problem with win32.killAV-KQ [Archive] - Safer-Networking Forums

View Full Version : problem with win32.killAV-KQ

antiquecollector

2009-06-23, 21:24

Spybot found this and can't remove it. I don't know how to remove it. I did a hijackthis log and it is as follows:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:18:27 PM, on 6/23/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CSHelper.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\AOL\1102880411\ee\AOLSoftware.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Plaxo\3.19.0.16\PlaxoHelper_en.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\CallWave\IAM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\Verizon Online\Support Center\bin\mpbtn.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\wscntfy.exe
c:\program files\common files\aol\1102880411\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer powered by Verizon Broadband
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1102880411\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\3.19.0.16\PlaxoHelper_en.exe -a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PlaxoSysTray] C:\Program Files\Plaxo\3.19.0.16\PlaxoSysTray.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Broadband Support Center.lnk = C:\Program Files\Verizon Online\Support Center\bin\matcli.exe
O4 - Global Startup: CallWave.lnk = C:\Program Files\CallWave\IAM.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029COUS_ZNxdm824CRUS
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.com/applet-6.6.4.21/omaha/omaha-en_US.cab
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.9.0.61/aces/aces-en_US.cab
O16 - DPF: Ali Baba Slots TM by pogo - http://game1.pogo.com/applet-6.8.3.35/slots/alibaba-en_US.cab
O16 - DPF: Backgammon by pogo - http://game1.pogo.com/applet-6.6.5.22/backgammon/backgammon-en_US.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-6.8.4.51/blackjack/blackjack-en_US.cab
O16 - DPF: Blackjack Carnival by pogo - http://game1.pogo.com/applet-6.8.1.38/vbjack2/vbjack2-en_US.cab
O16 - DPF: Blooop by pogo - http://game1.pogo.com/applet-6.9.4.41/cascade/cascade-en_US.cab
O16 - DPF: Bowling by pogo - http://game1.pogo.com/applet-6.8.2.23/bowling/bowling-en_US.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-6.9.0.61/canasta/canasta-en_US.cab
O16 - DPF: Checkers by pogo - http://game1.pogo.com/applet-6.9.4.34/checkers2/checkers-en_US.cab
O16 - DPF: Chess by pogo - http://game1.pogo.com/applet-6.8.0.32/chess2/chess2-en_US.cab
O16 - DPF: Dice City Roller by pogo - http://game1.pogo.com/applet-6.9.2.40/ytz/ytz-en_US.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.6.2.21/checkeredflag/checkeredflag-en_US.cab
O16 - DPF: Dominoes by pogo - http://game1.pogo.com/applet-6.9.1.38/domino/domino-en_US.cab
O16 - DPF: Euchre by pogo - http://game1.pogo.com/applet-6.7.2.24/euchre/euchre-en_US.cab
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.com/applet-6.9.3.39/firstclass2/firstclass2-en_US.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.com/applet-6.9.3.29/superbingo/superbingo-en_US.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-6.5.0.45/greenback/greenback-ob-assets.cab
O16 - DPF: Hangman Hijinks by pogo - http://game1.pogo.com/applet-6.9.3.39/hangman/hangman-en_US.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.8.2.23/harvest/harvest-en_US.cab
O16 - DPF: Hearts by pogo - http://game1.pogo.com/applet-6.9.2.33/hearts/hearts-en_US.cab
O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.com/applet-6.8.4.51/drawpoker/drawpoker-en_US.cab
O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.com/applet-6.7.3.23/pool2/pool-en_US.cab
O16 - DPF: Hog Heaven Slots by pogo - http://game1.pogo.com/applet-6.9.1.38/fancy/fancy-en_US.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-6.9.0.43/gin2/gin2-en_US.cab
O16 - DPF: Lost Temple Poker by pogo - http://game1.pogo.com/applet-6.7.5.28/mhpoker/mhpoker-en_US.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.8.4.51/lottso/lottso-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.9.4.34/mahjong2/mahjong2-en_US.cab
O16 - DPF: Multiline Slots by pogo - http://game1.pogo.com/applet-6.7.1.33/mlslots/mlslots-en_US.cab
O16 - DPF: Pai Gow by pogo - http://game1.pogo.com/applet-6.9.0.43/paigow/paigow-en_US.cab
O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.com/applet-6.9.0.43/freecell/freecell-en_US.cab
O16 - DPF: Payday Freecell Solitaire by pogo - http://game1.pogo.com/applet-6.9.4.41/freecell2/freecell2-en_US.cab
O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.com/applet-6.8.0.25/penguins/penguins-en_US.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.com/applet-6.9.1.32/waterwheel/waterwheel-en_US.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.8.3.22/flinger/flinger-en_US.cab
O16 - DPF: Pinochle by pogo - http://game1.pogo.com/applet-6.6.3.34/pinochle/pinochle-en_US.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.9.3.49/popfu/popfu-en_US.cab
O16 - DPF: PoppaZoppa by pogo - http://game1.pogo.com/applet-6.9.1.32/poppazoppa/poppazoppa-en_US.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.9.4.34/poppit2/poppit2-en_US.cab
O16 - DPF: Quick Quack by pogo - http://game1.pogo.com/applet-6.7.4.35/hotstreak/hotstreak-en_US.cab
O16 - DPF: QWERTY by pogo - http://game1.pogo.com/applet-6.9.2.33/squares/squares-en_US.cab
O16 - DPF: Ride The Tide by pogo - http://game1.pogo.com/applet-6.5.3.44/ride/ride-en_US.cab
O16 - DPF: SciFi Slots by pogo - http://game1.pogo.com/applet-6.9.4.34/slots/scifi-en_US.cab
O16 - DPF: Showbiz Slots 2 by pogo - http://game1.pogo.com/applet-6.9.4.34/slots/showbiz2-en_US.cab
O16 - DPF: Showbiz Slots by pogo - http://game1.pogo.com/applet-6.8.2.23/slots/showbiz-en_US.cab
O16 - DPF: Shuffle Bump by pogo - http://game1.pogo.com/applet-6.8.3.22/puck/puck-en_US.cab
O16 - DPF: Spades 2 by pogo - http://game1.pogo.com/applet-6.7.1.23/spades2/spades2-en_US.cab
O16 - DPF: Spades by pogo - http://game1.pogo.com/applet-6.5.3.37/spades/spades-en_US.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-6.9.2.40/spider/spider-en_US.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.9.0.43/squelchies/squelchies-en_US.cab
O16 - DPF: Stax by pogo - http://game1.pogo.com/applet-6.9.2.33/stax/stax-en_US.cab
O16 - DPF: Stellar Sweeper by pogo - http://game1.pogo.com/applet-6.9.3.39/sweeper/sweeper-en_US.cab
O16 - DPF: Swashbucks by pogo - http://game1.pogo.com/applet-6.9.3.29/piratesgold/piratesgold-en_US.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.com/applet-6.8.4.51/sweettooth/sweettooth-en_US.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.9.2.40/holdem/holdem-en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.9.4.41/peaks/peaks-en_US.cab
O16 - DPF: Tumble Bees by pogo - http://game1.pogo.com/applet-6.9.1.32/jumbee/jumbee-en_US.cab
O16 - DPF: Turbo 21 v2 by pogo - http://game1.pogo.com/applet-8.0.0.20/turbo22/turbo22-en_US.cab
O16 - DPF: Video Poker by pogo - http://game1.pogo.com/applet-6.9.2.40/videopoker2/videopoker-en_US.cab
O16 - DPF: Wonderland Memories by pogo - http://game1.pogo.com/applet-6.7.2.24/memories/memories-en_US.cab
O16 - DPF: Word Craft by pogo - http://game1.pogo.com/applet-6.9.4.34/babble/babble-en_US.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.6.2.21/wordwhomp2/whomp2-en_US.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-6.9.3.29/whackdown/whackdown-en_US.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.com/applet-6.8.0.25/wordjong/wordjong-en_US.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.9.3.29/worldclass/worldclass-en_US.cab
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/Coupons.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter hijack: text/html - {dfa96717-de3b-4a4c-b223-a0762f024ab5} - C:\WINDOWS\system32\mst122.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\WINDOWS\system32\CSHelper.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 16408 bytes

Shaba

2009-06-26, 11:52

Hi antiquecollector

Please post spybot report next :)

antiquecollector

2009-06-26, 17:36

Hi Shaba. I seem to have a couple logs from the last scan, I'm not sure which one you need. Here they are:

23.06.2009 11:14:37 - ##### check started #####
23.06.2009 11:14:38 - ### Version: 1.6.2
23.06.2009 11:14:38 - ### Date: 6/23/2009 11:14:38 AM
23.06.2009 11:14:43 - ##### checking bots #####
23.06.2009 11:15:09 - found: CouponBar Class ID
23.06.2009 11:15:09 - found: CouponBar Class ID
23.06.2009 11:15:09 - found: CouponBar Class ID
23.06.2009 11:15:09 - found: CouponBar Class ID
23.06.2009 11:15:09 - found: CouponBar Root class
23.06.2009 11:15:09 - found: CouponBar Class ID
23.06.2009 11:15:09 - found: CouponBar Interface
23.06.2009 11:15:09 - found: CouponBar Interface
23.06.2009 11:15:09 - found: CouponBar Interface
23.06.2009 11:15:10 - found: CouponBar Interface
23.06.2009 11:15:10 - found: CouponBar Root class
23.06.2009 11:15:10 - found: CouponBar Root class
23.06.2009 11:15:10 - found: CouponBar Class ID
23.06.2009 11:15:10 - found: CouponBar Browser helper object
23.06.2009 11:15:10 - found: CouponBar Root class
23.06.2009 11:15:10 - found: CouponBar Root class
23.06.2009 11:15:10 - found: CouponBar Class ID
23.06.2009 11:15:10 - found: CouponBar Root class
23.06.2009 11:15:10 - found: CouponBar Root class
23.06.2009 11:15:10 - found: CouponBar Type library
23.06.2009 11:15:10 - found: CouponBar Type library
23.06.2009 11:15:10 - found: CouponBar Settings
23.06.2009 11:15:10 - found: CouponBar Settings
23.06.2009 11:15:10 - found: CouponBar Uninstall settings
23.06.2009 11:15:10 - found: CouponBar Settings
23.06.2009 11:15:10 - found: CouponBar Text file
23.06.2009 11:22:42 - found: SearchPixieBar Settings
23.06.2009 11:44:27 - found: Microsoft.Windows.Security.InternetExplorer Settings
23.06.2009 11:44:27 - found: Microsoft.WindowsSecurityCenter.AntiVirusOverride Settings
23.06.2009 11:45:37 - found: CommonName Class ID
23.06.2009 12:17:35 - found: Win32.KillAV-KQ Settings
23.06.2009 12:17:36 - found: Win32.KillAV-KQ Class ID
23.06.2009 12:17:36 - found: Win32.KillAV-KQ Root class
23.06.2009 12:17:36 - found: Win32.KillAV-KQ Root class
23.06.2009 12:17:36 - found: Win32.KillAV-KQ Class ID
23.06.2009 12:17:36 - found: Win32.KillAV-KQ Browser helper object
23.06.2009 12:17:36 - found: Win32.KillAV-KQ Type library
23.06.2009 13:42:08 - found: AdRevolver Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:08 - found: FastClick Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:08 - found: MediaPlex Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:08 - found: CoreMetrics Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:08 - found: WebTrends live Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:08 - found: Statcounter Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:08 - found: AdRevolver Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:08 - found: LinkSynergy Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:08 - found: HitBox Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:08 - found: BurstMedia Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:09 - found: BFast Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:09 - found: HitBox Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:09 - found: DirectTrack Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:09 - found: HitBox Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:09 - found: HitBox Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:09 - found: HitBox Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:09 - found: Zedo Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:09 - found: BlueStreak Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:09 - found: HitBox Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:09 - found: AdRevolver Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:09 - found: HitBox Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:09 - found: HitBox Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:09 - found: HitBox Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:09 - found: HitBox Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:10 - found: HitBox Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:10 - found: HitBox Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:10 - found: HitBox Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:10 - found: HitBox Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:10 - found: DirectTrack Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:10 - found: HitBox Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:10 - found: HitBox Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:10 - found: DirectTrack Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:10 - found: HitBox Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:10 - found: HitsLink Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:10 - found: CoreMetrics Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:10 - found: HitBox Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:10 - found: DoubleClick Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:10 - found: HitBox Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:10 - found: HitBox Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:10 - found: HitBox Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:10 - found: HitBox Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:10 - found: DirectTrack Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:10 - found: HitBox Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:10 - found: HitBox Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:10 - found: DirectTrack Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:10 - found: HitBox Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:10 - found: CoreMetrics Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:10 - found: HitBox Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:10 - found: AdRevolver Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:10 - found: HitBox Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:10 - found: HitBox Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:10 - found: HitBox Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:10 - found: HitBox Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:10 - found: WebTrends live Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:10 - found: Tradedoubler Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:10 - found: Commission Junction Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:10 - found: DirectTrack Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:10 - found: HitBox Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:10 - found: HitBox Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:10 - found: HitBox Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:11 - found: DirectTrack Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:11 - found: HitBox Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:11 - found: DirectTrack Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:11 - found: HitsLink Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:11 - found: DirectTrack Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:11 - found: Clickbank Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:11 - found: DirectTrack Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:11 - found: HitBox Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:11 - found: HitBox Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:11 - found: DirectTrack Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:11 - found: HitBox Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:11 - found: HitBox Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:11 - found: HitBox Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:11 - found: HitBox Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:11 - found: HitBox Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:11 - found: HitBox Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:11 - found: HitBox Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:11 - found: HitBox Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:11 - found: HitBox Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:11 - found: HitBox Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:11 - found: HitBox Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:11 - found: HitBox Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:11 - found: HitBox Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:11 - found: HitBox Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:11 - found: DirectTrack Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:11 - found: HitBox Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:11 - found: HitBox Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:11 - found: HitBox Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:11 - found: HitBox Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:11 - found: DirectTrack Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:11 - found: DirectTrack Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:11 - found: HitBox Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:11 - found: DirectTrack Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:11 - found: AdRevolver Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:12 - found: HitBox Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:12 - found: HitBox Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:12 - found: HitBox Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:12 - found: HitBox Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:12 - found: HitBox Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:12 - found: HitBox Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:12 - found: HitBox Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:12 - found: DoubleClick Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:12 - found: HitBox Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:12 - found: DirectTrack Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:12 - found: HitBox Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:12 - found: HitBox Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:12 - found: DirectTrack Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:12 - found: HitBox Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:12 - found: HitBox Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:12 - found: HitBox Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:12 - found: HitBox Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:12 - found: DirectTrack Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:12 - found: HitBox Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:12 - found: Zedo Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:12 - found: HitBox Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:12 - found: DirectTrack Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:12 - found: HitBox Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:12 - found: DirectTrack Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:12 - found: DirectTrack Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:12 - found: DirectTrack Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:12 - found: DirectTrack Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:12 - found: DoubleClick Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:12 - found: BurstMedia Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:12 - found: CPXinteractive Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:13 - found: DirectTrack Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:13 - found: DoubleClick Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:13 - found: DirectTrack Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:13 - found: DoubleClick Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:13 - found: DoubleClick Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:13 - found: DirectTrack Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:13 - found: Zedo Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:13 - found: DirectTrack Tracking cookie (Internet Explorer: Janet Jennings)
23.06.2009 13:42:13 - found: AdRevolver Tracking cookie (Firefox: Janet Jennings (ProfileName))
23.06.2009 13:42:13 - found: AdRevolver Tracking cookie (Firefox: Janet Jennings (ProfileName))
23.06.2009 13:42:13 - found: MediaPlex Tracking cookie (Firefox: Janet Jennings (ProfileName))
23.06.2009 13:42:13 - found: MediaPlex Tracking cookie (Firefox: Janet Jennings (ProfileName))
23.06.2009 13:42:13 - found: BurstMedia Tracking cookie (Firefox: Janet Jennings (ProfileName))
23.06.2009 13:42:13 - found: BurstMedia Tracking cookie (Firefox: Janet Jennings (ProfileName))
23.06.2009 13:42:13 - found: DoubleClick Tracking cookie (Firefox: Janet Jennings (ProfileName))
23.06.2009 13:42:13 - found: DoubleClick Tracking cookie (Firefox: Janet Jennings (ProfileName))
23.06.2009 13:42:13 - found: HitBox Tracking cookie (Firefox: Janet Jennings (ProfileName))
23.06.2009 13:42:13 - found: HitBox Tracking cookie (Firefox: Janet Jennings (ProfileName))
23.06.2009 13:42:13 - found: HitBox Tracking cookie (Firefox: Janet Jennings (ProfileName))
23.06.2009 13:42:13 - found: MediaPlex Tracking cookie (Firefox: Janet Jennings (ProfileName))
23.06.2009 13:42:13 - found: MediaPlex Tracking cookie (Firefox: Janet Jennings (ProfileName))
23.06.2009 13:42:13 - found: FastClick Tracking cookie (Firefox: Janet Jennings (ProfileName))
23.06.2009 13:42:13 - found: FastClick Tracking cookie (Firefox: Janet Jennings (ProfileName))
23.06.2009 13:42:13 - found: FastClick Tracking cookie (Firefox: Janet Jennings (ProfileName))
23.06.2009 13:42:13 - found: FastClick Tracking cookie (Firefox: Janet Jennings (ProfileName))
23.06.2009 13:42:13 - found: MediaPlex Tracking cookie (Firefox: Janet Jennings (ProfileName))
23.06.2009 13:42:13 - found: Statcounter Tracking cookie (Firefox: Janet Jennings (ProfileName))
23.06.2009 13:42:13 - found: Zedo Tracking cookie (Firefox: Janet Jennings (ProfileName))
23.06.2009 13:42:13 - found: Zedo Tracking cookie (Firefox: Janet Jennings (ProfileName))
23.06.2009 13:42:13 - found: HitsLink Tracking cookie (Firefox: Janet Jennings (ProfileName))
23.06.2009 13:42:13 - found: AdRevolver Tracking cookie (Firefox: Janet Jennings (ProfileName))
23.06.2009 13:42:13 - found: WebTrends live Tracking cookie (Firefox: Janet Jennings (ProfileName))
23.06.2009 13:42:13 - found: BurstMedia Tracking cookie (Firefox: Janet Jennings (ProfileName))
23.06.2009 13:42:13 - found: BurstMedia Tracking cookie (Firefox: Janet Jennings (ProfileName))
23.06.2009 13:42:17 - ##### check finished ####

And the other log (from the same scan):

--- Report generated: 2009-06-23 13:42 ---

CouponBar: [SBI $73FB1190] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}

CouponBar: [SBI $AFB7D670] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}

CouponBar: [SBI $EFE6495E] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}

CouponBar: [SBI $CB95FB49] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}

CouponBar: [SBI $51FE8B2E] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\cpbrkpie.Coupon6Ctrl.1

CouponBar: [SBI $51FE8B2E] Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}

CouponBar: [SBI $2085718C] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{0D700D4A-F8C1-8888-C5BA-CB09D464A4E8}

CouponBar: [SBI $60F93919] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{6D69B86A-B94C-59EE-BCB8-5F5DF46B2BE8}

CouponBar: [SBI $7A5ACBCB] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{6E780F0B-BCD6-40CB-B2DB-7AF47AB4D4A4}

CouponBar: [SBI $7B15781E] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{A138BE8B-F051-4802-9A3F-A750A6D862D4}

CouponBar: [SBI $79DD9442] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ToolBand.TTB000000

CouponBar: [SBI $79DD9442] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ToolBand.TTB000000.1

