Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

I think I'm infected

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

I think I'm infected

Unread postby ted_b » April 4th, 2008, 6:31 pm

Here is my log. My system has just recently started acting up, with black text boxes appearing sporadically on browsers, audio distorting horribly the longer it's played (whether via Foobar2000, Yahoo videos, iTunes, etc.), and text repeating (almost smearing) in Netscape 7 Communicator email scrolling (almost as if the page isn't refreshing, just repeating what is on the screen over and over)..

I recently had a Norton Antivirus issue and had their customer service folks look into it. When they downloaded the Norton Removal Tool it froze up while undeleting Norton 2007. They had me boot into Safe Mode, run it there...and afterward I got imprisoned there (wouldn't allow me to reboot into anything but safe mode) until I think I did a hard power down. Anyway, ever since then it's been acting up badly (see above) and occasionally will not let me "restart" or "turn off computer" via Start Menu. I have gone in and tried to remove all known Norton or Symantec issues, including in regedit, but the font, black box and audio problems persist. I've since installed trend Micro Internet Security and sworn off Norton. I also have now experienced weird Firefox browser issues like My Yahoo being formatted so the page now requires significant scrolling way way down to the bottom before my MyYahoo data shows up. The header is in normal top position, but then miles and miles of background green (theme) real estate until I find the data at the bottom of the scroll bar (if printed it would be 20-30 pages worth of scrolling).

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:15:38 PM, on 4/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\PROGRA~1\SQUEEZ~2\server\Bin\MSWIN3~1\mysqld.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\Program Files\VIA\VIAudioi\EnvyADeck\EnMixCPL.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\mobile PhoneTools\WatchDog.exe
C:\Program Files\Common Files\AOL\1139436337\ee\AOLSoftware.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\Program Files\Plaxo\2.13.1.3\PlaxoHelper.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Karen's Power Tools\Replicator\PTReplicator.exe
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\SQUEEZ~2\server\SQUEEZ~1.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRA~1\SQUEEZ~2\server\Bin\MSWin32-x86-multi-thread\flac.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://secure.crmondemand.com/OnDemand/logon.jsp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.yahoo.com"); (C:\Documents and Settings\TED BRADY\Application Data\Mozilla\Profiles\default\ow2jdxey.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\TED BRADY\Application Data\Mozilla\Profiles\default\ow2jdxey.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O3 - Toolbar: NewsStand Toolbar - {6E94ACD5-2C6A-48AC-84EF-A4DE746D385F} - C:\Program Files\NewsStand\Reader\NSIETool.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EnvyHFCPL] C:\Program Files\VIA\VIAudioi\EnvyADeck\EnMixCPL.exe 1
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1139436337\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB005" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
O4 - HKCU\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /P30 "EPSON Stylus Photo R220 Series" /M "Stylus Photo R220" /EF "HKCU"
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.13.1.3\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Startup: Karen's Replicator.lnk = C:\Program Files\Karen's Power Tools\Replicator\PTReplicator.exe
O4 - Startup: Virtual Bouncer.lnk = C:\Program Files\VBouncer\VirtualBouncer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: SqueezeCenter Tray Tool.lnk = C:\Program Files\SqueezeCenter\SqueezeTray.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AOL Instant Messenger (TM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/ho ... scan60.cab
O16 - DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} (IEPlayInterface Class) - http://www.dvdfile.com/software/eggs/jsLib/IAIEPlay.dll
O16 - DPF: {61628958-4627-48F4-99FD-30719188568D} (XCheck Control) - http://www.ifrontiers.com/ActiveX/XCheck.CAB
O16 - DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Maid Control) - http://vsp.closetmaid.com/vsp/cmaidctl_ ... loader.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: SqueezeMySQL - Unknown owner - C:\PROGRA~1\SQUEEZ~2\server\Bin\MSWIN3~1\mysqld.exe
O23 - Service: Symantec RemoteAssist - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe (file missing)
O23 - Service: TiVo Beacon (TivoBeacon2) - Unknown owner - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe (file missing)
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

Thanks
Ted
ted_b
Active Member
 
Posts: 7
Joined: April 4th, 2008, 6:22 pm
Advertisement
Register to Remove

Re: I think I'm infected

Unread postby MWR 3 day Mod » April 8th, 2008, 6:22 pm

Hi, ted_b

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: I think I'm infected

Unread postby Carolyn » April 10th, 2008, 10:21 am

Hello Ted and Welcome to the forums!

My name is Carolyn and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens.

Please reply to this thread, do not start another.
Please tell me about any problems that have occurred during the fix.
Please tell me of any other symptoms you may be having as these can help also.
Please try as much as possible not to run anything while executing a fix.

As I am still in training, everything that I post to you must be checked by one of the teachers. Thus, there may be a bit of a delay between posts, but it shouldn't be too long.

If you follow these instructions, everything should go smoothly.

we are currently looking at your log now and will be back as soon as possible with your instructions.
while you are waiting one other thing that can be of good use is an uninstall list so please do the following

Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in your next reply.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: I think I'm infected

Unread postby ted_b » April 10th, 2008, 10:43 am

2Wire HomePortal
2Wire Wireless Client
ACXOplayer
Adobe Acrobat 5.0
Adobe ActiveShare 1.2
Adobe Flash Player 9 ActiveX
Adobe Flash Player Plugin
Adobe PhotoDeluxe Home Edition 4.0
Adobe Photoshop Elements 3.0
Adobe Reader 8.1.2
Adobe® Photoshop® Album Starter Edition 3.2
AIM 6
Album Cover Finder v.6.1.2
AnswerWorks 4.0 Runtime - English
AOL Uninstaller (Choose which Products to Remove)
Apple Mobile Device Support
Apple Software Update
AudioShell 1.3 beta 3
Avanquest update
Bonjour
Canon Camera Window for ZoomBrowser EX
Canon i860
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities Easy-PhotoPrint Plus
Canon Utilities PhotoStitch 3.1
Canon Utilities ZoomBrowser EX
CD/DVD Jewel Case and Label Creator
Classic PhoneTools
Conexant SmartHSFi V92 56K Speakerphone PCI Modem
CopyTrans Suite (remove only)
Creative MediaSource
DAEMON Tools
dBpoweramp FLAC Codec
dBpoweramp m4a Codec
dBpoweramp Music Converter
Dell ResourceCD
DiscWizard 2003
DriverAgent Plugin for Netscape by TouchStone Software
DVD Audio Extractor 4.2.2
DVD Decrypter (Remove Only)
Easy CD Creator 5 Basic
Easy Screen Capture
Easy-WebPrint
eMusic Download Manager
EPSON ESPR220 Reference Guide
EPSON Print CD
EPSON Printer Software
ETF5.x
Exact Audio Copy v0.9 beta 4
FLAC Installer 1.1.3b (remove only)
foobar2000 v0.9.1
GrabIt 1.6.0 Beta (build 928)
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Intel(R) PRO Ethernet Adapter and Software
IntelliMover
InterActual Player
iPod for Windows 2005-09-23
iPod for Windows 2006-01-10
iPod for Windows User Guide
iPod System Software Updater 2.1
iPod Update 2004-04-28
iPod Updater 2004-11-15
ISO Recorder
ItsDeductible Express
iTunes
Java 2 Runtime Environment, SE v1.4.0_01
Java 2 Runtime Environment, SE v1.4.1_02
Java Web Start
Java(TM) 6 Update 3
Java(TM) 6 Update 5
JVC Lens Calculator 3.5P (7/01/2007)
Karen's Replicator
LaCie Backup Software v1.5.2215
Macromedia Flash Player 8
Macromedia Shockwave Player
Maxtor OneTouch
Medieval CUE Splitter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Crimson Skies Trial
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Location Finder
Microsoft Money 2002
Microsoft Money 2002 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office Visio Professional 2003
Microsoft Office XP Media Content
Microsoft Office XP Small Business
Microsoft PowerPoint Viewer 97
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
mobile PhoneTools
Model Swing Saver Demo
Mozilla Firefox (2.0.0.13)
Mozilla Thunderbird (1.0)
MSN Music Assistant
MSXML 4.0
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML4 Parser
MUSICMATCH Jukebox
MuVo Slim
Nero 6 Demo
Netscape (7.1)
NewsStand Reader
Nikon Message Center
Nokia Connectivity Cable Driver
Nokia Internet Tablet Software Update Wizard
NVIDIA Display Driver
NVIDIA Drivers
Photo Finale
PictureProject
Planet Poker
Plaxo Toolbar for Outlook and Outlook Express
PowerDVD
ProntoEdit 4
ProntoEdit IR Database Utility Beta 0.9 Build 02
ProntoEdit Professional 9400 1.1
Quicken 2005
QuickTime
RealPlayer
Remote Control USB Driver
Rhapsody
Rhapsody Player Engine
SafeCast Shared Components
SanDisk ImageMate/SecureMate
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Shockwave
Sony Noise Reduction Plug-In 2.0h
Sony Sound Forge 9.0
Sony USB Driver
Sound Blaster Audigy 2
Squeezebox Firmware Selector
SqueezeCenter 7.0
StandAlone Diagnostic
Symantec Technical Support Web Controls
System Requirements Lab
TitanTV Big Screen EPG Demo (remove only)
Trend Micro Internet Security
Trend Micro Internet Security
TriPeaks 2
TriPeaks 2001
TurboTax 2002
TurboTax Deluxe 2003
TurboTax Deluxe 2004
TurboTax Deluxe 2005
TurboTax Deluxe 2007
TurboTax Deluxe Deduction Maximizer 2006
TurboTax ItsDeductible 2005
TurboTax ItsDeductible 2006
UnInstall Envy24 Family Audio Device Driver
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
URGE
USB Storage Adapter FX (MXO)
V1 Home 2.0
VC User CRT71 RTL X86 ---
VC User MFC71 RTL X86 ---
VC User STL71 RTL X86 ---
VIA Platform Device Manager
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Viewpoint Toolbar
WexTech AnswerWorks
WildTangent Web Driver
Winamp (remove only)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
Windows XP Winter Fun Pack for Windows Media Player 9 Series
WinRAR archiver
WMA 9 Lossless to PCM Conversion Tool
ted_b
Active Member
 
Posts: 7
Joined: April 4th, 2008, 6:22 pm

Re: I think I'm infected

Unread postby Carolyn » April 11th, 2008, 4:00 pm

Hello Ted,

Remove Poker programs
From your log I can see you've installed poker programs. A lot of poker programs are infected/can infect you with malware.
I would advise you to go to Add/Remove programs and uninstall your poker programs.
Planet Poker
Here are links to some poker sites regarded as safe for your reference.
1. http://www.pokerstars.net/ - This is a free to use/play site with play money.
2. http://www.pokerstars.com/ - This is a free to use/play site with play money and real money.


I see that Viewpoint is installed. Viewpoint, Viewpoint Manager, Viewpoint Media Player are Viewpoint components which are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player’s components. You can disable this using the Viewpoint Manager Control Panel found in the Windows Control Panel menu. By selecting Disable auto-updating for the Viewpoint Manager -- the player will no longer attempt to check for updates. Anything that is installed without your consent is suspect. Read what Viewpoint says and make your own decision.
To provide a satisfying consumer experience and to operate effectively, the Viewpoint Media Player periodically sends information to servers at Viewpoint. Each installation of the Viewpoint Media Player is identifiable to Viewpoint via a Customer Unique Identifier (CUID), an alphanumeric identifier embedded in the Viewpoint Media Player. The Viewpoint Media Player randomly generates the CUID during installation and uses it to indicate a unique installation of the product. A CUID is never connected to a user's name, email address, or other personal contact information. CUIDs are used for the sole purpose of filtering redundant information. Each of these information exchanges occurs anonymously.

Viewpoint Manager is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything "bad". This may change, read Viewpoint to Plunge Into Adware.
I recommend that you remove the Viewpoint products; however, decide for yourself. To uninstall the the Viewpoint components (Viewpoint, Viewpoint Manager, Viewpoint Media Player):
  1. Click Start, point to Settings, and then click Control Panel.
  2. In Control Panel, double-click Add or Remove Programs.
  3. In Add or Remove Programs, highlight Viewpoint Manager (Remove Only)
    Viewpoint Media Player
    Viewpoint Toolbar
    , click Remove.
  4. Do the same for each Viewpoint component.
These are the items to fix in HijackThis.

O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll

O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe



I see you are using Wild Tangent. It is not malware, but is sometimes thought to bring malware along. Wild Tangent is a video game software company specializing in online games. It has even made a partnership with AOL to include itself as part of the AOL Instant Messenger for their AIM games section. The WildTangent Web Driver is their technology that allows you to play 3D games over the Internet. Although it’s not technically considered spyware, it does have built in components to update itself and gather information about the computer system including
  1. Operating System Version
  2. CPU Type and Speed
  3. Memory Amount
    Video Card type and Driver Version
  4. Sound Card type and Driver Version
  5. DirectX Version
    Location that the Web Driver was installed from
  6. It is also a MAJOR resource hog.
For more information, see WildTangent Removal Instructions and Help and Inside Wild Tangent-Delivering High-End 3-D Content To A Web Site Near You.
Unless you are an extremely avid games player, I recommend you uninstall Wild Tangent: To uninstall Wild Tangent:
  1. Click Start, point to Settings, and then click Control Panel.
  2. In Control Panel, double-click Add or Remove Programs.
  3. In Add or Remove Programs, highlight Wild Tangent, click Remove.
  4. Close the Add or Remove Programs and the Control Panel windows.
This is the item to fix in HijackThis:

04 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain


Remove Programs
Please Click Start > Control Panel > Add/Remove Programs
Remove these programs by clicking Remove

Symantec Technical Support Web Controls
Java 2 Runtime Environment, SE v1.4.0_01
Java 2 Runtime Environment, SE v1.4.1_02
Java(TM) 6 Update 3


If some programs listed are not present, please do not panic


Let's remove a rogue program:
Remove bad HijackThis entry
  • Run HijackThis
  • Click on the Scan button
  • Put a check beside the item listed below (if present):

    O4 - Startup: Virtual Bouncer.lnk = C:\Program Files\VBouncer\VirtualBouncer.exe

  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.


Now, enable the Show Hidden Folders option, like this:
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

Using Windows Explore by right-clicking the Start button and left clicking Explore navigate to and find the following folder: if found, delete it

C:\Program Files\VBouncer <<Folder


Next, run additional scans and post results:

Please download Malwarebytes' Anti-Malware and save it to a convenient location.
  1. Double click on mbam-setup.exe to install it.
  2. Before clicking the Finish button, make sure that these 2 boxes are checked (ticked):
      Update Malwarebytes' Anti-Malware
      Launch Malwarebytes' Anti-Malware
  3. Malwarebytes' Anti-Malware will now check for updates. If your firewall prompts, please allow it. If you can't update it, select the Update tab. Under Update Mirror, select one of the websites and click on Check for Updates.
  4. Select the Scanner tab. Click on Perform full scan, then click on Scan.
  5. Leave the default options as it is and click on Start Scan.
  6. When done, you will be prompted. Click OK, then click on Show Results.
  7. Checked (ticked) all items and click on Remove Selected.
  8. After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Right-click on dss.exe, then select "Run as administrator", and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt in your reply.

Run Kaspersky Online AV Scanner
Using Internet Explorer Go to http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html and click the Accept button at the end of the page.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
  • Read the Requirements and limitations before you click Accept.
  • Allow the ActiveX download if necessary.
  • Once the database has downloaded, click Next.
  • Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
  • Click on "My Computer" and then put the kettle on!
  • When the scan has completed, click Save Report As...
  • Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
  • Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
Copy and paste the report into your next reply along with a fresh HJT log and a description of how your PC is behaving.

Please post the Kaspersky log, the Malewarebytes' Anti-Malware log and the contents of main.txt and extra.txt.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: I think I'm infected

Unread postby ted_b » April 12th, 2008, 10:17 am

Thanks.

1) I uninstalled the programs recommended (Planet Poker, Viewpoint, Wild Tangent, Older Javas, Symantec remote, Virtual Bouncer, etc.).

2) Here's the Malware log:

Malwarebytes' Anti-Malware 1.11
Database version: 615

Scan type: Full Scan (C:\|F:\|H:\|I:\|J:\|)
Objects scanned: 205015
Time elapsed: 2 hour(s), 19 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.

