Ken
I was not able to the aol removal,aim had no secret panel to be found by me?
Hope I got everything copied correctly.
Malwarebytes' Anti-Malware 1.28
Database version: 1229
Windows 5.1.2600 Service Pack 2
10/5/2008 12:43:06 PM
mbam-log-2008-10-05 (12-43-06).txt
Scan type: Full Scan (C:\|F:\|)
Objects scanned: 163315
Time elapsed: 10 hour(s), 10 minute(s), 29 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 9
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\MySearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Files Infected:
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE1F4156-F816-4ABE-A1DC-F3231125BB59}\RP5\A0002008.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ide21201.vxd (Adware.Winad) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\1.bin\MYSEARCHPLUGINPROXY.CLASS (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\1.bin\NPMYSRCH.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\1.bin\PARTNER.BMP (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\1.bin\PARTNER.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\1.bin\S42NS.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\1.bin\UNINSTALL.INF (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Logfile of random's system information tool 1.02 (written by random/random)
Run by Robert at 2008-10-05 12:47:42
Microsoft Windows XP Professional Service Pack 2
System drive C: has 4 GB (5%) free of 76 GB
Total RAM: 1023 MB (61% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:47:48 PM, on 10/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\2Wire Wireless\Client Manager\CMTWO.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Robert\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Robert.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - Global Startup: 2Wire Wireless Client Manager.lnk = ?
O8 - Extra context menu item: &AIM Search -
res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Pool 2 -
http://download.games.yahoo.com/games/c ... potc_x.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) -
http://housecall65.trendmicro.com/house ... hcImpl.cabO16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) -
http://us.dl1.yimg.com/download.yahoo.c ... _0_2_6.cabO23 - Service: Automatic LiveUpdate Scheduler (automatic liveupdate scheduler) - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate (liveupdate) - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: AOpen NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
--
End of file - 5616 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AB5C3A3B9183B003.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll [2007-12-12 222448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{40D41A8B-D79B-43d7-99A7-9EE0F344C385} - AIM Search - C:\Program Files\AIM Toolbar\AIMBar.dll [2004-10-22 163840]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"YBrowser"=C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe [2006-07-21 129536]
"2wSysTray"=C:\Program Files\2Wire\2PortalMon.exe [2003-10-10 393216]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"Weather"=C:\Program Files\AWS\WeatherBug\Weather.exe [2004-09-09 1597440]
"Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2006-11-30 4662776]
"AIM"=C:\Program Files\AIM95\aim.exe [2004-09-01 66672]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM95\aim.exe [2004-09-01 66672]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe [2003-01-31 1228800]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPInSightMonitor 01]
C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe [2003-07-14 98304]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
NvQTwk []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2003-05-19 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe [2005-04-13 36975]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-05-07 180269]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
C:\Program Files\AWS\WeatherBug\Weather.exe [2004-09-09 1597440]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]
C:\WINDOWS\system32\CTHELPER.EXE [2002-07-02 24576]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2006-11-30 4662776]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE [2005-09-23 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^AT&T Self Support Tool.lnk]
C:\PROGRA~1\SBCSEL~1\bin\matcli.exe -boot []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RpcPatch"=2
"MDM"=2
"C-DillaSrv"=2
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
2Wire Wireless Client Manager.lnk - C:\Program Files\2Wire Wireless\Client Manager\CMTWO.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=
scecli
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\pnpsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\pnpsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
""=
"SpecifyDefaultButtons"=1
"Btn_Search"=2
"NoBandCustomize"=1
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\AIM95\aim.exe"="C:\Program Files\AIM95\aim.exe:*:Disabled:AOL Instant Messenger"
"C:\Program Files\BitTornado\btdownloadgui.exe"="C:\Program Files\BitTornado\btdownloadgui.exe:*:Disabled:btdownloadgui"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\Program Files\Yahoo!\Messenger\yserver.exe"="C:\Program Files\Yahoo!\Messenger\yserver.exe:*:Disabled:Yahoo! FT Server"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2bfee426-7b89-11dd-96c2-000feafaf926}]
shell\autorun\command - G:\podcastready.exe
======List of files/folders created in the last 1 months======
2008-10-04 21:14:29 ----D---- C:\Documents and Settings\Robert\Application Data\Malwarebytes
2008-10-04 21:14:25 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-04 21:14:25 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-10-02 03:00:17 ----D---- C:\WINDOWS\LastGood
2008-10-01 10:37:58 ----D---- C:\WINDOWS\Prefetch
2008-10-01 10:05:51 ----D---- C:\WINDOWS\system32\en-us
2008-10-01 10:05:50 ----D---- C:\WINDOWS\system32\scripting
2008-10-01 10:05:49 ----D---- C:\WINDOWS\system32\en
2008-10-01 10:05:49 ----D---- C:\WINDOWS\l2schemas
2008-10-01 10:05:49 ----D---- C:\Program Files\msn
2008-10-01 10:00:02 ----D---- C:\WINDOWS\network diagnostic
2008-10-01 09:54:54 ----N---- C:\WINDOWS\system32\xpsp2res.dll
2008-10-01 09:54:54 ----A---- C:\WINDOWS\system32\qmgr.dll
2008-10-01 09:53:59 ----A---- C:\WINDOWS\system32\cmd.exe
2008-10-01 09:53:59 ----A---- C:\WINDOWS\system32\cacls.exe
2008-10-01 09:53:59 ----A---- C:\WINDOWS\system32\autoconv.exe
2008-10-01 09:53:59 ----A---- C:\WINDOWS\system32\autochk.exe
2008-10-01 09:53:59 ----A---- C:\WINDOWS\system32\advapi32.dll
2008-10-01 09:53:58 ----A---- C:\WINDOWS\system32\nwprovau.dll
2008-10-01 09:53:58 ----A---- C:\WINDOWS\system32\ntvdm.exe
2008-10-01 09:53:58 ----A---- C:\WINDOWS\system32\ntprint.dll
2008-10-01 09:53:58 ----A---- C:\WINDOWS\system32\ntlsapi.dll
2008-10-01 09:53:58 ----A---- C:\WINDOWS\system32\ntdll.dll
2008-10-01 09:53:58 ----A---- C:\WINDOWS\system32\nslookup.exe
2008-10-01 09:53:58 ----A---- C:\WINDOWS\system32\msv1_0.dll
2008-10-01 09:53:58 ----A---- C:\WINDOWS\system32\msgsvc.dll
2008-10-01 09:53:58 ----A---- C:\WINDOWS\system32\mgmtapi.dll
2008-10-01 09:53:58 ----A---- C:\WINDOWS\system32\lsasrv.dll
2008-10-01 09:53:58 ----A---- C:\WINDOWS\system32\locator.exe
2008-10-01 09:53:58 ----A---- C:\WINDOWS\system32\localspl.dll
2008-10-01 09:53:58 ----A---- C:\WINDOWS\system32\lmhsvc.dll
2008-10-01 09:53:58 ----A---- C:\WINDOWS\system32\kernel32.dll
2008-10-01 09:53:58 ----A---- C:\WINDOWS\system32\imagehlp.dll
2008-10-01 09:53:58 ----A---- C:\WINDOWS\system32\ftp.exe
2008-10-01 09:53:58 ----A---- C:\WINDOWS\system32\format.com
2008-10-01 09:53:58 ----A---- C:\WINDOWS\system32\dhcpcsvc.dll
2008-10-01 09:53:58 ----A---- C:\WINDOWS\system32\csrsrv.dll
2008-10-01 09:53:58 ----A---- C:\WINDOWS\system32\comdlg32.dll
2008-10-01 09:53:58 ----A---- C:\WINDOWS\system32\comctl32.dll
2008-10-01 09:53:57 ----A---- C:\WINDOWS\system32\services.exe
2008-10-01 09:53:57 ----A---- C:\WINDOWS\system32\schannel.dll
2008-10-01 09:53:57 ----A---- C:\WINDOWS\system32\scardsvr.exe
2008-10-01 09:53:57 ----A---- C:\WINDOWS\system32\savedump.exe
2008-10-01 09:53:57 ----A---- C:\WINDOWS\system32\samsrv.dll
2008-10-01 09:53:57 ----A---- C:\WINDOWS\system32\samlib.dll
2008-10-01 09:53:57 ----A---- C:\WINDOWS\system32\rshx32.dll
2008-10-01 09:53:57 ----A---- C:\WINDOWS\system32\rastapi.dll
2008-10-01 09:53:57 ----A---- C:\WINDOWS\system32\rasman.dll
2008-10-01 09:53:57 ----A---- C:\WINDOWS\system32\rasdlg.dll
2008-10-01 09:53:57 ----A---- C:\WINDOWS\system32\rasauto.dll
2008-10-01 09:53:57 ----A---- C:\WINDOWS\system32\rasapi32.dll
2008-10-01 09:53:57 ----A---- C:\WINDOWS\system32\printui.dll
2008-10-01 09:53:57 ----A---- C:\WINDOWS\system32\perfctrs.dll
2008-10-01 09:53:57 ----A---- C:\WINDOWS\system32\olecnv32.dll
2008-10-01 09:53:57 ----A---- C:\WINDOWS\system32\oleaut32.dll
2008-10-01 09:53:56 ----A---- C:\WINDOWS\system32\wkssvc.dll
2008-10-01 09:53:56 ----A---- C:\WINDOWS\system32\win32spl.dll
2008-10-01 09:53:56 ----A---- C:\WINDOWS\system32\userinit.exe
2008-10-01 09:53:56 ----A---- C:\WINDOWS\system32\untfs.dll
2008-10-01 09:53:56 ----A---- C:\WINDOWS\system32\ulib.dll
2008-10-01 09:53:56 ----A---- C:\WINDOWS\system32\tcpmonui.dll
2008-10-01 09:53:56 ----A---- C:\WINDOWS\system32\syssetup.dll
2008-10-01 09:53:56 ----A---- C:\WINDOWS\system32\srvsvc.dll
2008-10-01 09:53:56 ----A---- C:\WINDOWS\system32\smss.exe
2008-10-01 09:53:56 ----A---- C:\WINDOWS\system32\setupapi.dll
2008-10-01 09:53:56 ----A---- C:\WINDOWS\system32\sessmgr.exe
2008-10-01 09:53:53 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2008-10-01 09:53:53 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2008-09-27 06:37:25 ----SHD---- C:\RECYCLER
2008-09-26 07:05:17 ----D---- C:\rsit
2008-09-20 00:12:10 ----D---- C:\WINDOWS\system32\NtmsData
2008-09-20 00:06:12 ----D---- C:\WINDOWS\temp
2008-09-20 00:06:10 ----A---- C:\ComboFix.txt
2008-09-19 14:21:06 ----D---- C:\WINDOWS\erdnt
2008-09-19 14:20:41 ----AD---- C:\QooBox
2008-09-19 14:20:35 ----A---- C:\WINDOWS\zip.exe
2008-09-19 14:20:35 ----A---- C:\WINDOWS\VFind.exe
2008-09-19 14:20:35 ----A---- C:\WINDOWS\swreg.exe
2008-09-19 14:20:35 ----A---- C:\WINDOWS\sed.exe
2008-09-19 14:20:35 ----A---- C:\WINDOWS\Nircmd.exe
2008-09-19 14:20:35 ----A---- C:\WINDOWS\grep.exe
2008-09-19 14:20:35 ----A---- C:\WINDOWS\fdsv.exe
2008-09-19 14:20:34 ----A---- C:\WINDOWS\swxcacls.exe
2008-09-19 14:20:34 ----A---- C:\WINDOWS\SWSC.exe
2008-09-19 14:20:26 ----D---- C:\ComboFix
2008-09-19 11:44:07 ----SHD---- C:\found.000
2008-09-19 09:37:58 ----SHD---- C:\Config.Msi
2008-09-19 08:15:30 ----D---- C:\Documents and Settings\Robert\Application Data\Motive
2008-09-19 08:13:56 ----D---- C:\WINDOWS\Motive
2008-09-19 08:13:53 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Motive
2008-09-17 20:34:06 ----A---- C:\WINDOWS\system32\SETF4A.tmp
2008-09-17 20:34:06 ----A---- C:\WINDOWS\system32\SETE1.tmp
2008-09-17 20:34:06 ----A---- C:\WINDOWS\system32\SETE0.tmp
2008-09-17 20:34:05 ----A---- C:\WINDOWS\system32\SETE7.tmp
2008-09-17 20:34:05 ----A---- C:\WINDOWS\system32\SETE5.tmp
2008-09-17 20:34:05 ----A---- C:\WINDOWS\system32\SETE3.tmp
2008-09-17 20:34:04 ----A---- C:\WINDOWS\system32\SETF2.tmp
2008-09-17 20:34:04 ----A---- C:\WINDOWS\system32\SETEF.tmp
2008-09-17 20:34:04 ----A---- C:\WINDOWS\system32\SETEE.tmp
2008-09-17 20:33:59 ----A---- C:\WINDOWS\system32\SETFF.tmp
2008-09-17 20:33:59 ----A---- C:\WINDOWS\system32\SETFE.tmp
2008-09-17 20:33:59 ----A---- C:\WINDOWS\system32\SETFD.tmp
2008-09-17 20:33:58 ----A---- C:\WINDOWS\system32\SET104.tmp
2008-09-17 20:33:58 ----A---- C:\WINDOWS\system32\SET103.tmp
2008-09-17 20:33:58 ----A---- C:\WINDOWS\system32\SET102.tmp
2008-09-17 20:33:58 ----A---- C:\WINDOWS\system32\SET101.tmp
2008-09-17 20:33:57 ----A---- C:\WINDOWS\system32\SET109.tmp
2008-09-17 20:33:57 ----A---- C:\WINDOWS\system32\SET108.tmp
2008-09-17 20:33:57 ----A---- C:\WINDOWS\system32\SET107.tmp
2008-09-17 20:33:57 ----A---- C:\WINDOWS\system32\SET105.tmp
2008-09-17 20:33:56 ----A---- C:\WINDOWS\system32\SETF52.tmp
2008-09-17 20:33:56 ----A---- C:\WINDOWS\system32\SET10D.tmp
2008-09-17 20:33:56 ----A---- C:\WINDOWS\system32\SET10A.tmp
2008-09-17 20:33:55 ----A---- C:\WINDOWS\system32\SET116.tmp
2008-09-17 20:33:55 ----A---- C:\WINDOWS\system32\SET115.tmp
2008-09-17 20:33:55 ----A---- C:\WINDOWS\system32\SET114.tmp
2008-09-17 20:33:53 ----A---- C:\WINDOWS\system32\SET11B.tmp
2008-09-17 20:33:53 ----A---- C:\WINDOWS\system32\SET119.tmp
2008-09-17 20:33:52 ----A---- C:\WINDOWS\system32\SET123.tmp
2008-09-17 20:33:52 ----A---- C:\WINDOWS\system32\SET11C.tmp
2008-09-17 20:33:51 ----A---- C:\WINDOWS\system32\SET127.tmp
2008-09-17 20:33:51 ----A---- C:\WINDOWS\system32\SET126.tmp
2008-09-17 20:33:50 ----A---- C:\WINDOWS\system32\SET12F.tmp
2008-09-17 20:33:50 ----A---- C:\WINDOWS\system32\SET12A.tmp
2008-09-17 20:33:50 ----A---- C:\WINDOWS\system32\SET129.tmp
2008-09-17 20:33:50 ----A---- C:\WINDOWS\system32\SET128.tmp
2008-09-17 20:33:48 ----A---- C:\WINDOWS\system32\SET133.tmp
2008-09-17 20:33:48 ----A---- C:\WINDOWS\system32\SET132.tmp
2008-09-17 20:33:48 ----A---- C:\WINDOWS\system32\SET131.tmp
2008-09-17 20:33:48 ----A---- C:\WINDOWS\system32\SET130.tmp
2008-09-17 20:33:46 ----A---- C:\WINDOWS\system32\SET143.tmp
2008-09-17 20:33:46 ----A---- C:\WINDOWS\system32\SET13F.tmp
2008-09-17 20:33:46 ----A---- C:\WINDOWS\system32\SET13E.tmp
2008-09-17 20:33:46 ----A---- C:\WINDOWS\system32\SET139.tmp
2008-09-17 20:33:45 ----A---- C:\WINDOWS\system32\SET147.tmp
2008-09-17 20:33:45 ----A---- C:\WINDOWS\system32\SET146.tmp
2008-09-17 20:33:42 ----A---- C:\WINDOWS\system32\SET14F.tmp
2008-09-17 20:33:42 ----A---- C:\WINDOWS\system32\SET14E.tmp
2008-09-17 20:33:41 ----A---- C:\WINDOWS\system32\SET151.tmp
2008-09-17 20:33:40 ----A---- C:\WINDOWS\system32\SET162.tmp
2008-09-17 20:33:40 ----A---- C:\WINDOWS\system32\SET15F.tmp
2008-09-17 20:33:40 ----A---- C:\WINDOWS\system32\SET15E.tmp
2008-09-17 20:33:39 ----A---- C:\WINDOWS\system32\SET167.tmp
2008-09-17 20:33:39 ----A---- C:\WINDOWS\system32\SET166.tmp
2008-09-17 20:33:39 ----A---- C:\WINDOWS\system32\SET165.tmp
2008-09-17 20:33:39 ----A---- C:\WINDOWS\system32\SET164.tmp
2008-09-17 20:33:38 ----A---- C:\WINDOWS\system32\SET169.tmp
2008-09-17 20:33:38 ----A---- C:\WINDOWS\system32\SET168.tmp
2008-09-17 20:33:36 ----A---- C:\WINDOWS\system32\SET16D.tmp
2008-09-17 20:33:34 ----A---- C:\WINDOWS\system32\SET182.tmp
2008-09-17 20:33:34 ----A---- C:\WINDOWS\system32\SET180.tmp
2008-09-17 20:33:34 ----A---- C:\WINDOWS\system32\SET17E.tmp
2008-09-17 20:33:34 ----A---- C:\WINDOWS\system32\SET179.tmp
2008-09-17 20:33:33 ----A---- C:\WINDOWS\system32\SET184.tmp
2008-09-17 20:33:33 ----A---- C:\WINDOWS\system32\SET183.tmp
2008-09-17 20:33:32 ----A---- C:\WINDOWS\system32\SET188.tmp
2008-09-17 20:33:32 ----A---- C:\WINDOWS\system32\SET187.tmp
2008-09-17 20:33:32 ----A---- C:\WINDOWS\system32\SET185.tmp
2008-09-17 20:33:31 ----A---- C:\WINDOWS\system32\SET192.tmp
2008-09-17 20:33:31 ----A---- C:\WINDOWS\system32\SET191.tmp
2008-09-17 20:33:31 ----A---- C:\WINDOWS\system32\SET190.tmp
2008-09-17 20:33:31 ----A---- C:\WINDOWS\system32\SET18D.tmp
2008-09-17 20:33:30 ----A---- C:\WINDOWS\system32\SET19A.tmp
2008-09-17 20:33:30 ----A---- C:\WINDOWS\system32\SET199.tmp
2008-09-17 20:33:30 ----A---- C:\WINDOWS\system32\SET198.tmp
2008-09-17 20:33:29 ----A---- C:\WINDOWS\system32\SET1A2.tmp
2008-09-17 20:33:28 ----A---- C:\WINDOWS\system32\SET1AA.tmp
2008-09-17 20:33:28 ----A---- C:\WINDOWS\system32\SET1A9.tmp
2008-09-17 20:33:28 ----A---- C:\WINDOWS\system32\SET1A8.tmp
2008-09-17 20:33:27 ----A---- C:\WINDOWS\system32\SET1B3.tmp
2008-09-17 20:33:27 ----A---- C:\WINDOWS\system32\SET1B2.tmp
2008-09-17 20:33:27 ----A---- C:\WINDOWS\system32\SET1AD.tmp
2008-09-17 20:33:27 ----A---- C:\WINDOWS\system32\SET1AB.tmp
2008-09-17 20:33:26 ----A---- C:\WINDOWS\system32\SET1C1.tmp
2008-09-17 20:33:26 ----A---- C:\WINDOWS\system32\SET1BF.tmp
2008-09-17 20:33:25 ----A---- C:\WINDOWS\system32\SET1C5.tmp
2008-09-17 20:33:25 ----A---- C:\WINDOWS\system32\SET1C4.tmp
2008-09-17 20:33:25 ----A---- C:\WINDOWS\system32\SET1C3.tmp
2008-09-17 20:33:23 ----A---- C:\WINDOWS\system32\SET1D3.tmp
2008-09-17 20:33:23 ----A---- C:\WINDOWS\system32\SET1D2.tmp
2008-09-17 20:33:23 ----A---- C:\WINDOWS\system32\SET1D0.tmp
2008-09-17 20:33:22 ----A---- C:\WINDOWS\system32\SET1D8.tmp
2008-09-17 20:33:22 ----A---- C:\WINDOWS\system32\SET1D6.tmp
2008-09-17 20:33:21 ----A---- C:\WINDOWS\system32\SET1DC.tmp
2008-09-17 20:33:17 ----A---- C:\WINDOWS\system32\SET1FC.tmp
2008-09-17 20:33:17 ----A---- C:\WINDOWS\system32\SET1FB.tmp
2008-09-17 20:33:17 ----A---- C:\WINDOWS\system32\SET1FA.tmp
2008-09-17 20:33:17 ----A---- C:\WINDOWS\system32\SET1F7.tmp
2008-09-17 20:33:17 ----A---- C:\WINDOWS\system32\SET1F6.tmp
2008-09-17 20:33:17 ----A---- C:\WINDOWS\system32\SET1EF.tmp
2008-09-17 20:33:17 ----A---- C:\WINDOWS\system32\SET1EE.tmp
2008-09-17 20:33:16 ----A---- C:\WINDOWS\system32\SET206.tmp
2008-09-17 20:33:16 ----A---- C:\WINDOWS\system32\SET205.tmp
2008-09-17 20:33:16 ----A---- C:\WINDOWS\system32\SET204.tmp
2008-09-17 20:33:16 ----A---- C:\WINDOWS\system32\SET202.tmp
2008-09-17 20:33:16 ----A---- C:\WINDOWS\system32\SET201.tmp
2008-09-17 20:33:16 ----A---- C:\WINDOWS\system32\SET200.tmp
2008-09-17 20:33:16 ----A---- C:\WINDOWS\system32\SET1FE.tmp
2008-09-17 20:33:16 ----A---- C:\WINDOWS\system32\SET1FD.tmp
2008-09-17 20:33:12 ----A---- C:\WINDOWS\system32\SET213.tmp
2008-09-17 20:33:12 ----A---- C:\WINDOWS\system32\SET211.tmp
2008-09-17 20:33:12 ----A---- C:\WINDOWS\system32\SET20C.tmp
2008-09-17 20:33:10 ----A---- C:\WINDOWS\system32\SET21C.tmp
2008-09-17 20:33:10 ----A---- C:\WINDOWS\system32\SET218.tmp
2008-09-17 20:33:09 ----A---- C:\WINDOWS\system32\SET226.tmp
2008-09-17 20:33:09 ----A---- C:\WINDOWS\system32\SET225.tmp
2008-09-17 20:33:09 ----A---- C:\WINDOWS\system32\SET222.tmp
2008-09-17 20:33:09 ----A---- C:\WINDOWS\system32\SET221.tmp
2008-09-17 20:33:08 ----A---- C:\WINDOWS\system32\SET22D.tmp
2008-09-17 20:33:08 ----A---- C:\WINDOWS\system32\SET22C.tmp
2008-09-17 20:33:08 ----A---- C:\WINDOWS\system32\SET229.tmp
2008-09-17 20:33:07 ----A---- C:\WINDOWS\system32\SET235.tmp
2008-09-17 20:33:07 ----A---- C:\WINDOWS\system32\SET234.tmp
2008-09-17 20:33:06 ----A---- C:\WINDOWS\system32\SET238.tmp
2008-09-17 20:33:05 ----N---- C:\WINDOWS\system32\SET23E.tmp
2008-09-17 20:33:05 ----A---- C:\WINDOWS\system32\SET243.tmp
2008-09-17 20:33:05 ----A---- C:\WINDOWS\system32\SET242.tmp
2008-09-17 20:33:05 ----A---- C:\WINDOWS\system32\SET23F.tmp
2008-09-17 20:33:05 ----A---- C:\WINDOWS\system32\SET23D.tmp
2008-09-17 20:33:05 ----A---- C:\WINDOWS\system32\SET23C.tmp
2008-09-17 20:33:03 ----A---- C:\WINDOWS\system32\SET24B.tmp
2008-09-17 20:33:02 ----A---- C:\WINDOWS\system32\SET24F.tmp
2008-09-17 20:33:02 ----A---- C:\WINDOWS\system32\SET24E.tmp
2008-09-17 20:33:02 ----A---- C:\WINDOWS\system32\SET24C.tmp
2008-09-17 20:33:00 ----A---- C:\WINDOWS\system32\SET252.tmp
2008-09-17 20:32:59 ----A---- C:\WINDOWS\system32\SET254.tmp
2008-09-17 20:32:58 ----A---- C:\WINDOWS\system32\SET25D.tmp
2008-09-17 20:32:58 ----A---- C:\WINDOWS\system32\SET25B.tmp
2008-09-17 20:32:58 ----A---- C:\WINDOWS\system32\SET259.tmp
2008-09-17 20:32:58 ----A---- C:\WINDOWS\system32\SET258.tmp
2008-09-17 20:32:58 ----A---- C:\WINDOWS\system32\SET257.tmp
2008-09-17 20:32:58 ----A---- C:\WINDOWS\system32\SET256.tmp
2008-09-17 20:32:57 ----A---- C:\WINDOWS\system32\SET261.tmp
2008-09-17 20:32:55 ----A---- C:\WINDOWS\system32\SET264.tmp
2008-09-17 20:32:54 ----A---- C:\WINDOWS\system32\SET26E.tmp
2008-09-17 20:32:53 ----A---- C:\WINDOWS\system32\SET277.tmp
2008-09-17 20:32:53 ----A---- C:\WINDOWS\system32\SET276.tmp
2008-09-17 20:32:53 ----A---- C:\WINDOWS\system32\SET274.tmp
2008-09-17 20:32:53 ----A---- C:\WINDOWS\system32\SET272.tmp
2008-09-17 20:32:53 ----A---- C:\WINDOWS\system32\SET271.tmp
2008-09-17 20:32:53 ----A---- C:\WINDOWS\system32\SET270.tmp
2008-09-17 20:32:52 ----A---- C:\WINDOWS\system32\SET53F.tmp
2008-09-17 20:32:52 ----A---- C:\WINDOWS\system32\SET539.tmp
2008-09-17 20:32:52 ----A---- C:\WINDOWS\system32\SET27E.tmp
2008-09-17 20:32:52 ----A---- C:\WINDOWS\system32\SET27D.tmp
2008-09-17 20:32:52 ----A---- C:\WINDOWS\system32\SET27B.tmp
2008-09-17 20:32:49 ----A---- C:\WINDOWS\system32\SET290.tmp
2008-09-17 20:32:49 ----A---- C:\WINDOWS\system32\SET285.tmp
2008-09-17 20:32:48 ----A---- C:\WINDOWS\system32\SET294.tmp
2008-09-17 20:32:48 ----A---- C:\WINDOWS\system32\SET293.tmp
2008-09-17 20:32:46 ----A---- C:\WINDOWS\system32\SET298.tmp
2008-09-17 20:32:45 ----A---- C:\WINDOWS\system32\SET2A9.tmp
2008-09-17 20:32:45 ----A---- C:\WINDOWS\system32\SET2A7.tmp
2008-09-17 20:32:45 ----A---- C:\WINDOWS\system32\SET2A0.tmp
2008-09-17 20:32:38 ----A---- C:\WINDOWS\system32\SET2B0.tmp
2008-09-17 20:32:38 ----A---- C:\WINDOWS\system32\SET2AE.tmp
2008-09-17 20:32:36 ----A---- C:\WINDOWS\system32\SET2C9.tmp
2008-09-17 20:32:36 ----A---- C:\WINDOWS\system32\SET2C7.tmp
2008-09-17 20:32:36 ----A---- C:\WINDOWS\system32\SET2C5.tmp
2008-09-17 20:32:28 ----A---- C:\WINDOWS\system32\SET2D5.tmp
2008-09-17 20:32:28 ----A---- C:\WINDOWS\system32\SET2D1.tmp
2008-09-17 20:32:28 ----A---- C:\WINDOWS\system32\SET2D0.tmp
2008-09-17 20:32:27 ----A---- C:\WINDOWS\system32\SET2F3.tmp
2008-09-17 20:32:27 ----A---- C:\WINDOWS\system32\SET2F1.tmp
2008-09-17 20:32:27 ----A---- C:\WINDOWS\system32\SET2EB.tmp
2008-09-17 20:32:26 ----A---- C:\WINDOWS\system32\SET2FD.tmp
2008-09-17 20:32:26 ----A---- C:\WINDOWS\system32\SET2F9.tmp
2008-09-17 20:32:25 ----A---- C:\WINDOWS\005980_.tmp
2008-09-17 20:32:24 ----A---- C:\WINDOWS\system32\SET30B.tmp
2008-09-17 20:32:24 ----A---- C:\WINDOWS\SET3EE.tmp
2008-09-17 20:32:23 ----A---- C:\WINDOWS\system32\SET30F.tmp
2008-09-17 20:32:23 ----A---- C:\WINDOWS\system32\SET30E.tmp
2008-09-17 20:32:23 ----A---- C:\WINDOWS\system32\SET30D.tmp
2008-09-17 20:32:22 ----A---- C:\WINDOWS\system32\SET328.tmp
2008-09-17 20:32:22 ----A---- C:\WINDOWS\system32\SET31D.tmp
2008-09-17 20:32:22 ----A---- C:\WINDOWS\system32\SET319.tmp
2008-09-17 20:32:21 ----A---- C:\WINDOWS\system32\SET33D.tmp
2008-09-17 20:32:21 ----A---- C:\WINDOWS\system32\SET339.tmp
2008-09-17 20:32:20 ----A---- C:\WINDOWS\system32\SET364.tmp
2008-09-17 20:32:20 ----A---- C:\WINDOWS\system32\SET34D.tmp
2008-09-17 20:32:19 ----A---- C:\WINDOWS\system32\SET377.tmp
2008-09-17 20:32:19 ----A---- C:\WINDOWS\system32\SET376.tmp
2008-09-17 20:32:19 ----A---- C:\WINDOWS\system32\SET374.tmp
2008-09-17 20:32:19 ----A---- C:\WINDOWS\system32\SET371.tmp
2008-09-17 20:32:19 ----A---- C:\WINDOWS\system32\SET370.tmp
2008-09-17 20:32:19 ----A---- C:\WINDOWS\system32\SET36F.tmp
2008-09-17 20:32:19 ----A---- C:\WINDOWS\system32\SET36D.tmp
2008-09-17 20:32:19 ----A---- C:\WINDOWS\system32\SET36C.tmp
2008-09-17 20:32:19 ----A---- C:\WINDOWS\system32\SET36B.tmp
2008-09-17 20:32:18 ----A---- C:\WINDOWS\system32\SET37C.tmp
2008-09-17 20:32:18 ----A---- C:\WINDOWS\system32\SET379.tmp
2008-09-17 20:32:17 ----A---- C:\WINDOWS\system32\SET38B.tmp
2008-09-17 20:32:17 ----A---- C:\WINDOWS\system32\SET383.tmp
2008-09-17 20:32:17 ----A---- C:\WINDOWS\system32\SET382.tmp
2008-09-17 20:32:17 ----A---- C:\WINDOWS\system32\SET37D.tmp
2008-09-17 20:32:16 ----A---- C:\WINDOWS\system32\SET39A.tmp
2008-09-17 20:32:16 ----A---- C:\WINDOWS\system32\SET397.tmp
2008-09-17 20:32:16 ----A---- C:\WINDOWS\system32\SET392.tmp
2008-09-17 20:32:15 ----A---- C:\WINDOWS\system32\SET3A7.tmp
2008-09-17 20:32:15 ----A---- C:\WINDOWS\system32\SET3A5.tmp
2008-09-17 20:32:15 ----A---- C:\WINDOWS\system32\SET3A3.tmp
2008-09-17 20:32:15 ----A---- C:\WINDOWS\system32\SET39F.tmp
2008-09-17 20:32:15 ----A---- C:\WINDOWS\system32\SET39D.tmp
2008-09-17 20:32:14 ----A---- C:\WINDOWS\system32\SET3B5.tmp
2008-09-17 20:32:14 ----A---- C:\WINDOWS\system32\SET3B0.tmp
2008-09-17 20:32:14 ----A---- C:\WINDOWS\system32\SET3AF.tmp
2008-09-17 20:32:14 ----A---- C:\WINDOWS\system32\SET3AB.tmp
2008-09-17 20:32:14 ----A---- C:\WINDOWS\system32\SET3AA.tmp
2008-09-17 20:32:12 ----A---- C:\WINDOWS\system32\SET558.tmp
2008-09-17 20:32:12 ----A---- C:\WINDOWS\system32\SET3C7.tmp
2008-09-17 20:32:12 ----A---- C:\WINDOWS\system32\SET3C4.tmp
2008-09-17 20:32:12 ----A---- C:\WINDOWS\system32\SET3C1.tmp
2008-09-17 20:32:12 ----A---- C:\WINDOWS\system32\SET3BF.tmp
2008-09-17 20:32:12 ----A---- C:\WINDOWS\system32\SET3BC.tmp
2008-09-17 20:32:11 ----A---- C:\WINDOWS\system32\SET3C9.tmp
2008-09-17 20:17:15 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-09-17 14:16:02 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-09-17 14:15:58 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-09-17 14:15:55 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-09-17 14:15:36 ----A---- C:\WINDOWS\system32\MRT.INI
2008-09-17 14:13:49 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-09-17 14:13:45 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-09-17 14:13:33 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-09-17 14:13:29 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-09-17 14:13:16 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
2008-09-17 14:13:09 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-17 13:50:46 ----A---- C:\WINDOWS\system32\capicom.dll
======List of files/folders modified in the last 1 months======
2008-10-05 12:43:06 ----RD---- C:\Program Files
2008-10-05 12:43:06 ----D---- C:\WINDOWS\system32
2008-10-05 02:57:22 ----D---- C:\Program Files\Mozilla Firefox
2008-10-04 21:15:56 ----D---- C:\WINDOWS\system32\drivers
2008-10-04 21:00:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-04 20:52:58 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint
2008-10-04 20:52:56 ----D---- C:\Program Files\Viewpoint
2008-10-02 22:50:13 ----A---- C:\WINDOWS\HPODJC05.INI
2008-10-02 03:02:17 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-02 03:00:46 ----HD---- C:\WINDOWS\inf
2008-10-02 03:00:46 ----D---- C:\Program Files\Messenger
2008-10-02 03:00:45 ----D---- C:\WINDOWS
2008-10-01 10:53:08 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-01 10:45:05 ----SHD---- C:\WINDOWS\Installer
2008-10-01 10:45:04 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-10-01 10:45:04 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec
2008-10-01 10:40:48 ----D---- C:\Program Files\Windows Media Player
2008-10-01 10:38:18 ----A---- C:\WINDOWS\2PortalMon_Debug.txt
2008-10-01 10:37:29 ----D---- C:\WINDOWS\system32\wbem
2008-10-01 10:37:29 ----D---- C:\WINDOWS\AppPatch
2008-10-01 10:37:28 ----D---- C:\WINDOWS\system32\Setup
2008-10-01 10:37:21 ----RSD---- C:\WINDOWS\Fonts
2008-10-01 10:36:13 ----D---- C:\WINDOWS\security
2008-10-01 10:35:41 ----D---- C:\WINDOWS\ServicePackFiles
2008-10-01 10:32:50 ----D---- C:\WINDOWS\WinSxS
2008-10-01 10:32:38 ----D---- C:\WINDOWS\system32\bits
2008-10-01 10:32:02 ----D---- C:\WINDOWS\system32\usmt
2008-10-01 10:31:58 ----D---- C:\WINDOWS\system32\Restore
2008-10-01 10:31:58 ----D---- C:\WINDOWS\system32\oobe
2008-10-01 10:31:57 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-01 10:31:57 ----D---- C:\WINDOWS\system32\npp
2008-10-01 10:31:57 ----D---- C:\WINDOWS\system32\inetsrv
2008-10-01 10:31:42 ----D---- C:\WINDOWS\system32\Com
2008-10-01 10:30:02 ----D---- C:\WINDOWS\system
2008-10-01 10:30:01 ----D---- C:\WINDOWS\srchasst
2008-10-01 10:27:04 ----D---- C:\WINDOWS\peernet
2008-10-01 10:27:01 ----D---- C:\WINDOWS\msagent
2008-10-01 10:26:53 ----D---- C:\WINDOWS\ime
2008-10-01 10:26:52 ----D---- C:\WINDOWS\Help
2008-10-01 10:26:51 ----D---- C:\WINDOWS\ehome
2008-10-01 10:26:47 ----D---- C:\Program Files\Windows NT
2008-10-01 10:26:45 ----D---- C:\Program Files\Outlook Express
2008-10-01 10:26:44 ----D---- C:\Program Files\NetMeeting
2008-10-01 10:26:42 ----D---- C:\Program Files\Movie Maker
2008-10-01 10:26:40 ----D---- C:\Program Files\Internet Explorer
2008-10-01 10:26:34 ----D---- C:\Program Files\Common Files\System
2008-10-01 10:25:57 ----SD---- C:\WINDOWS\Tasks
2008-10-01 09:57:04 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-10-01 09:28:21 ----D---- C:\Program Files\Yahoo!
2008-10-01 09:28:07 ----D---- C:\Program Files\Common Files\Scanner
2008-10-01 09:27:17 ----D---- C:\Program Files\Symantec
2008-10-01 09:26:40 ----D---- C:\Program Files\Common Files
2008-10-01 09:21:30 ----D---- C:\Program Files\Common Files\Vbox
2008-10-01 09:21:27 ----D---- C:\Program Files\Ahead
2008-10-01 09:21:26 ----D---- C:\Program Files\Absolute Poker
2008-09-30 23:44:23 ----D---- C:\Documents and Settings\Robert\Application Data\SuperNZB
2008-09-27 07:09:20 ----D---- C:\Documents and Settings
2008-09-24 23:19:29 ----D---- C:\Documents and Settings\Robert\Application Data\WeatherBug
2008-09-21 15:22:19 ----D---- C:\Program Files\Trend Micro
2008-09-20 22:51:43 ----RASH---- C:\boot.ini
2008-09-20 22:51:43 ----A---- C:\WINDOWS\win.ini
2008-09-20 22:51:43 ----A---- C:\WINDOWS\system.ini
2008-09-20 00:12:09 ----SD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
2008-09-19 14:24:19 ----D---- C:\WINDOWS\system32\config
2008-09-19 14:22:58 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-09-19 13:35:09 ----A---- C:\WINDOWS\ntbtlog.txt
2008-09-19 13:29:44 ----D---- C:\Documents and Settings\Robert\Application Data\U3
2008-09-19 12:38:32 ----D---- C:\Program Files\RM Converter
2008-09-19 12:21:33 ----D---- C:\WINDOWS\pss
2008-09-19 12:16:31 ----A---- C:\WINDOWS\setuplog.txt
2008-09-19 11:59:43 ----A---- C:\WINDOWS\{00000000-00000000-00000009-00001102-00000004-00511102}.BAK
2008-09-19 09:10:50 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo!
2008-09-19 09:01:18 ----A---- C:\WINDOWS\ModemLog_Lucent Win Modem #2.txt
2008-09-19 08:34:37 ----SD---- C:\Documents and Settings\Robert\Application Data\Microsoft
2008-09-17 20:17:15 ----D---- C:\WINDOWS\Debug
2008-09-17 14:16:04 ----A---- C:\WINDOWS\imsins.BAK
2008-09-17 14:15:58 ----HD---- C:\WINDOWS\$hf_mig$
2008-09-17 13:20:49 ----RHD---- C:\Documents and Settings\Robert\Application Data\yahoo!
2008-09-17 13:00:41 ----SHD---- C:\System Volume Information
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2004-08-04 37376]
R1 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]
R1 BpCdrVsd;BpCdrVsd; C:\WINDOWS\system32\drivers\BpCdrVsd.sys [2002-12-12 7936]
R1 bpfinder;BACKPACK Finder; C:\WINDOWS\System32\DRIVERS\bpfinder.sys [2003-02-17 62279]
R1 eectrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 incdrm;InCD EasyWrite Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2002-10-08 7582]
R1 srtsp;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2007-11-30 279088]
R1 srtspx;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2007-11-30 43696]
R1 VIAPFD;VIAPFD; C:\WINDOWS\System32\Drivers\VIAPFD.SYS [2001-12-18 3279]
R2 BsUDF;InCD UDF Driver; C:\WINDOWS\system32\drivers\BsUDF.sys [2003-01-31 389504]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\System32\PfModNT.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-11-17 2297664]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 bpflt;BACKPACK Filter; C:\WINDOWS\System32\DRIVERS\bpflt.sys [2002-08-08 4538]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2002-07-19 127948]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2002-08-12 837548]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2002-07-19 11068]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2002-07-19 213860]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2002-07-19 156604]
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2004-12-16 42496]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2002-08-12 998004]
R3 ltmodem5;LT Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2004-08-04 606684]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 naveng;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080930.003\NAVENG.SYS []
R3 navex15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080930.003\NAVEX15.SYS []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2002-08-29 891711]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2002-07-19 195432]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 wltwo48b;2Wire Wireless PC Card Driver; C:\WINDOWS\System32\DRIVERS\wltwo48b.sys [2003-08-10 170496]
S1 af51f9f7;af51f9f7; C:\WINDOWS\System32\drivers\af51f9f7.sys []
S3 AON325;AOpen AON-325 10/100M Fast Ethernet PCI Adapter; C:\WINDOWS\System32\DRIVERS\AON325.SYS [2001-04-16 24172]
S3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2004-08-04 701440]
S3 atimtag;atimtag; C:\WINDOWS\System32\DRIVERS\atimtag.sys []
S3 ATIPCXXX;ATI Parental control device; C:\WINDOWS\System32\DRIVERS\atipcxxx.sys [2001-08-17 10240]
S3 ATITUNEP;ATI TV Tuner (ATITuneP); C:\WINDOWS\System32\DRIVERS\atitunep.sys [2001-08-17 17152]
S3 ATIVRAXX;ATI Rage Theatre Audio (ATIRTSND); C:\WINDOWS\System32\DRIVERS\atirtsnd.sys [2001-08-17 26880]
S3 ATIVRVXX;ATI Rage Theatre Video (ATIRTCAP); C:\WINDOWS\System32\DRIVERS\atirtcap.sys [2001-08-17 49920]
S3 ATIVXSXX;ATI Audio Crossbar (ATIVXBAR); C:\WINDOWS\System32\DRIVERS\ativxbar.sys [2001-08-17 26624]
S3 bppccard;BACKPACK PC Card; C:\WINDOWS\System32\DRIVERS\bppccard.sys [2003-01-09 5493]
S3 bppnpdrv;BACKPACK Driver; C:\WINDOWS\System32\DRIVERS\bppnpdrv.sys [2003-02-17 19670]
S3 bpusbdrv;BACKPACK USB 1 Cable; C:\WINDOWS\System32\DRIVERS\bpusbdrv.sys [2003-02-06 109708]
S3 bpusbflt;BACKPACK USB Filter; C:\WINDOWS\System32\DRIVERS\bpusbflt.sys [2002-08-08 8333]
S3 Bridge;MAC Bridge; C:\WINDOWS\System32\DRIVERS\bridge.sys [2004-08-04 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2004-08-04 71552]
S3 catchme;catchme; \??\C:\ComboFix2\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 C-Dilla;C-Dilla; \??\C:\WINDOWS\System32\drivers\CDANT.SYS []
S3 Dot4;IEEE-1284.4 Driver; C:\WINDOWS\System32\DRIVERS\Dot4.sys [2004-08-04 207360]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\System32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 es1371;Creative AudioPCI (ES1371,ES1373) (WDM); C:\WINDOWS\system32\drivers\es1371mp.sys [2001-08-17 40704]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\System32\DRIVERS\fetnd5b.sys [2004-04-14 42496]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 MVDCODEC;ATI WDM Specialized MVD Codec; C:\WINDOWS\System32\DRIVERS\ativmdcd.sys [2001-08-17 9472]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 NTSIM;NTSIM; \??\C:\WINDOWS\System32\ntsim.sys []
S3 pcampr5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-08-23 5888]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 srtspl;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2007-11-30 317616]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 SUSTUCAM;Susteen USB Cable Modem Driver; C:\WINDOWS\system32\DRIVERS\sustucam.sys [2006-04-12 38016]
S3 SUSTUCAP;Susteen USB Cable Port Driver; C:\WINDOWS\system32\DRIVERS\sustucap.sys [2006-04-12 38016]
S3 SUSTUCAU;Susteen USB Cable USB Driver; C:\WINDOWS\system32\DRIVERS\sustucau.sys [2006-04-12 20096]
S3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
S3 WBMS;Winbond Memory Stick Storage (MS) Device Driver; C:\WINDOWS\System32\Drivers\WBMS.SYS [2002-02-28 29056]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.EXE [1999-12-13 44032]
R2 NVSvc;AOpen NVIDIA Driver Helper Service; C:\WINDOWS\System32\nvsvc32.exe [2002-05-03 61440]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [2000-06-26 53520]
S2 automatic liveupdate scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe []
S2 pnpsvc;Plug and Play svc service; C:\WINDOWS\system32\svchost.exe [2004-08-04 17408]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 liveupdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE []
S4 C-DillaSrv;C-DillaSrv; C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE [2001-09-10 32256]
S4 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
-----------------EOF-----------------
Malwarebytes' Anti-Malware 1.28
Database version: 1229
Windows 5.1.2600 Service Pack 2
10/5/2008 12:43:06 PM
mbam-log-2008-10-05 (12-43-06).txt
Scan type: Full Scan (C:\|F:\|)
Objects scanned: 163315
Time elapsed: 10 hour(s), 10 minute(s), 29 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 9
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\MySearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Files Infected:
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE1F4156-F816-4ABE-A1DC-F3231125BB59}\RP5\A0002008.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ide21201.vxd (Adware.Winad) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\1.bin\MYSEARCHPLUGINPROXY.CLASS (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\1.bin\NPMYSRCH.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\1.bin\PARTNER.BMP (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\1.bin\PARTNER.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\1.bin\S42NS.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\1.bin\UNINSTALL.INF (Adware.MyWebSearch) -> Quarantined and deleted successfully.