CouponBar: [SBI $79DD9442] Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}

CouponBar: [SBI $79DD9442] Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}

CouponBar: [SBI $D8EB624C] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TTB000001.IEToolbar

CouponBar: [SBI $D8EB624C] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TTB000001.IEToolbar.1

CouponBar: [SBI $D8EB624C] Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}

CouponBar: [SBI $095C9854] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TTB000001.TTB000001

CouponBar: [SBI $095C9854] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TTB000001.TTB000001.1

CouponBar: [SBI $E3788A7B] Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{87255C51-CD7D-4506-B9AD-97606DAF53F3}

CouponBar: [SBI $2B36E459] Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{9BA983B1-0C05-2DAF-9D1D-7E160077CAF4}

CouponBar: [SBI $5E6E3641] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-320522354-3583955949-1473644045-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5BED3930-2E9E-76D8-BACC-80DF2188D455}

CouponBar: [SBI $8222F1A1] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-320522354-3583955949-1473644045-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}

CouponBar: [SBI $DDB87C81] Uninstall settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TTB000001.TTB000001Toolbar

CouponBar: [SBI $0508B240] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-320522354-3583955949-1473644045-1007\Software\TTB000001

CouponBar: [SBI $21E5E98F] Text file (File, nothing done)
C:\WINDOWS\CBVersion.txt
Properties.size=7
Properties.md5=F9157709FAA7D67E6E2A76ECC5EB9C20
Properties.filedate=1121098274
Properties.filedatetext=2005-07-11 11:11:14

SearchPixieBar: [SBI $B4D617E4] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-320522354-3583955949-1473644045-1007\Software\BestToolbars\IEToolbar

Microsoft.Windows.Security.InternetExplorer: [SBI $A3433CBF] Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-320522354-3583955949-1473644045-1007\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe

Microsoft.WindowsSecurityCenter.AntiVirusOverride: [SBI $3604910C] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride

CommonName: [SBI $A5CE4ECE] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{00000000-0000-0000-0000-000000000000}

Win32.KillAV-KQ: [SBI $A4722992] Settings (Registry key, nothing done)
HKEY_CLASSES_ROOT\AppID\{A0E1054B-01EE-4D57-A059-4D99F339709F}

Win32.KillAV-KQ: [SBI $1AF416DB] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486}

Win32.KillAV-KQ: [SBI $F0C3DEFD] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\main.BHO

Win32.KillAV-KQ: [SBI $F0C3DEFD] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\main.BHO.1

Win32.KillAV-KQ: [SBI $F0C3DEFD] Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486}

Win32.KillAV-KQ: [SBI $F0C3DEFD] Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486}

Win32.KillAV-KQ: [SBI $5B084AE7] Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{8E3C68CD-F500-4A2A-8CB9-132BB38C3573}

AdRevolver: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

FastClick: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

MediaPlex: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

CoreMetrics: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

WebTrends live: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

Statcounter: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

AdRevolver: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

LinkSynergy: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

HitBox: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

BurstMedia: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

BFast: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

HitBox: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

DirectTrack: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

HitBox: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

HitBox: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

HitBox: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

Zedo: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

BlueStreak: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

HitBox: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

AdRevolver: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

HitBox: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

HitBox: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

HitBox: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

HitBox: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

HitBox: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

HitBox: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

HitBox: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

HitBox: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

DirectTrack: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

HitBox: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

HitBox: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

DirectTrack: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

HitBox: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

HitsLink: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

CoreMetrics: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

HitBox: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

DoubleClick: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

HitBox: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

HitBox: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

HitBox: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

HitBox: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

DirectTrack: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

HitBox: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

HitBox: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

DirectTrack: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

HitBox: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

CoreMetrics: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

HitBox: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

AdRevolver: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

HitBox: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

HitBox: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

HitBox: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

HitBox: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

WebTrends live: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

Tradedoubler: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

Commission Junction: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

DirectTrack: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

HitBox: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

HitBox: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

HitBox: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

DirectTrack: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

HitBox: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

DirectTrack: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

HitsLink: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

DirectTrack: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

Clickbank: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

DirectTrack: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

HitBox: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

HitBox: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

DirectTrack: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

HitBox: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

HitBox: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

HitBox: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

HitBox: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

HitBox: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

HitBox: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

HitBox: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

HitBox: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

HitBox: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

HitBox: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

HitBox: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

HitBox: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

HitBox: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

HitBox: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

DirectTrack: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

HitBox: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

HitBox: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

HitBox: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

HitBox: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

DirectTrack: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

DirectTrack: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

HitBox: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

DirectTrack: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

AdRevolver: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

HitBox: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

HitBox: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

HitBox: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

HitBox: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

HitBox: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

HitBox: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

HitBox: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

DoubleClick: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

HitBox: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

DirectTrack: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

HitBox: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

HitBox: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

DirectTrack: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

HitBox: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

HitBox: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

HitBox: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

HitBox: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

DirectTrack: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

HitBox: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

Zedo: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

HitBox: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

DirectTrack: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

HitBox: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

DirectTrack: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

DirectTrack: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

DirectTrack: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

DirectTrack: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

DoubleClick: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

BurstMedia: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

CPXinteractive: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

DirectTrack: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

DoubleClick: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

DirectTrack: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

DoubleClick: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

DoubleClick: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

DirectTrack: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

Zedo: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

DirectTrack: Tracking cookie (Internet Explorer: Janet Jennings) (Cookie, nothing done)

AdRevolver: Tracking cookie (Firefox: Janet Jennings (ProfileName)) (Cookie, nothing done)

AdRevolver: Tracking cookie (Firefox: Janet Jennings (ProfileName)) (Cookie, nothing done)

MediaPlex: Tracking cookie (Firefox: Janet Jennings (ProfileName)) (Cookie, nothing done)

MediaPlex: Tracking cookie (Firefox: Janet Jennings (ProfileName)) (Cookie, nothing done)

BurstMedia: Tracking cookie (Firefox: Janet Jennings (ProfileName)) (Cookie, nothing done)

BurstMedia: Tracking cookie (Firefox: Janet Jennings (ProfileName)) (Cookie, nothing done)

DoubleClick: Tracking cookie (Firefox: Janet Jennings (ProfileName)) (Cookie, nothing done)

DoubleClick: Tracking cookie (Firefox: Janet Jennings (ProfileName)) (Cookie, nothing done)

HitBox: Tracking cookie (Firefox: Janet Jennings (ProfileName)) (Cookie, nothing done)

HitBox: Tracking cookie (Firefox: Janet Jennings (ProfileName)) (Cookie, nothing done)

HitBox: Tracking cookie (Firefox: Janet Jennings (ProfileName)) (Cookie, nothing done)

MediaPlex: Tracking cookie (Firefox: Janet Jennings (ProfileName)) (Cookie, nothing done)

MediaPlex: Tracking cookie (Firefox: Janet Jennings (ProfileName)) (Cookie, nothing done)

FastClick: Tracking cookie (Firefox: Janet Jennings (ProfileName)) (Cookie, nothing done)

FastClick: Tracking cookie (Firefox: Janet Jennings (ProfileName)) (Cookie, nothing done)

FastClick: Tracking cookie (Firefox: Janet Jennings (ProfileName)) (Cookie, nothing done)

FastClick: Tracking cookie (Firefox: Janet Jennings (ProfileName)) (Cookie, nothing done)

MediaPlex: Tracking cookie (Firefox: Janet Jennings (ProfileName)) (Cookie, nothing done)

Statcounter: Tracking cookie (Firefox: Janet Jennings (ProfileName)) (Cookie, nothing done)

Zedo: Tracking cookie (Firefox: Janet Jennings (ProfileName)) (Cookie, nothing done)

Zedo: Tracking cookie (Firefox: Janet Jennings (ProfileName)) (Cookie, nothing done)

HitsLink: Tracking cookie (Firefox: Janet Jennings (ProfileName)) (Cookie, nothing done)

AdRevolver: Tracking cookie (Firefox: Janet Jennings (ProfileName)) (Cookie, nothing done)

WebTrends live: Tracking cookie (Firefox: Janet Jennings (ProfileName)) (Cookie, nothing done)

BurstMedia: Tracking cookie (Firefox: Janet Jennings (ProfileName)) (Cookie, nothing done)

BurstMedia: Tracking cookie (Firefox: Janet Jennings (ProfileName)) (Cookie, nothing done)

--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-01-26 TeaTimer.exe (1.6.4.26)
2009-06-23 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-05-19 Includes\Adware.sbi (*)
2009-06-02 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-05-19 Includes\Dialer.sbi (*)
2009-06-02 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2009-06-09 Includes\HijackersC.sbi (*)
2009-06-16 Includes\Keyloggers.sbi (*)
2009-06-16 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2009-06-10 Includes\Malware.sbi (*)
2009-06-16 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2009-06-17 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2009-06-02 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-04-07 Includes\Spyware.sbi (*)
2009-06-02 Includes\SpywareC.sbi (*)
2009-06-08 Includes\Tracks.uti
2009-06-17 Includes\Trojans.sbi (*)
2009-06-17 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

Shaba

2009-06-26, 18:58

That is fine :)

Is spybot able to remove other findings?

antiquecollector

2009-06-26, 19:09

Everything but the winn32.kill stuff and the coupon bar, but the coupon bar isn't a problem.

Shaba

2009-06-26, 20:18

Please then post latest spybot report :)

antiquecollector

2009-06-26, 20:56

Okay, I haven't done one since then. It couldn't remove the win32kill thing. I'll do one, it's just a bit slow going on my computer.

Shaba

2009-06-26, 21:41

OK, post back when ready :)

antiquecollector

2009-06-26, 23:58

Okay. Here's the results. It didn't show up on the list of problems but I'm not sure that means it's not still there? It said before that it couldn't fix it.

--- Search result list ---
WebTrends live: Tracking cookie (Firefox: Janet Jennings (ProfileName)) (Cookie, fixed)

--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-01-26 TeaTimer.exe (1.6.4.26)
2009-06-23 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-05-19 Includes\Adware.sbi (*)
2009-06-02 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-05-19 Includes\Dialer.sbi (*)
2009-06-02 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2009-06-09 Includes\HijackersC.sbi (*)
2009-06-16 Includes\Keyloggers.sbi (*)
2009-06-16 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2009-06-10 Includes\Malware.sbi (*)
2009-06-16 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2009-06-17 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2009-06-02 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-04-07 Includes\Spyware.sbi (*)
2009-06-02 Includes\SpywareC.sbi (*)
2009-06-08 Includes\Tracks.uti
2009-06-17 Includes\Trojans.sbi (*)
2009-06-17 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

--- System information ---
Windows XP (Build: 2600) Service Pack 2 (5.1.2600)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB928366)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
/ MSXML4SP2: Security update for MSXML4 SP2 (KB936181)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB954430)
/ Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB898458)
/ Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB923723)
/ Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
/ Windows / SP1: Microsoft National Language Support Downlevel APIs
/ Windows Media Player: Security Update for Windows Media Player (KB952069)
/ Windows Media Player 6.4: Security Update for Windows Media Player 6.4 (KB925398)
/ Windows Media Player 9: Security Update for Windows Media Player 9 (KB917734)
/ Windows Media Player 9: Security Update for Windows Media Player 9 (KB936782)
/ Windows XP: Security Update for Windows XP (KB923689)
/ Windows XP: Security Update for Windows XP (KB941569)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB928090)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB929969)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB931768)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB933566)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB937143)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB938127)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB939653)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB942615)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB944533)
/ Windows XP / SP0: Hotfix for Windows Internet Explorer 7 (KB947864)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB950759)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB953838)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB956390)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB958215)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB960714)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB961260)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB963027)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB969897)
/ Windows XP / SP2: Windows XP Service Pack 2
/ Windows XP / SP3: Windows XP Hotfix - KB834707
/ Windows XP / SP3: Windows XP Hotfix - KB867282
/ Windows XP / SP3: Windows XP Hotfix - KB873333
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Security Update for Windows XP (KB883939)
/ Windows XP / SP3: Windows XP Hotfix - KB885250
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB887742
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Security Update for Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890047
/ Windows XP / SP3: Windows XP Hotfix - KB890175
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB890923
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Security Update for Windows XP (KB893066)
/ Windows XP / SP3: Windows XP Hotfix - KB893086
/ Windows XP / SP3: Security Update for Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Update for Windows XP (KB894391)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896422)
/ Windows XP / SP3: Security Update for Windows XP (KB896423)
/ Windows XP / SP3: Security Update for Windows XP (KB896424)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Security Update for Windows XP (KB896688)
/ Windows XP / SP3: Update for Windows XP (KB896727)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Security Update for Windows XP (KB899587)
/ Windows XP / SP3: Security Update for Windows XP (KB899588)
/ Windows XP / SP3: Security Update for Windows XP (KB899591)
/ Windows XP / SP3: Update for Windows XP (KB900485)
/ Windows XP / SP3: Security Update for Windows XP (KB900725)
/ Windows XP / SP3: Security Update for Windows XP (KB901017)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Security Update for Windows XP (KB902400)
/ Windows XP / SP3: Security Update for Windows XP (KB903235)
/ Windows XP / SP3: Security Update for Windows XP (KB904706)
/ Windows XP / SP3: Update for Windows XP (KB904942)
/ Windows XP / SP3: Security Update for Windows XP (KB905414)
/ Windows XP / SP3: Security Update for Windows XP (KB905749)
/ Windows XP / SP3: Security Update for Windows XP (KB905915)
/ Windows XP / SP3: Security Update for Windows XP (KB908519)
/ Windows XP / SP3: Security Update for Windows XP (KB908531)
/ Windows XP / SP3: Update for Windows XP (KB910437)
/ Windows XP / SP3: Security Update for Windows XP (KB911280)
/ Windows XP / SP3: Security Update for Windows XP (KB911562)
/ Windows XP / SP3: Security Update for Windows XP (KB911567)
/ Windows XP / SP3: Security Update for Windows XP (KB911927)
/ Windows XP / SP3: Security Update for Windows XP (KB912812)
/ Windows XP / SP3: Security Update for Windows XP (KB912919)
/ Windows XP / SP3: Security Update for Windows XP (KB913446)
/ Windows XP / SP3: Security Update for Windows XP (KB913580)
/ Windows XP / SP3: Security Update for Windows XP (KB914388)
/ Windows XP / SP3: Security Update for Windows XP (KB914389)
/ Windows XP / SP3: Hotfix for Windows XP (KB914440)
/ Windows XP / SP3: Hotfix for Windows XP (KB915865)
/ Windows XP / SP3: Security Update for Windows XP (KB916281)
/ Windows XP / SP3: Update for Windows XP (KB916595)
/ Windows XP / SP3: Security Update for Windows XP (KB917159)
/ Windows XP / SP3: Security Update for Windows XP (KB917344)
/ Windows XP / SP3: Security Update for Windows XP (KB917422)
/ Windows XP / SP3: Security Update for Windows XP (KB917953)
/ Windows XP / SP3: Security Update for Windows XP (KB918118)
/ Windows XP / SP3: Security Update for Windows XP (KB918439)
/ Windows XP / SP3: Security Update for Windows XP (KB918899)
/ Windows XP / SP3: Security Update for Windows XP (KB919007)
/ Windows XP / SP3: Security Update for Windows XP (KB920213)
/ Windows XP / SP3: Security Update for Windows XP (KB920214)
/ Windows XP / SP3: Security Update for Windows XP (KB920670)
/ Windows XP / SP3: Security Update for Windows XP (KB920683)
/ Windows XP / SP3: Security Update for Windows XP (KB920685)
/ Windows XP / SP3: Update for Windows XP (KB920872)
/ Windows XP / SP3: Security Update for Windows XP (KB921398)
/ Windows XP / SP3: Security Update for Windows XP (KB921503)
/ Windows XP / SP3: Security Update for Windows XP (KB921883)
/ Windows XP / SP3: Update for Windows XP (KB922582)
/ Windows XP / SP3: Security Update for Windows XP (KB922616)
/ Windows XP / SP3: Security Update for Windows XP (KB922760)
/ Windows XP / SP3: Security Update for Windows XP (KB922819)
/ Windows XP / SP3: Security Update for Windows XP (KB923191)
/ Windows XP / SP3: Security Update for Windows XP (KB923414)
/ Windows XP / SP3: Security Update for Windows XP (KB923694)
/ Windows XP / SP3: Security Update for Windows XP (KB923980)
/ Windows XP / SP3: Security Update for Windows XP (KB924191)
/ Windows XP / SP3: Security Update for Windows XP (KB924270)
/ Windows XP / SP3: Security Update for Windows XP (KB924496)
/ Windows XP / SP3: Security Update for Windows XP (KB924667)
/ Windows XP / SP3: Security Update for Windows XP (KB925454)
/ Windows XP / SP3: Security Update for Windows XP (KB925486)
/ Windows XP / SP3: Security Update for Windows XP (KB925902)
/ Windows XP / SP3: Security Update for Windows XP (KB926255)
/ Windows XP / SP3: Security Update for Windows XP (KB926436)
/ Windows XP / SP3: Security Update for Windows XP (KB927779)
/ Windows XP / SP3: Security Update for Windows XP (KB927802)
/ Windows XP / SP3: Update for Windows XP (KB927891)
/ Windows XP / SP3: Security Update for Windows XP (KB928255)
/ Windows XP / SP3: Security Update for Windows XP (KB928843)
/ Windows XP / SP3: Security Update for Windows XP (KB929123)
/ Windows XP / SP3: Update for Windows XP (KB929338)
/ Windows XP / SP3: Security Update for Windows XP (KB930178)
/ Windows XP / SP3: Update for Windows XP (KB930916)
/ Windows XP / SP3: Security Update for Windows XP (KB931261)
/ Windows XP / SP3: Security Update for Windows XP (KB931784)
/ Windows XP / SP3: Update for Windows XP (KB931836)
/ Windows XP / SP3: Security Update for Windows XP (KB932168)
/ Windows XP / SP3: Update for Windows XP (KB932823-v3)
/ Windows XP / SP3: Update for Windows XP (KB933360)
/ Windows XP / SP3: Security Update for Windows XP (KB933729)
/ Windows XP / SP3: Security Update for Windows XP (KB935839)
/ Windows XP / SP3: Security Update for Windows XP (KB935840)
/ Windows XP / SP3: Security Update for Windows XP (KB936021)
/ Windows XP / SP3: Update for Windows XP (KB936357)
/ Windows XP / SP3: Update for Windows XP (KB938828)
/ Windows XP / SP3: Security Update for Windows XP (KB938829)
/ Windows XP / SP3: Security Update for Windows XP (KB941202)
/ Windows XP / SP3: Security Update for Windows XP (KB941568)
/ Windows XP / SP3: Security Update for Windows XP (KB941644)
/ Windows XP / SP3: Security Update for Windows XP (KB941693)
/ Windows XP / SP3: Update for Windows XP (KB942763)
/ Windows XP / SP3: Security Update for Windows XP (KB943055)
/ Windows XP / SP3: Security Update for Windows XP (KB943460)
/ Windows XP / SP3: Security Update for Windows XP (KB943485)
/ Windows XP / SP3: Security Update for Windows XP (KB944653)
/ Windows XP / SP3: Security Update for Windows XP (KB945553)
/ Windows XP / SP3: Security Update for Windows XP (KB946026)
/ Windows XP / SP3: Security Update for Windows XP (KB948590)
/ Windows XP / SP3: Security Update for Windows XP (KB948881)
/ Windows XP / SP3: Security Update for Windows XP (KB950749)
/ Windows XP / SP4: Security Update for Windows XP (KB923561)
/ Windows XP / SP4: Security Update for Windows XP (KB938464)
/ Windows XP / SP4: Security Update for Windows XP (KB946648)
/ Windows XP / SP4: Security Update for Windows XP (KB950760)
/ Windows XP / SP4: Security Update for Windows XP (KB950762)
/ Windows XP / SP4: Security Update for Windows XP (KB950974)
/ Windows XP / SP4: Security Update for Windows XP (KB951066)
/ Windows XP / SP4: Update for Windows XP (KB951072-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB951376)
/ Windows XP / SP4: Security Update for Windows XP (KB951376-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB951698)
/ Windows XP / SP4: Security Update for Windows XP (KB951748)
/ Windows XP / SP4: Security Update for Windows XP (KB952004)
/ Windows XP / SP4: Hotfix for Windows XP (KB952287)
/ Windows XP / SP4: Security Update for Windows XP (KB952954)
/ Windows XP / SP4: Security Update for Windows XP (KB953839)
/ Windows XP / SP4: Security Update for Windows XP (KB954211)
/ Windows XP / SP4: Security Update for Windows XP (KB954600)
/ Windows XP / SP4: Security Update for Windows XP (KB955069)
/ Windows XP / SP4: Update for Windows XP (KB955839)
/ Windows XP / SP4: Security Update for Windows XP (KB956391)
/ Windows XP / SP4: Security Update for Windows XP (KB956572)
/ Windows XP / SP4: Security Update for Windows XP (KB956802)
/ Windows XP / SP4: Security Update for Windows XP (KB956803)
/ Windows XP / SP4: Security Update for Windows XP (KB956841)
/ Windows XP / SP4: Security Update for Windows XP (KB957095)
/ Windows XP / SP4: Security Update for Windows XP (KB957097)
/ Windows XP / SP4: Security Update for Windows XP (KB958644)
/ Windows XP / SP4: Security Update for Windows XP (KB958687)
/ Windows XP / SP4: Security Update for Windows XP (KB958690)
/ Windows XP / SP4: Security Update for Windows XP (KB959426)
/ Windows XP / SP4: Security Update for Windows XP (KB960225)
/ Windows XP / SP4: Security Update for Windows XP (KB960715)
/ Windows XP / SP4: Security Update for Windows XP (KB960803)
/ Windows XP / SP4: Security Update for Windows XP (KB961373)
/ Windows XP / SP4: Security Update for Windows XP (KB961501)
/ Windows XP / SP4: Update for Windows XP (KB967715)
/ Windows XP / SP4: Security Update for Windows XP (KB968537)
/ Windows XP / SP4: Security Update for Windows XP (KB969898)
/ Windows XP / SP4: Security Update for Windows XP (KB970238)

--- Startup entries list ---
Located: HK_LM:Run,
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
size: 40048
MD5: 66D4456C920E21BD2188F8CC33680DF5

Located: HK_LM:Run, AOLDialer
command: C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
file: C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
size: 71216
MD5: B9B78F0D9AEBCA8F717680FBABBB5FF4

Located: HK_LM:Run, AVG8_TRAY
command: C:\PROGRA~1\AVG\AVG8\avgtray.exe
file: C:\PROGRA~1\AVG\AVG8\avgtray.exe
size: 1948440
MD5: 2588B441E5B22691E0610CF710865441

Located: HK_LM:Run, dla
command: C:\WINDOWS\system32\dla\tfswctrl.exe
file: C:\WINDOWS\system32\dla\tfswctrl.exe
size: 122933
MD5: 55877AB1F65A512FD317B640D9353DC5

Located: HK_LM:Run, DVDLauncher
command: "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
file: C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
size: 53248
MD5: 6A66B6A314F6EF30CD1CF82A17DAAD52

Located: HK_LM:Run, HostManager
command: C:\Program Files\Common Files\AOL\1102880411\ee\AOLSoftware.exe
file: C:\Program Files\Common Files\AOL\1102880411\ee\AOLSoftware.exe
size: 50736
MD5: C482C535CBFEFE722EC1EB7F11F680A3

Located: HK_LM:Run, HotKeysCmds
command: C:\WINDOWS\system32\hkcmd.exe
file: C:\WINDOWS\system32\hkcmd.exe
size: 126976
MD5: E4CF942A4AEA9D27C87F190F65E7D0F6

Located: HK_LM:Run, HP Component Manager
command: "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
file: C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
size: 241664
MD5: B75B654EE1DA99876461B24597AE3FF3

Located: HK_LM:Run, HP Software Update
command: "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
file: C:\Program Files\HP\HP Software Update\HPWuSchd.exe
size: 49152
MD5: 4FEA5B94C6A96860620A62E4A19BD07D

Located: HK_LM:Run, IgfxTray
command: C:\WINDOWS\system32\igfxtray.exe
file: C:\WINDOWS\system32\igfxtray.exe
size: 155648
MD5: 093D3EE722542BA2E7AD929AA3CA6ABC

Located: HK_LM:Run, IntelMeM
command: C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
file: C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
size: 221184
MD5: BC02E491E88492B02363CE1B384FF7A7

Located: HK_LM:Run, KernelFaultCheck
command: %systemroot%\system32\dumprep 0 -k
file: C:\WINDOWS\system32\dumprep 0 -k
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, mmtask
command: c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
file: c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
size: 53248
MD5: 7BB1F7AC7EEA100496C02BFC94317652

Located: HK_LM:Run, Motive SmartBridge
command: C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
file: C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
size: 385024
MD5: 144F76F8F1C2D985B25DD59D9BD775C7

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 282624
MD5: 383145864F6543C97A7E1B78505D2F1C

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre6\bin\jusched.exe"
file: C:\Program Files\Java\jre6\bin\jusched.exe
size: 148888
MD5: A2D390F1F2408B94EF34BFE3A00C29D3

Located: HK_LM:Run, TkBellExe
command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 180269
MD5: B8E684DF9A97497EDD2F87444A6307FB

Located: HK_LM:Run, UpdateManager
command: "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
file: C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
size: 110592
MD5: 22FD4E58D69969A9165721C797D54931

Located: HK_CU:Run, Aim6
where: S-1-5-21-320522354-3583955949-1473644045-1007...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-320522354-3583955949-1473644045-1007...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8

Located: HK_CU:Run, PlaxoSysTray
where: S-1-5-21-320522354-3583955949-1473644045-1007...
command: C:\Program Files\Plaxo\3.19.0.16\PlaxoSysTray.exe
file: C:\Program Files\Plaxo\3.19.0.16\PlaxoSysTray.exe
size: 20480
MD5: 37D516E5F2903A12447897729D8BF4C7

Located: HK_CU:Run, PlaxoUpdate
where: S-1-5-21-320522354-3583955949-1473644045-1007...
command: C:\Program Files\Plaxo\3.19.0.16\PlaxoHelper_en.exe -a
file: C:\Program Files\Plaxo\3.19.0.16\PlaxoHelper_en.exe
size: 371271
MD5: C0A6A6019275102F0FD8C982DCF63FF5

Located: Startup (common), America Online 9.0 Tray Icon.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\America Online 9.0\aoltray.exe
file: C:\Program Files\America Online 9.0\aoltray.exe
size: 36954
MD5: 5F1272F5C6DE24CEA4F736859A9A55D1

Located: Startup (common), Broadband Support Center.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Verizon Online\Support Center\bin\matcli.exe
file: C:\Program Files\Verizon Online\Support Center\bin\matcli.exe
size: 217088
MD5: 96610108433EC2F885672AB0F32A0466

Located: Startup (common), CallWave.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\CallWave\IAM.exe
file: C:\Program Files\CallWave\IAM.exe
size: 1940544
MD5: B20B055D6E20D8792A0BE198290AAE27

Located: Startup (common), HP Digital Imaging Monitor.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
file: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
size: 237568
MD5: DA6B945E561B1D1DA67663BB45B4B868

Located: Startup (common), Run Nintendo Wi-Fi USB Connector Registration Tool.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\WiFiConnector\NintendoWFCReg.exe
file: C:\Program Files\WiFiConnector\NintendoWFCReg.exe
size: 1073152
MD5: D7C790E71496E3EFC58247231F914784

Located: Startup (user), ERUNT AutoBackup.lnk
where: C:\Documents and Settings\Janet Jennings\Start Menu\Programs\Startup...
command: C:\Program Files\ERUNT\AUTOBACK.EXE
file: C:\Program Files\ERUNT\AUTOBACK.EXE
size: 38912
MD5: E00DE20F0F6BED5CD2160247DDC9443B

Located: Startup (user), OpenOffice.org 2.0.lnk
where: C:\Documents and Settings\Janet Jennings\Start Menu\Programs\Startup...
command: C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
file: C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: Startup (user), OpenOffice.org 3.0.lnk
where: C:\Documents and Settings\Janet Jennings\Start Menu\Programs\Startup...
command: C:\Program Files\OpenOffice.org 3\program\quickstart.exe
file: C:\Program Files\OpenOffice.org 3\program\quickstart.exe
size: 384000
MD5: 9C8D9866C818AC54B71BE86B3193A1A3

Located: WinLogon, avgrsstarter
command: avgrsstx.dll
file: avgrsstx.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, igfxcui
command: igfxsrvc.dll
file: igfxsrvc.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Adobe PDF Reader Link Helper
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 10/22/2006 11:08:42 PM
Date (last access): 6/26/2009 3:08:58 PM
Date (last write): 10/22/2006 11:08:42 PM
Filesize: 62080
Attributes: archive
MD5: C11F6A1F61481E24BE3FDC06EA6F7D2A
CRC32: E388508F
Version: 8.0.0.456

{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (WormRadar.com IESiteBlocker.NavFilter)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: WormRadar.com IESiteBlocker.NavFilter
CLSID name: AVG Safe Search
Path: C:\Program Files\AVG\AVG8\
Long name: avgssie.dll
Short name:
Date (created): 6/26/2009 6:43:12 AM
Date (last access): 6/26/2009 2:34:42 PM
Date (last write): 6/26/2009 6:43:12 AM
Filesize: 1107224
Attributes: archive
MD5: 0E973A31F29162137959DBD4B07D38C9
CRC32: 03627923
Version: 8.5.0.310

{5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: DriveLetterAccess
description: Hewlett-Packard's DLA software
classification: Unknown
known filename: tfswshx.dll
info link:
info source: TonyKlein
Path: C:\WINDOWS\system32\dla\
Long name: tfswshx.dll
Short name:
Date (created): 10/9/2004 9:31:36 AM
Date (last access): 6/26/2009 2:08:26 PM
Date (last write): 3/15/2004 1:04:00 AM
Filesize: 118836
Attributes: archive
MD5: 3A79721C9ACC30CBA57266854C20238B
CRC32: 6FCEA787
Version: 1.4.7.1

{A3BC75A2-1F87-4686-AA43-5347D756017C} (AVG Security Toolbar BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: AVG Security Toolbar BHO
Path: C:\Program Files\AVG\AVG8\Toolbar\
Long name: IEToolbar.dll
Short name: IETOOL~1.DLL
Date (created): 6/26/2009 6:46:54 AM
Date (last access): 6/26/2009 2:18:54 PM
Date (last write): 6/14/2009 4:07:58 PM
Filesize: 1004800
Attributes: archive
MD5: 33C6E577E8C9B1FACD451E12D5A27BDD
CRC32: 943234A1
Version: 2.506.14.1

{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Helper
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll googletoolbar*.dll (* = number) googletoolbar_en_*.**-big.dll Googletoolbar_en_*.*.**-deleon.dll
info link: http://toolbar.google.com/
info source: TonyKlein
Path: c:\program files\google\
Long name: GoogleToolbar1.dll
Short name: GOOGLE~2.DLL
Date (created): 11/13/2007 1:36:34 PM
Date (last access): 6/26/2009 2:08:32 PM
Date (last write): 11/13/2007 1:36:34 PM
Filesize: 2554944
Attributes: readonly archive
MD5: C898A8FC22C86857A58147351A534D5C
CRC32: 45F483F8
Version: 4.0.1602.1060

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Notifier BHO
Path: C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\
Long name: swg.dll
Short name:
Date (created): 3/24/2009 3:01:46 PM
Date (last access): 6/26/2009 2:08:38 PM
Date (last write): 3/24/2009 3:01:46 PM
Filesize: 668656
Attributes: archive
MD5: D1585B06DED161E13B905DC4FFBF7F12
CRC32: 88D5BAA5
Version: 5.1.1309.3572

{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 1/18/2009 1:14:32 AM
Date (last access): 6/26/2009 3:36:12 PM
Date (last write): 3/9/2009 5:18:50 AM
Filesize: 35840
Attributes: archive
MD5: 96A225C7F5346A9E81FC3DFA89A900C0
CRC32: BAD5D2EF
Version: 6.0.130.3

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (JQSIEStartDetectorImpl)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: JQSIEStartDetectorImpl
CLSID name: JQSIEStartDetectorImpl Class
Path: C:\Program Files\Java\jre6\lib\deploy\jqs\ie\
Long name: jqs_plugin.dll
Short name: JQS_PL~1.DLL
Date (created): 1/18/2009 1:14:44 AM
Date (last access): 6/26/2009 3:09:00 PM
Date (last write): 3/9/2009 5:18:52 AM
Filesize: 73728
Attributes: archive
MD5: 53F8B53918C839F76367B7E612B742B1
CRC32: 735F7F91
Version: 6.0.130.3

--- ActiveX list ---
6th Street Omaha Poker by pogo (6th Street Omaha Poker by pogo)
DPF name: 6th Street Omaha Poker by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-6.6.4.21/omaha/omaha-en_US.cab

Aces Up! by pogo (Aces Up! by pogo)
DPF name: Aces Up! by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-6.9.0.61/aces/aces-en_US.cab

Ali Baba Slots TM by pogo (Ali Baba Slots TM by pogo)
DPF name: Ali Baba Slots TM by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-6.8.3.35/slots/alibaba-en_US.cab

Backgammon by pogo (Backgammon by pogo)
DPF name: Backgammon by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-6.6.5.22/backgammon/backgammon-en_US.cab

Blackjack by pogo (Blackjack by pogo)
DPF name: Blackjack by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-6.8.4.51/blackjack/blackjack-en_US.cab

Blackjack Carnival by pogo (Blackjack Carnival by pogo)
DPF name: Blackjack Carnival by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-6.8.1.38/vbjack2/vbjack2-en_US.cab

Blooop by pogo (Blooop by pogo)
DPF name: Blooop by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-6.9.4.41/cascade/cascade-en_US.cab

Bowling by pogo (Bowling by pogo)
DPF name: Bowling by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-6.8.2.23/bowling/bowling-en_US.cab

Canasta by pogo (Canasta by pogo)
DPF name: Canasta by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-6.9.0.61/canasta/canasta-en_US.cab

Checkers by pogo (Checkers by pogo)
DPF name: Checkers by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-6.9.4.34/checkers2/checkers-en_US.cab

Chess by pogo (Chess by pogo)
DPF name: Chess by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-6.8.0.32/chess2/chess2-en_US.cab

Dice City Roller by pogo (Dice City Roller by pogo)
DPF name: Dice City Roller by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-6.9.2.40/ytz/ytz-en_US.cab

Dice Derby by pogo (Dice Derby by pogo)
DPF name: Dice Derby by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-6.6.2.21/checkeredflag/checkeredflag-en_US.cab

Dominoes by pogo (Dominoes by pogo)
DPF name: Dominoes by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-6.9.1.38/domino/domino-en_US.cab

Euchre by pogo (Euchre by pogo)
DPF name: Euchre by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-6.7.2.24/euchre/euchre-en_US.cab

First Class Solitaire by pogo (First Class Solitaire by pogo)
DPF name: First Class Solitaire by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-6.9.3.39/firstclass2/firstclass2-en_US.cab

Fortune Bingo by pogo (Fortune Bingo by pogo)
DPF name: Fortune Bingo by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-6.9.3.29/superbingo/superbingo-en_US.cab

Greenback Bayou by pogo (Greenback Bayou by pogo)
DPF name: Greenback Bayou by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-6.5.0.45/greenback/greenback-ob-assets.cab

Hangman Hijinks by pogo (Hangman Hijinks by pogo)
DPF name: Hangman Hijinks by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-6.9.3.39/hangman/hangman-en_US.cab

Harvest Mania by pogo (Harvest Mania by pogo)
DPF name: Harvest Mania by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-6.8.2.23/harvest/harvest-en_US.cab

Hearts by pogo (Hearts by pogo)
DPF name: Hearts by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-6.9.2.33/hearts/hearts-en_US.cab

High Stakes Poker by pogo (High Stakes Poker by pogo)
DPF name: High Stakes Poker by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-6.8.4.51/drawpoker/drawpoker-en_US.cab

High Stakes Pool by pogo (High Stakes Pool by pogo)
DPF name: High Stakes Pool by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-6.7.3.23/pool2/pool-en_US.cab

Hog Heaven Slots by pogo (Hog Heaven Slots by pogo)
DPF name: Hog Heaven Slots by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-6.9.1.38/fancy/fancy-en_US.cab

Jungle Gin by pogo (Jungle Gin by pogo)
DPF name: Jungle Gin by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-6.9.0.43/gin2/gin2-en_US.cab

Lost Temple Poker by pogo (Lost Temple Poker by pogo)
DPF name: Lost Temple Poker by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-6.7.5.28/mhpoker/mhpoker-en_US.cab

Lottso by pogo (Lottso by pogo)
DPF name: Lottso by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-6.8.4.51/lottso/lottso-en_US.cab

Mah Jong Garden by pogo (Mah Jong Garden by pogo)
DPF name: Mah Jong Garden by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-6.9.4.34/mahjong2/mahjong2-en_US.cab

Microsoft XML Parser for Java (Microsoft XML Parser for Java)
DPF name: Microsoft XML Parser for Java
CLSID name:
Installer:
Codebase: file://C:\WINDOWS\Java\classes\xmldso.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\xmldso.cab
info link:
info source: Patrick M. Kolla

Multiline Slots by pogo (Multiline Slots by pogo)
DPF name: Multiline Slots by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-6.7.1.33/mlslots/mlslots-en_US.cab

Pai Gow by pogo (Pai Gow by pogo)
DPF name: Pai Gow by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-6.9.0.43/paigow/paigow-en_US.cab

Payday FreeCell by pogo (Payday FreeCell by pogo)
DPF name: Payday FreeCell by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-6.9.0.43/freecell/freecell-en_US.cab

Payday Freecell Solitaire by pogo (Payday Freecell Solitaire by pogo)
DPF name: Payday Freecell Solitaire by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-6.9.4.41/freecell2/freecell2-en_US.cab

Penguin Blocks by pogo (Penguin Blocks by pogo)
DPF name: Penguin Blocks by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-6.8.0.25/penguins/penguins-en_US.cab

Perfect Pair Solitaire by pogo (Perfect Pair Solitaire by pogo)
DPF name: Perfect Pair Solitaire by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-6.9.1.32/waterwheel/waterwheel-en_US.cab

Phlinx by pogo (Phlinx by pogo)
DPF name: Phlinx by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-6.8.3.22/flinger/flinger-en_US.cab

Pinochle by pogo (Pinochle by pogo)
DPF name: Pinochle by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-6.6.3.34/pinochle/pinochle-en_US.cab

Pop Fu by pogo (Pop Fu by pogo)
DPF name: Pop Fu by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-6.9.3.49/popfu/popfu-en_US.cab

PoppaZoppa by pogo (PoppaZoppa by pogo)
DPF name: PoppaZoppa by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-6.9.1.32/poppazoppa/poppazoppa-en_US.cab

Poppit by pogo (Poppit by pogo)
DPF name: Poppit by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-6.9.4.34/poppit2/poppit2-en_US.cab

Quick Quack by pogo (Quick Quack by pogo)
DPF name: Quick Quack by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-6.7.4.35/hotstreak/hotstreak-en_US.cab

QWERTY by pogo (QWERTY by pogo)
DPF name: QWERTY by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-6.9.2.33/squares/squares-en_US.cab

Ride The Tide by pogo (Ride The Tide by pogo)
DPF name: Ride The Tide by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-6.5.3.44/ride/ride-en_US.cab

SciFi Slots by pogo (SciFi Slots by pogo)
DPF name: SciFi Slots by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-6.9.4.34/slots/scifi-en_US.cab

Showbiz Slots 2 by pogo (Showbiz Slots 2 by pogo)
DPF name: Showbiz Slots 2 by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-6.9.4.34/slots/showbiz2-en_US.cab

Showbiz Slots by pogo (Showbiz Slots by pogo)
DPF name: Showbiz Slots by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-6.8.2.23/slots/showbiz-en_US.cab

Shuffle Bump by pogo (Shuffle Bump by pogo)
DPF name: Shuffle Bump by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-6.8.3.22/puck/puck-en_US.cab

Spades 2 by pogo (Spades 2 by pogo)
DPF name: Spades 2 by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-6.7.1.23/spades2/spades2-en_US.cab

Spades by pogo (Spades by pogo)
DPF name: Spades by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-6.5.3.37/spades/spades-en_US.cab

Spider Solitaire by pogo (Spider Solitaire by pogo)
DPF name: Spider Solitaire by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-6.9.2.40/spider/spider-en_US.cab

Squelchies by pogo (Squelchies by pogo)
DPF name: Squelchies by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-6.9.0.43/squelchies/squelchies-en_US.cab

Stax by pogo (Stax by pogo)
DPF name: Stax by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-6.9.2.33/stax/stax-en_US.cab

antiquecollector

2009-06-27, 00:01

(continued, message was too long)

Stellar Sweeper by pogo (Stellar Sweeper by pogo)
DPF name: Stellar Sweeper by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-6.9.3.39/sweeper/sweeper-en_US.cab

Swashbucks by pogo (Swashbucks by pogo)
DPF name: Swashbucks by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-6.9.3.29/piratesgold/piratesgold-en_US.cab

Sweet Tooth TM by pogo (Sweet Tooth TM by pogo)
DPF name: Sweet Tooth TM by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-6.8.4.51/sweettooth/sweettooth-en_US.cab

Texas Hold'em Poker by pogo (Texas Hold'em Poker by pogo)
DPF name: Texas Hold'em Poker by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-6.9.2.40/holdem/holdem-en_US.cab

Tri-Peaks by pogo (Tri-Peaks by pogo)
DPF name: Tri-Peaks by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-6.9.4.41/peaks/peaks-en_US.cab

Tumble Bees by pogo (Tumble Bees by pogo)
DPF name: Tumble Bees by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-6.9.1.32/jumbee/jumbee-en_US.cab

Turbo 21 v2 by pogo (Turbo 21 v2 by pogo)
DPF name: Turbo 21 v2 by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-8.0.0.20/turbo22/turbo22-en_US.cab

Video Poker by pogo (Video Poker by pogo)
DPF name: Video Poker by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-6.9.2.40/videopoker2/videopoker-en_US.cab

Wonderland Memories by pogo (Wonderland Memories by pogo)
DPF name: Wonderland Memories by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-6.7.2.24/memories/memories-en_US.cab

Word Craft by pogo (Word Craft by pogo)
DPF name: Word Craft by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-6.9.4.34/babble/babble-en_US.cab

Word Whomp by pogo (Word Whomp by pogo)
DPF name: Word Whomp by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-6.6.2.21/wordwhomp2/whomp2-en_US.cab

Word Whomp Whackdown by pogo (Word Whomp Whackdown by pogo)
DPF name: Word Whomp Whackdown by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-6.9.3.29/whackdown/whackdown-en_US.cab

WordJong by pogo (WordJong by pogo)
DPF name: WordJong by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-6.8.0.25/wordjong/wordjong-en_US.cab

World Class Solitaire by pogo (World Class Solitaire by pogo)
DPF name: World Class Solitaire by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-6.9.3.29/worldclass/worldclass-en_US.cab

{106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX)
DPF name:
CLSID name: AlternaTIFF ActiveX
Installer: C:\WINDOWS\Downloaded Program Files\alttiff.inf
Codebase: http://www.alternatiff.com/install/00/alttiff.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: alttiff.ocx
Short name:
Date (created): 6/28/2007 11:20:44 AM
Date (last access): 6/25/2009 9:06:46 AM
Date (last write): 6/28/2007 11:20:44 AM
Filesize: 742680
Attributes: archive
MD5: 17FD4066DF75029CF9E98052FEB236C0
CRC32: CBD704CD
Version: 1.8.3.1

{166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control)
DPF name:
CLSID name: Shockwave ActiveX Control
Installer: C:\WINDOWS\Downloaded Program Files\erma.inf
Codebase: http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
description: Macromedia ShockWave Flash Player 7
classification: Unknown
known filename: SWDIR.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\SYSTEM32\Macromed\Director\
Long name: SwDir.dll
Short name:
Date (created): 1/6/2005 5:46:06 PM
Date (last access): 6/26/2009 7:22:48 AM
Date (last write): 9/9/2004 3:49:12 PM
Filesize: 54488
Attributes: archive
MD5: 943193399C341AC34E842CB07B5F29A0
CRC32: 12DEB8F4
Version: 10.1.0.11

{17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)
DPF name:
CLSID name: Windows Genuine Advantage Validation Tool
Installer: C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf
Codebase: http://go.microsoft.com/fwlink/?linkid=48835
Path: C:\WINDOWS\system32\
Long name: LegitCheckControl.dll
Short name: LEGITC~1.DLL
Date (created): 1/12/2006 12:32:12 PM
Date (last access): 6/26/2009 2:07:34 PM
Date (last write): 3/15/2007 6:19:28 PM
Filesize: 1476992
Attributes: archive
MD5: D1CB99ADBA9397D7D02B0B2DCFE47F1A
CRC32: ED982FE3
Version: 1.7.18.5

{5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control)
DPF name:
CLSID name: Facebook Photo Uploader Control
Installer: C:\WINDOWS\Downloaded Program Files\FacebookPhotoUploader.inf
Codebase: http://upload.facebook.com/controls/FacebookPhotoUploader.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: FacebookPhotoUploader.ocx
Short name: FACEBO~1.OCX
Date (created): 11/3/2005 9:17:36 PM
Date (last access): 6/25/2009 9:07:04 AM
Date (last write): 11/3/2005 9:17:36 PM
Filesize: 1935120
Attributes: archive
MD5: 5A39F109CB87893FD683F49699BCE2B4
CRC32: 729D4EBC
Version: 3.5.122.2

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_13
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_13.dll
Short name: NPJPI1~1.DLL
Date (created): 3/9/2009 2:53:24 AM
Date (last access): 6/25/2009 9:07:14 AM
Date (last write): 3/9/2009 5:19:10 AM
Filesize: 136600
Attributes: archive
MD5: 20188EB1790C5EB9057DDFE3EA138FC7
CRC32: 2EA1ACCF
Version: 6.0.130.3

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\erma.inf
Codebase: http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

{9522B3FB-7A2B-4646-8AF6-36E7F593073C} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\cpbrkpie.inf
Codebase: http://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/Coupons.cab

{A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class)
DPF name:
CLSID name: InetDownload Class
Installer: C:\WINDOWS\Downloaded Program Files\WMDL.inf
Codebase: https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: WMDownload.dll
Short name: WMDOWN~1.DLL
Date (created): 5/21/2001 2:18:54 PM
Date (last access): 6/25/2009 9:07:10 AM
Date (last write): 5/21/2001 2:18:54 PM
Filesize: 147456
Attributes: archive
MD5: A9DDDC823ABF874B7F7940912C540224
CRC32: E1321F78
Version: 2.0.0.4

{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name:
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab

{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name:
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name:
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_13
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_13.dll
Short name: NPJPI1~1.DLL
Date (created): 3/9/2009 2:53:24 AM
Date (last access): 6/26/2009 4:26:32 PM
Date (last write): 3/9/2009 5:19:10 AM
Filesize: 136600
Attributes: archive
MD5: 20188EB1790C5EB9057DDFE3EA138FC7
CRC32: 2EA1ACCF
Version: 6.0.130.3

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_13
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_13.dll
Short name: NPJPI1~1.DLL
Date (created): 3/9/2009 2:53:24 AM
Date (last access): 6/26/2009 4:26:32 PM
Date (last write): 3/9/2009 5:19:10 AM
Filesize: 136600
Attributes: archive
MD5: 20188EB1790C5EB9057DDFE3EA138FC7
CRC32: 2EA1ACCF
Version: 6.0.130.3

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash9f.ocx
Short name:
Date (created): 3/24/2008 9:32:42 PM
Date (last access): 6/26/2009 1:56:30 PM
Date (last write): 3/24/2008 9:32:42 PM
Filesize: 2991488
Attributes: readonly archive
MD5: 48FDF435B8595604E54125B321924510
CRC32: 12335E29
Version: 9.0.124.0

--- Process list ---
PID: 0 ( 0) [System]
PID: 564 ( 4) \SystemRoot\System32\smss.exe
size: 50688
PID: 636 ( 564) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 660 ( 564) \??\C:\WINDOWS\system32\winlogon.exe
size: 502272
PID: 704 ( 660) C:\WINDOWS\system32\services.exe
size: 110592
MD5: 37561F8D4160D62DA86D24AE41FAE8DE
PID: 716 ( 660) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 892 ( 704) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 972 ( 704) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1084 ( 704) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1148 ( 704) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1316 ( 704) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1480 ( 704) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
PID: 1732 (1616) C:\WINDOWS\Explorer.EXE
size: 1033216
MD5: 97BD6515465659FF8F3B7BE375B2EA87
PID: 1836 ( 704) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1896 ( 704) C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
size: 46640
MD5: 85180CF88C5EBAD73B452A43A004CA51
PID: 1936 ( 704) C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
size: 100016
MD5: 7FB54900AA9792AB6307C699EC1859D4
PID: 1964 ( 704) C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
size: 298776
MD5: BFC093C2DDDE8FCE5DA078E663B4515B
PID: 1980 (1936) C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
size: 46768
MD5: CAF7C2FDDADF73A02AC84C6FB6030BBF
PID: 160 ( 704) C:\WINDOWS\system32\CSHelper.exe
size: 266240
MD5: AEFB8558199BD5212B268B09BFA1D71A
PID: 332 ( 704) C:\Program Files\Java\jre6\bin\jqs.exe
size: 152984
MD5: 890369AED0DDE1A98F09F7DC239CA2BD
PID: 516 ( 704) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 544 ( 704) C:\WINDOWS\system32\wdfmgr.exe
size: 38912
MD5: AB0A7CA90D9E3D6A193905DC1715DED0
PID: 588 ( 704) C:\Program Files\Viewpoint\Common\ViewpointService.exe
size: 24652
MD5: 5F974FDE801C73952770736BECDE11E7
PID: 1032 ( 704) C:\WINDOWS\wanmpsvc.exe
size: 65536
MD5: EB9A99AB5D17B1727034FF191E6448D7
PID: 1136 (1732) C:\WINDOWS\system32\hkcmd.exe
size: 126976
MD5: E4CF942A4AEA9D27C87F190F65E7D0F6
PID: 1256 (1964) C:\Program Files\AVG\AVG8\avgrsx.exe
size: 486680
MD5: 95E1D555542D5F6031E756751C6FF3F4
PID: 1268 ( 704) C:\PROGRA~1\AVG\AVG8\avgemc.exe
size: 906520
MD5: 5E484022DDBF9C69F0F6F3F8FD95BEF1
PID: 1272 (1964) C:\PROGRA~1\AVG\AVG8\avgnsx.exe
size: 594712
MD5: 8F97675F10D4AF073FCFAB85ACEA1906
PID: 1312 (1732) C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
size: 53248
MD5: 6A66B6A314F6EF30CD1CF82A17DAAD52
PID: 1368 (1732) C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
size: 221184
MD5: BC02E491E88492B02363CE1B384FF7A7
PID: 1512 (1732) C:\WINDOWS\system32\dla\tfswctrl.exe
size: 122933
MD5: 55877AB1F65A512FD317B640D9353DC5
PID: 1628 (1732) C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
size: 53248
MD5: 7BB1F7AC7EEA100496C02BFC94317652
PID: 1632 (1732) C:\Program Files\HP\HP Software Update\HPWuSchd.exe
size: 49152
MD5: 4FEA5B94C6A96860620A62E4A19BD07D
PID: 1664 (1732) C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
size: 241664
MD5: B75B654EE1DA99876461B24597AE3FF3
PID: 1768 (1732) C:\Program Files\Common Files\AOL\1102880411\ee\AOLSoftware.exe
size: 50736
MD5: C482C535CBFEFE722EC1EB7F11F680A3
PID: 372 ( 704) C:\WINDOWS\system32\fxssvc.exe
size: 267776
MD5: FCBD571FA0EE8DC238944AE5FAB74461
PID: 1932 (1732) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 180269
MD5: B8E684DF9A97497EDD2F87444A6307FB
PID: 2060 (1732) C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
size: 385024
MD5: 144F76F8F1C2D985B25DD59D9BD775C7
PID: 2180 (1732) C:\PROGRA~1\AVG\AVG8\avgtray.exe
size: 1948440
MD5: 2588B441E5B22691E0610CF710865441
PID: 2244 (1732) C:\Program Files\Java\jre6\bin\jusched.exe
size: 148888
MD5: A2D390F1F2408B94EF34BFE3A00C29D3
PID: 2264 (1732) C:\Program Files\Plaxo\3.19.0.16\PlaxoHelper_en.exe
size: 371271
MD5: C0A6A6019275102F0FD8C982DCF63FF5
PID: 2272 (1732) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
PID: 2500 (1268) C:\Program Files\AVG\AVG8\avgcsrvx.exe
size: 692504
MD5: 4CAA24310158014FC9F6CC87BA50D5A6
PID: 2508 ( 588) C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
size: 112336
MD5: 1FF94B386646925D2B153C8A083115C7
PID: 2596 (1732) C:\Program Files\America Online 9.0\aoltray.exe
size: 36954
MD5: 5F1272F5C6DE24CEA4F736859A9A55D1
PID: 2768 (1732) C:\Program Files\CallWave\IAM.exe
size: 1940544
MD5: B20B055D6E20D8792A0BE198290AAE27
PID: 2868 (1732) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
size: 237568
MD5: DA6B945E561B1D1DA67663BB45B4B868
PID: 2928 (1732) C:\Program Files\WiFiConnector\NintendoWFCReg.exe
size: 1073152
MD5: D7C790E71496E3EFC58247231F914784
PID: 3064 (2620) C:\Program Files\Verizon Online\Support Center\bin\mpbtn.exe
size: 192512
MD5: B7C2FF23CC8230B84D493B912713E197
PID: 3356 (3096) C:\Program Files\OpenOffice.org 3\program\soffice.exe
size: 7424000
MD5: 76DAC52F7A6D3AD3C8307D012ACF46CE
PID: 3568 (3356) C:\Program Files\OpenOffice.org 3\program\soffice.bin
size: 7418368
MD5: EEBF2F715C02C8A6CE6DBE844DD1B4E3
PID: 3100 (1768) c:\program files\common files\aol\1102880411\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
size: 1536
MD5: 87A2CD3AD5BF4F57C0DF046CC3A8C5A7
PID: 1420 ( 704) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: F1958FBF86D5C004CF19A5951A9514B7
PID: 3396 ( 704) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 3236 (1084) C:\WINDOWS\system32\wuauclt.exe
size: 51224
MD5: E654B78D2F1D791B30D0ED9A8195EC22
PID: 5736 (1732) C:\My Music\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 4 ( 0) System

--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 6/26/2009 4:26:35 PM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.google.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.google.com/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.dell4me.com/mywaybiz
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://www.google.com/ie
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DB21C210-E2DD-4D55-BB4C-095ED759F261}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DB21C210-E2DD-4D55-BB4C-095ED759F261}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{EC23C05C-28E1-406D-94AA-A8F5AFC3C6B0}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{EC23C05C-28E1-406D-94AA-A8F5AFC3C6B0}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{61820C7F-1F2D-4EC6-AC52-4AA4C5CE956B}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{61820C7F-1F2D-4EC6-AC52-4AA4C5CE956B}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E5EC0A67-7EEA-48D6-BF30-90F5C13ABCA3}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E5EC0A67-7EEA-48D6-BF30-90F5C13ABCA3}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CD715013-69FD-40A7-878C-2DF46741CD80}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CD715013-69FD-40A7-878C-2DF46741CD80}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{79703A30-A94F-45D5-998C-4A8C1299D899}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{79703A30-A94F-45D5-998C-4A8C1299D899}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

And here's two other logs:

26.06.2009 14:02:38 - ##### check started #####
26.06.2009 14:02:38 - ### Version: 1.6.2
26.06.2009 14:02:38 - ### Date: 6/26/2009 2:02:38 PM
26.06.2009 14:02:43 - ##### checking bots #####
26.06.2009 16:20:35 - found: WebTrends live Tracking cookie (Firefox: Janet Jennings (ProfileName))
26.06.2009 16:20:39 - ##### check finished #####

Next one:

--- Report generated: 2009-06-26 16:20 ---

WebTrends live: Tracking cookie (Firefox: Janet Jennings (ProfileName)) (Cookie, nothing done)

--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-01-26 TeaTimer.exe (1.6.4.26)
2009-06-23 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-05-19 Includes\Adware.sbi (*)
2009-06-02 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-05-19 Includes\Dialer.sbi (*)
2009-06-02 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2009-06-09 Includes\HijackersC.sbi (*)
2009-06-16 Includes\Keyloggers.sbi (*)
2009-06-16 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2009-06-10 Includes\Malware.sbi (*)
2009-06-16 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2009-06-17 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2009-06-02 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-04-07 Includes\Spyware.sbi (*)
2009-06-02 Includes\SpywareC.sbi (*)
2009-06-08 Includes\Tracks.uti
2009-06-17 Includes\Trojans.sbi (*)
2009-06-17 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

Shaba

2009-06-27, 12:24

Yes it likely means that.

Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<< will be maximized) and info.txt (<< will be minimized)

Shaba

2009-07-02, 19:05

Due to the lack of feedback this Topic is closed.

If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

Everyone else please begin a New Topic.