3) Here's the Deckard Main.txt

Deckard's System Scanner v20071014.68
Run by Ted Brady on 2008-04-11 19:49:12
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
104: 2008-04-11 23:49:25 UTC - RP2064 - Deckard's System Scanner Restore Point
103: 2008-04-11 21:15:56 UTC - RP2063 - Removed Java(TM) 6 Update 3
102: 2008-04-11 21:15:24 UTC - RP2062 - Removed Java 2 Runtime Environment, SE v1.4.1_02
101: 2008-04-11 21:15:05 UTC - RP2061 - Removed Java 2 Runtime Environment, SE v1.4.0_01
100: 2008-04-11 21:13:55 UTC - RP2060 - Removed Symantec Technical Support Web Controls


-- First Restore Point --
1: 2008-01-13 21:08:42 UTC - RP1961 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Ted Brady.exe) -------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:50:45 PM, on 4/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\PROGRA~1\SQUEEZ~2\server\Bin\MSWIN3~1\mysqld.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\VIA\VIAudioi\EnvyADeck\EnMixCPL.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Common Files\AOL\1139436337\ee\AOLSoftware.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\tedtemp\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Ted Brady.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://secure.crmondemand.com/OnDemand/logon.jsp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.yahoo.com"); (C:\Documents and Settings\TED BRADY\Application Data\Mozilla\Profiles\default\ow2jdxey.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\TED BRADY\Application Data\Mozilla\Profiles\default\ow2jdxey.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O3 - Toolbar: NewsStand Toolbar - {6E94ACD5-2C6A-48AC-84EF-A4DE746D385F} - C:\Program Files\NewsStand\Reader\NSIETool.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EnvyHFCPL] C:\Program Files\VIA\VIAudioi\EnvyADeck\EnMixCPL.exe 1
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1139436337\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB005" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
O4 - HKCU\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /P30 "EPSON Stylus Photo R220 Series" /M "Stylus Photo R220" /EF "HKCU"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Startup: Karen's Replicator.lnk = C:\Program Files\Karen's Power Tools\Replicator\PTReplicator.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: SqueezeCenter Tray Tool.lnk = C:\Program Files\SqueezeCenter\SqueezeTray.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AOL Instant Messenger (TM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/ho ... scan60.cab
O16 - DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} (IEPlayInterface Class) - http://www.dvdfile.com/software/eggs/jsLib/IAIEPlay.dll
O16 - DPF: {61628958-4627-48F4-99FD-30719188568D} (XCheck Control) - http://www.ifrontiers.com/ActiveX/XCheck.CAB
O16 - DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Maid Control) - http://vsp.closetmaid.com/vsp/cmaidctl_ ... loader.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: SqueezeMySQL - Unknown owner - C:\PROGRA~1\SQUEEZ~2\server\Bin\MSWIN3~1\mysqld.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - Unknown owner - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe (file missing)
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 11921 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080411-171855-503 O4 - Startup: Virtual Bouncer.lnk = C:\Program Files\VBouncer\VirtualBouncer.exe

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R2 CdaC15BA - c:\windows\system32\drivers\cdac15ba.sys
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.9) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.9>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

S3 emupia (E-mu Plug-in Architecture Driver) - c:\windows\system32\drivers\emupia2k.sys <Not Verified; Creative Technology Ltd; E-mu Plug-In Architecture>
S3 MTK (Media Technology Kernel Driver) - c:\windows\system32\drivers\mtk.sys (file missing)
S3 SDSTOR2K (SanDisk USB ImageMate/SecureMate Mass Storage Driver) - c:\windows\system32\drivers\sdstor2k.sys <Not Verified; SanDisk Corporation; ImageMate/SecureMate>
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
S3 vsdatant - c:\windows\system32\vsdatant.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AdobeActiveFileMonitor (Adobe Active File Monitor) - c:\program files\adobe\photoshop elements 3.0\photoshopelementsfileagent.exe
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 C-DillaCdaC11BA - c:\windows\system32\drivers\cdac11ba.exe <Not Verified; Macrovision; SafeCast Windows NT>
R2 SqueezeMySQL - c:\progra~1\squeez~2\server\bin\mswin3~1\mysqld.exe --defaults-file=c:\docume~1\alluse~1.win\applic~1\squeez~1\cache\my.cnf squeezemysql

S2 TivoBeacon2 (TiVo Beacon) - c:\program files\common files\tivo shared\beacon\tivobeacon.exe (file missing)
S3 Imapi Helper - "c:\program files\alex feinman\iso recorder\imapihelper.exe" <Not Verified; Alex Feinman; ISO Recorder>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-09 12:02:04 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-03-11 and 2008-04-11 -----------------------------

2008-04-11 17:25:39 0 d-------- C:\Documents and Settings\Ted Brady.OFFICE\Application Data\Malwarebytes
2008-04-11 17:25:20 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-04-11 17:25:19 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-08 13:00:53 0 d-------- C:\WINDOWS\aim95
2008-04-08 13:00:32 61952 --a------ C:\WINDOWS\system32\nabapi32.dll <Not Verified; Netscape Communications Corporation; Netscape Communications Address Book API>
2008-04-08 13:00:13 634087 --a------ C:\WINDOWS\cd32.exe
2008-03-31 13:15:18 23600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
2008-03-30 20:28:07 225280 --a------ C:\WINDOWS\system32\nvwrsda.dll
2008-03-28 21:58:58 0 d-------- C:\Program Files\SystemRequirementsLab
2008-03-28 21:58:47 0 d-------- C:\Documents and Settings\Ted Brady.OFFICE\Application Data\SystemRequirementsLab
2008-03-25 21:07:39 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Trend Micro
2008-03-25 20:44:52 0 d-------- C:\Program Files\Trend Micro
2008-03-25 19:29:42 0 d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-03-25 19:29:27 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-03-25 18:24:43 0 d-------- C:\WINDOWS\LMI938E.tmp
2008-03-25 18:17:31 9175040 --a------ C:\Documents and Settings\Ted Brady.OFFICE\ntuser.dat
2008-03-21 04:04:05 335 --a------ C:\WINDOWS\mozregistry.dat


-- Find3M Report ---------------------------------------------------------------

2008-04-11 18:11:34 0 d-------- C:\Program Files\Plaxo
2008-04-11 17:15:28 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-11 17:13:08 0 d-------- C:\Documents and Settings\Ted Brady.OFFICE\Application Data\Viewpoint
2008-04-11 17:12:34 0 d-------- C:\Program Files\Viewpoint
2008-04-09 22:47:50 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-09 17:35:56 0 d-------- C:\Documents and Settings\Ted Brady.OFFICE\Application Data\Adobe
2008-04-08 17:48:53 0 d-------- C:\Documents and Settings\Ted Brady.OFFICE\Application Data\Netscape
2008-04-08 13:08:42 38432 --a------ C:\WINDOWS\nsreg.dat
2008-04-08 13:00:53 0 d-------- C:\Program Files\Netscape
2008-04-07 20:43:31 0 d-------- C:\Documents and Settings\Ted Brady.OFFICE\Application Data\Intuit
2008-04-07 20:29:00 0 d-------- C:\Program Files\Common Files\AnswerWorks 4.0
2008-04-07 20:26:01 0 d-------- C:\Program Files\TurboTax
2008-04-05 17:32:58 384 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000002-00000000-00000009-00001102-00000004-10031102}.dat
2008-04-05 17:32:58 384 --a------ C:\WINDOWS\system32\DVCState-{00000002-00000000-00000009-00001102-00000004-10031102}.dat
2008-04-05 13:41:11 27495 --a------ C:\WINDOWS\mozver.dat
2008-04-01 09:38:53 0 d-------- C:\Program Files\Common Files
2008-03-31 22:50:01 0 d-------- C:\Program Files\VIA
2008-03-31 12:54:12 0 d-------- C:\Program Files\GameSpy Arcade
2008-03-31 12:52:22 0 d-------- C:\Program Files\Dell Computer
2008-03-31 12:51:18 0 d-------- C:\Program Files\Canon
2008-03-31 12:50:47 0 d-------- C:\Program Files\BOOMBox Radio Player
2008-03-31 12:49:53 0 d-------- C:\Program Files\Lavasoft
2008-03-31 12:49:50 0 d-------- C:\Documents and Settings\Ted Brady.OFFICE\Application Data\Lavasoft
2008-03-25 16:25:40 4 --a------ C:\WINDOWS\system32\7C7A66
2008-03-09 10:20:10 0 d-------- C:\Program Files\Java
2008-03-08 11:43:09 0 d-------- C:\Program Files\SqueezeCenter
2008-02-24 14:24:10 0 d-------- C:\Program Files\iTunes
2008-02-24 14:23:58 0 d-------- C:\Program Files\iPod
2008-02-24 14:21:32 0 d-------- C:\Program Files\Bonjour
2008-02-24 14:21:04 0 d-------- C:\Program Files\QuickTime
2008-02-18 15:55:15 0 d-------- C:\Program Files\Citrix


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [10/06/2003 03:57 PM C:\WINDOWS\SYSTEM32\CTHELPER.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 02:00 AM]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [04/10/2002 06:44 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM]
"EnvyHFCPL"="C:\Program Files\VIA\VIAudioi\EnvyADeck\EnMixCPL.exe" [01/31/2008 10:50 PM]
"WildTangent CDA"="C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll" [05/21/2004 07:12 PM]
"PRISMSVR.EXE"="C:\WINDOWS\system32\PRISMSVR.exe" []
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [08/22/2004 06:05 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/06/2003 02:16 PM]
"nwiz"="nwiz.exe" [10/06/2003 02:16 PM C:\WINDOWS\SYSTEM32\nwiz.exe]
"HostManager"="C:\Program Files\Common Files\AOL\1139436337\ee\AOLSoftware.exe" [05/09/2006 08:24 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/22/2006 01:54 PM]
"EPSON Stylus Photo R220 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.exe" [03/09/2005 05:00 AM]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [02/17/2006 12:59 PM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [03/09/2007 11:09 AM]
"MXO Auto Loader"="C:\WINDOWS\MXOALDR.EXE" [04/07/2003 07:09 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [02/01/2008 12:13 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/19/2008 02:10 PM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [10/06/2003 02:16 PM]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [02/16/2008 12:56 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"Microsoft Location Finder"="C:\Program Files\Microsoft Location Finder\LocationFinder.exe" [07/22/2005 06:41 PM]
"EPSON Stylus Photo R220 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.exe" [03/09/2005 05:00 AM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
"Aim6"="" []
"NvMediaCenter"="C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit" []

C:\Documents and Settings\Ted Brady.OFFICE\Start Menu\Programs\Startup\
Karen's Replicator.lnk - C:\Program Files\Karen's Power Tools\Replicator\PTReplicator.exe [8/22/2007 9:04:56 AM]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [10/4/2004 1:12:18 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 3:01:04 AM]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2/22/2005 11:23:17 PM]
SqueezeCenter Tray Tool.lnk - C:\Program Files\SqueezeCenter\SqueezeTray.exe [11/9/2007 11:03:26 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
AutoRun\command- I:\wd_windows_tools\setup.exe

3b) Here' the Deckard Extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 2.40GHz
Percentage of Memory in Use: 54%
Physical Memory (total/avail): 766.98 MiB / 349.64 MiB
Pagefile Memory (total/avail): 1108.82 MiB / 712 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1931.44 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 111.73 GiB total, 71.56 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Fixed (NTFS) - 149.05 GiB total, 3.3 GiB free.
G: is CDROM (No Media)
H: is Fixed (FAT32) - 298.02 GiB total, 114.66 GiB free.
I: is Fixed (FAT32) - 465.65 GiB total, 125.26 GiB free.
J: is Fixed (FAT32) - 232.83 GiB total, 199.57 GiB free.

\\.\PHYSICALDRIVE1 - ST3160023A - 149.05 GiB - 1 partition
\PARTITION0 - Installable File System - 149.05 GiB - F:

\\.\PHYSICALDRIVE0 - WDC WD1200JB-75CRA0 - 111.76 GiB - 2 partitions
\PARTITION0 - Unknown - 31.35 MiB
\PARTITION1 (bootable) - Installable File System - 111.73 GiB - C:

\\.\PHYSICALDRIVE2 - SEAGATE ST3320820A USB Device - 298.09 GiB - 1 partition
\PARTITION0 (bootable) - Unknown - 298.09 GiB - H:

\\.\PHYSICALDRIVE3 - WD 5000AAV External USB Device - 465.76 GiB - 1 partition
\PARTITION0 - Unknown - 465.76 GiB - I:

\\.\PHYSICALDRIVE4 - WDC WD2500JB-00REA0 USB Device - 232.88 GiB - 1 partition
\PARTITION0 (bootable) - Unknown - 232.88 GiB - J:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

AntivirusOverride is set.

FW: Trend Micro Personal Firewall v5.2 (Trend Micro Inc.) Disabled
AV: Trend Micro Internet Security v16.10.1079 ()

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\TiVo\\Desktop\\TiVoServer.exe"="C:\\Program Files\\TiVo\\Desktop\\TiVoServer.exe:*:Enabled:TiVo Server"
"C:\\Program Files\\Netscape\\Netscape Browser\\netscape.exe"="C:\\Program Files\\Netscape\\Netscape Browser\\netscape.exe:*:Enabled:Netscape"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1139008092\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1139008092\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1139008092\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1139008092\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Common Files\\AOL\\1139436337\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1139436337\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1139436337\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1139436337\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\tedtemp\\utorrent.exe"="C:\\tedtemp\\utorrent.exe:*:Enabled:µTorrent"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS
APPDATA=C:\Documents and Settings\Ted Brady.OFFICE\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=OFFICE
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Ted Brady.OFFICE
INTEL_LICENSE_FILE=C:\PROGRA~1\DEQX\DEQXCA~1.0\License
LOGONSERVER=\\OFFICE
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0207
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\TEDBRA~1.OFF\LOCALS~1\Temp
TMP=C:\DOCUME~1\TEDBRA~1.OFF\LOCALS~1\Temp
USERDOMAIN=OFFICE
USERNAME=Ted Brady
USERPROFILE=C:\Documents and Settings\Ted Brady.OFFICE
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Ted Brady.OFFICE (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative\SBAudigy2\Program\Ctzapxx.EXE" /U /S
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Audio Deck\Uninst.isu"
--> MsiExec.exe /I{5B782FFA-6A95-480D-8E0A-0954A14693D6}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{169F8893-C1C5-4847-972C-EA1E008112AC}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{169F8893-C1C5-4847-972C-EA1E008112AC}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{77ACE67A-0D21-4CEF-8A97-ED20A61B978B}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{77ACE67A-0D21-4CEF-8A97-ED20A61B978B}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{869D88A5-BD6C-4E39-8536-D95259EAD7E8}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{869D88A5-BD6C-4E39-8536-D95259EAD7E8}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F12F9787-0081-41A2-BDD2-5654C6F40BAF}\SETUP.EXE" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2Wire HomePortal --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F3301464-BA26-11D3-8D89-00D0B7218812}\setup.exe" FromAddRemove
2Wire Wireless Client --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A3BC5D37-30F9-4CF7-BD5C-0DFF063E4B6D}\Setup.exe" -l0x9 -L0x9
ACXOplayer --> MsiExec.exe /I{A742CD89-73EF-4B58-9285-96724A5FBC85}
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe ActiveShare 1.2 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Adobe\ActiveShare\Uninst.isu"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe PhotoDeluxe Home Edition 4.0 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Adobe\PhotoDeluxe Home Edition 4.0\Uninst.isu"
Adobe Photoshop Elements 3.0 --> MsiExec.exe /I{851C67EF-068A-4060-9EF5-2E3DDCD68382}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe® Photoshop® Album Starter Edition 3.2 --> MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
Album Cover Finder v.6.1.2 --> "C:\Program Files\Album Cover Finder\unins000.exe"
AnswerWorks 4.0 Runtime - English --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AudioShell 1.3 beta 3 --> "C:\Program Files\AudioShell\unins000.exe"
Avanquest update --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe" -l0x9 -removeonly
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Canon Camera Window for ZoomBrowser EX --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{FC3EEA54-C009-4D75-B753-3CD871BF3EBA}
Canon i860 --> C:\WINDOWS\System32\CNMCP56.exe "-PRINTERNAMECanon i860" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon i860 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon i860 Installer\Inst2\cnmi0409.dll"
Canon PhotoRecord --> MsiExec.exe /X{BEF56F2D-56ED-4176-BF72-7B68D4A3B98D}
Canon RAW Image Task for ZoomBrowser EX --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{FAF0DAD8-1EA7-4FEF-80E5-8D8D6EBD5A23}
Canon RemoteCapture Task for ZoomBrowser EX --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2236B741-6631-49AE-B76E-3E14CA01CC87}
Canon Utilities Easy-PhotoPrint Plus --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Canon\Easy-PhotoPrint Plus\Uninst.isu" -c"C:\Program Files\Canon\Easy-PhotoPrint Plus\EZUNINST.DLL"
Canon Utilities PhotoStitch 3.1 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{03CDDD00-BD57-4326-9480-4C74449AF597}
Canon Utilities ZoomBrowser EX --> MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
CD/DVD Jewel Case and Label Creator --> C:\PROGRA~1\CDLabel\UNWISE.EXE C:\PROGRA~1\CDLabel\INSTALL.LOG
Classic PhoneTools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3436EE2-D5CB-4249-840B-3A0140CC34C3}\setup.exe" -l0x9 ControlPanel
Conexant SmartHSFi V92 56K Speakerphone PCI Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2702\HXFSETUP.EXE -U -IDel8d8xk.INF
CopyTrans Suite (remove only) --> "C:\Program Files\WindSolutions\CopyTrans Suite\uninstall.exe"
Creative MediaSource --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\SETUP.EXE" -l0x9 /remove/remove
DAEMON Tools --> MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}
dBpoweramp FLAC Codec --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp FLAC Codec.dat
dBpoweramp m4a Codec --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp m4a Codec.dat
dBpoweramp Music Converter --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
Dell ResourceCD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
DiscWizard 2003 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1BC8E02-6B5B-4B4A-A75F-B27A16918C2B}\Setup.exe"
DriverAgent Plugin for Netscape by TouchStone Software --> RunDll32.exe advpack.dll, LaunchINFSection driveragent_np.inf,TVICHW32Remove
DVD Audio Extractor 4.2.2 --> "C:\Program Files\DVD Audio Extractor\unins000.exe"
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
Easy-WebPrint --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
Easy CD Creator 5 Basic --> MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
Easy Screen Capture --> C:\Program Files\Longfine\escrcap\uninstal.exe
eMusic Download Manager --> C:\Program Files\InstallShield Installation Information\{48FEB597-0410-4A17-B134-0DEF3083B944}\setup.exe -runfromtemp -l0x0009 -uninst -removeonly
EPSON ESPR220 Reference Guide --> C:\Program Files\epson\guide\spr220_e\uninstall.exe
EPSON Print CD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\setup.exe" -l0x9 -SYSTEM
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
ETF5.x --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\ETF5.x\ST6UNST.LOG"
Exact Audio Copy v0.9 beta 4 --> "C:\Program Files\Exact Audio Copy\unins000.exe"
FLAC Installer 1.1.3b (remove only) --> C:\Program Files\FLAC\uninstall.exe
foobar2000 v0.9.1 --> "C:\Program Files\foobar2000v9\uninstall.exe"
GoToMeeting/GoToWebinar 3.0.0.198 --> C:\Program Files\Citrix\GoToMeeting\198\G2MUninstall.exe /uninstall
GrabIt 1.6.0 Beta (build 928) --> "C:\Program Files\GrabIt\unins000.exe"
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Intel(R) PRO Ethernet Adapter and Software --> Prounstl.exe
IntelliMover --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchiSetup -ether"C:\Program Files\InstallShield Installation Information\{DA9F6EF5-E48A-4E45-BC57-AA16193763B7}"
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
iPod for Windows 2005-09-23 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC} /l1033
iPod for Windows 2006-01-10 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3D047C15-C859-45F7-81CE-F2681778069B} /l1033
iPod for Windows User Guide --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{B9987754-9A14-4B61-ABB3-73A79503238D} /l1033
iPod System Software Updater 2.1 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{B02B8E30-EB28-49B0-A60F-696268BAE033} /l1033
iPod Update 2004-04-28 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BB398A5D-24A1-4011-96AA-AAB495AABBAA} /l1033
iPod Updater 2004-11-15 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{06E73C0B-7DE7-4F41-860B-587033B75BD9} /l1033
ISO Recorder --> MsiExec.exe /I{DFC6573E-124D-4026-BFA4-B433C9D3FF21}
ItsDeductible Express --> MsiExec.exe /X{36495C59-089C-49D1-BD15-9E5BD86DC9A1}
iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
Java Web Start --> "C:\Program Files\Java Web Start\uninst-javaws.exe"
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
JVC Lens Calculator 3.5P (7/01/2007) --> "C:\Program Files\JVC Lens Calculator 3.5P\unins000.exe"
Karen's Replicator --> C:\Program Files\Karen's Power Tools\Replicator\uninst.exe
LaCie Backup Software v1.5.2215 --> MsiExec.exe /I{6DD9963C-271A-4A14-82B0-4DC148C52E58}
Macromedia Flash Player 8 --> MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}
Macromedia Shockwave Player --> C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\Install.log
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Maxtor OneTouch --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3EC91FDF-FE9A-43D5-96C4-8A9C24372500} /l1033
Medieval CUE Splitter --> MsiExec.exe /I{E9A5B341-167D-4042-8854-46F671F94049}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Crimson Skies Trial --> "C:\Program Files\Microsoft Games\Crimson Skies Trial\UNINSTAL.EXE" /runtemp /addremove
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Links LS 2000 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Microsoft Games\Links LS 2000\Uninst.isu"
Microsoft Location Finder --> MsiExec.exe /I{7A907070-4C4B-4734-8A21-62363AF710CE}
Microsoft Money 2002 --> MsiExec.exe /I{E7298FD5-1386-11D5-8D6C-0050DAD32D95}
Microsoft Money 2002 System Pack --> MsiExec.exe /I{CF5193F7-6B37-11D5-B7D2-00AA00A204F1}
Microsoft Office Visio Professional 2003 --> MsiExec.exe /I{91510409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Media Content --> MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Small Business --> MsiExec.exe /I{91130409-6000-11D3-8CFE-0050048383C9}
Microsoft PowerPoint Viewer 97 --> C:\Program Files\PowerPoint Viewer\setup\setup.exe
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
mobile PhoneTools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F18E8A0F-BE99-4305-96A5-6C0FD9D7D999}\setup.exe" -l0x9
Model Swing Saver Demo --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ModelGolf\Model Swing Saver Demo\Uninst.isu"
Mozilla Firefox (2.0.0.13) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (1.0) --> C:\WINDOWS\UninstallThunderbird.exe /ua "1.0 (en)"
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MSXML 4.0 --> MsiExec.exe /I{54BB0384-1C33-488F-A95B-877E480D3EDC}
MSXML4 Parser --> MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
MUSICMATCH Jukebox --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\Uninst.isu" -cC:\PROGRA~1\MUSICM~1\MUSICM~1\unmatch.dll
MuVo Slim --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F12F9787-0081-41A2-BDD2-5654C6F40BAF}\SETUP.EXE" -l0x9 /remove
Nero 6 Demo --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Netscape (7.1) --> C:\WINDOWS\NSUninst.exe /ua "7.1b1 (en)"
NewsStand Reader --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23C609A3-7AFD-42EA-8BED-1751FD530DE5}\Setup.exe" -l0x9 FROMADDREMOVE
Nikon Message Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\Setup.exe" -l0x9 UNINSTALL
Nokia Connectivity Cable Driver --> MsiExec.exe /X{3675AD63-CF95-4778-B981-225FB9225D7C}
Nokia Internet Tablet Software Update Wizard --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D198D2E7-B557-4404-A286-77F249625172}\setup.exe" -l0x9 -removeonly
NVIDIA Display Driver --> C:\WINDOWS\system32\nvudisp.exe Uninstall C:\WINDOWS\system32\nvdisp.nvu,NVIDIA Display Driver
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Photo Finale --> MsiExec.exe /X{54D9C0C9-1AF6-40DC-99C2-88272968552C}
PictureProject --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF3999BE-1A7B-4738-88AA-97BF14094A4A}\Setup.exe" -l0x9 UNINSTALL
Plaxo Toolbar for Outlook and Outlook Express --> C:\Program Files\Plaxo\2.13.1.3\uninstall.exe
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
ProntoEdit 4 --> MsiExec.exe /I{2C7F7830-E66E-40D8-8E26-28FAFF288A29}
ProntoEdit IR Database Utility Beta 0.9 Build 02 --> "C:\Program Files\IR Database\unins000.exe"
ProntoEdit Professional 9400 1.1 --> C:\Program Files\Philips\ProntoEdit Professional 9400 1.1\Uninst.exe
Quicken 2005 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2DBE41DD-2129-4C65-A3D3-5647236A60F3} anything
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Remote Control USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8471021C-F529-43DE-84DF-3612E10F58C4}\setup.exe" -l0x9 -removeonly
Rhapsody --> C:\PROGRA~1\LISTEN~1\Unwise32.exe /A C:\PROGRA~1\LISTEN~1\install.log
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
SafeCast Shared Components --> C:\WINDOWS\CDAC13BA.EXE /uninstall
SanDisk ImageMate/SecureMate --> C:\WINDOWS\ISUNINST.EXE -fC:\PROGRA~1\SanDisk\USB\SDUSBPDR.ISU -cC:\PROGRA~1\SanDisk\USB\ONUNINST.DLL
Shockwave --> C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log
SmartDraw 7 --> C:\PROGRA~1\SMARTD~1\UNWISE.EXE C:\PROGRA~1\SMARTD~1\install.log
Sony Noise Reduction Plug-In 2.0h --> MsiExec.exe /X{06A1BE8A-4CA4-4A39-B9E4-E815AA8FE05C}
Sony Sound Forge 9.0 --> MsiExec.exe /X{CCA51496-49D4-4FBF-9866-A2E2F40FAC7A}
Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
Sound Blaster Audigy 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E82BF103-904F-49C0-B77F-6EC110B71E87}\SETUP.EXE" -l0x9
Squeezebox Firmware Selector --> MsiExec.exe /I{CB37651C-3FAA-4931-AFEC-4B238DF64CD3}
SqueezeCenter 7.0 --> "C:\Program Files\SqueezeCenter\unins000.exe"
StandAlone Diagnostic --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\diag\Uninst.isu"
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
Trend Micro Internet Security --> C:\Program Files\Trend Micro\Internet Security\remove.exe
Trend Micro Internet Security --> MsiExec.exe /X{A621B45A-D138-4A95-BE10-7CABA05EF94E}
TriPeaks 2 --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-TriPeaks 2.dat
TriPeaks 2001 --> c:\Program Files\TriPeaks 2001\Uninstal.exe
TurboTax 2002 --> C:\Program Files\TurboTax\TurboTax 2002\TaxUnst.EXE "C:\Program Files\TurboTax\TurboTax 2002\Uninstall.log" -NoGui
TurboTax Deluxe 2003 --> C:\Program Files\TurboTax\Deluxe 2003\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2003\Uninstall.log" -NoGui
TurboTax Deluxe 2004 --> C:\Program Files\TurboTax\Deluxe 2004\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2004\Uninstall.log" -NoGui
TurboTax Deluxe 2005 --> C:\Program Files\TurboTax\Deluxe 2005\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2005\Uninstall.log" -NoGui
TurboTax Deluxe 2007 --> C:\Program Files\TurboTax\Deluxe 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2007\Uninstall.log" -NoGui
TurboTax Deluxe Deduction Maximizer 2006 --> C:\Program Files\TurboTax\Deluxe 2006\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2006\Uninstall.log" -NoGui
TurboTax ItsDeductible 2005 --> MsiExec.exe /X{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}
TurboTax ItsDeductible 2006 --> MsiExec.exe /X{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}
UnInstall Envy24 Family Audio Device Driver --> RunDll32.exe UnEnvyNT.dll,UninstallAudio C:\WINDOWS\IsUninst.exe -y-f"C:\PROGRA~1\AUDIOD~1/Uninst.isu";QSoundUninstall:17241412
URGE --> MsiExec.exe /I{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}
USB Storage Adapter FX (MXO) --> MXOun.exe MXOFX
V1 Home 2.0 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{E75594A0-B088-4635-B4F6-99654B5DDF96}
VC User CRT71 RTL X86 --- --> MsiExec.exe /I{B252ADE8-8F39-4CBD-89CB-5919008754FE}
VC User MFC71 RTL X86 --- --> MsiExec.exe /I{F2E6EB42-B04D-4F63-853F-8016BF71B25A}
VC User STL71 RTL X86 --- --> MsiExec.exe /I{1288424C-71D4-4EBA-94D2-9032F5CEE287}
VIA Platform Device Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
WexTech AnswerWorks --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}\SETUP.EXE" -l0x9 -eliminate
WildTangent Web Driver --> C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WMA 9 Lossless to PCM Conversion Tool --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmal2pcm.inf, Uninstall


-- Application Event Log -------------------------------------------------------

Event Record #/Type33167 / Success
Event Submitted/Written: 04/09/2008 03:13:25 AM
Event ID/Source: 2570 / Adobe Active File Monitor
Event Description:
Adobe Active File Monitor Service has Started.

Event Record #/Type33159 / Success
Event Submitted/Written: 04/07/2008 03:33:09 PM
Event ID/Source: 2570 / Adobe Active File Monitor
Event Description:
Adobe Active File Monitor Service has Started.

Event Record #/Type33158 / Error
Event Submitted/Written: 04/07/2008 03:31:05 PM
Event ID/Source: 1512 / Userenv
Event Description:
Windows cannot unload your registry file. The memory used by the registry has not been freed. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. If this problem persists, contact your administrator.


DETAIL - Insufficient system resources exist to complete the requested service.

Event Record #/Type33157 / Warning
Event Submitted/Written: 04/06/2008 08:33:00 PM
Event ID/Source: 63 / WinMgmt
Event Description:
A provider, OffProv11, has been registered in the WMI namespace, Root\MSAPPS11, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Event Record #/Type33156 / Warning
Event Submitted/Written: 04/06/2008 08:33:00 PM
Event ID/Source: 63 / WinMgmt
Event Description:
A provider, OffProv11, has been registered in the WMI namespace, Root\MSAPPS11, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type111136 / Error
Event Submitted/Written: 04/11/2008 05:16:48 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126

Event Record #/Type111133 / Error
Event Submitted/Written: 04/11/2008 05:16:48 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126

Event Record #/Type111130 / Error
Event Submitted/Written: 04/11/2008 05:16:47 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126

Event Record #/Type111127 / Error
Event Submitted/Written: 04/11/2008 05:16:47 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126

Event Record #/Type111124 / Error
Event Submitted/Written: 04/11/2008 05:16:47 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126


4) Here's Kaspersky's results (I didn't remove these vriuses and infected files yet cuz it requires buying Kaspersky and I already have Trend Micro. I'm open to all suggestions but my instructions were to simply report these findings, right?)

KASPERSKY ONLINE SCANNER REPORT
Saturday, April 12, 2008 9:52:40 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 12/04/2008
Kaspersky Anti-Virus database records: 698819
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan Statistics:
Total number of scanned objects: 212337
Number of viruses found: 6
Number of infected objects: 80
Number of suspicious objects: 12
Duration of the scan process: 05:30:47

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\SqueezeCenter\Cache\MySQL\ibdata1 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\SqueezeCenter\Cache\MySQL\ib_logfile0 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\SqueezeCenter\Cache\MySQL\ib_logfile1 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\SqueezeCenter\Cache\mysql-error-log.txt Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Ted Brady\Application Data\Mozilla\Profiles\Jennifer\tx6gz1kn.slt\Mail\mailhost.cle.ameritech.net\Trash/[From "TED.BRADY" <TED.BRADY@oracle.com>][Date Mon, 15 Oct 2001 18:05:16 -0800 (GMT-08:00)]/text/[From MegEKerr@aol.com][Date Fri, 4 Oct 2002 13:34:50 EDT]/UNNAMED/[From Paul Brecht <pdbkdb@yahoo.com>][Date Wed, 23 Oct 2002 17:56:11 -0700 (PDT)]/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Ted Brady\Application Data\Mozilla\Profiles\Jennifer\tx6gz1kn.slt\Mail\mailhost.cle.ameritech.net\Trash/[From "TED.BRADY" <TED.BRADY@oracle.com>][Date Mon, 15 Oct 2001 18:05:16 -0800 (GMT-08:00)]/text/[From MegEKerr@aol.com][Date Fri, 4 Oct 2002 13:34:50 EDT]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Ted Brady\Application Data\Mozilla\Profiles\Jennifer\tx6gz1kn.slt\Mail\mailhost.cle.ameritech.net\Trash/[From "TED.BRADY" <TED.BRADY@oracle.com>][Date Mon, 15 Oct 2001 18:05:16 -0800 (GMT-08:00)]/text Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Ted Brady\Application Data\Mozilla\Profiles\Jennifer\tx6gz1kn.slt\Mail\mailhost.cle.ameritech.net\Trash Mail Berkeley mbox: suspicious - 3 skipped
C:\Documents and Settings\Ted Brady.OFFICE\Application Data\Mozilla\Profiles\Neil\451od84j.slt\Mail\mailhost.cle.amerite-1.net\Inbox/[From "Estela Hyatt" <hmiosbdhbtwnzn@sbcglobal.net>][Date Sun, 27 Jun 2004 06:08:02 +0300]/UNNAMED/[From "The Unofficial Warcraft III Forums Mailer" <rush@loadedinc.com>][Date Tue, 27 Jul 2004 21:00:21 -0400 (EDT)]/text/[From Admin@fbi.gov][Date Mon, 21 Nov 2005 21:40:40 UTC]/question_list.zip/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Ted Brady.OFFICE\Application Data\Mozilla\Profiles\Neil\451od84j.slt\Mail\mailhost.cle.amerite-1.net\Inbox/[From "Estela Hyatt" <hmiosbdhbtwnzn@sbcglobal.net>][Date Sun, 27 Jun 2004 06:08:02 +0300]/UNNAMED/[From "The Unofficial Warcraft III Forums Mailer" <rush@loadedinc.com>][Date Tue, 27 Jul 2004 21:00:21 -0400 (EDT)]/text/[From Admin@fbi.gov][Date Mon, 21 Nov 2005 21:40:40 UTC]/question_list.zip Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Ted Brady.OFFICE\Application Data\Mozilla\Profiles\Neil\451od84j.slt\Mail\mailhost.cle.amerite-1.net\Inbox/[From "Estela Hyatt" <hmiosbdhbtwnzn@sbcglobal.net>][Date Sun, 27 Jun 2004 06:08:02 +0300]/UNNAMED/[From "The Unofficial Warcraft III Forums Mailer" <rush@loadedinc.com>][Date Tue, 27 Jul 2004 21:00:21 -0400 (EDT)]/text/[From postmaster@mail.ircsd.org][Date Tue, 22 Nov 2005 00:43:27 GMT]/UNNAMED/[From "Beruchiya" <edanaeledie@epatra.com>][Date Mon, 21 Nov 2005 13:11:33 +0300]/text/[From ... ... /[From "Eda" <loreancatron@lovetime.ro>][Date Wed, 23 Nov 2005 04:38:30 +1200]/Katherine.zip Infected: Trojan-Downloader.Win32.Bagle.h skipped
C:\Documents and Settings\Ted Brady.OFFICE\Application Data\Mozilla\Profiles\Neil\451od84j.slt\Mail\mailhost.cle.amerite-1.net\Inbox/[From "Estela Hyatt" <hmiosbdhbtwnzn@sbcglobal.net>][Date Sun, 27 Jun 2004 06:08:02 +0300]/UNNAMED/[From "The Unofficial Warcraft III Forums Mailer" <rush@loadedinc.com>][Date Tue, 27 Jul 2004 21:00:21 -0400 (EDT)]/text/[From postmaster@mail.ircsd.org][Date Tue, 22 Nov 2005 00:43:27 GMT]/UNNAMED/[From "Beruchiya" <edanaeledie@epatra.com>][Date Mon, 21 Nov 2005 13:11:33 +0300]/text/[From ... /[F .. ... /[From "Rawni" <luanne@ultrapostman.com>][Date Wed, 23 Nov 2005 20:52:13 -0800]/text Infected: Trojan-Downloader.Win32.Bagle.h skipped
C:\Documents and Settings\Ted Brady.OFFICE\Application Data\Mozilla\Profiles\Neil\451od84j.slt\Mail\mailhost.cle.amerite-1.net\Inbox/[From "Estela Hyatt" <hmiosbdhbtwnzn@sbcglobal.net>][Date Sun, 27 Jun 2004 06:08:02 +0300]/UNNAMED/[From "The Unofficial Warcraft III Forums Mailer" <rush@loadedinc.com>][Date Tue, 27 Jul 2004 21:00:21 -0400 (EDT)]/text/[From postmaster@mail.ircsd.org][Date Tue, 22 Nov 2005 00:43:27 GMT]/UNNAMED/[From "Beruchiya" <edanaeledie@epatra.com>][Date Mon, 21 Nov 2005 13:11:33 +0300]/text/[From ... /[F .. ... /[From "Lou Pagan" <Iulgcdm@alcie.com>][Date Wed, 23 Nov 2005 14:36:54 -0800]/UNNAMED Infected: Trojan-Downloader.Win32.Bagle.h skipped
C:\Documents and Settings\Ted Brady.OFFICE\Application Data\Mozilla\Profiles\Neil\451od84j.slt\Mail\mailhost.cle.amerite-1.net\Inbox/[From "Estela Hyatt" <hmiosbdhbtwnzn@sbcglobal.net>][Date Sun, 27 Jun 2004 06:08:02 +0300]/UNNAMED/[From "The Unofficial Warcraft III Forums Mailer" <rush@loadedinc.com>][Date Tue, 27 Jul 2004 21:00:21 -0400 (EDT)]/text/[From postmaster@mail.ircsd.org][Date Tue, 22 Nov 2005 00:43:27 GMT]/UNNAMED/[From "Beruchiya" <edanaeledie@epatra.com>][Date Mon, 21 Nov 2005 13:11:33 +0300]/text/[From ... /[F ... ... /[From Tal <alex_otis@mail.com>][Date Wed, 23 Nov 2005 23:24:59 +0100 (CET)]/UNNAMED Infected: Trojan-Downloader.Win32.Bagle.h skipped
C:\Documents and Settings\Ted Brady.OFFICE\Application Data\Mozilla\Profiles\Neil\451od84j.slt\Mail\mailhost.cle.amerite-1.net\Inbox/[From "Estela Hyatt" <hmiosbdhbtwnzn@sbcglobal.net>][Date Sun, 27 Jun 2004 06:08:02 +0300]/UNNAMED/[From "The Unofficial Warcraft III Forums Mailer" <rush@loadedinc.com>][Date Tue, 27 Jul 2004 21:00:21 -0400 (EDT)]/text/[From postmaster@mail.ircsd.org][Date Tue, 22 Nov 2005 00:43:27 GMT]/UNNAMED/[From "Beruchiya" <edanaeledie@epatra.com>][Date Mon, 21 Nov 2005 13:11:33 +0300]/text/[From ... /[F ... /[From "Shakiyla" <deandran@truebritney.com>][Date Wed, 23 Nov 2005 02:44:29 +0400]/text Infected: Trojan-Downloader.Win32.Bagle.h skipped
C:\Documents and Settings\Ted Brady.OFFICE\Application Data\Mozilla\Profiles\Neil\451od84j.slt\Mail\mailhost.cle.amerite-1.net\Inbox/[From "Estela Hyatt" <hmiosbdhbtwnzn@sbcglobal.net>][Date Sun, 27 Jun 2004 06:08:02 +0300]/UNNAMED/[From "The Unofficial Warcraft III Forums Mailer" <rush@loadedinc.com>][Date Tue, 27 Jul 2004 21:00:21 -0400 (EDT)]/text/[From postmaster@mail.ircsd.org][Date Tue, 22 Nov 2005 00:43:27 GMT]/UNNAMED/[From "Beruchiya" <edanaeledie@epatra.com>][Date Mon, 21 Nov 2005 13:11:33 +0300]/text/[From ... /[F ... ... /[From Doctor <jrearl@gps-walking.com>][Date Wed, 23 Nov 2005 15:05:22 -0600]/UNNAMED Infected: Trojan-Downloader.Win32.Bagle.h skipped
C:\Documents and Settings\Ted Brady.OFFICE\Application Data\Mozilla\Profiles\Neil\451od84j.slt\Mail\mailhost.cle.amerite-1.net\Inbox/[From "Estela Hyatt" <hmiosbdhbtwnzn@sbcglobal.net>][Date Sun, 27 Jun 2004 06:08:02 +0300]/UNNAMED/[From "The Unofficial Warcraft III Forums Mailer" <rush@loadedinc.com>][Date Tue, 27 Jul 2004 21:00:21 -0400 (EDT)]/text/[From postmaster@mail.ircsd.org][Date Tue, 22 Nov 2005 00:43:27 GMT]/UNNAMED/[From "Beruchiya" <edanaeledie@epatra.com>][Date Mon, 21 Nov 2005 13:11:33 +0300]/text/[From ... /[F ... /[Fr ... /[From "Ahavah" <wolf@allracing.com>][Date Tue, 22 Nov 2005 23:30:06 -0500]/text Infected: Trojan-Downloader.Win32.Bagle.h skipped
C:\Documents and Settings\Ted Brady.OFFICE\Application Data\Mozilla\Profiles\Neil\451od84j.slt\Mail\mailhost.cle.amerite-1.net\Inbox/[From "Estela Hyatt" <hmiosbdhbtwnzn@sbcglobal.net>][Date Sun, 27 Jun 2004 06:08:02 +0300]/UNNAMED/[From "The Unofficial Warcraft III Forums Mailer" <rush@loadedinc.com>][Date Tue, 27 Jul 2004 21:00:21 -0400 (EDT)]/text/[From postmaster@mail.ircsd.org][Date Tue, 22 Nov 2005 00:43:27 GMT]/UNNAMED/[From "Beruchiya" <edanaeledie@epatra.com>][Date Mon, 21 Nov 2005 13:11:33 +0300]/text/[From ... /[F ... /[From "Kelsie Kattie" <ncg07wy@best1.net>][Date Tue, 22 Nov 2005 16:49:12 -0500]/UNNAMED Infected: Trojan-Downloader.Win32.Bagle.h skipped
C:\Documents and Settings\Ted Brady.OFFICE\Application Data\Mozilla\Profiles\Neil\451od84j.slt\Mail\mailhost.cle.amerite-1.net\Inbox/[From "Estela Hyatt" <hmiosbdhbtwnzn@sbcglobal.net>][Date Sun, 27 Jun 2004 06:08:02 +0300]/UNNAMED/[From "The Unofficial Warcraft III Forums Mailer" <rush@loadedinc.com>][Date Tue, 27 Jul 2004 21:00:21 -0400 (EDT)]/text/[From postmaster@mail.ircsd.org][Date Tue, 22 Nov 2005 00:43:27 GMT]/UNNAMED/[From "Beruchiya" <edanaeledie@epatra.com>][Date Mon, 21 Nov 2005 13:11:33 +0300]/text/[From ... /[From "Gonzalo Maurer" <RGoodrich@parlorcity.com>][Date Tue, 22 Nov 2005 23:14:03 +0200]/UNNAMED Infected: Trojan-Downloader.Win32.Bagle.h skipped
C:\Documents and Settings\Ted Brady.OFFICE\Application Data\Mozilla\Profiles\Neil\451od84j.slt\Mail\mailhost.cle.amerite-1.net\Inbox/[From "Estela Hyatt" <hmiosbdhbtwnzn@sbcglobal.net>][Date Sun, 27 Jun 2004 06:08:02 +0300]/UNNAMED/[From "The Unofficial Warcraft III Forums Mailer" <rush@loadedinc.com>][Date Tue, 27 Jul 2004 21:00:21 -0400 (EDT)]/text/[From postmaster@mail.ircsd.org][Date Tue, 22 Nov 2005 00:43:27 GMT]/UNNAMED/[From "Beruchiya" <edanaeledie@epatra.com>][Date Mon, 21 Nov 2005 13:11:33 +0300]/text/[From "J ... /[From "Harriet Church" <Edoawut@amsolution.com>][Date Tue, 22 Nov 2005 13:17:04 -0800]/UNNAMED Infected: Trojan-Downloader.Win32.Bagle.h skipped
C:\Documents and Settings\Ted Brady.OFFICE\Application Data\Mozilla\Profiles\Neil\451od84j.slt\Mail\mailhost.cle.amerite-1.net\Inbox/[From "Estela Hyatt" <hmiosbdhbtwnzn@sbcglobal.net>][Date Sun, 27 Jun 2004 06:08:02 +0300]/UNNAMED/[From "The Unofficial Warcraft III Forums Mailer" <rush@loadedinc.com>][Date Tue, 27 Jul 2004 21:00:21 -0400 (EDT)]/text/[From postmaster@mail.ircsd.org][Date Tue, 22 Nov 2005 00:43:27 GMT]/UNNAMED/[From "Beruchiya" <edanaeledie@epatra.com>][Date Mon, 21 Nov 2005 13:11:33 +0300]/text/[From "Juan ... /[From "Yash Durfey" <durfeoyash@foamade.com>][Date Tue, 22 Nov 2005 03:22:14 -0500]/UNNAMED Infected: Trojan-Downloader.Win32.Bagle.h skipped
C:\Documents and Settings\Ted Brady.OFFICE\Application Data\Mozilla\Profiles\Neil\451od84j.slt\Mail\mailhost.cle.amerite-1.net\Inbox/[From "Estela Hyatt" <hmiosbdhbtwnzn@sbcglobal.net>][Date Sun, 27 Jun 2004 06:08:02 +0300]/UNNAMED/[From "The Unofficial Warcraft III Forums Mailer" <rush@loadedinc.com>][Date Tue, 27 Jul 2004 21:00:21 -0400 (EDT)]/text/[From postmaster@mail.ircsd.org][Date Tue, 22 Nov 2005 00:43:27 GMT]/UNNAMED/[From "Beruchiya" <edanaeledie@epatra.com>][Date Mon, 21 Nov 2005 13:11:33 +0300]/text/[From "Juan Price" <Plaqi@optonline.net>][Date Tue, 22 Nov 2005 12:53:36 +0500]/UNNAMED Infected: Trojan-Downloader.Win32.Bagle.h skipped
C:\Documents and Settings\Ted Brady.OFFICE\Application Data\Mozilla\Profiles\Neil\451od84j.slt\Mail\mailhost.cle.amerite-1.net\Inbox/[From "Estela Hyatt" <hmiosbdhbtwnzn@sbcglobal.net>][Date Sun, 27 Jun 2004 06:08:02 +0300]/UNNAMED/[From "The Unofficial Warcraft III Forums Mailer" <rush@loadedinc.com>][Date Tue, 27 Jul 2004 21:00:21 -0400 (EDT)]/text/[From postmaster@mail.ircsd.org][Date Tue, 22 Nov 2005 00:43:27 GMT]/UNNAMED/[From "Beruchiya" <edanaeledie@epatra.com>][Date Mon, 21 Nov 2005 13:11:33 +0300]/text Infected: Trojan-Downloader.Win32.Bagle.h skipped
C:\Documents and Settings\Ted Brady.OFFICE\Application Data\Mozilla\Profiles\Neil\451od84j.slt\Mail\mailhost.cle.amerite-1.net\Inbox/[From "Estela Hyatt" <hmiosbdhbtwnzn@sbcglobal.net>][Date Sun, 27 Jun 2004 06:08:02 +0300]/UNNAMED/[From "The Unofficial Warcraft III Forums Mailer" <rush@loadedinc.com>][Date Tue, 27 Jul 2004 21:00:21 -0400 (EDT)]/text/[From postmaster@mail.ircsd.org][Date Tue, 22 Nov 2005 00:43:27 GMT]/UNNAMED Infected: Trojan-Downloader.Win32.Bagle.h skipped
C:\Documents and Settings\Ted Brady.OFFICE\Application Data\Mozilla\Profiles\Neil\451od84j.slt\Mail\mailhost.cle.amerite-1.net\Inbox/[From "Estela Hyatt" <hmiosbdhbtwnzn@sbcglobal.net>][Date Sun, 27 Jun 2004 06:08:02 +0300]/UNNAMED/[From "The Unofficial Warcraft III Forums Mailer" <rush@loadedinc.com>][Date Tue, 27 Jul 2004 21:00:21 -0400 (EDT)]/text Infected: Trojan-Downloader.Win32.Bagle.h skipped
C:\Documents and Settings\Ted Brady.OFFICE\Application Data\Mozilla\Profiles\Neil\451od84j.slt\Mail\mailhost.cle.amerite-1.net\Inbox/[From "Estela Hyatt" <hmiosbdhbtwnzn@sbcglobal.net>][Date Sun, 27 Jun 2004 06:08:02 +0300]/UNNAMED Infected: Trojan-Downloader.Win32.Bagle.h skipped
C:\Documents and Settings\Ted Brady.OFFICE\Application Data\Mozilla\Profiles\Neil\451od84j.slt\Mail\mailhost.cle.amerite-1.net\Inbox Mail Berkeley mbox: infected - 18 skipped
C:\Documents and Settings\Ted Brady.OFFICE\Application Data\Mozilla\Profiles\Neil\451od84j.slt\Mail\mailhost.cle.amerite-1.net\Junk/[From "Julianne Allen" <Rena.Emery@brownworth.com>][Date Sat, 03 Dec 2005 11:47:31 -0500]/UNNAMED/[From "Miloslava" <wertyu@hotbmws.com>][Date Sat, 03 Dec 2005 10:04:09 -0200]/text/[From "Annalee" <arthis@ionthenet.net>][Date Sat, 03 Dec 2005 13:18:34 +0300]/text/[From "PayPal" <service-center@paypal.com>][Date Fri, 02 Dec 2005 12:58:22 -0700]/html Infected: Trojan-Spy.HTML.Paylap.ev skipped
C:\Documents and Settings\Ted Brady.OFFICE\Application Data\Mozilla\Profiles\Neil\451od84j.slt\Mail\mailhost.cle.amerite-1.net\Junk/[From "Julianne Allen" <Rena.Emery@brownworth.com>][Date Sat, 03 Dec 2005 11:47:31 -0500]/UNNAMED/[From "Miloslava" <wertyu@hotbmws.com>][Date Sat, 03 Dec 2005 10:04:09 -0200]/text/[From "Annalee" <arthis@ionthenet.net>][Date Sat, 03 Dec 2005 13:18:34 +0300]/text Infected: Trojan-Spy.HTML.Paylap.ev skipped
C:\Documents and Settings\Ted Brady.OFFICE\Application Data\Mozilla\Profiles\Neil\451od84j.slt\Mail\mailhost.cle.amerite-1.net\Junk/[From "Julianne Allen" <Rena.Emery@brownworth.com>][Date Sat, 03 Dec 2005 11:47:31 -0500]/UNNAMED/[From "Miloslava" <wertyu@hotbmws.com>][Date Sat, 03 Dec 2005 10:04:09 -0200]/text Infected: Trojan-Spy.HTML.Paylap.ev skipped
C:\Documents and Settings\Ted Brady.OFFICE\Application Data\Mozilla\Profiles\Neil\451od84j.slt\Mail\mailhost.cle.amerite-1.net\Junk/[From "Julianne Allen" <Rena.Emery@brownworth.com>][Date Sat, 03 Dec 2005 11:47:31 -0500]/UNNAMED Infected: Trojan-Spy.HTML.Paylap.ev skipped
C:\Documents and Settings\Ted Brady.OFFICE\Application Data\Mozilla\Profiles\Neil\451od84j.slt\Mail\mailhost.cle.amerite-1.net\Junk Mail Berkeley mbox: infected - 4 skipped
C:\Documents and Settings\Ted Brady.OFFICE\Application Data\Thunderbird\Profiles\glb78lq3.default\Mail\mailhost.cle.ameritech.net\Inbox/[From "ZioGiorgio.com" <nl001@ziogiorgio.com>][Date Wed, 02 Oct 2002 06:29:27 -0500]/text/[From "AfterDawn.com Newsletter" <newsletter@afterdawn.com>][Date Fri, 6 Feb 2004 18:32:41 -0500 (EST)]/UNNAMED/[From Ted_Brady@peoplesoft.com [mailto:Ted_Brady@peoplesoft.com]][Date Sat, 07 Feb 2004 10:22:00 -0800]/UNNAMED/[From "Hamburg, Steve" <SHamburg@nelsoncomm.com>][Date Fri, 13 Feb 2004 13:36:1 ... /[From "Weitzel M ... /[From linda@pranawire.com][Date Fri, 13 Feb 2004 18:57:49 ... /body.exe Infected: Email-Worm.Win32.Mydoom.a skipped
C:\Documents and Settings\Ted Brady.OFFICE\Application Data\Thunderbird\Profiles\glb78lq3.default\Mail\mailhost.cle.ameritech.net\Inbox/[From "ZioGiorgio.com" <nl001@ziogiorgio.com>][Date Wed, 02 Oct 2002 06:29:27 -0500]/text/[From "AfterDawn.com Newsletter" <newsletter@afterdawn.com>][Date Fri, 6 Feb 2004 18:32:41 -0500 (EST)]/UNNAMED/[From Ted_Brady@peoplesoft.com [mailto:Ted_Brady@peoplesoft.com]][Date Sat, 07 Feb 2004 10:22:00 -0800]/UNNAMED/[From "Hamburg, Steve" <SHamburg@nelsoncomm.com>][Date Fri, 13 Feb 2004 13:36:1 ... /[From "Weitzel M ... /[From linda@pranawire.com][Date Fri, 13 Feb 2004 18:57:49 -0500]/UNNAMED Infected: Email-Worm.Win32.Mydoom.a skipped
C:\Documents and Settings\Ted Brady.OFFICE\Application Data\Thunderbird\Profiles\glb78lq3.default\Mail\mailhost.cle.ameritech.net\Inbox/[From "ZioGiorgio.com" <nl001@ziogiorgio.com>][Date Wed, 02 Oct 2002 06:29:27 -0500]/text/[From "AfterDawn.com Newsletter" <newsletter@afterdawn.com>][Date Fri, 6 Feb 2004 18:32:41 -0500 (EST)]/UNNAMED/[From Ted_Brady@peoplesoft.com [mailto:Ted_Brady@peoplesoft.com]][Date Sat, 07 Feb 2004 10:22:00 -0800]/UNNAMED/[From "Hamburg, Steve" <SHamburg@nelsoncomm.com>][Date Fri, 13 Feb 2004 13:36:1 ... /[From "Weitzel Margaret" <MWeitzel@wyseadv.com>][Date Fri, 13 Feb 2004 15:33:15 -0500]/UNNAMED Infected: Email-Worm.Win32.Mydoom.a skipped
C:\Documents and Settings\Ted Brady.OFFICE\Application Data\Thunderbird\Profiles\glb78lq3.default\Mail\mailhost.cle.ameritech.net\Inbox/[From "ZioGiorgio.com" <nl001@ziogiorgio.com>][Date Wed, 02 Oct 2002 06:29:27 -0500]/text/[From "AfterDawn.com Newsletter" <newsletter@afterdawn.com>][Date Fri, 6 Feb 2004 18:32:41 -0500 (EST)]/UNNAMED/[From Ted_Brady@peoplesoft.com [mailto:Ted_Brady@peoplesoft.com]][Date Sat, 07 Feb 2004 10:22:00 -0800]/UNNAMED/[From "Hamburg, Steve" <SHamburg@nelsoncomm.com>][Date Fri, 13 Feb 2004 13:36:19 -0500]/text Infected: Email-Worm.Win32.Mydoom.a skipped
C:\Documents and Settings\Ted Brady.OFFICE\Application Data\Thunderbird\Profiles\glb78lq3.default\Mail\mailhost.cle.ameritech.net\Inbox/[From "ZioGiorgio.com" <nl001@ziogiorgio.com>][Date Wed, 02 Oct 2002 06:29:27 -0500]/text/[From "AfterDawn.com Newsletter" <newsletter@afterdawn.com>][Date Fri, 6 Feb 2004 18:32:41 -0500 (EST)]/UNNAMED/[From Ted_Brady@peoplesoft.com [mailto:Ted_Brady@peoplesoft.com]][Date Sat, 07 Feb 2004 10:22:00 -0800]/UNNAMED/[From "Irving Cruz" <offeriz@aol.com>][Date Sat, 14 Feb 2004 13 ... /[From adsl-68-248-30-49.dsl. ... /[From tedmbrady@ameritech.net][Date Sun, 15 Feb 2004 04:19:1 ... /readme.pif Infected: Email-Worm.Win32.Mydoom.a skipped
C:\Documents and Settings\Ted Brady.OFFICE\Application Data\Thunderbird\Profiles\glb78lq3.default\Mail\mailhost.cle.ameritech.net\Inbox/[From "ZioGiorgio.com" <nl001@ziogiorgio.com>][Date Wed, 02 Oct 2002 06:29:27 -0500]/text/[From "AfterDawn.com Newsletter" <newsletter@afterdawn.com>][Date Fri, 6 Feb 2004 18:32:41 -0500 (EST)]/UNNAMED/[From Ted_Brady@peoplesoft.com [mailto:Ted_Brady@peoplesoft.com]][Date Sat, 07 Feb 2004 10:22:00 -0800]/UNNAMED/[From "Irving Cruz" <offeriz@aol.com>][Date Sat, 14 Feb 2004 13 ... /[From adsl-68-248-30-49.dsl. ... /[From tedmbrady@ameritech.net][Date Sun, 15 Feb 2004 04:19:16 -0500]/UNNAMED Infected: Email-Worm.Win32.Mydoom.a skipped
C:\Documents and Settings\Ted Brady.OFFICE\Application Data\Thunderbird\Profiles\glb78lq3.default\Mail\mailhost.cle.ameritech.net\Inbox/[From "ZioGiorgio.com" <nl001@ziogiorgio.com>][Date Wed, 02 Oct 2002 06:29:27 -0500]/text/[From "AfterDawn.com Newsletter" <newsletter@afterdawn.com>][Date Fri, 6 Feb 2004 18:32:41 -0500 (EST)]/UNNAMED/[From Ted_Brady@peoplesoft.com [mailto:Ted_Brady@peoplesoft.com]][Date Sat, 07 Feb 2004 10:22:00 -0800]/UNNAMED/[From "Irving Cruz" <offeriz@aol.com>][Date Sat, 14 Feb 2004 13 ... /[From adsl-68-248-30-49.dsl.sfldmi.ameritech.net [68.248.30.49]][Date Sun, 15 Feb 2004 03:09:17 +0000]/UNNAMED Infected: Email-Worm.Win32.Mydoom.a skipped
C:\Documents and Settings\Ted Brady.OFFICE\Application Data\Thunderbird\Profiles\glb78lq3.default\Mail\mailhost.cle.ameritech.net\Inbox/[From "ZioGiorgio.com" <nl001@ziogiorgio.com>][Date Wed, 02 Oct 2002 06:29:27 -0500]/text/[From "AfterDawn.com Newsletter" <newsletter@afterdawn.com>][Date Fri, 6 Feb 2004 18:32:41 -0500 (EST)]/UNNAMED/[From Ted_Brady@peoplesoft.com [mailto:Ted_Brady@peoplesoft.com]][Date Sat, 07 Feb 2004 10:22:00 -0800]/UNNAMED/[From "Irving Cruz" <offeriz@aol.com>][Date Sat, 14 Feb 2004 13:57:35 +-0600]/html Infected: Email-Worm.Win32.Mydoom.a skipped
C:\Documents and Settings\Ted Brady.OFFICE\Application Data\Thunderbird\Profiles\glb78lq3.default\Mail\mailhost.cle.ameritech.net\Inbox/[From "ZioGiorgio.com" <nl001@ziogiorgio.com>][Date Wed, 02 Oct 2002 06:29:27 -0500]/text/[From "AfterDawn.com Newsletter" <newsletter@afterdawn.com>][Date Fri, 6 Feb 2004 18:32:41 -0500 (EST)]/UNNAMED/[From Ted_Brady@peoplesoft.com [mailto:Ted_Brady@peoplesoft.com]][Date Sat, 07 Feb 2004 10:22:00 -0800]/UNNAMED Infected: Email-Worm.Win32.Mydoom.a skipped
C:\Documents and Settings\Ted Brady.OFFICE\Application Data\Thunderbird\Profiles\glb78lq3.default\Mail\mailhost.cle.ameritech.net\Inbox/[From "ZioGiorgio.com" <nl001@ziogiorgio.com>][Date Wed, 02 Oct 2002 06:29:27 -0500]/text/[From "AfterDawn.com Newsletter" <newsletter@afterdawn.com>][Date Fri, 6 Feb 2004 18:32:41 -0500 (EST)]/UNNAMED Infected: Email-Worm.Win32.Mydoom.a skipped
C:\Documents and Settings\Ted Brady.OFFICE\Application Data\Thunderbird\Profiles\glb78lq3.default\Mail\mailhost.cle.ameritech.net\Inbox/[From "ZioGiorgio.com" <nl001@ziogiorgio.com>][Date Wed, 02 Oct 2002 06:29:27 -0500]/text/[From Dell Direct Deals <subscription_services@dell.com>][Date Thu, 16 Sep 2004 09:36:32 -0700 (PDT)]/UNNAMED/[From bmgmusic@bmgmusicservice.com][Date Thu, 16 Sep 2004 16:28:37 -0400 (EDT)]/UNNAMED/[From Clear Channel Entertainment <concertupdate@clearchannel.com>][Date 16 Sep 2004 23:00:35 -0000]/UNNAMED/[From Ebay <ebay-verify@ebay.com>][Date Thu, 16 Sep 2004 21:36:41 -0400]/html Infected: Trojan-Spy.HTML.Bayfraud.g skipped
C:\Documents and Settings\Ted Brady.OFFICE\Application Data\Thunderbird\Profiles\glb78lq3.default\Mail\mailhost.cle.ameritech.net\Inbox/[From "ZioGiorgio.com" <nl001@ziogiorgio.com>][Date Wed, 02 Oct 2002 06:29:27 -0500]/text/[From Dell Direct Deals <subscription_services@dell.com>][Date Thu, 16 Sep 2004 09:36:32 -0700 (PDT)]/UNNAMED/[From bmgmusic@bmgmusicservice.com][Date Thu, 16 Sep 2004 16:28:37 -0400 (EDT)]/UNNAMED/[From Clear Channel Entertainment <concertupdate@clearchannel.com>][Date 16 Sep 2004 23:00:35 -0000]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.g skipped
C:\Documents and Settings\Ted Brady.OFFICE\Application Data\Thunderbird\Profiles\glb78lq3.default\Mail\mailhost.cle.ameritech.net\Inbox/[From "ZioGiorgio.com" <nl001@ziogiorgio.com>][Date Wed, 02 Oct 2002 06:29:27 -0500]/text/[From Dell Direct Deals <subscription_services@dell.com>][Date Thu, 16 Sep 2004 09:36:32 -0700 (PDT)]/UNNAMED/[From bmgmusic@bmgmusicservice.com][Date Thu, 16 Sep 2004 16:28:37 -0400 (EDT)]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.g skipped
C:\Documents and Settings\Ted Brady.OFFICE\Application Data\Thunderbird\Profiles\glb78lq3.default\Mail\mailhost.cle.ameritech.net\Inbox/[From "ZioGiorgio.com" <nl001@ziogiorgio.com>][Date Wed, 02 Oct 2002 06:29:27 -0500]/text/[From Dell Direct Deals <subscription_services@dell.com>][Date Thu, 16 Sep 2004 09:36:32 -0700 (PDT)]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.g skipped
C:\Documents and Settings\Ted Brady.OFFICE\Application Data\Thunderbird\Profiles\glb78lq3.default\Mail\mailhost.cle.ameritech.net\Inbox/[From "ZioGiorgio.com" <nl001@ziogiorgio.com>][Date Wed, 02 Oct 2002 06:29:27 -0500]/text Infected: Trojan-Spy.HTML.Bayfraud.g skipped
C:\Documents and Settings\Ted Brady.OFFICE\Application Data\Thunderbird\Profiles\glb78lq3.default\Mail\mailhost.cle.ameritech.net\Inbox Mail Berkeley mbox: infected - 15 skipped
C:\Documents and Settings\Ted Brady.OFFICE\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Ted Brady.OFFICE\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\Ted Brady.OFFICE\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Ted Brady.OFFICE\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Ted Brady.OFFICE\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Ted Brady.OFFICE\Local Settings\Temp\Perflib_Perfdata_d24.dat Object is locked skipped
C:\Documents and Settings\Ted Brady.OFFICE\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Ted Brady.OFFICE\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Ted Brady.OFFICE\ntuser.dat Object is locked skipped
C:\Documents and Settings\Ted Brady.OFFICE\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Trend Micro\Internet Security\Trusted.dat Object is locked skipped
C:\System Volume Information\_restore{7711925F-71B2-404E-AC2A-11FBF2DD20D0}\RP2064\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{1DBEDA79-D958-4031-99E4-85FBB6DD097C}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\default Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\default.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\software Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\software.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\system Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\system.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\h323log.txt Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\ib172 Object is locked skipped
C:\WINDOWS\Temp\ib173 Object is locked skipped
C:\WINDOWS\Temp\ib174 Object is locked skipped
C:\WINDOWS\Temp\ib175 Object is locked skipped
C:\WINDOWS\Temp\ib176 Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
F:\System Volume Information\_restore{7711925F-71B2-404E-AC2A-11FBF2DD20D0}\RP2064\change.log Object is locked skipped
H:\System Volume Information\_restore{7711925F-71B2-404E-AC2A-11FBF2DD20D0}\RP2064\change.log Object is locked skipped
I:\System Volume Information\_restore{7711925F-71B2-404E-AC2A-11FBF2DD20D0}\RP2064\change.log Object is locked skipped
J:\System Volume Information\_restore{7711925F-71B2-404E-AC2A-11FBF2DD20D0}\RP2064\change.log Object is locked skipped
J:\Ted Brady.OFFICE\Application Data\Thunderbird\Profiles\glb78lq3.default\Mail\mailhost.cle.ameritech.net\Inbox/[From "ZioGiorgio.com" <nl001@ziogiorgio.com>][Date Wed, 02 Oct 2002 06:29:27 -0500]/text/[From "AfterDawn.com Newsletter" <newsletter@afterdawn.com>][Date Fri, 6 Feb 2004 18:32:41 -0500 (EST)]/UNNAMED/[From Ted_Brady@peoplesoft.com [mailto:Ted_Brady@peoplesoft.com]][Date Sat, 07 Feb 2004 10:22:00 -0800]/UNNAMED/[From "Hamburg, Steve" <SHamburg@nelsoncomm.com>][Date Fri, 13 Feb 2004 13:36:1 ... /[From "Weitzel M ... /[From linda@pranawire.com][Date Fri, 13 Feb 2004 18:57:49 ... /body.exe Infected: Email-Worm.Win32.Mydoom.a skipped
J:\Ted Brady.OFFICE\Application Data\Thunderbird\Profiles\glb78lq3.default\Mail\mailhost.cle.ameritech.net\Inbox/[From "ZioGiorgio.com" <nl001@ziogiorgio.com>][Date Wed, 02 Oct 2002 06:29:27 -0500]/text/[From "AfterDawn.com Newsletter" <newsletter@afterdawn.com>][Date Fri, 6 Feb 2004 18:32:41 -0500 (EST)]/UNNAMED/[From Ted_Brady@peoplesoft.com [mailto:Ted_Brady@peoplesoft.com]][Date Sat, 07 Feb 2004 10:22:00 -0800]/UNNAMED/[From "Hamburg, Steve" <SHamburg@nelsoncomm.com>][Date Fri, 13 Feb 2004 13:36:1 ... /[From "Weitzel M ... /[From linda@pranawire.com][Date Fri, 13 Feb 2004 18:57:49 -0500]/UNNAMED Infected: Email-Worm.Win32.Mydoom.a skipped
J:\Ted Brady.OFFICE\Application Data\Thunderbird\Profiles\glb78lq3.default\Mail\mailhost.cle.ameritech.net\Inbox/[From "ZioGiorgio.com" <nl001@ziogiorgio.com>][Date Wed, 02 Oct 2002 06:29:27 -0500]/text/[From "AfterDawn.com Newsletter" <newsletter@afterdawn.com>][Date Fri, 6 Feb 2004 18:32:41 -0500 (EST)]/UNNAMED/[From Ted_Brady@peoplesoft.com [mailto:Ted_Brady@peoplesoft.com]][Date Sat, 07 Feb 2004 10:22:00 -0800]/UNNAMED/[From "Hamburg, Steve" <SHamburg@nelsoncomm.com>][Date Fri, 13 Feb 2004 13:36:1 ... /[From "Weitzel Margaret" <MWeitzel@wyseadv.com>][Date Fri, 13 Feb 2004 15:33:15 -0500]/UNNAMED Infected: Email-Worm.Win32.Mydoom.a skipped
J:\Ted Brady.OFFICE\Application Data\Thunderbird\Profiles\glb78lq3.default\Mail\mailhost.cle.ameritech.net\Inbox/[From "ZioGiorgio.com" <nl001@ziogiorgio.com>][Date Wed, 02 Oct 2002 06:29:27 -0500]/text/[From "AfterDawn.com Newsletter" <newsletter@afterdawn.com>][Date Fri, 6 Feb 2004 18:32:41 -0500 (EST)]/UNNAMED/[From Ted_Brady@peoplesoft.com [mailto:Ted_Brady@peoplesoft.com]][Date Sat, 07 Feb 2004 10:22:00 -0800]/UNNAMED/[From "Hamburg, Steve" <SHamburg@nelsoncomm.com>][Date Fri, 13 Feb 2004 13:36:19 -0500]/text Infected: Email-Worm.Win32.Mydoom.a skipped
J:\Ted Brady.OFFICE\Application Data\Thunderbird\Profiles\glb78lq3.default\Mail\mailhost.cle.ameritech.net\Inbox/[From "ZioGiorgio.com" <nl001@ziogiorgio.com>][Date Wed, 02 Oct 2002 06:29:27 -0500]/text/[From "AfterDawn.com Newsletter" <newsletter@afterdawn.com>][Date Fri, 6 Feb 2004 18:32:41 -0500 (EST)]/UNNAMED/[From Ted_Brady@peoplesoft.com [mailto:Ted_Brady@peoplesoft.com]][Date Sat, 07 Feb 2004 10:22:00 -0800]/UNNAMED/[From "Irving Cruz" <offeriz@aol.com>][Date Sat, 14 Feb 2004 13 ... /[From adsl-68-248-30-49.dsl. ... /[From tedmbrady@ameritech.net][Date Sun, 15 Feb 2004 04:19:1 ... /readme.pif Infected: Email-Worm.Win32.Mydoom.a skipped
J:\Ted Brady.OFFICE\Application Data\Thunderbird\Profiles\glb78lq3.default\Mail\mailhost.cle.ameritech.net\Inbox/[From "ZioGiorgio.com" <nl001@ziogiorgio.com>][Date Wed, 02 Oct 2002 06:29:27 -0500]/text/[From "AfterDawn.com Newsletter" <newsletter@afterdawn.com>][Date Fri, 6 Feb 2004 18:32:41 -0500 (EST)]/UNNAMED/[From Ted_Brady@peoplesoft.com [mailto:Ted_Brady@peoplesoft.com]][Date Sat, 07 Feb 2004 10:22:00 -0800]/UNNAMED/[From "Irving Cruz" <offeriz@aol.com>][Date Sat, 14 Feb 2004 13 ... /[From adsl-68-248-30-49.dsl. ... /[From tedmbrady@ameritech.net][Date Sun, 15 Feb 2004 04:19:16 -0500]/UNNAMED Infected: Email-Worm.Win32.Mydoom.a skipped
J:\Ted Brady.OFFICE\Application Data\Thunderbird\Profiles\glb78lq3.default\Mail\mailhost.cle.ameritech.net\Inbox/[From "ZioGiorgio.com" <nl001@ziogiorgio.com>][Date Wed, 02 Oct 2002 06:29:27 -0500]/text/[From "AfterDawn.com Newsletter" <newsletter@afterdawn.com>][Date Fri, 6 Feb 2004 18:32:41 -0500 (EST)]/UNNAMED/[From Ted_Brady@peoplesoft.com [mailto:Ted_Brady@peoplesoft.com]][Date Sat, 07 Feb 2004 10:22:00 -0800]/UNNAMED/[From "Irving Cruz" <offeriz@aol.com>][Date Sat, 14 Feb 2004 13 ... /[From adsl-68-248-30-49.dsl.sfldmi.ameritech.net [68.248.30.49]][Date Sun, 15 Feb 2004 03:09:17 +0000]/UNNAMED Infected: Email-Worm.Win32.Mydoom.a skipped
J:\Ted Brady.OFFICE\Application Data\Thunderbird\Profiles\glb78lq3.default\Mail\mailhost.cle.ameritech.net\Inbox/[From "ZioGiorgio.com" <nl001@ziogiorgio.com>][Date Wed, 02 Oct 2002 06:29:27 -0500]/text/[From "AfterDawn.com Newsletter" <newsletter@afterdawn.com>][Date Fri, 6 Feb 2004 18:32:41 -0500 (EST)]/UNNAMED/[From Ted_Brady@peoplesoft.com [mailto:Ted_Brady@peoplesoft.com]][Date Sat, 07 Feb 2004 10:22:00 -0800]/UNNAMED/[From "Irving Cruz" <offeriz@aol.com>][Date Sat, 14 Feb 2004 13:57:35 +-0600]/html Infected: Email-Worm.Win32.Mydoom.a skipped
J:\Ted Brady.OFFICE\Application Data\Thunderbird\Profiles\glb78lq3.default\Mail\mailhost.cle.ameritech.net\Inbox/[From "ZioGiorgio.com" <nl001@ziogiorgio.com>][Date Wed, 02 Oct 2002 06:29:27 -0500]/text/[From "AfterDawn.com Newsletter" <newsletter@afterdawn.com>][Date Fri, 6 Feb 2004 18:32:41 -0500 (EST)]/UNNAMED/[From Ted_Brady@peoplesoft.com [mailto:Ted_Brady@peoplesoft.com]][Date Sat, 07 Feb 2004 10:22:00 -0800]/UNNAMED Infected: Email-Worm.Win32.Mydoom.a skipped
J:\Ted Brady.OFFICE\Application Data\Thunderbird\Profiles\glb78lq3.default\Mail\mailhost.cle.ameritech.net\Inbox/[From "ZioGiorgio.com" <nl001@ziogiorgio.com>][Date Wed, 02 Oct 2002 06:29:27 -0500]/text/[From "AfterDawn.com Newsletter" <newsletter@afterdawn.com>][Date Fri, 6 Feb 2004 18:32:41 -0500 (EST)]/UNNAMED Infected: Email-Worm.Win32.Mydoom.a skipped
J:\Ted Brady.OFFICE\Application Data\Thunderbird\Profiles\glb78lq3.default\Mail\mailhost.cle.ameritech.net\Inbox/[From "ZioGiorgio.com" <nl001@ziogiorgio.com>][Date Wed, 02 Oct 2002 06:29:27 -0500]/text/[From Dell Direct Deals <subscription_services@dell.com>][Date Thu, 16 Sep 2004 09:36:32 -0700 (PDT)]/UNNAMED/[From bmgmusic@bmgmusicservice.com][Date Thu, 16 Sep 2004 16:28:37 -0400 (EDT)]/UNNAMED/[From Clear Channel Entertainment <concertupdate@clearchannel.com>][Date 16 Sep 2004 23:00:35 -0000]/UNNAMED/[From Ebay <ebay-verify@ebay.com>][Date Thu, 16 Sep 2004 21:36:41 -0400]/html Infected: Trojan-Spy.HTML.Bayfraud.g skipped
J:\Ted Brady.OFFICE\Application Data\Thunderbird\Profiles\glb78lq3.default\Mail\mailhost.cle.ameritech.net\Inbox/[From "ZioGiorgio.com" <nl001@ziogiorgio.com>][Date Wed, 02 Oct 2002 06:29:27 -0500]/text/[From Dell Direct Deals <subscription_services@dell.com>][Date Thu, 16 Sep 2004 09:36:32 -0700 (PDT)]/UNNAMED/[From bmgmusic@bmgmusicservice.com][Date Thu, 16 Sep 2004 16:28:37 -0400 (EDT)]/UNNAMED/[From Clear Channel Entertainment <concertupdate@clearchannel.com>][Date 16 Sep 2004 23:00:35 -0000]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.g skipped
J:\Ted Brady.OFFICE\Application Data\Thunderbird\Profiles\glb78lq3.default\Mail\mailhost.cle.ameritech.net\Inbox/[From "ZioGiorgio.com" <nl001@ziogiorgio.com>][Date Wed, 02 Oct 2002 06:29:27 -0500]/text/[From Dell Direct Deals <subscription_services@dell.com>][Date Thu, 16 Sep 2004 09:36:32 -0700 (PDT)]/UNNAMED/[From bmgmusic@bmgmusicservice.com][Date Thu, 16 Sep 2004 16:28:37 -0400 (EDT)]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.g skipped
J:\Ted Brady.OFFICE\Application Data\Thunderbird\Profiles\glb78lq3.default\Mail\mailhost.cle.ameritech.net\Inbox/[From "ZioGiorgio.com" <nl001@ziogiorgio.com>][Date Wed, 02 Oct 2002 06:29:27 -0500]/text/[From Dell Direct Deals <subscription_services@dell.com>][Date Thu, 16 Sep 2004 09:36:32 -0700 (PDT)]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.g skipped
J:\Ted Brady.OFFICE\Application Data\Thunderbird\Profiles\glb78lq3.default\Mail\mailhost.cle.ameritech.net\Inbox/[From "ZioGiorgio.com" <nl001@ziogiorgio.com>][Date Wed, 02 Oct 2002 06:29:27 -0500]/text Infected: Trojan-Spy.HTML.Bayfraud.g skipped
J:\Ted Brady.OFFICE\Application Data\Thunderbird\Profiles\glb78lq3.default\Mail\mailhost.cle.ameritech.net\Inbox Mail Berkeley mbox: infected - 15 skipped
J:\Ted Brady.OFFICE\Application Data\Mozilla\Profiles\Neil\451od84j.slt\Mail\mailhost.cle.amerite-1.net\Inbox/[From "Estela Hyatt" <hmiosbdhbtwnzn@sbcglobal.net>][Date Sun, 27 Jun 2004 06:08:02 +0300]/UNNAMED/[From "The Unofficial Warcraft III Forums Mailer" <rush@loadedinc.com>][Date Tue, 27 Jul 2004 21:00:21 -0400 (EDT)]/text/[From Admin@fbi.gov][Date Mon, 21 Nov 2005 21:40:40 UTC]/question_list.zip/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y skipped
J:\Ted Brady.OFFICE\Application Data\Mozilla\Profiles\Neil\451od84j.slt\Mail\mailhost.cle.amerite-1.net\Inbox/[From "Estela Hyatt" <hmiosbdhbtwnzn@sbcglobal.net>][Date Sun, 27 Jun 2004 06:08:02 +0300]/UNNAMED/[From "The Unofficial Warcraft III Forums Mailer" <rush@loadedinc.com>][Date Tue, 27 Jul 2004 21:00:21 -0400 (EDT)]/text/[From Admin@fbi.gov][Date Mon, 21 Nov 2005 21:40:40 UTC]/question_list.zip Infected: Email-Worm.Win32.Sober.y skipped
J:\Ted Brady.OFFICE\Application Data\Mozilla\Profiles\Neil\451od84j.slt\Mail\mailhost.cle.amerite-1.net\Inbox/[From "Estela Hyatt" <hmiosbdhbtwnzn@sbcglobal.net>][Date Sun, 27 Jun 2004 06:08:02 +0300]/UNNAMED/[From "The Unofficial Warcraft III Forums Mailer" <rush@loadedinc.com>][Date Tue, 27 Jul 2004 21:00:21 -0400 (EDT)]/text/[From postmaster@mail.ircsd.org][Date Tue, 22 Nov 2005 00:43:27 GMT]/UNNAMED/[From "Beruchiya" <edanaeledie@epatra.com>][Date Mon, 21 Nov 2005 13:11:33 +0300]/text/[From ... ... /[From "Eda" <loreancatron@lovetime.ro>][Date Wed, 23 Nov 2005 04:38:30 +1200]/Katherine.zip Infected: Trojan-Downloader.Win32.Bagle.h skipped
J:\Ted Brady.OFFICE\Application Data\Mozilla\Profiles\Neil\451od84j.slt\Mail\mailhost.cle.amerite-1.net\Inbox/[From "Estela Hyatt" <hmiosbdhbtwnzn@sbcglobal.net>][Date Sun, 27 Jun 2004 06:08:02 +0300]/UNNAMED/[From "The Unofficial Warcraft III Forums Mailer" <rush@loadedinc.com>][Date Tue, 27 Jul 2004 21:00:21 -0400 (EDT)]/text/[From postmaster@mail.ircsd.org][Date Tue, 22 Nov 2005 00:43:27 GMT]/UNNAMED/[From "Beruchiya" <edanaeledie@epatra.com>][Date Mon, 21 Nov 2005 13:11:33 +0300]/text/[From ... /[F .. ... /[From "Rawni" <luanne@ultrapostman.com>][Date Wed, 23 Nov 2005 20:52:13 -0800]/text Infected: Trojan-Downloader.Win32.Bagle.h skipped
J:\Ted Brady.OFFICE\Application Data\Mozilla\Profiles\Neil\451od84j.slt\Mail\mailhost.cle.amerite-1.net\Inbox/[From "Estela Hyatt" <hmiosbdhbtwnzn@sbcglobal.net>][Date Sun, 27 Jun 2004 06:08:02 +0300]/UNNAMED/[From "The Unofficial Warcraft III Forums Mailer" <rush@loadedinc.com>][Date Tue, 27 Jul 2004 21:00:21 -0400 (EDT)]/text/[From postmaster@mail.ircsd.org][Date Tue, 22 Nov 2005 00:43:27 GMT]/UNNAMED/[From "Beruchiya" <edanaeledie@epatra.com>][Date Mon, 21 Nov 2005 13:11:33 +0300]/text/[From ... /[F .. ... /[From "Lou Pagan" <Iulgcdm@alcie.com>][Date Wed, 23 Nov 2005 14:36:54 -0800]/UNNAMED Infected: Trojan-Downloader.Win32.Bagle.h skipped
J:\Ted Brady.OFFICE\Application Data\Mozilla\Profiles\Neil\451od84j.slt\Mail\mailhost.cle.amerite-1.net\Inbox/[From "Estela Hyatt" <hmiosbdhbtwnzn@sbcglobal.net>][Date Sun, 27 Jun 2004 06:08:02 +0300]/UNNAMED/[From "The Unofficial Warcraft III Forums Mailer" <rush@loadedinc.com>][Date Tue, 27 Jul 2004 21:00:21 -0400 (EDT)]/text/[From postmaster@mail.ircsd.org][Date Tue, 22 Nov 2005 00:43:27 GMT]/UNNAMED/[From "Beruchiya" <edanaeledie@epatra.com>][Date Mon, 21 Nov 2005 13:11:33 +0300]/text/[From ... /[F ... ... /[From Tal <alex_otis@mail.com>][Date Wed, 23 Nov 2005 23:24:59 +0100 (CET)]/UNNAMED Infected: Trojan-Downloader.Win32.Bagle.h skipped
J:\Ted Brady.OFFICE\Application Data\Mozilla\Profiles\Neil\451od84j.slt\Mail\mailhost.cle.amerite-1.net\Inbox/[From "Estela Hyatt" <hmiosbdhbtwnzn@sbcglobal.net>][Date Sun, 27 Jun 2004 06:08:02 +0300]/UNNAMED/[From "The Unofficial Warcraft III Forums Mailer" <rush@loadedinc.com>][Date Tue, 27 Jul 2004 21:00:21 -0400 (EDT)]/text/[From postmaster@mail.ircsd.org][Date Tue, 22 Nov 2005 00:43:27 GMT]/UNNAMED/[From "Beruchiya" <edanaeledie@epatra.com>][Date Mon, 21 Nov 2005 13:11:33 +0300]/text/[From ... /[F ... /[From "Shakiyla" <deandran@truebritney.com>][Date Wed, 23 Nov 2005 02:44:29 +0400]/text Infected: Trojan-Downloader.Win32.Bagle.h skipped
J:\Ted Brady.OFFICE\Application Data\Mozilla\Profiles\Neil\451od84j.slt\Mail\mailhost.cle.amerite-1.net\Inbox/[From "Estela Hyatt" <hmiosbdhbtwnzn@sbcglobal.net>][Date Sun, 27 Jun 2004 06:08:02 +0300]/UNNAMED/[From "The Unofficial Warcraft III Forums Mailer" <rush@loadedinc.com>][Date Tue, 27 Jul 2004 21:00:21 -0400 (EDT)]/text/[From postmaster@mail.ircsd.org][Date Tue, 22 Nov 2005 00:43:27 GMT]/UNNAMED/[From "Beruchiya" <edanaeledie@epatra.com>][Date Mon, 21 Nov 2005 13:11:33 +0300]/text/[From ... /[F ... ... /[From Doctor <jrearl@gps-walking.com>][Date Wed, 23 Nov 2005 15:05:22 -0600]/UNNAMED Infected: Trojan-Downloader.Win32.Bagle.h skipped
J:\Ted Brady.OFFICE\Application Data\Mozilla\Profiles\Neil\451od84j.slt\Mail\mailhost.cle.amerite-1.net\Inbox/[From "Estela Hyatt" <hmiosbdhbtwnzn@sbcglobal.net>][Date Sun, 27 Jun 2004 06:08:02 +0300]/UNNAMED/[From "The Unofficial Warcraft III Forums Mailer" <rush@loadedinc.com>][Date Tue, 27 Jul 2004 21:00:21 -0400 (EDT)]/text/[From postmaster@mail.ircsd.org][Date Tue, 22 Nov 2005 00:43:27 GMT]/UNNAMED/[From "Beruchiya" <edanaeledie@epatra.com>][Date Mon, 21 Nov 2005 13:11:33 +0300]/text/[From ... /[F ... /[Fr ... /[From "Ahavah" <wolf@allracing.com>][Date Tue, 22 Nov 2005 23:30:06 -0500]/text Infected: Trojan-Downloader.Win32.Bagle.h skipped
J:\Ted Brady.OFFICE\Application Data\Mozilla\Profiles\Neil\451od84j.slt\Mail\mailhost.cle.amerite-1.net\Inbox/[From "Estela Hyatt" <hmiosbdhbtwnzn@sbcglobal.net>][Date Sun, 27 Jun 2004 06:08:02 +0300]/UNNAMED/[From "The Unofficial Warcraft III Forums Mailer" <rush@loadedinc.com>][Date Tue, 27 Jul 2004 21:00:21 -0400 (EDT)]/text/[From postmaster@mail.ircsd.org][Date Tue, 22 Nov 2005 00:43:27 GMT]/UNNAMED/[From "Beruchiya" <edanaeledie@epatra.com>][Date Mon, 21 Nov 2005 13:11:33 +0300]/text/[From ... /[F ... /[From "Kelsie Kattie" <ncg07wy@best1.net>][Date Tue, 22 Nov 2005 16:49:12 -0500]/UNNAMED Infected: Trojan-Downloader.Win32.Bagle.h skipped
J:\Ted Brady.OFFICE\Application Data\Mozilla\Profiles\Neil\451od84j.slt\Mail\mailhost.cle.amerite-1.net\Inbox/[From "Estela Hyatt" <hmiosbdhbtwnzn@sbcglobal.net>][Date Sun, 27 Jun 2004 06:08:02 +0300]/UNNAMED/[From "The Unofficial Warcraft III Forums Mailer" <rush@loadedinc.com>][Date Tue, 27 Jul 2004 21:00:21 -0400 (EDT)]/text/[From postmaster@mail.ircsd.org][Date Tue, 22 Nov 2005 00:43:27 GMT]/UNNAMED/[From "Beruchiya" <edanaeledie@epatra.com>][Date Mon, 21 Nov 2005 13:11:33 +0300]/text/[From ... /[From "Gonzalo Maurer" <RGoodrich@parlorcity.com>][Date Tue, 22 Nov 2005 23:14:03 +0200]/UNNAMED Infected: Trojan-Downloader.Win32.Bagle.h skipped
J:\Ted Brady.OFFICE\Application Data\Mozilla\Profiles\Neil\451od84j.slt\Mail\mailhost.cle.amerite-1.net\Inbox/[From "Estela Hyatt" <hmiosbdhbtwnzn@sbcglobal.net>][Date Sun, 27 Jun 2004 06:08:02 +0300]/UNNAMED/[From "The Unofficial Warcraft III Forums Mailer" <rush@loadedinc.com>][Date Tue, 27 Jul 2004 21:00:21 -0400 (EDT)]/text/[From postmaster@mail.ircsd.org][Date Tue, 22 Nov 2005 00:43:27 GMT]/UNNAMED/[From "Beruchiya" <edanaeledie@epatra.com>][Date Mon, 21 Nov 2005 13:11:33 +0300]/text/[From "J ... /[From "Harriet Church" <Edoawut@amsolution.com>][Date Tue, 22 Nov 2005 13:17:04 -0800]/UNNAMED Infected: Trojan-Downloader.Win32.Bagle.h skipped
J:\Ted Brady.OFFICE\Application Data\Mozilla\Profiles\Neil\451od84j.slt\Mail\mailhost.cle.amerite-1.net\Inbox/[From "Estela Hyatt" <hmiosbdhbtwnzn@sbcglobal.net>][Date Sun, 27 Jun 2004 06:08:02 +0300]/UNNAMED/[From "The Unofficial Warcraft III Forums Mailer" <rush@loadedinc.com>][Date Tue, 27 Jul 2004 21:00:21 -0400 (EDT)]/text/[From postmaster@mail.ircsd.org][Date Tue, 22 Nov 2005 00:43:27 GMT]/UNNAMED/[From "Beruchiya" <edanaeledie@epatra.com>][Date Mon, 21 Nov 2005 13:11:33 +0300]/text/[From "Juan ... /[From "Yash Durfey" <durfeoyash@foamade.com>][Date Tue, 22 Nov 2005 03:22:14 -0500]/UNNAMED Infected: Trojan-Downloader.Win32.Bagle.h skipped
J:\Ted Brady.OFFICE\Application Data\Mozilla\Profiles\Neil\451od84j.slt\Mail\mailhost.cle.amerite-1.net\Inbox/[From "Estela Hyatt" <hmiosbdhbtwnzn@sbcglobal.net>][Date Sun, 27 Jun 2004 06:08:02 +0300]/UNNAMED/[From "The Unofficial Warcraft III Forums Mailer" <rush@loadedinc.com>][Date Tue, 27 Jul 2004 21:00:21 -0400 (EDT)]/text/[From postmaster@mail.ircsd.org][Date Tue, 22 Nov 2005 00:43:27 GMT]/UNNAMED/[From "Beruchiya" <edanaeledie@epatra.com>][Date Mon, 21 Nov 2005 13:11:33 +0300]/text/[From "Juan Price" <Plaqi@optonline.net>][Date Tue, 22 Nov 2005 12:53:36 +0500]/UNNAMED Infected: Trojan-Downloader.Win32.Bagle.h skipped
J:\Ted Brady.OFFICE\Application Data\Mozilla\Profiles\Neil\451od84j.slt\Mail\mailhost.cle.amerite-1.net\Inbox/[From "Estela Hyatt" <hmiosbdhbtwnzn@sbcglobal.net>][Date Sun, 27 Jun 2004 06:08:02 +0300]/UNNAMED/[From "The Unofficial Warcraft III Forums Mailer" <rush@loadedinc.com>][Date Tue, 27 Jul 2004 21:00:21 -0400 (EDT)]/text/[From postmaster@mail.ircsd.org][Date Tue, 22 Nov 2005 00:43:27 GMT]/UNNAMED/[From "Beruchiya" <edanaeledie@epatra.com>][Date Mon, 21 Nov 2005 13:11:33 +0300]/text Infected: Trojan-Downloader.Win32.Bagle.h skipped
J:\Ted Brady.OFFICE\Application Data\Mozilla\Profiles\Neil\451od84j.slt\Mail\mailhost.cle.amerite-1.net\Inbox/[From "Estela Hyatt" <hmiosbdhbtwnzn@sbcglobal.net>][Date Sun, 27 Jun 2004 06:08:02 +0300]/UNNAMED/[From "The Unofficial Warcraft III Forums Mailer" <rush@loadedinc.com>][Date Tue, 27 Jul 2004 21:00:21 -0400 (EDT)]/text/[From postmaster@mail.ircsd.org][Date Tue, 22 Nov 2005 00:43:27 GMT]/UNNAMED Infected: Trojan-Downloader.Win32.Bagle.h skipped
J:\Ted Brady.OFFICE\Application Data\Mozilla\Profiles\Neil\451od84j.slt\Mail\mailhost.cle.amerite-1.net\Inbox/[From "Estela Hyatt" <hmiosbdhbtwnzn@sbcglobal.net>][Date Sun, 27 Jun 2004 06:08:02 +0300]/UNNAMED/[From "The Unofficial Warcraft III Forums Mailer" <rush@loadedinc.com>][Date Tue, 27 Jul 2004 21:00:21 -0400 (EDT)]/text Infected: Trojan-Downloader.Win32.Bagle.h skipped
J:\Ted Brady.OFFICE\Application Data\Mozilla\Profiles\Neil\451od84j.slt\Mail\mailhost.cle.amerite-1.net\Inbox/[From "Estela Hyatt" <hmiosbdhbtwnzn@sbcglobal.net>][Date Sun, 27 Jun 2004 06:08:02 +0300]/UNNAMED Infected: Trojan-Downloader.Win32.Bagle.h skipped
J:\Ted Brady.OFFICE\Application Data\Mozilla\Profiles\Neil\451od84j.slt\Mail\mailhost.cle.amerite-1.net\Inbox Mail Berkeley mbox: infected - 18 skipped
J:\Ted Brady.OFFICE\Application Data\Mozilla\Profiles\Neil\451od84j.slt\Mail\mailhost.cle.amerite-1.net\Junk/[From "Julianne Allen" <Rena.Emery@brownworth.com>][Date Sat, 03 Dec 2005 11:47:31 -0500]/UNNAMED/[From "Miloslava" <wertyu@hotbmws.com>][Date Sat, 03 Dec 2005 10:04:09 -0200]/text/[From "Annalee" <arthis@ionthenet.net>][Date Sat, 03 Dec 2005 13:18:34 +0300]/text/[From "PayPal" <service-center@paypal.com>][Date Fri, 02 Dec 2005 12:58:22 -0700]/html Infected: Trojan-Spy.HTML.Paylap.ev skipped
J:\Ted Brady.OFFICE\Application Data\Mozilla\Profiles\Neil\451od84j.slt\Mail\mailhost.cle.amerite-1.net\Junk/[From "Julianne Allen" <Rena.Emery@brownworth.com>][Date Sat, 03 Dec 2005 11:47:31 -0500]/UNNAMED/[From "Miloslava" <wertyu@hotbmws.com>][Date Sat, 03 Dec 2005 10:04:09 -0200]/text/[From "Annalee" <arthis@ionthenet.net>][Date Sat, 03 Dec 2005 13:18:34 +0300]/text Infected: Trojan-Spy.HTML.Paylap.ev skipped
J:\Ted Brady.OFFICE\Application Data\Mozilla\Profiles\Neil\451od84j.slt\Mail\mailhost.cle.amerite-1.net\Junk/[From "Julianne Allen" <Rena.Emery@brownworth.com>][Date Sat, 03 Dec 2005 11:47:31 -0500]/UNNAMED/[From "Miloslava" <wertyu@hotbmws.com>][Date Sat, 03 Dec 2005 10:04:09 -0200]/text Infected: Trojan-Spy.HTML.Paylap.ev skipped
J:\Ted Brady.OFFICE\Application Data\Mozilla\Profiles\Neil\451od84j.slt\Mail\mailhost.cle.amerite-1.net\Junk/[From "Julianne Allen" <Rena.Emery@brownworth.com>][Date Sat, 03 Dec 2005 11:47:31 -0500]/UNNAMED Infected: Trojan-Spy.HTML.Paylap.ev skipped
J:\Ted Brady.OFFICE\Application Data\Mozilla\Profiles\Neil\451od84j.slt\Mail\mailhost.cle.amerite-1.net\Junk Mail Berkeley mbox: infected - 4 skipped
J:\Ted Brady\Application Data\Mozilla\Profiles\Jennifer\tx6gz1kn.slt\Mail\mailhost.cle.ameritech.net\Trash/[From "TED.BRADY" <TED.BRADY@oracle.com>][Date Mon, 15 Oct 2001 18:05:16 -0800 (GMT-08:00)]/text/[From MegEKerr@aol.com][Date Fri, 4 Oct 2002 13:34:50 EDT]/UNNAMED/[From Paul Brecht <pdbkdb@yahoo.com>][Date Wed, 23 Oct 2002 17:56:11 -0700 (PDT)]/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
J:\Ted Brady\Application Data\Mozilla\Profiles\Jennifer\tx6gz1kn.slt\Mail\mailhost.cle.ameritech.net\Trash/[From "TED.BRADY" <TED.BRADY@oracle.com>][Date Mon, 15 Oct 2001 18:05:16 -0800 (GMT-08:00)]/text/[From MegEKerr@aol.com][Date Fri, 4 Oct 2002 13:34:50 EDT]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
J:\Ted Brady\Application Data\Mozilla\Profiles\Jennifer\tx6gz1kn.slt\Mail\mailhost.cle.ameritech.net\Trash/[From "TED.BRADY" <TED.BRADY@oracle.com>][Date Mon, 15 Oct 2001 18:05:16 -0800 (GMT-08:00)]/text Suspicious: Exploit.HTML.Iframe.FileDownload skipped
J:\Ted Brady\Application Data\Mozilla\Profiles\Jennifer\tx6gz1kn.slt\Mail\mailhost.cle.ameritech.net\Trash Mail Berkeley mbox: suspicious - 3 skipped
J:\Ted Brady\Mozilla\Profiles\Jennifer\tx6gz1kn.slt\Mail\mailhost.cle.ameritech.net\Trash/[From "TED.BRADY" <TED.BRADY@oracle.com>][Date Mon, 15 Oct 2001 18:05:16 -0800 (GMT-08:00)]/text/[From MegEKerr@aol.com][Date Fri, 4 Oct 2002 13:34:50 EDT]/UNNAMED/[From Paul Brecht <pdbkdb@yahoo.com>][Date Wed, 23 Oct 2002 17:56:11 -0700 (PDT)]/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
J:\Ted Brady\Mozilla\Profiles\Jennifer\tx6gz1kn.slt\Mail\mailhost.cle.ameritech.net\Trash/[From "TED.BRADY" <TED.BRADY@oracle.com>][Date Mon, 15 Oct 2001 18:05:16 -0800 (GMT-08:00)]/text/[From MegEKerr@aol.com][Date Fri, 4 Oct 2002 13:34:50 EDT]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
J:\Ted Brady\Mozilla\Profiles\Jennifer\tx6gz1kn.slt\Mail\mailhost.cle.ameritech.net\Trash/[From "TED.BRADY" <TED.BRADY@oracle.com>][Date Mon, 15 Oct 2001 18:05:16 -0800 (GMT-08:00)]/text Suspicious: Exploit.HTML.Iframe.FileDownload skipped
J:\Ted Brady\Mozilla\Profiles\Jennifer\tx6gz1kn.slt\Mail\mailhost.cle.ameritech.net\Trash Mail Berkeley mbox: suspicious - 3 skipped


5) Here's the latest HJT log, run a few min ago:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:09:08 AM, on 4/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\PROGRA~1\SQUEEZ~2\server\Bin\MSWIN3~1\mysqld.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\VIA\VIAudioi\EnvyADeck\EnMixCPL.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Common Files\AOL\1139436337\ee\AOLSoftware.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\SQUEEZ~2\server\SQUEEZ~1.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://secure.crmondemand.com/OnDemand/logon.jsp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.yahoo.com"); (C:\Documents and Settings\TED BRADY\Application Data\Mozilla\Profiles\default\ow2jdxey.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\TED BRADY\Application Data\Mozilla\Profiles\default\ow2jdxey.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O3 - Toolbar: NewsStand Toolbar - {6E94ACD5-2C6A-48AC-84EF-A4DE746D385F} - C:\Program Files\NewsStand\Reader\NSIETool.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EnvyHFCPL] C:\Program Files\VIA\VIAudioi\EnvyADeck\EnMixCPL.exe 1
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1139436337\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB005" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
O4 - HKCU\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /P30 "EPSON Stylus Photo R220 Series" /M "Stylus Photo R220" /EF "HKCU"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Startup: Karen's Replicator.lnk = C:\Program Files\Karen's Power Tools\Replicator\PTReplicator.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: SqueezeCenter Tray Tool.lnk = C:\Program Files\SqueezeCenter\SqueezeTray.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AOL Instant Messenger (TM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/ho ... scan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} (IEPlayInterface Class) - http://www.dvdfile.com/software/eggs/jsLib/IAIEPlay.dll
O16 - DPF: {61628958-4627-48F4-99FD-30719188568D} (XCheck Control) - http://www.ifrontiers.com/ActiveX/XCheck.CAB
O16 - DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Maid Control) - http://vsp.closetmaid.com/vsp/cmaidctl_ ... loader.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: SqueezeMySQL - Unknown owner - C:\PROGRA~1\SQUEEZ~2\server\Bin\MSWIN3~1\mysqld.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - Unknown owner - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe (file missing)
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--

My computer seems to be running slightly better (audio is less of a problem) but I continue to get some freeze ups and continue to sporadically get the black boxes and black fonts on some web pages, especially Yahoo main page, Google main page. I also continue to have some sporadic problems with viewing full pull down windows (such as "file" in Mozilla Firefox) or having some pull down windows not fully drawn (top or sides are missing).

Thanks for all the help. Kaspersky (unlike Trend Micro or the other programs) found 6 viruses and 80 infected files so I want to tackle those asap, of course. Please advise. Thx
Ted
ted_b
Active Member
 
Posts: 7
Joined: April 4th, 2008, 6:22 pm

Re: I think I'm infected

Unread postby Carolyn » April 13th, 2008, 8:05 am

Hello Ted,

Your firewall is disabled. Please follow these steps to enable it:

  • Open the Trend Micro control panel
  • Click on "Network Security"
  • Click on "Personal Firewall"
  • Place a check mark in the box next to "Protect computer from internet attacks".


Please download DAFT and save it to your desktop:
  1. Double-click the daft.exe icon. Read the disclaimer and click OK.
  2. Click on the Scan button.
  3. Place a checkmark next to the following entries:

    .reg
    .scr


  4. Click the Fix button.
  5. Re-scan and save a logfile. By default, it will save as daft.txt.

Post the contents of that logfile with your next post.


As for the Kaspersky results, all of those infected objects are email located in the following folders:

C:\Documents and Settings\Ted Brady.OFFICE\Application Data\Mozilla\Profiles\Neil\451od84j.slt\Mail\mailhost.cle.amerite-1.net\Inbox Mail Berkeley mbox

C:\Documents and Settings\Ted Brady.OFFICE\Application Data\Mozilla\Profiles\Neil\451od84j.slt\Mail\mailhost.cle.amerite-1.net\Junk Mail Berkeley mbox

C:\Documents and Settings\Ted Brady.OFFICE\Application Data\Thunderbird\Profiles\glb78lq3.default\Mail\mailhost.cle.ameritech.net\Inbox Mail Berkeley mbox

J:\Ted Brady.OFFICE\Application Data\Thunderbird\Profiles\glb78lq3.default\Mail\mailhost.cle.ameritech.net\Inbox Mail Berkeley mbox

J:\Ted Brady.OFFICE\Application Data\Mozilla\Profiles\Neil\451od84j.slt\Mail\mailhost.cle.amerite-1.net\Inbox Mail Berkeley mbox

J:\Ted Brady.OFFICE\Application Data\Mozilla\Profiles\Neil\451od84j.slt\Mail\mailhost.cle.amerite-1.net\Junk Mail Berkeley mbox


The emails all have dates prior to 2005, some as old as 2002. I can provide you with a list of the infected emails if you want to delete all 80 individually. If it were my computer I would go to the inbox and delete all emails from 2005 and older and I would delete all of the email in the junk mail folder.

Please let me know how you would like to proceed. Remember to post the DAFT results as well. A fresh HijackThis log would also be helpful.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: I think I'm infected

Unread postby ted_b » April 13th, 2008, 10:53 am

Hi. I had the same idea re: the emails and frankly just deleted the profiles (Neil and Jennifer) of all profile versions/accounts. They haven't used this pc in years. Reran Kaspersky and seems ok. Thanks.

If I activate the trend Firewall then my wife's laptop seems unable to find the printer attached to this pc, desktop (shared printer). Dunno why.

Here's daft.txt:

DAFT Log saved on 2008-04-13 10:44:17
-----------------------------------------------------------------------
All associations okay!

Here's latest HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:49:01 AM, on 4/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\SQUEEZ~2\server\Bin\MSWIN3~1\mysqld.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\VIA\VIAudioi\EnvyADeck\EnMixCPL.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Common Files\AOL\1139436337\ee\AOLSoftware.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\SQUEEZ~2\server\SQUEEZ~1.EXE
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://secure.crmondemand.com/OnDemand/logon.jsp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.yahoo.com"); (C:\Documents and Settings\TED BRADY\Application Data\Mozilla\Profiles\default\ow2jdxey.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\TED BRADY\Application Data\Mozilla\Profiles\default\ow2jdxey.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O3 - Toolbar: NewsStand Toolbar - {6E94ACD5-2C6A-48AC-84EF-A4DE746D385F} - C:\Program Files\NewsStand\Reader\NSIETool.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EnvyHFCPL] C:\Program Files\VIA\VIAudioi\EnvyADeck\EnMixCPL.exe 1
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1139436337\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB005" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
O4 - HKCU\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /P30 "EPSON Stylus Photo R220 Series" /M "Stylus Photo R220" /EF "HKCU"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Startup: Karen's Replicator.lnk = C:\Program Files\Karen's Power Tools\Replicator\PTReplicator.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: SqueezeCenter Tray Tool.lnk = C:\Program Files\SqueezeCenter\SqueezeTray.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AOL Instant Messenger (TM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/ho ... scan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} (IEPlayInterface Class) - http://www.dvdfile.com/software/eggs/jsLib/IAIEPlay.dll
O16 - DPF: {61628958-4627-48F4-99FD-30719188568D} (XCheck Control) - http://www.ifrontiers.com/ActiveX/XCheck.CAB
O16 - DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Maid Control) - http://vsp.closetmaid.com/vsp/cmaidctl_ ... loader.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: SqueezeMySQL - Unknown owner - C:\PROGRA~1\SQUEEZ~2\server\Bin\MSWIN3~1\mysqld.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - Unknown owner - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe (file missing)
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe


Loaded question: Trend Micro was bought and installed cuz a friend said he liked it quite a bit better than Norton, and it was less intrusive on the overall O/S and registries, etc. But it seems that a lot of my problems started when I tried to delete Norton, had aborted an aborted process and safe mode issues, and then installed Trend Micro. Plus Trend seems to be quite the CPU hog at times. Question: Kaspersky seems to be a lot better at finding well-hidden problems, and reviews claim it has a very small footprint. if you were me would you spring for Kaspersky and uninstall Trends?

Thanks again for all the help.

Ted
ted_b
Active Member
 
Posts: 7
Joined: April 4th, 2008, 6:22 pm

Re: I think I'm infected

Unread postby Carolyn » April 13th, 2008, 6:10 pm

Hi Ted,


I will be happy to give you recommendations regarding security programs after I am certain that your computer is clean. In the meanwhile, please enable the Trend Micro Firewall. This link to the Trend Micro Knowlege Base might help you to resolve the problem you are having with the firewall blocking your wife from accessing the printer:
.http://esupport.trendmicro.com/support/ ... =en-126863

If you find that you need to disable the Trend Micro Firewall, then enable Windows Firewall while we finish cleaning your computer. Without a firewall your computer is susceptible to being hacked and taken over.



I recommend that you uninstall Netscape. It is no longer supported so any vulnerabilities that may exist will remain unpatched. In general, it is a bad idea to keep unsupported software.



Remove bad HijackThis entries
  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain

    O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -

    O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -

  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.



Now, enable the Show Hidden Folders option, like this:
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.


Using Windows Explore by right-clicking the Start button and left clicking Explore navigate to and find the following files and folders: if found, delete them (some may not be present after previous steps):

C:\Program Files\WildTangent <<Folder

Now empty you’re Recycle Bin.


Please post a fresh HijackThis log and let me know how your computer is behaving. Where you able to resolve your wife's printing problem with TM Firewall is enabled?
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: I think I'm infected

Unread postby ted_b » April 16th, 2008, 9:53 pm

Carolyn,
Thanks. Well, I've set up the trends Firewall, and it now works fine for the printer issue and for any music streamers finding my pc. Seems to be good.

I've removed the final two pieces of Java, and the orphan WildTangent folders too.

However, I can;t uninstall Netscape! I've tried Add-Remove Programs and tried via any "uninstall" option Nestacape may have had. Nothing. When tried via Add-Remove it says a registry entry is missing and can't uninstall.

Here's what it says:
Error
0: Uninstall log folder not found:
HKEY_LOCAL_MACHINE\Software\Netscape\Netscape\7.1b1(en)\Uninstall\Uninstall Log Folder
ted_b
Active Member
 
Posts: 7
Joined: April 4th, 2008, 6:22 pm

Re: I think I'm infected

Unread postby Carolyn » April 18th, 2008, 7:29 am

Hi Ted,

I'm glad the firewall problem is resolved. :thumbright:

Sometimes the easiest way to fix a problem with uninstalling a program is to reinstall it first...
  • Please download Netscape 7.1 from HERE.
  • After the download completes, install the program.
  • After the installation completes, go to Add & Remove Programs and uninstall Netscape 7.1.
  • Remove bad HijackThis entries
    • Run HijackThis
    • Click on the Scan button
    • Put a check beside all of the items listed below (if present):

      N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.yahoo.com"); (C:\Documents and Settings\TED BRADY\Application Data\Mozilla\Profiles\default\ow2jdxey.slt\prefs.js)

      N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\TED BRADY\Application Data\Mozilla\Profiles\default\ow2jdxey.slt\prefs.js)

    • Close all open windows and browsers/email, etc...
    • Click on the "Fix Checked" button
    • When completed, close the application.

Please post a fresh HijackThis log and let me know how your computer is behaving.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: I think I'm infected

Unread postby ted_b » April 18th, 2008, 11:29 pm

I guess someone doesn't want me to uninstall Netscape 7.1 !!!!!! Your recommendation to reinstall got me to the installer setup executable. Well, the installer says the network has too many errors and goes into pause mode on the download on the XPCOM.xpi , without sending any data. Retrying just brings up same message. But I download a lot of other things...weird. Could my firewall (Trends) be causing an FTP hangup?

BTW, the font and black box issues seem to be happening less, but two issues still remain:
* The file/edit/view/history/etc pull down menus at the top of Firefox don;t paint fully, and File is usually unresponsive totally.
* My "My Yahoo" webpage continues to sporadically show vast amounts of blank (green theme) space below the My Yahoo header. The scroll bar is miniscule and the actual entries and links are at the bottom of the scroll area, literally what could be hundreds of pages down.
ted_b
Active Member
 
Posts: 7
Joined: April 4th, 2008, 6:22 pm

Re: I think I'm infected

Unread postby Carolyn » April 19th, 2008, 4:05 pm

Hi Ted,

I'm not sure what the problem might be with the download for Netscape. You might just delete the Netscape program folder (C:\Program Files\Netscape, if installed in the standard location) from your computer or you could seek help with removing Netscape from a general computer troubleshooting forum (see below).

The Firefox problems are not malware related either. Here is a link which can guide you through troubleshooting Firefox issues:
Firefox Troubleshooting

Before you do anything else, I would recommend backing up your Firefox profile:
Backing up your Firefox Profile


As this is a computer troubleshooting issue, not a malware issue, I suggest you use the following link to go to the CastleCops General Computer Problems forum for help from a CastleCops SRT...

http://www.castlecops.com/f120-General_ ... blems.html

I recommend that you register before posting your problem. Registered members can receive notification when there has been a reply to their topic. There is no way for CCSP to notify "guests" when they have received a reply.


You asked for my recommendations regarding security software. I am not a big fan of security suites but I have heard very good things about ESET:
ESET Smart Security



FREE FIREWALLS

Tutorial about Firewalls can be found here


FREE ANTIVIRUS
AntiVir
Avast
BitDefender


OTHER SECURITY PROGRAMS These can be used along with security suites as well as stand-alone antivirus programs and firewalls.
Malwarebytes' Anti-Malware
Firetrust SiteHound
WinPatrol by BillPStudios


This is my general post for when your logs show no more signs of malware ;)- Please let me know if you still are having problems with your computer and what these problems are

:remove tools:
Please delete Deckard's System Scanner (dss.exe) from your computer.


:clear system restore points:
    This is a good time to clear your existing system restore points and establish a new clean restore point:
    • Go to Start > All Programs > Accessories > System Tools > System Restore
    • Select Create a restore point, and Ok it.
    • Next, go to Start > Run and type in cleanmgr
    • Select the More options tab
    • Choose the option to clean up system restore and OK it.
    This will remove all restore points except the new one you just created.

:Make your Internet Explorer more secure:

    please visit this page that gives instructions to do this
    http://surfthenetsafely.com/ieseczone8.htm


  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialise and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.
:Turn On Automatic Updates:
    Turn On Automatic Updates
    1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
    2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them

    If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your taskbar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

    or visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

    :antispyware programs:
      you have a couple of good antispyware programs on this computer but you still can try some of these others to see if you like them also

      I would reccomend the download and installation of some or all of the following programs (all free), and the updating of them regularly:
      • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.

      • Spybot Search & Destroy - Spybot is a tool like Ad-Aware SE whereas it seeks out and removes known spyware from your machine. These two tools (Ad-Aware & spybot) are perfect complements to each other as one will most always find something the other missed.

      • Spyware Blaster - By altering your registry, this program stops harmful sites from installing things like ActiveX Controls on your machines.

      • IE_Spyad - Works by placing known "bad" sites into your Internet Explorer "Restricted Zones" prohibiting them from doing potentially problematic things to your computer.


    Consider a custom hosts file
      Consider a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
      For information on how to download and install, please read this tutorial by WinHelp2002
      Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

Also please read this great article by Tony Klein So How Did I Get Infected In First Place

Now you have followed my advice - it's time to lodge a complaint against what you have suffered.........

Malware Complaints
If you were infected .... Stand Up and be Counted.

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: I think I'm infected

Unread postby NonSuch » April 23rd, 2008, 12:42 am

Glad we could be of assistance.

This topic is now closed. If you wish it reopened, please send us an email to 'admin
at malwareremoval.com'
with a link to your thread.


You can help support this site from this link :
Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed
topic is required along with the user name used. If the user name does not match the one in the
thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27304
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 87 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware