system32\dllcache\danim.dll
+ 2008-04-21 07:03:57 1,054,208 -c----w C:\WINDOWS\system32\dllcache\danim.dll
+ 2008-03-25 04:50:25 554,008 -c----w C:\WINDOWS\system32\dllcache\dao360.dll
- 2006-05-19 12:59:41 148,480 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2008-06-20 17:41:10 148,992 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
- 2006-05-10 05:22:59 357,888 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-04-21 07:03:57 357,888 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2006-05-10 05:22:59 205,312 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-04-21 07:03:57 205,312 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2006-05-10 05:22:59 55,808 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-04-21 07:03:57 55,808 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2006-05-09 11:00:37 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2008-04-17 10:52:54 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
- 2006-05-10 05:22:59 251,392 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2008-04-21 07:03:58 251,392 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
- 2006-05-10 05:22:59 96,256 -c----w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2008-04-21 07:03:58 96,256 -c----w C:\WINDOWS\system32\dllcache\inseng.dll
- 2006-05-18 05:24:25 450,560 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2007-11-14 07:26:56 450,560 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
- 2006-05-10 05:22:59 16,384 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-04-21 07:03:58 16,384 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-03-25 04:50:28 518,944 -c----w C:\WINDOWS\system32\dllcache\msexch40.dll
+ 2008-03-25 04:50:30 326,432 -c----w C:\WINDOWS\system32\dllcache\msexcl40.dll
- 2006-05-19 15:08:32 3,052,544 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-04-21 07:03:59 3,059,712 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2006-05-10 05:23:01 448,512 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-04-21 07:03:59 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-03-25 04:50:34 1,516,568 -c----w C:\WINDOWS\system32\dllcache\msjet40.dll
+ 2008-03-25 04:50:40 355,112 -c----w C:\WINDOWS\system32\dllcache\msjetol1.dll
+ 2008-03-27 08:12:54 151,583 -c----w C:\WINDOWS\system32\dllcache\msjint40.dll
+ 2008-03-25 04:50:42 60,192 -c----w C:\WINDOWS\system32\dllcache\msjter40.dll
+ 2008-03-25 04:50:42 248,608 -c----w C:\WINDOWS\system32\dllcache\msjtes40.dll
+ 2008-03-25 04:50:44 219,936 -c----w C:\WINDOWS\system32\dllcache\msltus40.dll
+ 2008-03-25 04:50:45 355,104 -c----w C:\WINDOWS\system32\dllcache\mspbde40.dll
- 2006-05-10 05:23:01 146,432 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-04-21 07:03:59 146,432 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-03-25 04:50:47 432,928 -c----w C:\WINDOWS\system32\dllcache\msrd2x40.dll
+ 2008-03-25 04:50:49 322,336 -c----w C:\WINDOWS\system32\dllcache\msrd3x40.dll
+ 2008-03-25 04:50:52 559,904 -c----w C:\WINDOWS\system32\dllcache\msrepl40.dll
+ 2008-03-25 04:50:55 264,992 -c----w C:\WINDOWS\system32\dllcache\mstext40.dll
- 2006-05-10 05:23:01 532,480 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-04-21 07:03:59 532,480 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-03-25 04:50:57 838,432 -c----w C:\WINDOWS\system32\dllcache\mswdat10.dll
- 2004-08-04 07:56:44 245,248 -c--a-w C:\WINDOWS\system32\dllcache\mswsock.dll
+ 2008-06-20 17:41:10 245,248 -c--a-w C:\WINDOWS\system32\dllcache\mswsock.dll
+ 2008-03-25 04:50:58 621,344 -c----w C:\WINDOWS\system32\dllcache\mswstr10.dll
+ 2008-03-25 04:50:58 355,104 -c----w C:\WINDOWS\system32\dllcache\msxbde40.dll
- 2006-05-10 05:23:01 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-04-21 07:03:59 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-05-07 05:18:48 1,287,680 -c----w C:\WINDOWS\system32\dllcache\quartz.dll
- 2001-08-18 12:00:00 200,064 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
+ 2008-05-08 12:28:49 202,752 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
- 2006-05-29 15:30:33 1,494,016 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2008-04-21 07:04:00 1,494,528 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
- 2006-05-10 05:23:02 474,112 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2008-04-21 07:04:00 474,112 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
- 2006-04-20 11:51:50 359,808 -c----w C:\WINDOWS\system32\dllcache\tcpip.sys
+ 2008-06-20 10:45:13 360,320 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys
+ 2008-06-20 09:52:06 225,920 -c----w C:\WINDOWS\system32\dllcache\tcpip6.sys
- 2006-05-10 05:23:02 613,888 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-04-21 07:04:00 615,936 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2006-05-10 05:23:03 658,432 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-04-21 07:04:00 659,456 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2006-05-19 12:59:41 148,480 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2008-06-20 17:41:10 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
- 2001-08-18 12:00:00 200,064 ----a-w C:\WINDOWS\system32\drivers\RMCast.sys
+ 2008-05-08 12:28:49 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
- 2006-05-10 05:22:59 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-04-21 07:03:57 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2006-05-10 05:22:59 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-04-21 07:03:57 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2006-05-10 05:22:59 55,808 ------w C:\WINDOWS\system32\extmgr.dll
+ 2008-04-21 07:03:57 55,808 ------w C:\WINDOWS\system32\extmgr.dll
- 2006-05-10 05:22:59 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2008-04-21 07:03:58 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2006-05-10 05:22:59 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2008-04-21 07:03:58 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
- 2006-05-18 05:24:25 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2007-11-14 07:26:56 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
- 2006-05-10 05:22:59 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-04-21 07:03:58 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2004-08-04 07:56:43 512,029 ----a-w C:\WINDOWS\system32\msexch40.dll
+ 2008-03-25 04:50:28 518,944 ----a-w C:\WINDOWS\system32\msexch40.dll
- 2004-08-04 07:56:43 319,517 ----a-w C:\WINDOWS\system32\msexcl40.dll
+ 2008-03-25 04:50:30 326,432 ----a-w C:\WINDOWS\system32\msexcl40.dll
- 2006-05-19 15:08:32 3,052,544 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-04-21 07:03:59 3,059,712 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2006-05-10 05:23:01 448,512 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-04-21 07:03:59 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2004-08-04 07:56:43 1,507,356 ----a-w C:\WINDOWS\system32\msjet40.dll
+ 2008-03-25 04:50:34 1,516,568 ----a-w C:\WINDOWS\system32\msjet40.dll
- 2004-07-17 18:34:46 358,976 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
+ 2008-03-25 04:50:40 355,112 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
- 2004-08-04 07:56:43 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
+ 2008-03-27 08:12:54 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
- 2004-08-04 07:56:43 53,279 ----a-w C:\WINDOWS\system32\msjter40.dll
+ 2008-03-25 04:50:42 60,192 ----a-w C:\WINDOWS\system32\msjter40.dll
- 2004-08-04 07:56:43 241,693 ----a-w C:\WINDOWS\system32\msjtes40.dll
+ 2008-03-25 04:50:42 248,608 ----a-w C:\WINDOWS\system32\msjtes40.dll
- 2004-08-04 07:56:43 213,023 ----a-w C:\WINDOWS\system32\msltus40.dll
+ 2008-03-25 04:50:44 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll
- 2004-08-04 07:56:43 348,189 ----a-w C:\WINDOWS\system32\mspbde40.dll
+ 2008-03-25 04:50:45 355,104 ----a-w C:\WINDOWS\system32\mspbde40.dll
- 2006-05-10 05:23:01 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-04-21 07:03:59 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
- 2004-08-04 07:56:43 421,919 ----a-w C:\WINDOWS\system32\msrd2x40.dll
+ 2008-03-25 04:50:47 432,928 ----a-w C:\WINDOWS\system32\msrd2x40.dll
- 2004-08-04 07:56:43 315,423 ----a-w C:\WINDOWS\system32\msrd3x40.dll
+ 2008-03-25 04:50:49 322,336 ----a-w C:\WINDOWS\system32\msrd3x40.dll
- 2004-08-04 07:56:43 552,989 ----a-w C:\WINDOWS\system32\msrepl40.dll
+ 2008-03-25 04:50:52 559,904 ----a-w C:\WINDOWS\system32\msrepl40.dll
- 2004-08-04 07:56:43 258,077 ----a-w C:\WINDOWS\system32\mstext40.dll
+ 2008-03-25 04:50:55 264,992 ----a-w C:\WINDOWS\system32\mstext40.dll
- 2006-05-10 05:23:01 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-04-21 07:03:59 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
- 2004-08-04 07:56:44 831,519 ----a-w C:\WINDOWS\system32\mswdat10.dll
+ 2008-03-25 04:50:57 838,432 ----a-w C:\WINDOWS\system32\mswdat10.dll
- 2004-08-04 07:56:44 614,429 ----a-w C:\WINDOWS\system32\mswstr10.dll
+ 2008-03-25 04:50:58 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
- 2004-08-04 07:56:44 348,189 ----a-w C:\WINDOWS\system32\msxbde40.dll
+ 2008-03-25 04:50:58 355,104 ----a-w C:\WINDOWS\system32\msxbde40.dll
- 2006-05-10 05:23:01 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-04-21 07:03:59 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2005-08-30 03:54:26 1,287,168 ----a-w C:\WINDOWS\system32\quartz.dll
+ 2008-05-07 05:18:48 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
- 2006-05-29 15:30:33 1,494,016 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2008-04-21 07:04:00 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2006-05-10 05:23:02 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2008-04-21 07:04:00 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
- 2005-10-12 23:12:25 14,048 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 11:18:51 17,272 ------w C:\WINDOWS\system32\spmsg.dll
+ 2008-03-27 09:24:20 60,416 ------w C:\WINDOWS\system32\tzchange.exe
- 2006-05-10 05:23:02 613,888 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-04-21 07:04:00 615,936 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2006-05-10 05:23:03 658,432 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2008-04-21 07:04:00 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
- 2006-05-11 08:23:24 24,576 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2008-04-17 10:37:04 351,744 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2006-12-02 02:56:00 96,256 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2006-12-02 02:54:32 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2006-12-02 02:54:34 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2006-12-02 02:54:32 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
+ 2006-12-02 04:25:52 1,101,824 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2006-12-02 04:25:56 1,093,120 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2006-12-02 04:25:58 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2006-12-02 04:26:00 57,856 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2006-12-02 04:08:00 40,960 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-12-02 04:08:00 45,056 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-02 04:08:00 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2006-12-02 04:08:00 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-02 04:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-02 04:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-02 04:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2006-12-02 04:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-02 04:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2006-12-02 04:46:44 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" [X]
"WorksFUD"="C:\Program Files\Microsoft Works\wkfud.exe" [2001-10-05 20:34 24576]
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2001-08-23 17:52 331830]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-17 00:41 28738]
"MoneyStartUp10.0"="C:\Program Files\Microsoft Money\System\Activation.exe" [2001-07-25 11:00 241714]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 17:28 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-10-18 12:58 278528]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-11-08 17:33 155648]
"ViewMgr"="C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe" [2004-11-12 13:24 106557]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
HotSync Manager.lnk - C:\Program Files\Palm\HOTSYNC.EXE [2003-09-25 11:47:12 299008]
PowerReg Scheduler.exe [2005-02-25 11:26:54 233472]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Dataviz Messenger.lnk - C:\WINDOWS\DvzCommon\DvzMsgr.exe [2003-07-01 22:16:46 24576]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 05:19:24 237568]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2001-08-07 19:06:54 24633]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=NVDESK32.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Palm\\HOTSYNC.EXE"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\SCSBIN\\FileVersion.exe"=

R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2002-08-29 01:59]
S3 ChannelHandler;Channel Handler Service;C:\WINDOWS\system32\svchost.exe [2004-08-04 03:56]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ChannelHandler

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\setup.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder

2008-08-12 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 17:39]
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-12 08:40:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-12 8:45:15
ComboFix-quarantined-files.txt 2008-08-12 12:44:56
ComboFix2.txt 2008-08-11 16:03:09

Pre-Run: 4,392,390,656 bytes free
Post-Run: 4,477,120,512 bytes free

370 --- E O F --- 2008-08-12 07:03:31
  • 0

#7
greyknight17
Posted 12 August 2008 - 07:36 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Good job. Your log is clean.

To help prevent future spyware infections, read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If none, go to Start->Run, copy/paste in combofix /u and hit OK to remove it. You should be set to go.
  • 0

#8
gciron1
Posted 13 August 2008 - 01:37 PM

gciron1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
i guess we are in different schedules.. as i am always a sleep when you reply. i will try and stay awake tonight.

i also ran my avg free. which found one program.. so it deleted it..

i also ran kaspersky scan.. it came up with something so i was hoping you could look at it.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, August 13, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, August 13, 2008 11:20:08
Records in database: 1088615
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - Critical Areas:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\Owner\Start Menu\Programs\Startup
C:\Program Files
C:\WINDOWS

Scan statistics:
Files scanned: 39798
Threat name: 11
Infected objects: 16
Suspicious objects: 0
Duration of the scan: 01:26:59


File name / Threat name / Threats count
C:\Program Files\MBKWBar\MBKWBar.exe Infected: not-a-virus:AdWare.Win32.MBKWBar.a 1
C:\Program Files\Trend Micro\HijackThis\backups\backup-20040416-090656-910.dll Infected: Trojan-Clicker.Win32.Delf.r 1
C:\Program Files\Trend Micro\HijackThis\backups\backup-20040419-121322-167.dll Infected: not-a-virus:AdWare.Win32.ActivShopper.a 1
C:\Program Files\Trend Micro\HijackThis\backups\backup-20040419-163256-773.dll Infected: not-a-virus:AdWare.Win32.MediaBack.g 1
C:\WINDOWS\2_0_1browserhelper2.dll Infected: Trojan-Clicker.Win32.Delf.r 1
C:\WINDOWS\dsr.dll Infected: not-a-virus:AdWare.Win32.ImiBar.h 1
C:\WINDOWS\dsr.exe Infected: not-a-virus:AdWare.Win32.ImiBar.h 1
C:\WINDOWS\mbkwnst.exe Infected: not-a-virus:AdWare.Win32.MBKWBar.a 1
C:\WINDOWS\preInsTT.exe Infected: not-a-virus:AdWare.Win32.BiSpy.ab 1
C:\WINDOWS\systb.dll Infected: not-a-virus:AdWare.Win32.ImiBar.b 1
C:\WINDOWS\systb.exe Infected: not-a-virus:AdWare.Win32.ImiBar.d 1
C:\WINDOWS\system32\randreco.exe Infected: not-a-virus:AdWare.Win32.BetterInternet 1
C:\WINDOWS\system32\stmtreco.exe Infected: not-a-virus:AdWare.Win32.BetterInternet 1
C:\WINDOWS\system32\tt_reco.exe Infected: not-a-virus:AdWare.Win32.BetterInternet 1
C:\WINDOWS\twaintec.dll Infected: not-a-virus:AdWare.Win32.BiSpy.t 1
C:\WINDOWS\uytihvxhzkr.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.bf 1

The selected area was scanned.
  • 0

#9
greyknight17
Posted 13 August 2008 - 04:09 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
No problem...

Download OTMoveIt2 at http://download.blee...r/OTMoveIt2.exe
* Save it to your desktop.
* Double-click OTMoveIt2.exe to run it. (Vista users, right click on OTMoveIt2.exe and select Run as an Administrator).
* Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

C:\Program Files\MBKWBar
C:\Program Files\Trend Micro\HijackThis\backups
C:\WINDOWS\2_0_1browserhelper2.dll 
C:\WINDOWS\dsr.dll 
C:\WINDOWS\dsr.exe 
C:\WINDOWS\mbkwnst.exe 
C:\WINDOWS\preInsTT.exe 
C:\WINDOWS\systb.dll 
C:\WINDOWS\systb.exe 
C:\WINDOWS\system32\randreco.exe 
C:\WINDOWS\system32\stmtreco.exe 
C:\WINDOWS\system32\tt_reco.exe
C:\WINDOWS\twaintec.dll 
C:\WINDOWS\uytihvxhzkr.exe

* Return to OTMoveIt2. Right click in the Paste List of Files/Folders to Move window (under the Yellow bar) and choose Paste.
* Click the red Moveit! button.
* A log of files and folders moved will be created in the C:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
* Close OTMoveIt2.

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Download FixIEDef by ShadowPuterDude to the Desktop.

Double-click FixIEDef
Posted Image

Click OK
Posted Image

Click Scan
Posted Image

Click OK (FixIEDef requires Adminstrator Privileges to run correctly. This box tells you that FixIEDef successfully elevated it's privileges to that of Administrator)
Posted Image
Posted Image
Posted Image

WARNING: FixIEDef will kill all copies of Internet Explorer and Explorer that are running, during removal of malicious files. The icons and Start Menu on your Desktop will not be visible while FixIEDef is removing malicious files. This is necessary to remove parts of the infection that would otherwise not be removed.

Everything will be restored to normal, once the malicious file is removed.

Click Exit once FixIEDef displays the All Finished message.
Posted Image

Post the FixIEDef log file located on the Desktop.
Posted Image

Perform an online scan with Internet Explorer at Panda ActiveScan http://www.pandasoft.../activescan.htm

* Click on 'Scan your PC' button. There should be a popup - if you have a pop-up blocker, make sure it's not blocking it.
* Click 'Check Now' & a pop-up window will appear.
* Enter your Country, State and E-mail Address & click 'Scan Now' - begin downloading Panda's ActiveX controls (8 MB size).
* Begin the scan by selecting My Computer.
* If it finds any malware, it will offer you a report. Ignore any entry it finds (since it wants you to buy the program for removal) as we will address this later.
* Click on see report. Then click Save report.
* Post that log in your next reply.
  • 0

#10
gciron1
Posted 15 August 2008 - 05:47 AM

gciron1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
thanks again for your help..

OTmoveit2 scan below:
C:\Program Files\MBKWBar moved successfully.
C:\Program Files\Trend Micro\HijackThis\backups moved successfully.
C:\WINDOWS\2_0_1browserhelper2.dll unregistered successfully.
C:\WINDOWS\2_0_1browserhelper2.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\dsr.dll
C:\WINDOWS\dsr.dll NOT unregistered.
C:\WINDOWS\dsr.dll moved successfully.
C:\WINDOWS\dsr.exe moved successfully.
C:\WINDOWS\mbkwnst.exe moved successfully.
C:\WINDOWS\preInsTT.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\systb.dll
C:\WINDOWS\systb.dll NOT unregistered.
C:\WINDOWS\systb.dll moved successfully.
C:\WINDOWS\systb.exe moved successfully.
C:\WINDOWS\system32\randreco.exe moved successfully.
C:\WINDOWS\system32\stmtreco.exe moved successfully.
C:\WINDOWS\system32\tt_reco.exe moved successfully.
C:\WINDOWS\twaintec.dll unregistered successfully.
C:\WINDOWS\twaintec.dll moved successfully.
C:\WINDOWS\uytihvxhzkr.exe moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08142008_104558

fixIED log below:
Created at 10:54:24 on Thursday, August 14, 2008

Time Zone : (GMT-05:00) Eastern Time (US & Canada)

Logged On User : Owner

Operating System : Microsoft Windows XP Home Edition Service Pack 2
OS Version : 5.1.2600
System Langauge : English (United States)
Keyboard Layout : English (United States)
Processor : X86 Intel® Pentium® 4 CPU 1.60GHz

System Drive : C:\
Windows Directory : C:\WINDOWS
System Directory : C:\WINDOWS\system32

Total Physical Memory : 261424 KB
Free Physical Memory : 84412 KB
Total Virtual Memory : 2097024 KB
Free Virtual Memory : 2021788 KB

Boot State : Normal boot
--------------------------------------------------------------------------------
!!! Files that have been deleted !!!

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\*.*
C:\WINDOWS\inf\btgrab.inf
C:\WINDOWS\system32\LuResult.txt
--------------------------------------------------------------------------------
!!! Directories that have been removed !!!
No malicious directories to be removed
--------------------------------------------------------------------------------
!!! Registry entries that have been removed !!!
No malicious Registry entries found
================================================================================
All Done :)
ShadowPuterDude
Safe Surfing!!!

panda active scan below:
ANALYSIS: 2008-08-15 07:41:40
PROTECTIONS: 1
MALWARE: 88
SUSPECTS: 1
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
AVG 7.5.524 7.5.524 Yes Yes
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00020302 adware/ncase Adware No 0 Yes No hkey_current_user\software\180solutions
00020302 adware/ncase Adware No 0 Yes No hkey_local_machine\software\180solutions
00029459 spyware/betterinet Spyware No 1 Yes No c:\windows\inf\satmat.inf
00029459 spyware/betterinet Spyware No 1 Yes No HKEY_CLASSES_ROOT\Interface\{4534CD6B-59D6-43FD-864B-06A0D843444A}
00032710 adware/transponder Adware No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\abi-1
00039204 adware/cws Adware No 0 Yes No c:\documents and settings\owner\favorites\shop
00040297 adware/blazefind Adware No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\uninstall\windows sr 2.0
00040297 adware/blazefind Adware No 0 Yes No c:\windows\key2.txt
00041904 adware/sidesearch Adware No 0 Yes No c:\program files\lycos
00041904 adware/sidesearch Adware No 0 Yes No hkey_local_machine\software\lycos
00041904 adware/sidesearch Adware No 0 Yes No c:\documents and settings\owner\application data\lycos
00046757 spyware/bridge Spyware No 1 Yes No HKEY_CLASSES_ROOT\Interface\{B88A3AF1-4F1B-4400-8FFB-3FCB108CE115}
00046757 spyware/bridge Spyware No 1 Yes No HKEY_CLASSES_ROOT\Interface\{4FDBDBAD-FEFE-4C4C-9CC1-1181052AFB12}
00046757 spyware/bridge Spyware No 1 Yes No hkey_classes_root\jao.jao
00046757 spyware/bridge Spyware No 1 Yes No HKEY_CLASSES_ROOT\TypeLib\{C094876D-1B0E-46FA-B6A6-7FFC0F970C27}
00046757 spyware/bridge Spyware No 1 Yes No hkey_classes_root\bridge.brdg.1
00046757 spyware/bridge Spyware No 1 Yes No hkey_local_machine\software\microsoft\windows\currentversion\uninstall\bridge
00046757 spyware/bridge Spyware No 1 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{80BB7465-A638-43B5-9827-8E8FE38DFCC1}
00046757 spyware/bridge Spyware No 1 Yes No HKEY_CLASSES_ROOT\TypeLib\{DDAF2479-6F00-4599-998A-3ED75686C6D0}
00046757 spyware/bridge Spyware No 1 Yes No hkey_classes_root\bridge.brdg
00046757 spyware/bridge Spyware No 1 Yes No hkey_local_machine\software\classes\jao.jao.1
00046757 spyware/bridge Spyware No 1 Yes No hkey_classes_root\clsid\{80bb7465-a638-43b5-9827-8e8fe38dfcc1}
00046757 spyware/bridge Spyware No 1 Yes No hkey_local_machine\software\classes\jao.jao
00046757 spyware/bridge Spyware No 1 Yes No hkey_classes_root\jao.jao.1
00046757 spyware/bridge Spyware No 1 Yes No hkey_local_machine\software\classes\bridge.brdg.1
00046757 spyware/bridge Spyware No 1 Yes No hkey_local_machine\software\classes\bridge.brdg
00047863 adware/ieplugin Adware No 0 Yes No HKEY_CLASSES_ROOT\Interface\{7371ad3f-c419-4dc0-8e8a-e21fafad53e0}
00047863 adware/ieplugin Adware No 0 Yes No hkey_classes_root\clsid\{f3155057-4c2c-4078-8576-50486693fd49}
00047863 adware/ieplugin Adware No 0 Yes No hkey_classes_root\clsid\{e2bf1bf3-1fdb-4c93-8874-0b09e71c594c}
00047863 adware/ieplugin Adware No 0 Yes No hkey_classes_root\clsid\{d36f70b1-7df5-4fd4-a765-70ccc8f72cd7}
00047863 adware/ieplugin Adware No 0 Yes No hkey_local_machine\software\classes\imitoolbar.leftframe
00047863 adware/ieplugin Adware No 0 Yes No hkey_local_machine\software\classes\imitoolbar.popupbrowser
00047863 adware/ieplugin Adware No 0 Yes No hkey_local_machine\software\classes\imitoolbar.popupwindow
00047863 adware/ieplugin Adware No 0 Yes No hkey_classes_root\wbho.band.1
00047863 adware/ieplugin Adware No 0 Yes No hkey_classes_root\clsid\{1c896551-8b92-4907-8c06-15db2d1f874a}
00047863 adware/ieplugin Adware No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{1c896551-8b92-4907-8c06-15db2d1f874a}
00047863 adware/ieplugin Adware No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{d36f70b1-7df5-4fd4-a765-70ccc8f72cd7}
00047863 adware/ieplugin Adware No 0 Yes No hkey_classes_root\wbho.band
00047863 adware/ieplugin Adware No 0 Yes No hkey_local_machine\software\classes\wbho.band
00047863 adware/ieplugin Adware No 0 Yes No HKEY_CLASSES_ROOT\Interface\{6a288140-3e1c-4cd9-aac5-e20fdd4f5d64}
00047863 adware/ieplugin Adware No 0 Yes No HKEY_CLASSES_ROOT\Interface\{220959ea-b54c-4201-8df2-1cfac8b59fd7}
00047863 adware/ieplugin Adware No 0 Yes No HKEY_CLASSES_ROOT\TypeLib\{57add57b-173e-418a-8f70-17e5c9f2bcc9}
00047863 adware/ieplugin Adware No 0 Yes No HKEY_CLASSES_ROOT\Interface\{3e589169-86ad-44fe-b426-f0bf105d5582}
00047863 adware/ieplugin Adware No 0 Yes No hkey_classes_root\imitoolbar.bottomframe
00047863 adware/ieplugin Adware No 0 Yes No hkey_classes_root\imitoolbar.bottomframe.1
00047863 adware/ieplugin Adware No 0 Yes No hkey_classes_root\imitoolbar.leftframe
00047863 adware/ieplugin Adware No 0 Yes No hkey_classes_root\imitoolbar.leftframe.1
00047863 adware/ieplugin Adware No 0 Yes No hkey_classes_root\imitoolbar.popupbrowser
00047863 adware/ieplugin Adware No 0 Yes No hkey_classes_root\imitoolbar.popupbrowser.1
00047863 adware/ieplugin Adware No 0 Yes No hkey_classes_root\imitoolbar.popupwindow
00047863 adware/ieplugin Adware No 0 Yes No hkey_classes_root\imitoolbar.popupwindow.1
00047863 adware/ieplugin Adware No 0 Yes No HKEY_CLASSES_ROOT\Interface\{e4458b4a-6149-4450-84f2-864adb7e8c52}
00047863 adware/ieplugin Adware No 0 Yes No hkey_local_machine\software\classes\imitoolbar.bottomframe
00047863 adware/ieplugin Adware No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{e2bf1bf3-1fdb-4c93-8874-0b09e71c594c}
00047863 adware/ieplugin Adware No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{f3155057-4c2c-4078-8576-50486693fd49}
00047863 adware/ieplugin Adware No 0 Yes No HKEY_CLASSES_ROOT\Interface\{98b2ddba-6da2-4421-af2b-814e98f53649}
00064198 adware/mbkwbar Adware No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\uninstall\mbkwbar
00064198 Adware/MBKWBar Adware No 0 Yes No C:\_OTMoveIt\MovedFiles\08142008_104558\Program Files\MBKWBar\MBKWBar.exe
00064198 adware/mbkwbar Adware No 0 Yes No hkey_local_machine\software\mbkwbar
00065260 adware/ipinsight Adware No 0 Yes No c:\windows\inf\polall1r.inf
00096718 adware/twain-tech Adware No 0 Yes No hkey_local_machine\software\classes\vx2.vx2obj
00096718 adware/twain-tech Adware No 0 Yes No hkey_classes_root\vx2.vx2obj
00096718 adware/twain-tech Adware No 0 Yes No hkey_local_machine\software\twaintec
00096718 adware/twain-tech Adware No 0 Yes No HKEY_CLASSES_ROOT\TypeLib\{690bccb4-6b83-4203-ae77-038c116594ec}
00096718 adware/twain-tech Adware No 0 Yes No c:\windows\twaintec.ini
00096718 adware/twain-tech Adware No 0 Yes No c:\windows\satmat.ini
00096718 adware/twain-tech Adware No 0 Yes No c:\windows\inf\twaintec.inf
00097869 Adware/Twain-Tech Adware No 0 Yes No C:\_OTMoveIt\MovedFiles\08142008_104558\WINDOWS\preInsTT.exe
00098187 Adware/WinTools Adware No 0 Yes No C:\_OTMoveIt\MovedFiles\08142008_104558\Program Files\Trend Micro\HijackThis\backups\backup-20040416-090656-910.dll
00098187 Adware/WinTools Adware No 0 Yes No C:\_OTMoveIt\MovedFiles\08142008_104558\WINDOWS\2_0_1browserhelper2.dll
00100228 Adware/nCase Adware No 0 Yes No C:\QooBox\Quarantine\C\Program Files\Internet Optimizer\sim\msbbhook.dll.vir
00110312 Adware/ImiBar Adware No 0 Yes No C:\_OTMoveIt\MovedFiles\08142008_104558\WINDOWS\systb.dll
00110460 Spyware/BetterInet Spyware No 1 Yes No C:\_OTMoveIt\MovedFiles\08142008_104558\WINDOWS\system32\stmtreco.exe
00110460 Spyware/BetterInet Spyware No 1 Yes No C:\_OTMoveIt\MovedFiles\08142008_104558\WINDOWS\system32\tt_reco.exe
00110460 Spyware/BetterInet Spyware No 1 Yes No C:\_OTMoveIt\MovedFiles\08142008_104558\WINDOWS\system32\randreco.exe
00117776 adware/fastfind Adware No 0 Yes No hkey_local_machine\software\classes\setup.setup1
00117776 adware/fastfind Adware No 0 Yes No hkey_classes_root\clsid\{8b3b8352-30db-4790-b697-010dce7bc63c}
00117776 adware/fastfind Adware No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{8B3B8352-30DB-4790-B697-010DCE7BC63C}
00117776 adware/fastfind Adware No 0 Yes No hkey_classes_root\setup.setup2
00117776 adware/fastfind Adware No 0 Yes No hkey_local_machine\software\classes\setup.setup2
00117776 adware/fastfind Adware No 0 Yes No hkey_classes_root\setup.setup1
00123469 Adware/Twain-Tech Adware No 0 Yes No C:\_OTMoveIt\MovedFiles\08142008_104558\WINDOWS\twaintec.dll
00134461 adware/btgrab Adware No 0 Yes No hkey_current_user\software\btgrab
00137107 Adware/EnhSrch Adware No 0 Yes No C:\_OTMoveIt\MovedFiles\08142008_104558\WINDOWS\systb.exe
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.trafficmp.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.casalemedia.com/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.doubleclick.net/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt
00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Owner\Desktop\computer fix\nailfix\Process.exe
00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Owner\Desktop\computer fix\Nailfix.zip[Process.exe]
00139558 Adware/BTGrab Adware No 0 Yes No C:\System Volume Information\_restore{D559BFE6-5546-4F48-AC0B-F28A512D9DDC}\RP6\A0000395.inf
00145433 Cookie/Mammamediasolutions TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.targetnet.com/]
00145453 Cookie/Bfast TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.bfast.com/]
00145453 Cookie/Bfast TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.bfast.com/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.fastclick.net/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.tribalfusion.com/]
00145737 Cookie/TopRebates.com TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.www.toprebates.com/]
00145737 Cookie/TopRebates.com TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.www.toprebates.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.mediaplex.com/]
00145739 Cookie/Abetterinternet TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.abetterinternet.com/]
00145739 Cookie/Abetterinternet TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.abetterinternet.com/]
00145739 Cookie/Abetterinternet TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.abetterinternet.com/]
00145739 Cookie/Abetterinternet TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.abetterinternet.com/]
00145739 Cookie/Abetterinternet TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.abetterinternet.com/]
00145739 Cookie/Abetterinternet TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.abetterinternet.com/]
00145739 Cookie/Abetterinternet TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.abetterinternet.com/]
00145745 Cookie/OfferOptimizer TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.offeroptimizer.com/]
00145745 Cookie/OfferOptimizer TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.offeroptimizer.com/]
00145745 Cookie/OfferOptimizer TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.offeroptimizer.com/]
00145745 Cookie/OfferOptimizer TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.offeroptimizer.com/]
00145745 Cookie/OfferOptimizer TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.offeroptimizer.com/]
00145745 Cookie/OfferOptimizer TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.offeroptimizer.com/]
00145745 Cookie/OfferOptimizer TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.offeroptimizer.com/]
00145770 Cookie/CentrPort TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.centrport.net/]
00145770 Cookie/CentrPort TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.centrport.net/]
00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.linksynergy.com/]
00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.linksynergy.com/]
00147806 Cookie/7search TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.7search.com/]
00147806 Cookie/7search TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.7search.com/]
00149064 Cookie/Maxserving TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.maxserving.com/]
00149064 Cookie/Maxserving TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.maxserving.com/]
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.revenue.net/]
00160284 Cookie/Findwhat TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.findwhat.com/]
00161883 Cookie/Twain-Tech TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.cliks.org/]
00161883 Cookie/Twain-Tech TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.cliks.org/]
00161883 Cookie/Twain-Tech TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.cliks.org/]
00161883 Cookie/Twain-Tech TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.cliks.org/]
00161883 Cookie/Twain-Tech TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.cliks.org/]
00161883 Cookie/Twain-Tech TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.cliks.org/]
00161883 Cookie/Twain-Tech TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.cliks.org/]
00167430 Cookie/myaffiliateprogram TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.www.myaffiliateprogram.com/]
00167430 Cookie/myaffiliateprogram TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.www.myaffiliateprogram.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.com.com/]
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.yadro.ru/]
00167690 Cookie/Rightmedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[rightmedia.net/]
00167690 Cookie/Rightmedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[rightmedia.net/]
00167690 Cookie/Rightmedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[rightmedia.net/]
00167690 Cookie/Rightmedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[rightmedia.net/]
00167690 Cookie/Rightmedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.rightmedia.net/]
00167690 Cookie/Rightmedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.rightmedia.net/]
00167690 Cookie/Rightmedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.rightmedia.net/]
00167690 Cookie/Rightmedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.rightmedia.net/]
00167690 Cookie/Rightmedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.rightmedia.net/]
00167690 Cookie/Rightmedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.rightmedia.net/]
00167690 Cookie/Rightmedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[rightmedia.net/]
00167690 Cookie/Rightmedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[rightmedia.net/]
00167726 Cookie/Tickle TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.tickle.com/]
00167730 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.ehg.hitbox.com/]
00167733 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.z1.adserver.com/]
00167733 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.z1.adserver.com/]
00167733 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.z1.adserver.com/]
00167733 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.z1.adserver.com/]
00167733 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.z1.adserver.com/]
00167733 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.z1.adserver.com/]
00167733 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.z1.adserver.com/]
00167733 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.z1.adserver.com/]
00167733 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.z1.adserver.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@statcounter[1].txt
00167760 Cookie/Hitslink TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.counter.hitslink.com/]
00167760 Cookie/Hitslink TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.counter.hitslink.com/]
00167760 Cookie/Hitslink TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.counter.hitslink.com/]
00167760 Cookie/Hitslink TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.counter.hitslink.com/]
00167774 Cookie/web-stat TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.www.web-stat.com/]
00167774 Cookie/web-stat TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.www.web-stat.com/]
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.perf.overture.com/]
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
00168058 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.apmebf.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.apmebf.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.burstnet.com/]
00168077 Cookie/Versiontracker TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.versiontracker.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@serving-sys[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.bs.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
00168101 Cookie/Falkag TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.as-us.falkag.net/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[server.iad.liveperson.net/hc/2812568]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.server.iad.liveperson.net/hc/16647377]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[server.iad.liveperson.net/hc/2812568]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[server.iad.liveperson.net/hc/80570461]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.advertising.com/]
00169286 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@sextracker[1].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[statse.webtrendslive.com/dcsuuftkberp17368wkcsn8pc_5z5u]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[statse.webtrendslive.com/S154118]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.statse.webtrendslive.com/S005-01-5-22-226000-76431]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.statse.webtrendslive.com/S005-01-8-2-233860-94033]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.statse.webtrendslive.com/S005-01-8-1-233860-93722]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[statse.webtrendslive.com/dcslt9a2911e5h27gz9cy9xcg_5f1j]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[statse.webtrendslive.com/S154401]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[statse.webtrendslive.com/S122915]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[statse.webtrendslive.com/S153340]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[statse.webtrendslive.com/S122915]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[statse.webtrendslive.com/dcsy3lcxa11e5ha1xaws2ofy7_5b2x]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.statse.webtrendslive.com/dcsy06ve75twkfo3wzglgkjfq_4o4w]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.statse.webtrendslive.com/dcs0ir8y6pifwzjksc1rhaspd_5g3k]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.statse.webtrendslive.com/dcs9q3os521e5hus3a0l9zspd_6l1m]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.statse.webtrendslive.com/S149867]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.statse.webtrendslive.com/dcslh1x9yoifwzzw4fisxq75d_1h5m]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.statse.webtrendslive.com/dcsnklj1021e5hyjjvlbw91mq_3x1w]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.statse.webtrendslive.com/S005-01-8-1-233860-93722]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[statse.webtrendslive.com/S154118]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.statse.webtrendslive.com/S005-01-8-2-233860-94033]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.statse.webtrendslive.com/S005-01-5-22-226000-76328]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.statse.webtrendslive.com/S149867]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.statse.webtrendslive.com/S126922]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.statse.webtrendslive.com/S126922]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.statse.webtrendslive.com/S005-01-5-22-226000-76328]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[statse.webtrendslive.com/S154401]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[statse.webtrendslive.com/S153340]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.ads.pointroll.com/]
00170549 Cookie/FortuneCity TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.fortunecity.com/]
00170549 Cookie/FortuneCity TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.fortunecity.com/]
00170549 Cookie/FortuneCity TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.fortunecity.com/]
00170549 Cookie/FortuneCity TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.fortunecity.com/]
00170550 Cookie/Humanclick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[hc2.humanclick.com/]
00170550 Cookie/Humanclick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[hc2.humanclick.com/hc/63676511]
00170550 Cookie/Humanclick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[hc2.humanclick.com/hc/63676511]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.overture.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.realmedia.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.questionmarket.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.zedo.com/]
00172449 Cookie/MetriWeb TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.metriweb.be/]
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.bluestreak.com/]
00175950 Cookie/cs.sexcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.cs.sexcounter.com/]
00175950 Cookie/cs.sexcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.cs.sexcounter.com/]
00175950 Cookie/cs.sexcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.cs.sexcounter.com/]
00175950 Cookie/cs.sexcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.cs.sexcounter.com/]
00175950 Cookie/cs.sexcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.cs.sexcounter.com/]
00175950 Cookie/cs.sexcounte
  • 0

Advertisements

#11
gciron1
Posted 15 August 2008 - 05:48 AM

gciron1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
it looks like the panda active scan was cut off.. so here is the full log
ANALYSIS: 2008-08-15 07:41:40
PROTECTIONS: 1
MALWARE: 88
SUSPECTS: 1
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
AVG 7.5.524 7.5.524 Yes Yes
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00020302 adware/ncase Adware No 0 Yes No hkey_current_user\software\180solutions
00020302 adware/ncase Adware No 0 Yes No hkey_local_machine\software\180solutions
00029459 spyware/betterinet Spyware No 1 Yes No c:\windows\inf\satmat.inf
00029459 spyware/betterinet Spyware No 1 Yes No HKEY_CLASSES_ROOT\Interface\{4534CD6B-59D6-43FD-864B-06A0D843444A}
00032710 adware/transponder Adware No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\abi-1
00039204 adware/cws Adware No 0 Yes No c:\documents and settings\owner\favorites\shop
00040297 adware/blazefind Adware No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\uninstall\windows sr 2.0
00040297 adware/blazefind Adware No 0 Yes No c:\windows\key2.txt
00041904 adware/sidesearch Adware No 0 Yes No c:\program files\lycos
00041904 adware/sidesearch Adware No 0 Yes No hkey_local_machine\software\lycos
00041904 adware/sidesearch Adware No 0 Yes No c:\documents and settings\owner\application data\lycos
00046757 spyware/bridge Spyware No 1 Yes No HKEY_CLASSES_ROOT\Interface\{B88A3AF1-4F1B-4400-8FFB-3FCB108CE115}
00046757 spyware/bridge Spyware No 1 Yes No HKEY_CLASSES_ROOT\Interface\{4FDBDBAD-FEFE-4C4C-9CC1-1181052AFB12}
00046757 spyware/bridge Spyware No 1 Yes No hkey_classes_root\jao.jao
00046757 spyware/bridge Spyware No 1 Yes No HKEY_CLASSES_ROOT\TypeLib\{C094876D-1B0E-46FA-B6A6-7FFC0F970C27}
00046757 spyware/bridge Spyware No 1 Yes No hkey_classes_root\bridge.brdg.1
00046757 spyware/bridge Spyware No 1 Yes No hkey_local_machine\software\microsoft\windows\currentversion\uninstall\bridge
00046757 spyware/bridge Spyware No 1 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{80BB7465-A638-43B5-9827-8E8FE38DFCC1}
00046757 spyware/bridge Spyware No 1 Yes No HKEY_CLASSES_ROOT\TypeLib\{DDAF2479-6F00-4599-998A-3ED75686C6D0}
00046757 spyware/bridge Spyware No 1 Yes No hkey_classes_root\bridge.brdg
00046757 spyware/bridge Spyware No 1 Yes No hkey_local_machine\software\classes\jao.jao.1
00046757 spyware/bridge Spyware No 1 Yes No hkey_classes_root\clsid\{80bb7465-a638-43b5-9827-8e8fe38dfcc1}
00046757 spyware/bridge Spyware No 1 Yes No hkey_local_machine\software\classes\jao.jao
00046757 spyware/bridge Spyware No 1 Yes No hkey_classes_root\jao.jao.1
00046757 spyware/bridge Spyware No 1 Yes No hkey_local_machine\software\classes\bridge.brdg.1
00046757 spyware/bridge Spyware No 1 Yes No hkey_local_machine\software\classes\bridge.brdg
00047863 adware/ieplugin Adware No 0 Yes No HKEY_CLASSES_ROOT\Interface\{7371ad3f-c419-4dc0-8e8a-e21fafad53e0}
00047863 adware/ieplugin Adware No 0 Yes No hkey_classes_root\clsid\{f3155057-4c2c-4078-8576-50486693fd49}
00047863 adware/ieplugin Adware No 0 Yes No hkey_classes_root\clsid\{e2bf1bf3-1fdb-4c93-8874-0b09e71c594c}
00047863 adware/ieplugin Adware No 0 Yes No hkey_classes_root\clsid\{d36f70b1-7df5-4fd4-a765-70ccc8f72cd7}
00047863 adware/ieplugin Adware No 0 Yes No hkey_local_machine\software\classes\imitoolbar.leftframe
00047863 adware/ieplugin Adware No 0 Yes No hkey_local_machine\software\classes\imitoolbar.popupbrowser
00047863 adware/ieplugin Adware No 0 Yes No hkey_local_machine\software\classes\imitoolbar.popupwindow
00047863 adware/ieplugin Adware No 0 Yes No hkey_classes_root\wbho.band.1
00047863 adware/ieplugin Adware No 0 Yes No hkey_classes_root\clsid\{1c896551-8b92-4907-8c06-15db2d1f874a}
00047863 adware/ieplugin Adware No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{1c896551-8b92-4907-8c06-15db2d1f874a}
00047863 adware/ieplugin Adware No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{d36f70b1-7df5-4fd4-a765-70ccc8f72cd7}
00047863 adware/ieplugin Adware No 0 Yes No hkey_classes_root\wbho.band
00047863 adware/ieplugin Adware No 0 Yes No hkey_local_machine\software\classes\wbho.band
00047863 adware/ieplugin Adware No 0 Yes No HKEY_CLASSES_ROOT\Interface\{6a288140-3e1c-4cd9-aac5-e20fdd4f5d64}
00047863 adware/ieplugin Adware No 0 Yes No HKEY_CLASSES_ROOT\Interface\{220959ea-b54c-4201-8df2-1cfac8b59fd7}
00047863 adware/ieplugin Adware No 0 Yes No HKEY_CLASSES_ROOT\TypeLib\{57add57b-173e-418a-8f70-17e5c9f2bcc9}
00047863 adware/ieplugin Adware No 0 Yes No HKEY_CLASSES_ROOT\Interface\{3e589169-86ad-44fe-b426-f0bf105d5582}
00047863 adware/ieplugin Adware No 0 Yes No hkey_classes_root\imitoolbar.bottomframe
00047863 adware/ieplugin Adware No 0 Yes No hkey_classes_root\imitoolbar.bottomframe.1
00047863 adware/ieplugin Adware No 0 Yes No hkey_classes_root\imitoolbar.leftframe
00047863 adware/ieplugin Adware No 0 Yes No hkey_classes_root\imitoolbar.leftframe.1
00047863 adware/ieplugin Adware No 0 Yes No hkey_classes_root\imitoolbar.popupbrowser
00047863 adware/ieplugin Adware No 0 Yes No hkey_classes_root\imitoolbar.popupbrowser.1
00047863 adware/ieplugin Adware No 0 Yes No hkey_classes_root\imitoolbar.popupwindow
00047863 adware/ieplugin Adware No 0 Yes No hkey_classes_root\imitoolbar.popupwindow.1
00047863 adware/ieplugin Adware No 0 Yes No HKEY_CLASSES_ROOT\Interface\{e4458b4a-6149-4450-84f2-864adb7e8c52}
00047863 adware/ieplugin Adware No 0 Yes No hkey_local_machine\software\classes\imitoolbar.bottomframe
00047863 adware/ieplugin Adware No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{e2bf1bf3-1fdb-4c93-8874-0b09e71c594c}
00047863 adware/ieplugin Adware No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{f3155057-4c2c-4078-8576-50486693fd49}
00047863 adware/ieplugin Adware No 0 Yes No HKEY_CLASSES_ROOT\Interface\{98b2ddba-6da2-4421-af2b-814e98f53649}
00064198 adware/mbkwbar Adware No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\uninstall\mbkwbar
00064198 Adware/MBKWBar Adware No 0 Yes No C:\_OTMoveIt\MovedFiles\08142008_104558\Program Files\MBKWBar\MBKWBar.exe
00064198 adware/mbkwbar Adware No 0 Yes No hkey_local_machine\software\mbkwbar
00065260 adware/ipinsight Adware No 0 Yes No c:\windows\inf\polall1r.inf
00096718 adware/twain-tech Adware No 0 Yes No hkey_local_machine\software\classes\vx2.vx2obj
00096718 adware/twain-tech Adware No 0 Yes No hkey_classes_root\vx2.vx2obj
00096718 adware/twain-tech Adware No 0 Yes No hkey_local_machine\software\twaintec
00096718 adware/twain-tech Adware No 0 Yes No HKEY_CLASSES_ROOT\TypeLib\{690bccb4-6b83-4203-ae77-038c116594ec}
00096718 adware/twain-tech Adware No 0 Yes No c:\windows\twaintec.ini
00096718 adware/twain-tech Adware No 0 Yes No c:\windows\satmat.ini
00096718 adware/twain-tech Adware No 0 Yes No c:\windows\inf\twaintec.inf
00097869 Adware/Twain-Tech Adware No 0 Yes No C:\_OTMoveIt\MovedFiles\08142008_104558\WINDOWS\preInsTT.exe
00098187 Adware/WinTools Adware No 0 Yes No C:\_OTMoveIt\MovedFiles\08142008_104558\Program Files\Trend Micro\HijackThis\backups\backup-20040416-090656-910.dll
00098187 Adware/WinTools Adware No 0 Yes No C:\_OTMoveIt\MovedFiles\08142008_104558\WINDOWS\2_0_1browserhelper2.dll
00100228 Adware/nCase Adware No 0 Yes No C:\QooBox\Quarantine\C\Program Files\Internet Optimizer\sim\msbbhook.dll.vir
00110312 Adware/ImiBar Adware No 0 Yes No C:\_OTMoveIt\MovedFiles\08142008_104558\WINDOWS\systb.dll
00110460 Spyware/BetterInet Spyware No 1 Yes No C:\_OTMoveIt\MovedFiles\08142008_104558\WINDOWS\system32\stmtreco.exe
00110460 Spyware/BetterInet Spyware No 1 Yes No C:\_OTMoveIt\MovedFiles\08142008_104558\WINDOWS\system32\tt_reco.exe
00110460 Spyware/BetterInet Spyware No 1 Yes No C:\_OTMoveIt\MovedFiles\08142008_104558\WINDOWS\system32\randreco.exe
00117776 adware/fastfind Adware No 0 Yes No hkey_local_machine\software\classes\setup.setup1
00117776 adware/fastfind Adware No 0 Yes No hkey_classes_root\clsid\{8b3b8352-30db-4790-b697-010dce7bc63c}
00117776 adware/fastfind Adware No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{8B3B8352-30DB-4790-B697-010DCE7BC63C}
00117776 adware/fastfind Adware No 0 Yes No hkey_classes_root\setup.setup2
00117776 adware/fastfind Adware No 0 Yes No hkey_local_machine\software\classes\setup.setup2
00117776 adware/fastfind Adware No 0 Yes No hkey_classes_root\setup.setup1
00123469 Adware/Twain-Tech Adware No 0 Yes No C:\_OTMoveIt\MovedFiles\08142008_104558\WINDOWS\twaintec.dll
00134461 adware/btgrab Adware No 0 Yes No hkey_current_user\software\btgrab
00137107 Adware/EnhSrch Adware No 0 Yes No C:\_OTMoveIt\MovedFiles\08142008_104558\WINDOWS\systb.exe
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.trafficmp.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.casalemedia.com/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.doubleclick.net/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt
00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Owner\Desktop\computer fix\nailfix\Process.exe
00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Owner\Desktop\computer fix\Nailfix.zip[Process.exe]
00139558 Adware/BTGrab Adware No 0 Yes No C:\System Volume Information\_restore{D559BFE6-5546-4F48-AC0B-F28A512D9DDC}\RP6\A0000395.inf
00145433 Cookie/Mammamediasolutions TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.targetnet.com/]
00145453 Cookie/Bfast TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.bfast.com/]
00145453 Cookie/Bfast TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.bfast.com/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.fastclick.net/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.tribalfusion.com/]
00145737 Cookie/TopRebates.com TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.www.toprebates.com/]
00145737 Cookie/TopRebates.com TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.www.toprebates.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.mediaplex.com/]
00145739 Cookie/Abetterinternet TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.abetterinternet.com/]
00145739 Cookie/Abetterinternet TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.abetterinternet.com/]
00145739 Cookie/Abetterinternet TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.abetterinternet.com/]
00145739 Cookie/Abetterinternet TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.abetterinternet.com/]
00145739 Cookie/Abetterinternet TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.abetterinternet.com/]
00145739 Cookie/Abetterinternet TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.abetterinternet.com/]
00145739 Cookie/Abetterinternet TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.abetterinternet.com/]
00145745 Cookie/OfferOptimizer TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.offeroptimizer.com/]
00145745 Cookie/OfferOptimizer TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.offeroptimizer.com/]
00145745 Cookie/OfferOptimizer TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.offeroptimizer.com/]
00145745 Cookie/OfferOptimizer TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.offeroptimizer.com/]
00145745 Cookie/OfferOptimizer TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.offeroptimizer.com/]
00145745 Cookie/OfferOptimizer TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.offeroptimizer.com/]
00145745 Cookie/OfferOptimizer TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.offeroptimizer.com/]
00145770 Cookie/CentrPort TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.centrport.net/]
00145770 Cookie/CentrPort TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.centrport.net/]
00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.linksynergy.com/]
00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.linksynergy.com/]
00147806 Cookie/7search TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.7search.com/]
00147806 Cookie/7search TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.7search.com/]
00149064 Cookie/Maxserving TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.maxserving.com/]
00149064 Cookie/Maxserving TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.maxserving.com/]
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.revenue.net/]
00160284 Cookie/Findwhat TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.findwhat.com/]
00161883 Cookie/Twain-Tech TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.cliks.org/]
00161883 Cookie/Twain-Tech TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.cliks.org/]
00161883 Cookie/Twain-Tech TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.cliks.org/]
00161883 Cookie/Twain-Tech TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.cliks.org/]
00161883 Cookie/Twain-Tech TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.cliks.org/]
00161883 Cookie/Twain-Tech TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.cliks.org/]
00161883 Cookie/Twain-Tech TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.cliks.org/]
00167430 Cookie/myaffiliateprogram TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.www.myaffiliateprogram.com/]
00167430 Cookie/myaffiliateprogram TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.www.myaffiliateprogram.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.com.com/]
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.yadro.ru/]
00167690 Cookie/Rightmedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[rightmedia.net/]
00167690 Cookie/Rightmedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[rightmedia.net/]
00167690 Cookie/Rightmedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[rightmedia.net/]
00167690 Cookie/Rightmedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[rightmedia.net/]
00167690 Cookie/Rightmedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.rightmedia.net/]
00167690 Cookie/Rightmedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.rightmedia.net/]
00167690 Cookie/Rightmedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.rightmedia.net/]
00167690 Cookie/Rightmedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.rightmedia.net/]
00167690 Cookie/Rightmedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.rightmedia.net/]
00167690 Cookie/Rightmedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.rightmedia.net/]
00167690 Cookie/Rightmedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[rightmedia.net/]
00167690 Cookie/Rightmedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[rightmedia.net/]
00167726 Cookie/Tickle TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.tickle.com/]
00167730 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.ehg.hitbox.com/]
00167733 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.z1.adserver.com/]
00167733 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.z1.adserver.com/]
00167733 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.z1.adserver.com/]
00167733 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.z1.adserver.com/]
00167733 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.z1.adserver.com/]
00167733 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.z1.adserver.com/]
00167733 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.z1.adserver.com/]
00167733 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.z1.adserver.com/]
00167733 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.z1.adserver.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@statcounter[1].txt
00167760 Cookie/Hitslink TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.counter.hitslink.com/]
00167760 Cookie/Hitslink TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.counter.hitslink.com/]
00167760 Cookie/Hitslink TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.counter.hitslink.com/]
00167760 Cookie/Hitslink TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.counter.hitslink.com/]
00167774 Cookie/web-stat TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.www.web-stat.com/]
00167774 Cookie/web-stat TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.www.web-stat.com/]
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.perf.overture.com/]
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
00168058 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.apmebf.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.apmebf.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.burstnet.com/]
00168077 Cookie/Versiontracker TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.versiontracker.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@serving-sys[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.bs.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
00168101 Cookie/Falkag TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.as-us.falkag.net/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[server.iad.liveperson.net/hc/2812568]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.server.iad.liveperson.net/hc/16647377]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[server.iad.liveperson.net/hc/2812568]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[server.iad.liveperson.net/hc/80570461]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.advertising.com/]
00169286 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@sextracker[1].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[statse.webtrendslive.com/dcsuuftkberp17368wkcsn8pc_5z5u]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[statse.webtrendslive.com/S154118]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.statse.webtrendslive.com/S005-01-5-22-226000-76431]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.statse.webtrendslive.com/S005-01-8-2-233860-94033]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.statse.webtrendslive.com/S005-01-8-1-233860-93722]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[statse.webtrendslive.com/dcslt9a2911e5h27gz9cy9xcg_5f1j]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[statse.webtrendslive.com/S154401]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[statse.webtrendslive.com/S122915]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[statse.webtrendslive.com/S153340]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[statse.webtrendslive.com/S122915]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[statse.webtrendslive.com/dcsy3lcxa11e5ha1xaws2ofy7_5b2x]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.statse.webtrendslive.com/dcsy06ve75twkfo3wzglgkjfq_4o4w]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.statse.webtrendslive.com/dcs0ir8y6pifwzjksc1rhaspd_5g3k]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.statse.webtrendslive.com/dcs9q3os521e5hus3a0l9zspd_6l1m]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.statse.webtrendslive.com/S149867]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.statse.webtrendslive.com/dcslh1x9yoifwzzw4fisxq75d_1h5m]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.statse.webtrendslive.com/dcsnklj1021e5hyjjvlbw91mq_3x1w]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.statse.webtrendslive.com/S005-01-8-1-233860-93722]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[statse.webtrendslive.com/S154118]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.statse.webtrendslive.com/S005-01-8-2-233860-94033]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.statse.webtrendslive.com/S005-01-5-22-226000-76328]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.statse.webtrendslive.com/S149867]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.statse.webtrendslive.com/S126922]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.statse.webtrendslive.com/S126922]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.statse.webtrendslive.com/S005-01-5-22-226000-76328]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[statse.webtrendslive.com/S154401]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[statse.webtrendslive.com/S153340]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.ads.pointroll.com/]
00170549 Cookie/FortuneCity TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.fortunecity.com/]
00170549 Cookie/FortuneCity TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.fortunecity.com/]
00170549 Cookie/FortuneCity TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.fortunecity.com/]
00170549 Cookie/FortuneCity TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.fortunecity.com/]
00170550 Cookie/Humanclick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[hc2.humanclick.com/]
00170550 Cookie/Humanclick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[hc2.humanclick.com/hc/63676511]
00170550 Cookie/Humanclick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[hc2.humanclick.com/hc/63676511]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.overture.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.realmedia.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.questionmarket.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.zedo.com/]
00172449 Cookie/MetriWeb TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.metriweb.be/]
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.bluestreak.com/]
00175950 Cookie/cs.sexcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.cs.sexcounter.com/]
00175950 Cookie/cs.sexcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.cs.sexcounter.com/]
00175950 Cookie/cs.sexcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.cs.sexcounter.com/]
00175950 Cookie/cs.sexcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.cs.sexcounter.com/]
00175950 Cookie/cs.sexcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.cs.sexcounter.com/]
00175950 Cookie/cs.sexcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.cs.sexcounter.com/]
00175950 Cookie/cs.sexcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.cs.sexcounter.com/]
00175950 Cookie/cs.sexcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.cs.sexcounter.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.go.com/]
00196653 Adware/EnhSrch Adware No 0 Yes No C:\_OTMoveIt\MovedFiles\08142008_104558\WINDOWS\dsr.dll
00199983 Cookie/Valueclick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.valueclick.com/]
00199983 Cookie/Valueclick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.valueclick.com/]
00206648 adware/activshopper Adware No 0 Yes No hkey_classes_root\compbar.getpricebar
00206648 adware/activshopper Adware No 0 Yes No hkey_classes_root\compbar.getpricebar.1
00206648 adware/activshopper Adware No 0 Yes No hkey_classes_root\mynewsbarlauncher.ie5barlauncherbho
00206648 adware/activshopper Adware No 0 Yes No hkey_classes_root\mynewsbarlauncher.ie5barlauncherbho.1
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\cookies.txt[.did-it.com/]
00219288 adware/clickalchemy Adware No 0 Yes No c:\windows\inf\alchem.inf
00219288 adware/clickalchemy Adware No 0 Yes No c:\windows\alchem.ini
00248311 Adware/EnhSrch Adware No 0 Yes No C:\_OTMoveIt\MovedFiles\08142
  • 0

#12
gciron1
Posted 15 August 2008 - 05:50 AM

gciron1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
looks like it was cut off again so i uploaded the txt file..

thanks for your help..

-gciron1

Attached Files


  • 0

#13
greyknight17
Posted 16 August 2008 - 05:38 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Run ATF Cleaner again to clear out the temp and cookie files for Internet Explorer and Firefox. Go into Firefox->Tools->Clear Private Data and hit OK to delete all your cookie and temp files.

Download OTMoveIt2 at http://download.blee...r/OTMoveIt2.exe
* Save it to your desktop.
* Double-click OTMoveIt2.exe to run it. (Vista users, right click on OTMoveIt2.exe and select Run as an Administrator).
* Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

c:\windows\satmat.ini
c:\documents and settings\owner\application data\lycos
c:\documents and settings\owner\favorites\shop
c:\program files\lycos
C:\QooBox\Quarantine\C\Program Files\Internet Optimizer\sim\msbbhook.dll.vir
C:\System Volume Information\_restore{D559BFE6-5546-4F48-AC0B-F28A512D9DDC}\RP6\A0000395.inf
c:\windows\alchem.ini
c:\windows\inf\alchem.inf
c:\windows\inf\polall1r.inf
c:\windows\inf\satmat.inf
c:\windows\inf\twaintec.inf
c:\windows\key2.txt
c:\windows\twaintec.ini
hkey_classes_root\bridge.brdg
hkey_classes_root\bridge.brdg.1
hkey_classes_root\clsid\{1c896551-8b92-4907-8c06-15db2d1f874a}
hkey_classes_root\clsid\{80bb7465-a638-43b5-9827-8e8fe38dfcc1}
hkey_classes_root\clsid\{8b3b8352-30db-4790-b697-010dce7bc63c}
hkey_classes_root\clsid\{d36f70b1-7df5-4fd4-a765-70ccc8f72cd7}
hkey_classes_root\clsid\{e2bf1bf3-1fdb-4c93-8874-0b09e71c594c}
hkey_classes_root\clsid\{f3155057-4c2c-4078-8576-50486693fd49}
hkey_classes_root\compbar.getpricebar
hkey_classes_root\compbar.getpricebar.1
hkey_classes_root\imitoolbar.bottomframe
hkey_classes_root\imitoolbar.bottomframe.1
hkey_classes_root\imitoolbar.leftframe
hkey_classes_root\imitoolbar.leftframe.1
hkey_classes_root\imitoolbar.popupbrowser
hkey_classes_root\imitoolbar.popupbrowser.1
hkey_classes_root\imitoolbar.popupwindow
hkey_classes_root\imitoolbar.popupwindow.1
HKEY_CLASSES_ROOT\Interface\{220959ea-b54c-4201-8df21cfac8b59fd7}
HKEY_CLASSES_ROOT\Interface\{3e589169-86ad-44fe-b426-f0bf105d5582}
HKEY_CLASSES_ROOT\Interface\{4534CD6B-59D6-43FD-864B-06A0D843444A}
HKEY_CLASSES_ROOT\Interface\{4FDBDBAD-FEFE-4C4C-9CC1-1181052AFB12}
HKEY_CLASSES_ROOT\Interface\{6a288140-3e1c-4cd9-aac5-e20fdd4f5d64}
HKEY_CLASSES_ROOT\Interface\{7371ad3f-c419-4dc0-8e8a-e21fafad53e0}
HKEY_CLASSES_ROOT\Interface\{98b2ddba-6da2-4421-af2b-814e98f53649}
HKEY_CLASSES_ROOT\Interface\{B88A3AF1-4F1B-4400-8FFB-3FCB108CE115}
HKEY_CLASSES_ROOT\Interface\{e4458b4a-6149-4450-84f2-864adb7e8c52}
hkey_classes_root\jao.jao
hkey_classes_root\jao.jao.1
hkey_classes_root\mynewsbarlauncher.ie5barlauncherbho
hkey_classes_root\mynewsbarlauncher.ie5barlauncherbho.1
hkey_classes_root\setup.setup1
hkey_classes_root\setup.setup2
HKEY_CLASSES_ROOT\TypeLib\{57add57b-173e-418a-8f70-17e5c9f2bcc9}
HKEY_CLASSES_ROOT\TypeLib\{690bccb4-6b83-4203-ae77-038c116594ec}
HKEY_CLASSES_ROOT\TypeLib\{C094876D-1B0E-46FA-B6A6-7FFC0F970C27}
HKEY_CLASSES_ROOT\TypeLib\{DDAF2479-6F00-4599-998A-3ED75686C6D0}
hkey_classes_root\vx2.vx2obj
hkey_classes_root\wbho.band
hkey_classes_root\wbho.band.1
hkey_current_user\software\180solutions
hkey_current_user\software\btgrab
hkey_local_machine\software\180solutions
hkey_local_machine\software\classes\bridge.brdg
hkey_local_machine\software\classes\bridge.brdg.1
HKEY_LOCAL_MACHINE\software\classes\CLSID\{1c896551-8b92-4907-8c06-15db2d1f874a}
HKEY_LOCAL_MACHINE\software\classes\CLSID\{80BB7465-A638-43B5-9827-8E8FE38DFCC1}
HKEY_LOCAL_MACHINE\software\classes\CLSID\{8B3B8352-30DB-4790-B697-010DCE7BC63C}
HKEY_LOCAL_MACHINE\software\classes\CLSID\{d36f70b1-7df5-4fd4-a765-70ccc8f72cd7}
HKEY_LOCAL_MACHINE\software\classes\CLSID\{e2bf1bf3-1fdb-4c93-8874-0b09e71c594c}
HKEY_LOCAL_MACHINE\software\classes\CLSID\{f3155057-4c2c-4078-8576-50486693fd49}
hkey_local_machine\software\classes\imitoolbar.bottomframe
hkey_local_machine\software\classes\imitoolbar.leftframe
hkey_local_machine\software\classes\imitoolbar.popupbrowser
hkey_local_machine\software\classes\imitoolbar.popupwindow
hkey_local_machine\software\classes\jao.jao
hkey_local_machine\software\classes\jao.jao.1
hkey_local_machine\software\classes\setup.setup1
hkey_local_machine\software\classes\setup.setup2
hkey_local_machine\software\classes\vx2.vx2obj
hkey_local_machine\software\classes\wbho.band
hkey_local_machine\software\lycos
hkey_local_machine\software\mbkwbar
hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\abi-1
hkey_local_machine\software\microsoft\windows\currentversion\uninstall\bridge
hkey_local_machine\software\microsoft\windows\currentversion\uninstall\mbkwbar
hkey_local_machine\software\microsoft\windows\currentversion\uninstall\windows sr 2.0
hkey_local_machine\software\twaintec

* Return to OTMoveIt2. Right click in the Paste List of Files/Folders to Move window (under the Yellow bar) and choose Paste.
* Click the red Moveit! button.
* A log of files and folders moved will be created in the C:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
* Close OTMoveIt2.

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Download HijackThis at http://www.greyknigh.../HijackThis.exe Create a folder at C:\HJT and move HijackThis.exe there. Double-click on the program to run it.

1. If it gives you an intro screen, just choose Do a system scan and save a logfile.
2. If you don't get the intro screen, just hit Scan and then click on Save log.
3. Post the hijackthis.log file here. Do not fix anything in HijackThis since they may be harmless.

Double click on Combofix to run it again. Post the new log here.

How is it running so far?

Edited by greyknight17, 16 August 2008 - 05:39 PM.

  • 0

#14
gciron1
Posted 17 August 2008 - 05:39 PM

gciron1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
generally speaking the computer is running better, but after doing all of the scans and seeing all the problems i just want to get it all off the computer.... i have otmoveit2 and hijack.... i will post all three logs tomorrow morning.. thanks again
  • 0

#15
gciron1
Posted 18 August 2008 - 11:49 AM

gciron1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
new combofix log:
ComboFix 08-08-10.04 - Owner 2008-08-18 13:17:33.3 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-07-18 to 2008-08-18 )))))))))))))))))))))))))))))))
.

2008-08-14 10:58 . 2008-08-14 10:58 <DIR> d-------- C:\Program Files\Panda Security
2008-08-14 10:58 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-08-14 10:45 . 2008-08-14 10:45 <DIR> d-------- C:\_OTMoveIt
2008-08-14 01:59 . 2008-04-11 14:50 683,520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-14 01:59 . 2008-05-01 10:30 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-13 03:06 . 2008-08-13 03:06 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-08-13 03:02 . 2008-08-13 03:02 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-08-12 11:23 . 2008-08-12 11:23 <DIR> dr-h----- C:\$VAULT$.AVG
2008-08-12 09:45 . 2008-08-18 08:00 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\AVG7
2008-08-12 09:45 . 2008-08-12 09:45 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-08-12 09:44 . 2008-08-12 09:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-08-12 09:04 . 2008-08-12 09:04 <DIR> d-------- C:\WINDOWS\system32\Dell
2008-08-12 09:04 . 2008-08-12 09:04 <DIR> d-------- C:\Program Files\Dell
2008-08-12 07:41 . 2008-08-13 08:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-08-11 17:00 . 2008-06-13 09:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-08-06 10:39 . 2008-08-06 10:39 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-08-06 10:39 . 2008-08-06 10:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-08-06 09:17 . 2008-08-06 09:17 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-06 09:17 . 2008-08-06 09:17 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-08-06 09:17 . 2008-08-06 09:17 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-08-06 09:17 . 2008-08-06 09:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-06 09:17 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-06 09:17 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-18 14:18 --------- d-----w C:\Program Files\Java
2008-08-12 12:34 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-12 12:32 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-08-12 12:32 --------- d-----w C:\Documents and Settings\Owner\Application Data\Roxio
2008-08-12 12:10 --------- d-----w C:\Program Files\Symantec
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2004-05-07 20:08 61,224 ----a-w C:\Documents and Settings\Owner\GoToAssistDownloadHelper.exe
2004-03-17 19:34 108,904 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( snapshot_2008-08-12_ 8.44.29.21 )))))))))))))))))))))))))))))))))))))))))
.
- 2003-12-02 00:11:23 7,168 ----a-w C:\WINDOWS\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2008-08-13 07:05:26 8,192 ----a-w C:\WINDOWS\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2003-12-02 00:11:19 32,768 ----a-w C:\WINDOWS\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll
+ 2008-08-13 07:05:30 32,768 ----a-w C:\WINDOWS\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll
- 2003-12-02 00:11:10 716,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2008-08-13 07:05:46 720,896 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2003-12-02 00:11:10 299,008 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2008-08-13 07:05:31 299,008 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2003-12-02 00:11:23 32,768 ----a-w C:\WINDOWS\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll
+ 2008-08-13 07:05:41 32,768 ----a-w C:\WINDOWS\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll
- 2003-12-02 00:11:24 299,008 ----a-w C:\WINDOWS\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2008-08-13 07:05:38 303,104 ----a-w C:\WINDOWS\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2003-12-02 00:11:19 1,290,240 ----a-w C:\WINDOWS\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll
+ 2008-08-13 07:05:42 1,294,336 ----a-w C:\WINDOWS\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll
- 2003-12-02 00:11:20 1,699,840 ----a-w C:\WINDOWS\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Design.dll
+ 2008-08-13 07:05:28 1,703,936 ----a-w C:\WINDOWS\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Design.dll
- 2003-12-02 00:11:21 86,016 ----a-w C:\WINDOWS\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2008-08-13 07:05:45 90,112 ----a-w C:\WINDOWS\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2003-12-02 00:11:21 466,944 ----a-w C:\WINDOWS\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2008-08-13 07:05:37 466,944 ----a-w C:\WINDOWS\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2003-12-02 00:11:21 241,664 ----a-w C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2008-08-13 07:05:32 241,664 ----a-w C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2003-12-02 00:11:21 64,000 ----a-w C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll
+ 2008-08-13 07:05:32 66,560 ----a-w C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll
- 2003-12-02 00:11:21 368,640 ----a-w C:\WINDOWS\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll
+ 2008-08-13 07:05:40 372,736 ----a-w C:\WINDOWS\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll
- 2003-12-02 00:11:21 241,664 ----a-w C:\WINDOWS\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2008-08-13 07:05:48 241,664 ----a-w C:\WINDOWS\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2003-12-02 00:11:21 323,584 ----a-w C:\WINDOWS\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2008-08-13 07:05:38 323,584 ----a-w C:\WINDOWS\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2003-12-02 00:11:21 131,072 ----a-w C:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-08-13 07:05:33 131,072 ----a-w C:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2003-12-02 00:11:21 77,824 ----a-w C:\WINDOWS\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2008-08-13 07:05:36 77,824 ----a-w C:\WINDOWS\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
- 2003-12-02 00:11:21 126,976 ----a-w C:\WINDOWS\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2008-08-13 07:05:43 126,976 ----a-w C:\WINDOWS\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2003-12-02 00:11:23 819,200 ----a-w C:\WINDOWS\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2008-08-13 07:05:25 819,200 ----a-w C:\WINDOWS\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2003-12-02 00:11:22 57,344 ----a-w C:\WINDOWS\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2008-08-13 07:05:31 57,344 ----a-w C:\WINDOWS\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2003-12-02 00:11:22 569,344 ----a-w C:\WINDOWS\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2008-08-13 07:05:29 573,440 ----a-w C:\WINDOWS\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2003-12-02 00:11:22 1,245,184 ----a-w C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2008-08-14 07:08:20 1,265,664 ----a-w C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2003-12-02 00:11:22 2,039,808 ----a-w C:\WINDOWS\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2008-08-13 07:05:35 2,052,096 ----a-w C:\WINDOWS\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll
- 2003-12-02 00:11:23 1,335,296 ----a-w C:\WINDOWS\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.Xml.dll
+ 2008-08-13 07:05:39 1,339,392 ----a-w C:\WINDOWS\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.XML.dll
- 2003-12-02 00:11:21 1,216,512 ----a-w C:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2008-08-14 07:08:21 1,232,896 ----a-w C:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2008-08-14 07:08:46 61,440 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_b5abaa0b\CustomMarshalers.dll
+ 2008-08-14 07:09:40 3,391,488 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_dfd55425\mscorlib.dll
+ 2008-08-14 07:09:30 1,470,464 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_c3ec7ed9\System.Design.dll
+ 2008-08-14 07:08:51 90,112 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_3dd78595\System.Drawing.Design.dll
+ 2008-08-14 07:09:34 835,584 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_27b9af1a\System.Drawing.dll
+ 2008-08-14 07:09:08 3,018,752 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_275cac51\System.Windows.Forms.dll
+ 2008-08-14 07:09:18 2,088,960 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_78484472\System.Xml.dll
+ 2008-08-14 07:08:43 1,966,080 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_438c091a\System.dll
+ 2008-06-30 14:39:58 128,256 ----a-w C:\WINDOWS\Downloaded Program Files\as2stubie.dll
- 2004-03-29 21:22:23 2,560 ----a-r C:\WINDOWS\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2008-08-14 14:46:14 2,560 ----a-r C:\WINDOWS\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
- 2004-03-29 21:22:23 34,304 ----a-r C:\WINDOWS\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2008-08-14 14:46:13 34,304 ----a-r C:\WINDOWS\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2004-03-29 21:22:23 8,192 ----a-r C:\WINDOWS\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2008-08-14 14:46:14 8,192 ----a-r C:\WINDOWS\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2004-03-29 21:22:23 3,584 ----a-r C:\WINDOWS\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2008-08-14 14:46:14 3,584 ----a-r C:\WINDOWS\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2004-03-29 21:22:23 16,384 ----a-r C:\WINDOWS\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2008-08-14 14:46:13 16,384 ----a-r C:\WINDOWS\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2004-03-29 21:22:23 22,528 ----a-r C:\WINDOWS\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2008-08-14 14:46:14 22,528 ----a-r C:\WINDOWS\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2004-03-29 21:22:23 45,056 ----a-r C:\WINDOWS\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2008-08-14 14:46:13 45,056 ----a-r C:\WINDOWS\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2008-08-13 07:02:43 32,768 ----a-r C:\WINDOWS\Installer\{C04E32E0-0416-434D-AFB9-6969D703A9EF}\icon.exe
- 2003-02-21 00:19:32 253,952 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2007-04-14 01:30:52 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2003-02-21 00:19:34 20,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe
+ 2004-07-15 05:49:18 20,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe
- 2003-02-21 00:19:38 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
+ 2004-07-15 05:49:26 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
- 2003-02-21 00:19:36 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2007-04-14 01:30:52 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2003-02-21 00:09:08 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2007-04-14 00:57:52 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2003-02-21 15:20:44 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\csc.exe
+ 2004-07-15 15:23:28 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\csc.exe
- 2003-02-21 15:21:00 626,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cscomp.dll
+ 2004-07-15 15:23:44 626,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cscomp.dll
- 2003-02-21 00:06:20 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll
+ 2004-07-15 04:24:30 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll
+ 2003-10-08 18:30:14 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\gacutil.exe
- 2003-02-21 12:24:38 7,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEExecRemote.dll
+ 2004-07-15 18:31:00 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEExecRemote.dll
- 2003-02-21 12:24:40 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEHost.dll
+ 2004-07-15 18:31:04 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEHost.dll
- 2003-02-21 00:09:40 196,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ilasm.exe
+ 2004-07-15 04:35:30 196,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ilasm.exe
- 2003-02-21 12:26:36 716,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.dll
+ 2004-07-15 18:28:58 720,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.dll
- 2003-02-21 12:26:38 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.dll
+ 2004-07-15 18:28:56 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.dll
- 2003-02-21 12:25:04 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPol.exe
+ 2004-07-15 18:28:50 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPol.exe
- 2003-02-21 12:25:04 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe
+ 2004-07-15 18:28:50 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe
- 2003-02-21 00:09:12 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscordbc.dll
+ 2004-07-15 04:32:44 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscordbc.dll
- 2003-02-21 00:09:12 233,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscordbi.dll
+ 2004-07-15 04:32:46 233,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscordbi.dll
- 2003-02-21 00:09:14 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2007-04-14 00:57:58 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2003-02-21 00:06:32 311,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2007-04-14 00:56:30 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2003-02-21 00:09:16 98,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2007-04-14 00:58:00 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2003-02-21 12:26:34 2,088,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2007-04-14 00:50:46 2,142,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2003-02-21 00:09:18 143,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorrc.dll
+ 2004-07-15 04:33:22 143,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorrc.dll
- 2003-02-21 00:09:18 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsec.dll
+ 2004-07-15 04:33:24 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsec.dll
- 2003-02-21 00:09:18 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2007-04-14 00:58:02 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2003-02-21 00:07:34 2,494,464 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2007-04-14 00:57:00 2,523,136 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2003-02-21 00:08:32 2,482,176 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2007-04-14 00:57:28 2,514,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2007-01-15 20:11:26 73,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
- 2003-02-21 00:09:30 90,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\PerfCounter.dll
+ 2004-07-15 04:34:50 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\PerfCounter.dll
- 2003-02-21 12:26:46 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\RegCode.dll
+ 2004-07-15 18:28:48 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\RegCode.dll
+ 2004-07-15 05:49:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3912\_aspnet_isapi.dll
+ 2004-07-15 04:32:22 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3912\_CORPerfMonExt.dll
+ 2004-07-15 04:24:30 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3912\_fusion.dll
+ 2004-07-15 04:25:06 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3912\_mscorjit.dll
+ 2004-07-15 18:29:02 2,138,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3912\_mscorlib.dll
+ 2003-02-21 00:09:18 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3912\_mscorsn.dll
+ 2004-07-15 04:26:52 2,510,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3912\_mscorsvr.dll
+ 2004-07-15 04:28:34 2,502,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3912\_mscorwks.dll
+ 2003-02-21 09:42:22 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3912\_msvcr71.dll
+ 2004-07-15 04:34:50 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3912\_PerfCounter.dll
- 2003-02-21 00:09:34 319,488 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SOS.dll
+ 2004-07-15 04:35:04 319,488 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SOS.dll
- 2003-02-21 12:26:38 1,290,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Data.dll
+ 2004-07-15 18:32:00 1,294,336 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Data.dll
- 2003-02-21 12:25:42 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Data.OracleClient.dll
+ 2004-07-15 18:31:14 303,104 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Data.OracleClient.dll
- 2003-02-21 12:26:42 1,699,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Design.dll
+ 2004-07-15 18:29:02 1,703,936 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Design.dll
- 2003-02-21 12:26:44 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.DirectoryServices.dll
+ 2004-07-15 18:28:54 90,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.DirectoryServices.dll
- 2003-02-21 12:26:46 1,216,512 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2007-04-14 01:35:38 1,232,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2003-02-21 12:26:50 466,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll
+ 2004-07-15 18:28:58 466,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll
- 2003-02-21 12:26:50 241,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.dll
+ 2004-07-15 18:28:56 241,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.dll
- 2003-02-21 00:09:36 64,000 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.Thunk.dll
+ 2004-07-15 04:35:12 66,560 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.Thunk.dll
- 2003-02-21 12:26:52 368,640 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Management.dll
+ 2004-07-15 18:31:58 372,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Management.dll
- 2003-02-21 12:26:54 241,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Messaging.dll
+ 2004-07-15 18:31:12 241,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Messaging.dll
- 2003-02-21 12:26:56 323,584 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Remoting.dll
+ 2004-07-15 18:28:58 323,584 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Remoting.dll
- 2003-02-21 12:26:56 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll
+ 2004-07-15 18:31:54 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll
- 2003-02-21 12:26:58 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2004-07-15 18:28:52 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
- 2003-02-21 12:27:00 126,976 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.ServiceProcess.dll
+ 2004-07-15 18:28:54 126,976 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.ServiceProcess.dll
- 2003-02-21 12:27:02 1,245,184 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2007-04-14 01:35:46 1,265,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2003-02-21 12:27:06 819,200 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.Mobile.dll
+ 2004-07-15 18:28:58 819,200 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.Mobile.dll
- 2003-02-21 12:24:18 57,344 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.RegularExpressions.dll
+ 2004-07-15 18:28:52 57,344 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.RegularExpressions.dll
- 2003-02-21 12:27:06 569,344 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.Services.dll
+ 2004-07-15 18:31:16 573,440 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.Services.dll
- 2003-02-21 12:27:08 2,039,808 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll
+ 2004-07-15 18:32:02 2,052,096 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll
- 2003-02-21 12:27:10 1,335,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.XML.dll
+ 2004-07-15 18:29:00 1,339,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.XML.dll
+ 2004-06-22 17:51:38 53,248 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
- 2003-02-21 15:20:38 737,280 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\vbc.exe
+ 2004-07-15 15:23:20 737,280 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\vbc.exe
- 2003-02-21 10:04:18 1,032,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\VsaVb7rt.dll
+ 2004-07-15 12:15:14 1,032,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\VsaVb7rt.dll
- 2003-02-21 01:10:40 31,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll
+ 2004-07-15 06:11:56 31,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll
- 2008-04-21 07:03:56 1,023,488 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2008-06-23 15:38:28 1,023,488 ----a-w C:\WINDOWS\system32\browseui.dll
- 2008-04-21 07:03:56 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 2008-06-23 15:38:29 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
- 2008-04-21 07:03:57 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
+ 2008-06-23 15:38:30 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
- 2008-04-21 07:03:56 1,023,488 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll
+ 2008-06-23 15:38:28 1,023,488 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll
- 2008-04-21 07:03:56 151,040 -c----w C:\WINDOWS\system32\dllcache\cdfview.dll
+ 2008-06-23 15:38:29 151,040 -c----w C:\WINDOWS\system32\dllcache\cdfview.dll
- 2008-04-21 07:03:57 1,054,208 -c----w C:\WINDOWS\system32\dllcache\danim.dll
+ 2008-06-23 15:38:30 1,054,208 -c----w C:\WINDOWS\system32\dllcache\danim.dll
- 2008-04-21 07:03:57 357,888 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-06-23 15:38:30 357,888 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-04-21 07:03:57 205,312 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-06-23 15:38:30 205,312 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-07-07 20:32:22 253,952 -c----w C:\WINDOWS\system32\dllcache\es.dll
- 2008-04-21 07:03:57 55,808 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-06-23 15:38:30 55,808 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2008-04-17 10:52:54 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2008-06-23 09:49:29 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
- 2008-04-21 07:03:58 251,392 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2008-06-23 15:38:31 251,392 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
- 2008-04-21 07:03:58 96,256 -c----w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2008-06-23 15:38:31 96,256 -c----w C:\WINDOWS\system32\dllcache\inseng.dll
- 2007-11-14 07:26:56 450,560 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2007-12-18 14:40:58 450,560 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
- 2008-04-21 07:03:58 16,384 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-06-23 15:38:31 16,384 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-06-24 16:23:05 74,240 -c----w C:\WINDOWS\system32\dllcache\mscms.dll
- 2008-04-21 07:03:59 3,059,712 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-06-23 15:38:33 3,059,712 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2008-04-21 07:03:59 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-06-23 15:38:33 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2008-04-21 07:03:59 146,432 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-06-23 15:38:33 146,432 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
- 2008-04-21 07:03:59 532,480 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-06-23 15:38:33 532,480 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
- 2008-04-21 07:03:59 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-06-23 15:38:33 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2008-04-21 07:04:00 1,494,528 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2008-06-23 15:38:34 1,494,528 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
- 2008-04-21 07:04:00 474,112 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2008-06-23 15:38:34 474,112 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
- 2008-04-21 07:04:00 615,936 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-06-23 15:38:34 615,936 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2007-12-18 14:40:58 417,792 -c----w C:\WINDOWS\system32\dllcache\vbscript.dll
- 2008-04-21 07:04:00 659,456 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-06-23 15:38:34 659,456 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-08-12 13:44:33 821,856 ----a-w C:\WINDOWS\system32\drivers\avg7core.sys
+ 2008-08-12 13:44:47 4,224 ----a-w C:\WINDOWS\system32\drivers\avg7rsw.sys
+ 2008-08-12 13:44:48 27,776 ----a-w C:\WINDOWS\system32\drivers\avg7rsxp.sys
+ 2008-08-12 13:44:56 10,760 ----a-w C:\WINDOWS\system32\drivers\avgclean.sys
+ 2008-08-12 13:44:55 26,952 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
+ 2008-08-12 13:44:55 4,960 ----a-w C:\WINDOWS\system32\drivers\avgtdi.sys
- 2008-04-21 07:03:57 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-06-23 15:38:30 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2008-04-21 07:03:57 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-06-23 15:38:30 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2005-07-26 04:39:45 243,200 ----a-w C:\WINDOWS\system32\es.dll
+ 2008-07-07 20:32:22 253,952 ----a-w C:\WINDOWS\system32\es.dll
- 2008-04-21 07:03:57 55,808 ------w C:\WINDOWS\system32\extmgr.dll
+ 2008-06-23 15:38:30 55,808 ------w C:\WINDOWS\system32\extmgr.dll
- 1999-10-18 00:01:42 1,129,232 ----a-w C:\WINDOWS\system32\FM20.DLL
+ 2003-09-25 16:07:00 1,139,472 ----a-w C:\WINDOWS\system32\FM20.DLL
- 1999-10-18 00:01:16 26,384 ----a-w C:\WINDOWS\system32\FM20ENU.DLL
+ 2003-08-18 18:26:32 25,872 ----a-w C:\WINDOWS\system32\FM20ENU.DLL
- 2006-05-12 13:58:28 327,504 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-08-18 14:28:35 327,504 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2008-04-21 07:03:58 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2008-06-23 15:38:31 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2006-03-17 09:07:17 679,424 ----a-w C:\WINDOWS\system32\inetcomm.dll
+ 2008-04-11 18:50:43 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
- 2008-04-21 07:03:58 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2008-06-23 15:38:31 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
- 2007-11-14 07:26:56 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2007-12-18 14:40:58 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
- 2008-04-21 07:03:58 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-06-23 15:38:31 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2006-07-07 01:21:46 6,757,792 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-08-05 15:11:02 15,888,504 ----a-w C:\WINDOWS\system32\MRT.exe
- 2005-06-29 01:46:00 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
+ 2008-06-24 16:23:05 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
- 2003-02-21 00:06:24 155,648 ----a-w C:\WINDOWS\system32\mscoree.dll
+ 2006-12-22 16:28:14 271,360 ----a-w C:\WINDOWS\system32\mscoree.dll
- 2003-02-20 23:43:38 16,896 ----a-w C:\WINDOWS\system32\mscorier.dll
+ 2004-07-15 03:34:06 16,896 ----a-w C:\WINDOWS\system32\mscorier.dll
- 2008-04-21 07:03:59 3,059,712 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-06-23 15:38:33 3,059,712 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2008-04-21 07:03:59 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-06-23 15:38:33 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2008-04-21 07:03:59 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-06-23 15:38:33 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
- 2008-04-21 07:03:59 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-06-23 15:38:33 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
- 2002-02-04 06:52:54 1,230,336 ----a-w C:\WINDOWS\system32\msxml4.dll
+ 2007-05-08 19:03:04 1,275,392 ----a-w C:\WINDOWS\system32\msxml4.dll
+ 2006-12-22 17:02:36 6,144 ----a-w C:\WINDOWS\system32\mui\0409\mscorees.dll
- 2004-04-05 11:45:20 52,764 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-08-13 07:05:09 52,764 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2004-04-05 11:45:20 380,350 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-08-13 07:05:09 380,350 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-04-21 07:03:59 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-06-23 15:38:33 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2008-04-21 07:04:00 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2008-06-23 15:38:34 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2008-04-21 07:04:00 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2008-06-23 15:38:34 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
- 2007-11-30 11:18:51 17,272 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 12:39:22 17,272 ------w C:\WINDOWS\system32\spmsg.dll
- 2008-03-27 09:24:20 60,416 ------w C:\WINDOWS\system32\tzchange.exe
+ 2008-07-14 11:09:18 62,976 ------w C:\WINDOWS\system32\tzchange.exe
- 2008-04-21 07:04:00 615,936 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-06-23 15:38:34 615,936 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2004-08-04 07:56:46 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2007-12-18 14:40:58 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
- 2008-04-21 07:04:00 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2008-06-23 15:38:34 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
- 2008-04-17 10:37:04 351,744 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2008-07-03 09:14:02 351,744 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2007-05-08 19:06:44 1,275,392 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9848.0_x-ww_1b897e9a\msxml4.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" [X]
"WorksFUD"="C:\Program Files\Microsoft Works\wkfud.exe" [2001-10-05 20:34 24576]
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2001-08-23 17:52 331830]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-17 00:41 28738]
"MoneyStartUp10.0"="C:\Program Files\Microsoft Money\System\Activation.exe" [2001-07-25 11:00 241714]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 17:28 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-10-18 12:58 278528]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-11-08 17:33 155648]
"ViewMgr"="C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe" [2004-11-12 13:24 106557]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-08-12 09:44 579584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-08-12 09:44 219136]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2005-02-25 11:26:54 233472]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Dataviz Messenger.lnk - C:\WINDOWS\DvzCommon\DvzMsgr.exe [2003-07-01 22:16:46 24576]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 05:19:24 237568]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2001-08-07 19:06:54 24633]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=NVDESK32.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Palm\\HOTSYNC.EXE"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\SCSBIN\\FileVersion.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2002-08-29 01:59]
S3 ChannelHandler;Channel Handler Service;C:\WINDOWS\system32\svchost.exe [2004-08-04 03:56]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ChannelHandler

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\setup.exe

*Newly Created Service* - PAVBOOT
.
Contents of the 'Scheduled Tasks' folder

2008-08-18 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 17:39]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\obvpmp0v.default\


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-18 13:23:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-18 13:30:41
ComboFix-quarantined-files.txt 2008-08-18 17:30:35
ComboFix2.txt 2008-08-12 12:45:16
ComboFix3.txt 2008-08-11 16:03:09

Pre-Run: 3,530,780,672 bytes free
Post-Run: 3,560,116,224 bytes free

438 --- E O F --- 2008-08-18 14:19:48



new otmoveit2 log:
c:\windows\satmat.ini moved successfully.
c:\documents and settings\owner\application data\lycos moved successfully.
c:\documents and settings\owner\favorites\shop moved successfully.
c:\program files\lycos\Sidesearch\temp moved successfully.
c:\program files\lycos\Sidesearch moved successfully.
c:\program files\lycos moved successfully.
C:\QooBox\Quarantine\C\Program Files\Internet Optimizer\sim\msbbhook.dll.vir moved successfully.
C:\System Volume Information\_restore{D559BFE6-5546-4F48-AC0B-F28A512D9DDC}\RP6\A0000395.inf moved successfully.
c:\windows\alchem.ini moved successfully.
c:\windows\inf\alchem.inf moved successfully.
c:\windows\inf\polall1r.inf moved successfully.
c:\windows\inf\satmat.inf moved successfully.
c:\windows\inf\twaintec.inf moved successfully.
c:\windows\key2.txt moved successfully.
c:\windows\twaintec.ini moved successfully.
< hkey_classes_root\bridge.brdg >
Registry key hkey_classes_root\bridge.brdg\\ not found.
< hkey_classes_root\bridge.brdg.1 >
Registry key hkey_classes_root\bridge.brdg.1\\ not found.
< hkey_classes_root\clsid\{1c896551-8b92-4907-8c06-15db2d1f874a} >
Registry key hkey_classes_root\clsid\{1c896551-8b92-4907-8c06-15db2d1f874a}\\ not found.
< hkey_classes_root\clsid\{80bb7465-a638-43b5-9827-8e8fe38dfcc1} >
Registry key hkey_classes_root\clsid\{80bb7465-a638-43b5-9827-8e8fe38dfcc1}\\ not found.
< hkey_classes_root\clsid\{8b3b8352-30db-4790-b697-010dce7bc63c} >
Registry key hkey_classes_root\clsid\{8b3b8352-30db-4790-b697-010dce7bc63c}\\ not found.
< hkey_classes_root\clsid\{d36f70b1-7df5-4fd4-a765-70ccc8f72cd7} >
Registry key hkey_classes_root\clsid\{d36f70b1-7df5-4fd4-a765-70ccc8f72cd7}\\ not found.
< hkey_classes_root\clsid\{e2bf1bf3-1fdb-4c93-8874-0b09e71c594c} >
Registry key hkey_classes_root\clsid\{e2bf1bf3-1fdb-4c93-8874-0b09e71c594c}\\ not found.
< hkey_classes_root\clsid\{f3155057-4c2c-4078-8576-50486693fd49} >
Registry key hkey_classes_root\clsid\{f3155057-4c2c-4078-8576-50486693fd49}\\ not found.
< hkey_classes_root\compbar.getpricebar >
Registry key hkey_classes_root\compbar.getpricebar\\ not found.
< hkey_classes_root\compbar.getpricebar.1 >
Registry key hkey_classes_root\compbar.getpricebar.1\\ not found.
< hkey_classes_root\imitoolbar.bottomframe >
Registry key hkey_classes_root\imitoolbar.bottomframe\\ not found.
< hkey_classes_root\imitoolbar.bottomframe.1 >
Registry key hkey_classes_root\imitoolbar.bottomframe.1\\ not found.
< hkey_classes_root\imitoolbar.leftframe >
Registry key hkey_classes_root\imitoolbar.leftframe\\ not found.
< hkey_classes_root\imitoolbar.leftframe.1 >
Registry key hkey_classes_root\imitoolbar.leftframe.1\\ not found.
< hkey_classes_root\imitoolbar.popupbrowser >
Registry key hkey_classes_root\imitoolbar.popupbrowser\\ not found.
< hkey_classes_root\imitoolbar.popupbrowser.1 >
Registry key hkey_classes_root\imitoolbar.popupbrowser.1\\ not found.
< hkey_classes_root\imitoolbar.popupwindow >
Registry key hkey_classes_root\imitoolbar.popupwindow\\ not found.
< hkey_classes_root\imitoolbar.popupwindow.1 >
Registry key hkey_classes_root\imitoolbar.popupwindow.1\\ not found.
< HKEY_CLASSES_ROOT\Interface\{220959ea-b54c-4201-8df21cfac8b59fd7} >
Registry key HKEY_CLASSES_ROOT\Interface\{220959ea-b54c-4201-8df21cfac8b59fd7}\\ not found.
< HKEY_CLASSES_ROOT\Interface\{3e589169-86ad-44fe-b426-f0bf105d5582} >
Registry key HKEY_CLASSES_ROOT\Interface\{3e589169-86ad-44fe-b426-f0bf105d5582}\\ deleted successfully.
< HKEY_CLASSES_ROOT\Interface\{4534CD6B-59D6-43FD-864B-06A0D843444A} >
Registry key HKEY_CLASSES_ROOT\Interface\{4534CD6B-59D6-43FD-864B-06A0D843444A}\\ deleted successfully.
< HKEY_CLASSES_ROOT\Interface\{4FDBDBAD-FEFE-4C4C-9CC1-1181052AFB12} >
Registry key HKEY_CLASSES_ROOT\Interface\{4FDBDBAD-FEFE-4C4C-9CC1-1181052AFB12}\\ deleted successfully.
< HKEY_CLASSES_ROOT\Interface\{6a288140-3e1c-4cd9-aac5-e20fdd4f5d64} >
Registry key HKEY_CLASSES_ROOT\Interface\{6a288140-3e1c-4cd9-aac5-e20fdd4f5d64}\\ deleted successfully.
< HKEY_CLASSES_ROOT\Interface\{7371ad3f-c419-4dc0-8e8a-e21fafad53e0} >
Registry key HKEY_CLASSES_ROOT\Interface\{7371ad3f-c419-4dc0-8e8a-e21fafad53e0}\\ deleted successfully.
< HKEY_CLASSES_ROOT\Interface\{98b2ddba-6da2-4421-af2b-814e98f53649} >
Registry key HKEY_CLASSES_ROOT\Interface\{98b2ddba-6da2-4421-af2b-814e98f53649}\\ deleted successfully.
< HKEY_CLASSES_ROOT\Interface\{B88A3AF1-4F1B-4400-8FFB-3FCB108CE115} >
Registry key HKEY_CLASSES_ROOT\Interface\{B88A3AF1-4F1B-4400-8FFB-3FCB108CE115}\\ deleted successfully.
< HKEY_CLASSES_ROOT\Interface\{e4458b4a-6149-4450-84f2-864adb7e8c52} >
Registry key HKEY_CLASSES_ROOT\Interface\{e4458b4a-6149-4450-84f2-864adb7e8c52}\\ deleted successfully.
< hkey_classes_root\jao.jao >
Registry key hkey_classes_root\jao.jao\\ not found.
< hkey_classes_root\jao.jao.1 >
Registry key hkey_classes_root\jao.jao.1\\ not found.
< hkey_classes_root\mynewsbarlauncher.ie5barlauncherbho >
Registry key hkey_classes_root\mynewsbarlauncher.ie5barlauncherbho\\ not found.
< hkey_classes_root\mynewsbarlauncher.ie5barlauncherbho.1 >
Registry key hkey_classes_root\mynewsbarlauncher.ie5barlauncherbho.1\\ not found.
< hkey_classes_root\setup.setup1 >
Registry key hkey_classes_root\setup.setup1\\ not found.
< hkey_classes_root\setup.setup2 >
Registry key hkey_classes_root\setup.setup2\\ not found.
< HKEY_CLASSES_ROOT\TypeLib\{57add57b-173e-418a-8f70-17e5c9f2bcc9} >
Registry key HKEY_CLASSES_ROOT\TypeLib\{57add57b-173e-418a-8f70-17e5c9f2bcc9}\\ deleted successfully.
< HKEY_CLASSES_ROOT\TypeLib\{690bccb4-6b83-4203-ae77-038c116594ec} >
Registry key HKEY_CLASSES_ROOT\TypeLib\{690bccb4-6b83-4203-ae77-038c116594ec}\\ deleted successfully.
< HKEY_CLASSES_ROOT\TypeLib\{C094876D-1B0E-46FA-B6A6-7FFC0F970C27} >
Registry key HKEY_CLASSES_ROOT\TypeLib\{C094876D-1B0E-46FA-B6A6-7FFC0F970C27}\\ deleted successfully.
< HKEY_CLASSES_ROOT\TypeLib\{DDAF2479-6F00-4599-998A-3ED75686C6D0} >
Registry key HKEY_CLASSES_ROOT\TypeLib\{DDAF2479-6F00-4599-998A-3ED75686C6D0}\\ deleted successfully.
< hkey_classes_root\vx2.vx2obj >
Registry key hkey_classes_root\vx2.vx2obj\\ not found.
< hkey_classes_root\wbho.band >
Registry key hkey_classes_root\wbho.band\\ not found.
< hkey_classes_root\wbho.band.1 >
Registry key hkey_classes_root\wbho.band.1\\ not found.
< hkey_current_user\software\180solutions >
Registry key hkey_current_user\software\180solutions\\ deleted successfully.
< hkey_current_user\software\btgrab >
Registry key hkey_current_user\software\btgrab\\ not found.
< hkey_local_machine\software\180solutions >
Registry key hkey_local_machine\software\180solutions\\ not found.
< hkey_local_machine\software\classes\bridge.brdg >
Registry key hkey_local_machine\software\classes\bridge.brdg\\ deleted successfully.
< hkey_local_machine\software\classes\bridge.brdg.1 >
Registry key hkey_local_machine\software\classes\bridge.brdg.1\\ deleted successfully.
< HKEY_LOCAL_MACHINE\software\classes\CLSID\{1c896551-8b92-4907-8c06-15db2d1f874a} >
Registry key HKEY_LOCAL_MACHINE\software\classes\CLSID\{1c896551-8b92-4907-8c06-15db2d1f874a}\\ deleted successfully.
< HKEY_LOCAL_MACHINE\software\classes\CLSID\{80BB7465-A638-43B5-9827-8E8FE38DFCC1} >
Registry key HKEY_LOCAL_MACHINE\software\classes\CLSID\{80BB7465-A638-43B5-9827-8E8FE38DFCC1}\\ deleted successfully.
< HKEY_LOCAL_MACHINE\software\classes\CLSID\{8B3B8352-30DB-4790-B697-010DCE7BC63C} >
Registry key HKEY_LOCAL_MACHINE\software\classes\CLSID\{8B3B8352-30DB-4790-B697-010DCE7BC63C}\\ deleted successfully.
< HKEY_LOCAL_MACHINE\software\classes\CLSID\{d36f70b1-7df5-4fd4-a765-70ccc8f72cd7} >
Registry key HKEY_LOCAL_MACHINE\software\classes\CLSID\{d36f70b1-7df5-4fd4-a765-70ccc8f72cd7}\\ deleted successfully.
< HKEY_LOCAL_MACHINE\software\classes\CLSID\{e2bf1bf3-1fdb-4c93-8874-0b09e71c594c} >
Registry key HKEY_LOCAL_MACHINE\software\classes\CLSID\{e2bf1bf3-1fdb-4c93-8874-0b09e71c594c}\\ deleted successfully.
< HKEY_LOCAL_MACHINE\software\classes\CLSID\{f3155057-4c2c-4078-8576-50486693fd49} >
Registry key HKEY_LOCAL_MACHINE\software\classes\CLSID\{f3155057-4c2c-4078-8576-50486693fd49}\\ deleted successfully.
< hkey_local_machine\software\classes\imitoolbar.bottomframe >
Registry key hkey_local_machine\software\classes\imitoolbar.bottomframe\\ deleted successfully.
< hkey_local_machine\software\classes\imitoolbar.leftframe >
Registry key hkey_local_machine\software\classes\imitoolbar.leftframe\\ deleted successfully.
< hkey_local_machine\software\classes\imitoolbar.popupbrowser >
Registry key hkey_local_machine\software\classes\imitoolbar.popupbrowser\\ deleted successfully.
< hkey_local_machine\software\classes\imitoolbar.popupwindow >
Registry key hkey_local_machine\software\classes\imitoolbar.popupwindow\\ deleted successfully.
< hkey_local_machine\software\classes\jao.jao >
Registry key hkey_local_machine\software\classes\jao.jao\\ deleted successfully.
< hkey_local_machine\software\classes\jao.jao.1 >
Registry key hkey_local_machine\software\classes\jao.jao.1\\ deleted successfully.
< hkey_local_machine\software\classes\setup.setup1 >
Registry key hkey_local_machine\software\classes\setup.setup1\\ deleted successfully.
< hkey_local_machine\software\classes\setup.setup2 >
Registry key hkey_local_machine\software\classes\setup.setup2\\ deleted successfully.
< hkey_local_machine\software\classes\vx2.vx2obj >
Registry key hkey_local_machine\software\classes\vx2.vx2obj\\ deleted successfully.
< hkey_local_machine\software\classes\wbho.band >
Registry key hkey_local_machine\software\classes\wbho.band\\ deleted successfully.
< hkey_local_machine\software\lycos >
Registry key hkey_local_machine\software\lycos\\ deleted successfully.
< hkey_local_machine\software\mbkwbar >
Registry key hkey_local_machine\software\mbkwbar\\ deleted successfully.
< hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\abi-1 >
Registry key hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\abi-1\\ deleted successfully.
< hkey_local_machine\software\microsoft\windows\currentversion\uninstall\bridge >
Registry key hkey_local_machine\software\microsoft\windows\currentversion\uninstall\bridge\\ deleted successfully.
< hkey_local_machine\software\microsoft\windows\currentversion\uninstall\mbkwbar >
Registry key hkey_local_machine\software\microsoft\windows\currentversion\uninstall\mbkwbar\\ deleted successfully.
< hkey_local_machine\software\microsoft\windows\currentversion\uninstall\windows sr 2.0 >
Registry key hkey_local_machine\software\microsoft\windows\currentversion\uninstall\windows sr 2.0\\ deleted successfully.
< hkey_local_machine\software\twaintec >
Registry key hkey_local_machine\software\twaintec\\ deleted successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08182008_100637


hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:08:44 AM, on 8/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVG
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP