Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

HiJack This - Dougster

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

HiJack This - Dougster

Unread postby Dougster » August 22nd, 2009, 12:33 pm

PROBLEM - Browser seems to be HiJacked. Both IE and Firefox.
Search results bring back returns. I click on the returns at the top of the page of results and do not go to the page selected. I get routed to things like: hxxp://www.toseeka.com/search.php?q=stop%20vimax%20ads
I was trying to stop all of the ViMax ads in my browser returns.
I can cut and paste the link from the return into the address bar and I can get to the linked page.

Sometimes IE and Firefox just quit.

Thanks in advance for any recommendation.
Following from HijackThis.

Doug

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:22:45 PM, on 8/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\1128783280\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\mcafee.com\antivirus\oasclnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Doug Knapp\Local Settings\Temporary Internet Files\Content.IE5\21BW5C3G\HiJackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer for Mplayer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6711
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AOL Toolbar Loader - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [sr1exe] "C:\Documents and Settings\All Users\Application Data\Dell\Alert\252\updtSup3.exe"
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0f\AOL.EXE" -b (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0f\AOL.EXE" -b (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - http://netscape.musicnotes.com/download/mnviewer.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://logon.tarponpointe.com/iNotes6W.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.5.0.cab
O16 - DPF: {4CCA4E6B-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/ins ... gr_v01.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {72D59B9C-1E59-4958-803A-ABDEE2D4CFA6} - http://download.divx.com/player/DivXPlayerInstaller.exe
O16 - DPF: {85C6BF10-C016-4071-A0B7-EF2E3DFCEF51} (BLDM DLMCtl Class) - http://dlm.burnlounge.com/BLDM.ocx
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} - http://www.napster.com/client/isetup.cab
O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} (Domino Web Access 8 Control) - http://logon.tarponpointe.com/dwa8W.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/53/i ... downls.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/s ... wflash.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup.cab
O16 - DPF: {EDD6C042-E583-42FA-9211-282AC1A99195} - https://streaming.endeavors.com/appx/cl ... s/OTAI.CAB
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.compani ... 3_16_0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6B53180B-0277-40A0-ABC7-453DB4A035AD}: NameServer = 85.255.112.231,85.255.112.98
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.231,85.255.112.98
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.231,85.255.112.98
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1128783280\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c917aea0c75a5c) (gupdate1c917aea0c75a5c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 11015 bytes
Last edited by NonSuch on August 23rd, 2009, 3:17 am, edited 1 time in total.
Reason: Edited to disable bad link.
Dougster
Regular Member
 
Posts: 45
Joined: August 22nd, 2009, 12:15 pm
Advertisement
Register to Remove

Re: HiJack This - Dougster

Unread postby muppy03 » August 25th, 2009, 3:01 am

Hello and welcome to Malware Removal Forums

IMPORTANT

Whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
To make cleaning this machine easier:-
  • Continue to respond to this thread until I give you the All Clean!
  • Please DO NOT uninstall/install any programs unless asked to. It is more difficult when files/programs appear or disappear from the logs.
  • Please do not run any scans other than those requested and do not post any logs/reports unless specifically requested to do so.
  • Please follow all instructions in the order posted.
  • If you have any questions or do not understand instructions, please ask before continuing.
  • Please reply to this thread. Do not start a new topic.

Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:
  • Start HijackThis
  • Click on the Config button
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
  • Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Save the file to your desktop.

Please post this log on your next reply.

Please download Malwarebytes' Anti-Malware and save to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:

    Update Malwarebytes' Anti-Malware
    Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply

    Note:
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Or via the Logs tab when Malwarebytes' Anti-Malware is started.

NEXT If MBAM will not run please rename it as explained below

1. Right click Start - Click Explore
2. Navigate to: c:\program files\malwarebytes' Anti-Malware Right click on mbam.exe - click Rename
3. Type into the name box: muppy.exe


NEXT Download and Run: RSIT

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Please reply with:-
  • Uninstall list
  • MBAM log
  • RSIT logs ( info.txt and log.txt)
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: HiJack This - Dougster

Unread postby Dougster » August 25th, 2009, 3:34 pm

Thanks so much for your very quick reply and clear instructions.
Here are the logs that you requested.

Acrobat.com
Acrobat.com
Ad-Aware
Ad-Aware
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1.3
Alcatel SpeedTouch USB Software
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Deskbar
AOL Instant Messenger
AOL Registration
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
Apple Mobile Device Support
Apple Software Update
Audible Download Manager
BCM V.92 56K Modem
CA Pest Patrol Realtime Protection
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
Cypress USB Mass Storage Driver Installation
Dell Picture Studio - Dell Image Expert
Digital Line Detect
DivX Codec 3.1alpha release
DVDSentry
Gadwin PrintScreen
GdiplusUpgrade
Google Earth
Google Earth Plugin
Google Update Helper
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Driver Diagnostics
HP Extended Capabilities 4.7
HP Image Zone 4.7
HP PSC & OfficeJet 4.7
HP Software Update
HP Wireless Rechargeable Optical Mouse
ImageDrive (ahead software)
Intel(R) PRO Ethernet Adapter and Software
iPod Copy Expert 3.1.2
iPod for Windows 2005-03-23
iPod Updater 2004-08-06
iTunes
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 13
LiveUpdate
Messenger Control Plugin for Ad-aware
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft Picture It! Photo 2002
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft VC9 runtime libraries
Microsoft Word 2002
Microsoft Works Suite Add-in for Microsoft Word
Mozilla Firefox (3.0.13)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML4 Parser
MyDVD
NVIDIA Display Driver
NVIDIA Windows 2000/XP Display Drivers
OLYMPUS Master
overland
Quicken 2007
QuickTime
RealPlayer
Roxio VideoWave Movie Creator
SafeCast Shared Components
Safety and Security Center Uninstaller
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Sound Blaster Live!
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax ItsDeductible 2006
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
USB Storage Adapter FX (SM1)
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Volo View Express
Win32 BI Application
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinZip

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 5.1.2600 Service Pack 3

8/25/2009 3:23:16 PM
mbam-log-2009-08-25 (15-23-16).txt

Scan type: Full Scan (C:\|G:\|)
Objects scanned: 447336
Time elapsed: 3 hour(s), 37 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 13
Registry Values Infected: 2
Registry Data Items Infected: 8
Folders Infected: 25
Files Infected: 70

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ysbactivex.installer.1 (Adware.ISTBar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{067c6a37-72ea-4437-863a-5be20c246f3c} (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1a2af056-1fe1-47ca-993d-5d09d18e674e} (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b247f5bf-bd9d-4ecd-8fc1-365f36a1fda1} (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbbfb891-98ae-4678-86f3-bd5a2eed86c9} (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{00000162-9980-0010-8000-00aa00389b71} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Screensavers.com (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\gxvxc (Rootkit.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.231,85.255.112.98 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6b53180b-0277-40a0-abc7-453db4a035ad}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.231,85.255.112.98 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.231,85.255.112.98 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6b53180b-0277-40a0-abc7-453db4a035ad}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.231,85.255.112.98 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.231,85.255.112.98 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{6b53180b-0277-40a0-abc7-453db4a035ad}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.231,85.255.112.98 -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\All Users\Application Data\Starware (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware\buttons (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware\contexts (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\contexts (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\images (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cindy Knapp\Application Data\Starware316 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cindy Knapp\Application Data\Starware316\BrowserSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cindy Knapp\Application Data\Starware316\Configurator (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cindy Knapp\Application Data\Starware316\ErrorSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cindy Knapp\Application Data\Starware316\Free_Credit_Score (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cindy Knapp\Application Data\Starware316\Free_Music (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cindy Knapp\Application Data\Starware316\Layouts (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cindy Knapp\Application Data\Starware316\Manager (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cindy Knapp\Application Data\Starware316\Reference (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cindy Knapp\Application Data\Starware316\RelatedSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cindy Knapp\Application Data\Starware316\Ringtones (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cindy Knapp\Application Data\Starware316\Screensavers (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cindy Knapp\Application Data\Starware316\Toolbar (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cindy Knapp\Application Data\Starware316\ToolbarLogo (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cindy Knapp\Application Data\Starware316\ToolbarSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cindy Knapp\Application Data\Starware316\TravelSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cindy Knapp\Application Data\Starware316\Weather (Adware.Starware) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware\buttons\screensaver.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware\contexts\error.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware\contexts\related.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware\contexts\travel.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\775_button_1b_def.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\FindIt.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\FindItHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\findithotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\finditxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Free_Credit_Score0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Free_Music0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\logo.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\logoxp.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Reference.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\ReferenceHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\referencehotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\referencexp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Ringtones0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Screensavers0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Weather.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\WeatherHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\weatherhotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\weatherxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\contexts\error.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\contexts\Related.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\contexts\Travel.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\images\walertXP.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\ProductMessagingConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\ProductMessagingConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\SimpleUpdateConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\SimpleUpdateConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\TimerManagerConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\TimerManagerConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cindy Knapp\Application Data\Starware316\BrowserSearch\BrowserSearch.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cindy Knapp\Application Data\Starware316\BrowserSearch\BrowserSearch.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cindy Knapp\Application Data\Starware316\Configurator\Configurator.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cindy Knapp\Application Data\Starware316\Configurator\Configurator.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cindy Knapp\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cindy Knapp\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cindy Knapp\Application Data\Starware316\Free_Credit_Score\Free_Credit_ScoreOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cindy Knapp\Application Data\Starware316\Free_Credit_Score\Free_Credit_ScoreOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cindy Knapp\Application Data\Starware316\Free_Music\Free_MusicOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cindy Knapp\Application Data\Starware316\Free_Music\Free_MusicOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cindy Knapp\Application Data\Starware316\Layouts\ToolbarLayout.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cindy Knapp\Application Data\Starware316\Layouts\ToolbarLayout.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cindy Knapp\Application Data\Starware316\Manager\ManagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cindy Knapp\Application Data\Starware316\Manager\ManagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cindy Knapp\Application Data\Starware316\Reference\ReferenceOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cindy Knapp\Application Data\Starware316\Reference\ReferenceOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cindy Knapp\Application Data\Starware316\RelatedSearch\RelatedSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cindy Knapp\Application Data\Starware316\RelatedSearch\RelatedSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cindy Knapp\Application Data\Starware316\Ringtones\RingtonesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cindy Knapp\Application Data\Starware316\Ringtones\RingtonesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cindy Knapp\Application Data\Starware316\Screensavers\ScreensaversOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cindy Knapp\Application Data\Starware316\Screensavers\ScreensaversOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cindy Knapp\Application Data\Starware316\Toolbar\TBProductsOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cindy Knapp\Application Data\Starware316\Toolbar\TBProductsOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cindy Knapp\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cindy Knapp\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cindy Knapp\Application Data\Starware316\ToolbarSearch\ToolbarSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cindy Knapp\Application Data\Starware316\ToolbarSearch\ToolbarSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cindy Knapp\Application Data\Starware316\TravelSearch\TravelSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cindy Knapp\Application Data\Starware316\TravelSearch\TravelSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cindy Knapp\Application Data\Starware316\Weather\AlertArchive.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cindy Knapp\Application Data\Starware316\Weather\WeatherOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cindy Knapp\Application Data\Starware316\Weather\WeatherOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\autorun.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\RECYCLER\S-6-0-34-100023800-100028889-100001710-3201.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\gxvxccounter (Trojan.DNSChanger) -> Quarantined and deleted successfully.

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Logfile of random's system information tool 1.06 (written by random/random)
Run by Doug Knapp at 2009-08-25 11:35:01
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 5 GB (4%) free of 114 GB
Total RAM: 511 MB (22% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:35:08 AM, on 8/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\1128783280\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\mcafee.com\antivirus\oasclnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Doug Knapp\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Doug Knapp.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer for Mplayer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6711
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AOL Toolbar Loader - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [sr1exe] "C:\Documents and Settings\All Users\Application Data\Dell\Alert\252\updtSup3.exe"
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0f\AOL.EXE" -b (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0f\AOL.EXE" -b (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - http://netscape.musicnotes.com/download/mnviewer.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://logon.tarponpointe.com/iNotes6W.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.5.0.cab
O16 - DPF: {4CCA4E6B-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/ins ... gr_v01.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {72D59B9C-1E59-4958-803A-ABDEE2D4CFA6} - http://download.divx.com/player/DivXPlayerInstaller.exe
O16 - DPF: {85C6BF10-C016-4071-A0B7-EF2E3DFCEF51} (BLDM DLMCtl Class) - http://dlm.burnlounge.com/BLDM.ocx
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} - http://www.napster.com/client/isetup.cab
O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} (Domino Web Access 8 Control) - http://logon.tarponpointe.com/dwa8W.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/53/i ... downls.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/s ... wflash.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup.cab
O16 - DPF: {EDD6C042-E583-42FA-9211-282AC1A99195} - https://streaming.endeavors.com/appx/cl ... s/OTAI.CAB
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.compani ... 3_16_0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6B53180B-0277-40A0-ABC7-453DB4A035AD}: NameServer = 85.255.112.231,85.255.112.98
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.231,85.255.112.98
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.231,85.255.112.98
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1128783280\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c917aea0c75a5c) (gupdate1c917aea0c75a5c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 11184 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
AOL Toolbar Loader - C:\Program Files\AOL Toolbar\aoltb.dll [2008-10-21 1275176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2009-02-27 349576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-05 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-05 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2009-02-27 349576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0BF43445-2F28-4351-9252-17FE6E806AA0}
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar - C:\Program Files\AOL Toolbar\aoltb.dll [2008-10-21 1275176]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2009-02-27 349576]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"DwlClient"=C:\Program Files\Common Files\Dell\EUSW\Support.exe [2003-09-19 294912]
"sr1exe"=C:\Documents and Settings\All Users\Application Data\Dell\Alert\252\updtSup3.exe []
"OASClnt"=C:\Program Files\mcafee.com\antivirus\oasclnt.exe [2005-08-18 116272]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-08-03 419088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\0321271154212172mcinstcleanup]
C:\DOCUME~1\DOUGKN~1\LOCALS~1\Temp\032127~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2009-02-27 640376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-07-03 520024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2009-02-27 38768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater6]
C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe [2009-01-08 2521464]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aida]
C:\Documents and Settings\David Knapp\Application Data\ttuh.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\PROGRA~1\AIM95\aim.exe [2006-08-01 67112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIMPro]
C:\Program Files\AIM\AIM Pro\aimpro.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager]
c:\program files\altnet\points manager\points manager.exe -s []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
C:\Program Files\America Online 9.0f\AOL.EXE [2005-07-12 50776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [2006-10-23 71216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLSPScheduler]
C:\Program Files\Common Files\AOL\1128783280\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe [2006-11-20 8784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
C:\WINDOWS\BCMSMMSG.exe [2003-08-29 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bpqgkqmrx]
C:\WINDOWS\system32\rduapwn.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bwgxit]
C:\WINDOWS\system32\rduapwn.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClockSync]
C:\Program Files\ClockSync\Sync.exe /q []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMESys]
C:\Program Files\Common Files\CMEII\CMESys.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\conscorr]
C:\WINDOWS\conscorr.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\csrss]
C:\WINDOWS\csrss.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagent]
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe [2002-04-03 135264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]
C:\WINDOWS\System32\DSentry.exe [2002-08-14 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EbatesMoeMoneyMaker0]
C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EmailScan]
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe [2005-10-19 460336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EM_EXEC]
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Enh Win Updt]
C:\WINDOWS\enhupdt.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\farmmext]
C:\WINDOWS\farmmext.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadwin PrintScreen]
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe [2007-08-20 495616]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gah95on6]
C:\WINDOWS\system32\gah95on6.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gmpymxjr]
C:\WINDOWS\System32\lphu.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GTV GlobalIM]
C:\Program Files\Bonfire Messenger\Global.IM.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1128783280\ee\AOLSoftware.exe [2008-06-24 41824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-02-16 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\inonol]
C:\WINDOWS\inonol.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
C:\Program Files\Microsoft IntelliPoint\point32.exe [2004-06-03 204800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer]
C:\Program Files\Internet Optimizer\optimize.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe [2006-03-27 126104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IST Service]
C:\Program Files\ISTsvc\istsvc.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA]
C:\Program Files\Kazaa\kazaa.exe /SYSTRAY []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\McUpdate.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Media Access]
C:\Program Files\Media Access\MediaAccK.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mhoxaj]
C:\WINDOWS\mhoxaj.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
???????\WkDetect.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
C:\Program Files\Microsoft Money\System\Money Express.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]
C:\WINDOWS\system32\ICO.EXE [2003-11-20 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPSExe]
c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msbb]
c:\windows\msbb.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnappau]
C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe /background []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\System32\NvCpl.dll [2003-10-06 5058560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
C:\Program Files\McAfee.com\VSO\oasclnt.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power Scan]
C:\Program Files\Power Scan\powerscan.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]
C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe -Run []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rduapwn]
c:\windows\system32\rduapwn.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rexnfvy]
C:\WINDOWS\system32\rduapwn.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sais]
c:\program files\180solutions\sais.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\salm]
c:\windows\salm.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\satmat]
C:\WINDOWS\satmat.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\slmss]
C:\Program Files\Common Files\slmss\slmss.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SM1BG]
C:\WINDOWS\SM1BG.EXE [2003-08-27 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe [2001-03-23 995328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sscRun]
C:\Program Files\Common Files\AOL\1128783280\ee\SSCRun.exe [2006-11-20 153168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\stratas]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-05 148888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TB_setup]
C:\DOCUME~1\DAVIDK~1\LOCALS~1\Temp\TB_ANI~1.EXE /dcheck []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2005-08-07 180269]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Trickler]
c:\documents and settings\david knapp\local settings\temp\fsg_4104.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\type32]
C:\Program Files\Microsoft IntelliType Pro\type32.exe [2004-06-03 172032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 -reboot 1 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updmgr]
C:\Program Files\Common files\updmgr\updmgr.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
C:\Program Files\McAfee.com\VSO\mcvsshld.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe /checktask []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VVSN]
C:\Program Files\VVSN\VVSN.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wdskctl]
C:\WINDOWS\wdskctl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
C:\Program Files\AWS\WeatherBug\Weather.exe 1 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebRebates0]
C:\Program Files\Web_Rebates\WebRebates0.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA]
C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll,cdaEngineMain []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Win Server Updt]
C:\WINDOWS\wupdt.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wnzmzw]
C:\WINDOWS\system32\rduapwn.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WT GameChannel]
C:\Program Files\WildTangent\Apps\GameChannel.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\You've Got Pictures Screensaver]
C:\Program Files\Common Files\AOL\Screensaver\ygpsstra.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~3.0\Reader\READER~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
C:\PROGRA~1\AMERIC~1.0A\aoltray.exe [2003-08-15 36953]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Audible Download Manager.lnk]
C:\PROGRA~1\Audible\Bin\AUDIBL~1.EXE [2009-04-29 1787224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
C:\PROGRA~1\DIGITA~1\DLG.exe [2002-02-15 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk]
C:\PROGRA~1\COMMON~1\GMT\GMT.exe /startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2004-11-04 258048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe [2004-11-04 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~3\Office\OSA9.EXE [1999-02-18 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
C:\PROGRA~1\COMMON~1\MICROS~1\WORKSS~1\wkcalrem.exe [2001-08-07 24633]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSOEMON.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WebSecureAlert.lnk]
C:\PROGRA~1\WEBSEC~1\WEBSEC~1.EXE /hidden []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Brian Knapp^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Cindy Knapp^Start Menu^Programs^Startup^AOL Desktop.lnk]
C:\PROGRA~1\COMMON~1\AOL\Launch\AOLLAU~1.EXE [2007-05-25 42032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Cindy Knapp^Start Menu^Programs^Startup^DING!.lnk]
C:\PROGRA~1\SOUTHW~1\Ding\Ding.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^David Knapp^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL TopSpeedMonitor"=2
"WZCSVC"=2
"WmiApSrv"=3
"WmdmPmSN"=3
"WANMiniportService"=2
"VSS"=3
"McODS"=2
"McLogManagerService"=2
"Schedule"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
""=
"NoDriveTypeAutoRun"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\America Online 9.0c\waol.exe"="C:\Program Files\America Online 9.0c\waol.exe:*:Enabled:America Online 9.0c"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\Program Files\Common Files\AOL\1103999711\EE\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1103999711\EE\AOLServiceHost.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe"="C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL"
"C:\WINDOWS\SYSTEM32\P2P Networking\P2P Networking2.exe"="C:\WINDOWS\SYSTEM32\P2P Networking\P2P Networking2.exe:*:Enabled:P2P Networking"
"C:\Program Files\America Online 9.0a\waol.exe"="C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:AOL"
"C:\Program Files\Kazaa\kazaa.exe"="C:\Program Files\Kazaa\kazaa.exe:*:Enabled:Kazaa"
"C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Disabled:Ares"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\WINDOWS\system32"="C:\WINDOWS\system32:*:Enabled:lockx"
"C:\Program Files\America Online 9.0b\waol.exe"="C:\Program Files\America Online 9.0b\waol.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0d\waol.exe"="C:\Program Files\America Online 9.0d\waol.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0e\waol.exe"="C:\Program Files\America Online 9.0e\waol.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe"="C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Common Files\AOL\1128783280\ee\aolservicehost.exe"="C:\Program Files\Common Files\AOL\1128783280\ee\aolservicehost.exe:*:Enabled:AOL Services"
"C:\Program Files\AIM95\aim.exe"="C:\Program Files\AIM95\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\America Online 9.0f\waol.exe"="C:\Program Files\America Online 9.0f\waol.exe:*:Enabled:AOL"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox"
"C:\Program Files\Windows Media Player\wmplayer.exe"="C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe"="C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\Common Files\AOL\1128783280\EE\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1128783280\EE\aolsoftware.exe:*:Enabled:AOL Shared Components"
"C:\WINDOWS\SYSTEM32\SYSWB6.exe"="C:\WINDOWS\SYSTEM32\SYSWB6.exe:*:Enabled:SYSWB6"
"C:\Program Files\SecondLife\SLVoice.exe"="C:\Program Files\SecondLife\SLVoice.exe:*:Enabled:SLVoice"
"C:\Program Files\SecondLife\SecondLife.exe"="C:\Program Files\SecondLife\SecondLife.exe:*:Enabled:Second Life"
"C:\Program Files\Common Files\AOL\1128783280\EE\AOLDesktop.exe"="C:\Program Files\Common Files\AOL\1128783280\EE\AOLDesktop.exe:*:Enabled:AOL Desktop"
"C:\Program Files\TurboTax\Premier 2007\32bit\ttax.exe"="C:\Program Files\TurboTax\Premier 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Premier 2007\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Premier 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\QuickTime\QuickTimePlayer.exe"="C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player"
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe"="C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\AOL 9.1\waol.exe"="C:\Program Files\AOL 9.1\waol.exe:*:Enabled:AOL"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\America Online 9.0c\waol.exe"="C:\Program Files\America Online 9.0c\waol.exe:*:Enabled:America Online 9.0c"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Common Files\AOL\1128783280\EE\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1128783280\EE\AOLServiceHost.exe:*:Enabled:AOL Services"
"C:\Program Files\AIM95\aim.exe"="C:\Program Files\AIM95\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aec4ab8f-c494-11d9-8c0d-0090d04aa89b}]
shell\AutoRun\command - H:\AutoRun\Demo32.exe


======List of files/folders created in the last 1 months======

2009-08-25 11:35:01 ----D---- C:\rsit
2009-08-25 11:29:52 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-08-25 11:29:52 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-08-25 11:24:28 ----D---- C:\Program Files\Trend Micro
2009-08-17 08:34:14 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-08-08 12:15:03 ----HDC---- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-08-02 21:10:13 ----HDC---- C:\WINDOWS\ie7
2009-08-01 10:53:50 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
2009-07-31 13:42:58 ----D---- C:\Program Files\Common Files\Macrovision Shared
2009-07-31 13:41:19 ----RA---- C:\WINDOWS\system32\AdobePDFUI.dll
2009-07-31 13:41:19 ----RA---- C:\WINDOWS\system32\AdobePDF.dll
2009-07-29 19:04:33 ----D---- C:\Program Files\Viewpoint
2009-07-28 16:44:13 ----D---- C:\Program Files\Microsoft Silverlight

======List of files/folders modified in the last 1 months======

2009-08-25 11:32:54 ----A---- C:\WINDOWS\System.ini
2009-08-25 11:29:54 ----D---- C:\WINDOWS\system32\DRIVERS
2009-08-25 11:29:52 ----AD---- C:\Program Files
2009-08-25 11:11:12 ----D---- C:\Program Files\Mozilla Firefox
2009-08-24 16:40:29 ----A---- C:\WINDOWS\WIN.INI
2009-08-24 08:40:30 ----D---- C:\WINDOWS\SYSTEM32
2009-08-23 18:40:43 ----RASH---- C:\BOOT.INI
2009-08-18 08:27:06 ----D---- C:\WINDOWS\TEMP
2009-08-17 14:52:43 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-14 18:26:00 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-14 18:25:43 ----HD---- C:\WINDOWS\INF
2009-08-13 20:34:22 ----AD---- C:\WINDOWS
2009-08-08 19:59:37 ----D---- C:\unzipped
2009-08-08 12:20:34 ----HD---- C:\Config.Msi
2009-08-08 12:18:28 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-08-08 12:15:03 ----SHD---- C:\WINDOWS\Installer
2009-08-05 21:59:34 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-08-02 21:18:46 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2009-08-02 21:18:46 ----D---- C:\WINDOWS\Help
2009-08-02 21:18:46 ----D---- C:\Program Files\Internet Explorer
2009-08-02 21:11:49 ----D---- C:\WINDOWS\WBEM
2009-08-02 21:11:49 ----D---- C:\WINDOWS\system32\en-US
2009-08-02 21:11:40 ----D---- C:\WINDOWS\Media
2009-08-02 21:10:01 ----D---- C:\WINDOWS\system32\CatRoot
2009-08-01 08:49:32 ----D---- C:\Documents and Settings\Doug Knapp\Application Data\Adobe
2009-07-31 13:43:05 ----D---- C:\Program Files\Common Files\Adobe
2009-07-31 13:42:58 ----AD---- C:\Program Files\Common Files
2009-07-31 13:30:43 ----D---- C:\WINDOWS\WinSxS
2009-07-31 13:24:53 ----RSD---- C:\WINDOWS\Fonts
2009-07-31 13:13:27 ----D---- C:\Program Files\Adobe
2009-07-31 12:25:56 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-07-30 12:00:31 ----D---- C:\Program Files\AOL 9.1
2009-07-29 16:16:47 ----D---- C:\Program Files\Dell Modem-On-Hold
2009-07-28 16:16:49 ----A---- C:\WINDOWS\imsins.BAK
2009-07-28 16:16:48 ----D---- C:\WINDOWS\ie7updates
2009-07-28 16:15:20 ----SD---- C:\WINDOWS\Tasks
2009-07-28 15:58:06 ----D---- C:\WINDOWS\system32\ShellExt
2009-07-28 15:57:51 ----D---- C:\Program Files\Google
2009-07-28 15:52:08 ----D---- C:\WINDOWS\Cache
2009-07-28 13:59:16 ----D---- C:\Program Files\LimeWire
2009-07-28 13:36:26 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-07-28 13:36:23 ----D---- C:\Program Files\NOS
2009-07-27 17:47:01 ----A---- C:\VETlog.txt

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2003-09-29 67024]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2003-09-29 24698]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2004-03-08 13567]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\System32\DRIVERS\omci.sys [2002-07-19 17153]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]
R2 CdaC15BA;CdaC15BA; \??\C:\WINDOWS\System32\drivers\CdaC15BA.SYS []
R2 PfModNT;PfModNT; \??\C:\WINDOWS\System32\PfModNT.sys []
R3 AtlsAud;Dell Movie Studio Audio Device; C:\WINDOWS\system32\drivers\AtlsAud.sys [2002-10-11 25600]
R3 BCMModem;BCM V.92 56K Modem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [2003-08-29 1101696]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2002-09-19 139776]
R3 EMATCORE;Dell Movie Studio Video Device; C:\WINDOWS\System32\Drivers\AtlsVid.sys [2002-10-11 207936]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-12-15 51120]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-12-15 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-12-15 21744]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NaiAvFilter1;NaiAvFilter1; C:\WINDOWS\system32\drivers\naiavf5x.sys [2005-09-06 114464]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2003-10-06 1550043]
R3 P16X;Creative SB Live! Series (WDM); C:\WINDOWS\system32\drivers\P16X.sys [2002-08-30 1293440]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2004-06-03 20352]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-13 42752]
S3 61883;61883 Unit Device; C:\WINDOWS\System32\DRIVERS\61883.sys [2008-04-13 48128]
S3 alcan5wn;Alcatel SpeedTouch(tm) USB ADSL PPPoA Networking Driver (NDIS); C:\WINDOWS\System32\DRIVERS\alcan5wn.sys [2001-03-23 42688]
S3 alcaudsl;Alcatel Speed Touch ADSL Modem ATM Transport; C:\WINDOWS\System32\DRIVERS\alcaudsl.sys [2001-03-23 588720]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 Avc;AVC Device; C:\WINDOWS\System32\DRIVERS\avc.sys [2008-04-13 38912]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-04 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-04 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-04 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-04 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-04 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-04 19455]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-04 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-04 19551]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys []
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-04 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-04 23615]
S3 LCcFltr;Logitech USB Filter Driver; C:\WINDOWS\system32\drivers\LCcFltr.Sys [2001-11-30 13052]
S3 LHidFlt2;Logitech HID/USB Mouse Filter Driver; C:\WINDOWS\System32\DRIVERS\LHidFlt2.sys []
S3 LHidUsb;Logitech USB Receiver device driver; C:\WINDOWS\system32\drivers\LHidUsb.Sys [2001-11-30 39836]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\System32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 NMSCFG;NIC Management Service Configuration Driver; \??\C:\WINDOWS\System32\drivers\NMSCFG.SYS []
S3 pelmouse;Mouse Suite Driver; C:\WINDOWS\system32\DRIVERS\pelmouse.sys [2003-01-10 16384]
S3 pelusblf;USB Mouse Low Filter Driver; C:\WINDOWS\system32\DRIVERS\pelusblf.sys [2004-09-22 12288]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-03-05 36864]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640]
R2 aolavupd;AOL Antivirus Update Service; C:\Program Files\Common Files\AOL\1128783280\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe [2006-11-20 22608]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-06 132424]
R2 C-DillaCdaC11BA;C-DillaCdaC11BA; C:\WINDOWS\System32\drivers\CDAC11BA.EXE [2003-04-15 52736]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.exe [1999-12-13 44032]
R2 IntuitUpdateService;Intuit Update Service; C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2008-10-10 13088]
R2 ITMRTSVC;CA Pest Patrol Realtime Protection Service; C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe [2006-12-19 280080]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-05 152984]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-07-03 1029456]
R2 McShield;McAfee McShield; C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe [2005-09-06 221184]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2003-10-06 81920]
R2 SimpTcp;Simple TCP/IP Services; C:\WINDOWS\System32\tcpsvcs.exe [2002-08-29 19456]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [2000-06-26 53520]
S2 gupdate1c917aea0c75a5c;Google Update Service (gupdate1c917aea0c75a5c); C:\Program Files\Google\Update\GoogleUpdate.exe [2008-09-15 133104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-07-31 651720]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 AOL TopSpeedMonitor;AOL TopSpeed Monitor; C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe [2004-10-15 100016]
S4 WANMiniportService;WAN Miniport (ATW) Service; C:\WINDOWS\wanmpsvc.exe [2003-08-27 65536]

-----------------EOF-----------------

the INFO.TXT log will be in a separate reply due to reply character limit of 100000.

Doug
Dougster
Regular Member
 
Posts: 45
Joined: August 22nd, 2009, 12:15 pm

Re: HiJack This - Dougster

Unread postby Dougster » August 25th, 2009, 3:37 pm

Here is the INFO.TXT log.
Doug

info.txt logfile of random's system information tool 1.06 2009-08-25 11:35:14

======Uninstall list======

-->"C:\Program Files\Creative\SBLive\Program\Ctzapxx.EXE" /X /U /S /R
-->"C:\Program Files\mcafee.com\antivirus\uninst.exe" /PopUpMsgBox="N" /CheckMutx="N" /S
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51F5239C-197B-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51F5239C-197B-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{55BC7EFA-D832-4EE3-9DEA-49B0C07539D9}\setup.exe" -l0x9 -L0x9anything
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DCDC8E79-4600-4C02-9824-CD3BB8971D4E}\Setup.exe" -l0x9 -L0x9anything
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7337A45-3FE5-4392-ABBB-26B794D060C9}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7337A45-3FE5-4392-ABBB-26B794D060C9}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->msiexec /qb /x {77DCDCE3-2DED-62F3-8154-05E745472D07}
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe
Adobe Acrobat 9 Pro - English, Français, Deutsch-->msiexec /I {AC76BA86-1033-F400-7760-000000000004}
Adobe Acrobat 9 Pro - English, Français, Deutsch-->msiexec /I {AC76BA86-1033-F400-7760-000000000004}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Alcatel SpeedTouch USB Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}\Setup.exe" -Control_Panel
AOL Coach Version 2.0(Build:20041026.5 en)-->C:\Program Files\Common Files\AolCoach\en_en\AolCInUn.exe -lang=en_en -ext=UDP
AOL Deskbar-->"C:\Program Files\AOL Deskbar\UNWISE.EXE" /u "C:\Program Files\AOL Deskbar\INSTALL.LOG"
AOL Instant Messenger-->C:\PROGRA~1\AIM95\uninstll.exe -LOG= C:\PROGRA~1\AIM95\install.log -OEM=
AOL Registration-->"C:\Program Files\AOL\RC\uninstall.exe"
AOL Toolbar -->"C:\Program Files\AOL Toolbar\uninstall.exe"
AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Mobile Device Support-->MsiExec.exe /I{AFA20D47-69C3-4030-8DF8-D37466E70F13}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Audible Download Manager-->C:\Program Files\Audible\Bin\AudibleDM_iTunesSetup[1].exe /Uninstall
BCM V.92 56K Modem-->C:\WINDOWS\BCMSMU.exe quiet
CA Pest Patrol Realtime Protection-->MsiExec.exe /X{F05A5232-CE5E-4274-AB27-44EB8105898D}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Cypress USB Mass Storage Driver Installation-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}\Setup.exe" -l0x9 NotFirstInstall
Dell Picture Studio - Dell Image Expert-->MsiExec.exe /I{151C555A-A9E7-4A2E-B6D7-165D04A3C956}
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
DivX Codec 3.1alpha release-->C:\WINDOWS\System32\rundll32.exe setupapi,InstallHinfSection Remove_DivX 132 C:\WINDOWS\INF\DivX.inf
DVDSentry-->MsiExec.exe /I{98DF85D9-96C0-4F57-A92E-C3539477EF5E}
Gadwin PrintScreen-->C:\Program Files\Gadwin Systems\PrintScreen\Uninstall.exe
GdiplusUpgrade-->MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5}
Google Earth Plugin-->MsiExec.exe /I{B535B621-5559-11DE-A7A1-005056806466}
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HijackThis 2.0.2-->"C:\Documents and Settings\Doug Knapp\Local Settings\Temporary Internet Files\Content.IE5\21BW5C3G\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Driver Diagnostics-->MsiExec.exe /X{C9EFFC51-6D72-4681-A0D1-9A452D033F61}
HP Extended Capabilities 4.7-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Image Zone 4.7-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 4.7-->"C:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe" -datfile hposcr05.dat
HP Software Update-->MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Wireless Rechargeable Optical Mouse-->PMUninst.exe MouseSuite98
ImageDrive (ahead software)-->C:\WINDOWS\UNIDRV.exe /UNINSTALL
Intel(R) PRO Ethernet Adapter and Software-->Prounstl.exe
iPod Copy Expert 3.1.2-->"C:\Program Files\iPod Copy Expert\unins000.exe"
iPod for Windows 2005-03-23-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{44A537A5-859C-43A6-8285-C0668142A090} /l1033
iPod Updater 2004-08-06-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2F8C106A-7DFC-45DE-8006-F9145AADF1D8} /l1033
iTunes-->MsiExec.exe /I{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
LiveUpdate-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BAFA84F8-5A33-4ACD-AD10-58356B27A0F1}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Messenger Control Plugin for Ad-aware-->\MESSEN~1\UNWISE.EXE \MESSEN~1\INSTALL.LOG
Microsoft .NET Framework (English) v1.0.3705-->C:\WINDOWS\Microsoft.NET\Framework\Install.exe /u /p Microsoft .NET Framework Full v1.0.3705 (1033)
Microsoft .NET Framework (English)-->MsiExec.exe /X{B43357AA-3A6D-4D94-B56E-43C44D09E548}
Microsoft .NET Framework 1.0 Hotfix (KB928367)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\M928367\M928367Uninstall.msp"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 Premium-->MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Picture It! Photo 2002-->MsiExec.exe /I{C769A271-7E1C-48F9-B331-474600DD4C06}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft VC9 runtime libraries-->MsiExec.exe /I{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}
Microsoft VC9 runtime libraries-->MsiExec.exe /I{C4124E95-5061-4776-8D5D-E3D931C778E1}
Microsoft Word 2002-->MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9}
Microsoft Works Suite Add-in for Microsoft Word-->MsiExec.exe /I{C3A439E4-7303-491F-A678-CEA36A87D517}
Mozilla Firefox (3.0.13)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
MyDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5E835305-63BB-4E55-BBB7-EEBBE67774DB}\setup.exe" -l0x9 -L0x9 /SMAINT
NVIDIA Display Driver-->C:\WINDOWS\System32\nvudisp.exe Uninstall C:\WINDOWS\System32\nvdisp.nvu,NVIDIA Display Driver
NVIDIA Windows 2000/XP Display Drivers-->rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nv4_disp.inf
OLYMPUS Master-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{BA820A24-704B-428D-9904-71A10DAC1372} /l1033 /zUNINSTALL
overland-->MsiExec.exe /I{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}
Quicken 2007-->MsiExec.exe /X{0D2E80C8-0875-43EB-9623-47118E2DFBCA}
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Roxio VideoWave Movie Creator-->MsiExec.exe /I{BB46245B-CECA-406F-8790-3ABA0D01012F}
SafeCast Shared Components-->C:\WINDOWS\CDAC13BA.EXE /uninstall
Safety and Security Center Uninstaller-->C:\Program Files\Common Files\AOL\uninstaller.exe
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Sound Blaster Live!-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}\setup.exe" -l0x9
TurboTax 2008 WinPerFedFormset-->MsiExec.exe /I{7570F1CA-016D-46AC-B586-CD74645EFB52}
TurboTax 2008 WinPerProgramHelp-->MsiExec.exe /I{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}
TurboTax 2008 WinPerReleaseEngine-->MsiExec.exe /I{88214092-836F-4E22-A5AC-569AC9EE6A0F}
TurboTax 2008 WinPerTaxSupport-->MsiExec.exe /I{B23726CF-68BF-41A6-A4EB-72F12F87FE05}
TurboTax 2008 WinPerUserEducation-->MsiExec.exe /I{29521505-F489-4822-ADFA-32C6DEE4F114}
TurboTax 2008 wrapper-->MsiExec.exe /I{B1DB1AD8-C07E-4052-81A1-D2930232BA70}
TurboTax 2008-->C:\Program Files\TurboTax\Deluxe 2008\Installer\TurboTax 2008 Installer.exe /u /t /a
TurboTax ItsDeductible 2006-->MsiExec.exe /X{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
USB Storage Adapter FX (SM1)-->SM1UN.EXE SM1FX_AT
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Volo View Express-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Volo View Express\DeIsL1.isu"
Win32 BI Application-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\payload.inf, Uninstall
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall

======Security center information======

AV: AOL Antivirus (outdated)

======System event log======

Computer Name: DD0WF821
Event Code: 16
Message: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Record Number: 267161
Source Name: Windows Update Agent
Time Written: 20090720081843.000000-240
Event Type: error
User:

Computer Name: DD0WF821
Event Code: 4
Message: Adapter Intel(R) PRO/100 VE Network Connection: Adapter Link Down

Record Number: 267136
Source Name: E100B
Time Written: 20090720080319.000000-240
Event Type: warning
User:

Computer Name: DD0WF821
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 267129
Source Name: Tcpip
Time Written: 20090715011447.000000-240
Event Type: warning
User:

Computer Name: DD0WF821
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 267119
Source Name: Tcpip
Time Written: 20090715002646.000000-240
Event Type: warning
User:

Computer Name: DD0WF821
Event Code: 4
Message: Adapter Intel(R) PRO/100 VE Network Connection: Adapter Link Down

Record Number: 267094
Source Name: E100B
Time Written: 20090714210632.000000-240
Event Type: warning
User:

=====Application event log=====

Computer Name: DD0WF821
Event Code: 1001
Message: Fault bucket 1203548446.

Record Number: 8963
Source Name: Application Hang
Time Written: 20090728080328.000000-240
Event Type: error
User:

Computer Name: DD0WF821
Event Code: 1002
Message: Hanging application iexplore.exe, version 7.0.6000.16827, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 8962
Source Name: Application Hang
Time Written: 20090728080305.000000-240
Event Type: error
User:

Computer Name: DD0WF821
Event Code: 1002
Message: Hanging application iexplore.exe, version 7.0.6000.16827, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 8961
Source Name: Application Hang
Time Written: 20090728080303.000000-240
Event Type: error
User:

Computer Name: DD0WF821
Event Code: 1000
Message: Faulting application aolsoftware.exe, version 16.0.2.1, faulting module xprt6.dll, version 6.7.1.5977, fault address 0x00001245.

Record Number: 8947
Source Name: Application Error
Time Written: 20090727080928.000000-240
Event Type: error
User:

Computer Name: DD0WF821
Event Code: 1000
Message: Faulting application aolsoftware.exe, version 16.0.2.1, faulting module xprt6.dll, version 6.7.1.5977, fault address 0x00001245.

Record Number: 8922
Source Name: Application Error
Time Written: 20090726125839.000000-240
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Sonic Shared\Ligos\GoMotion;C:\Program Files\Common Files\Sonic Shared\Ligos\Decoders;C:\Program Files\Common Files\Sonic Shared\MainConcept;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=0207
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
Dougster
Regular Member
 
Posts: 45
Joined: August 22nd, 2009, 12:15 pm

Re: HiJack This - Dougster

Unread postby muppy03 » August 25th, 2009, 10:03 pm

Hi there,
1. Please take note of the following, your system resources are extremely low, and although the computer is infected, what is listed below can also hobble the computers performance.
System drive C: has 5 GB (4%) free of 114 GB
Total RAM: 511 MB (22% free)

2. You also Do not appear to have an updated Antivirus
======Security center information======

AV: AOL Antivirus (outdated)

Question Do you use any of the AOL programs listed in your uninstall list?

Please uninstall the AOL Antivirus and download one of the following free programs listed below.

Anti-virus software is a program that detects; cleans and erases harmful virus files on a Computer; Web server or Network. Unchecked, virus files can unintentionally be forwarded to others and thereby spread infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software scans the computer memory and disk drives for malicious code. They alert the user if a virus is present and will clean; delete (or quarantine) infected files or directories.

Please download a free anti-virus software from one these excellent vendors NOW:
1) Antivir PersonalEdition Classic- Free anti-virus software for Windows. Detects and removes more than 50,000 viruses. Free support.
Please note the following if you decide on Antivir Personal Edition
Avira AntiVir Personal - FREE Antivirus is only available for single computer use for home and non commercial use.

2) avast! 4.8 Home Edition - Anti-virus program for Windows. The home edition is freeware for noncommercial users.

3) AVG Anti-Virus Free Edition - Free edition of the AVG anti-virus program for Windows.
Please note the following if you decide on AVG Free
AVG Anti-Virus Free Edition is only available for single computer use for home and non commercial use.

AVG Anti-Virus Free Edition is for private, non-commercial, single computer use only. The use of AVG Free within any organization or for commercial purposes is prohibited.


It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer then only one of them should be active in memory at a time.


Next Download and run Combofix
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • If you need help to disable your protection programs see here.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Image
Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.

If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix


Please reply with:-
  • Combofix log
  • New HJT log
  • Answer to AOL question
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: HiJack This - Dougster

Unread postby Dougster » August 26th, 2009, 5:56 pm

Ok Muppy....
Here is the info.

AOL. Several of my family do use AOL. I uninstalled the AOL AntiVirus. We only need basic AOL product even though I have recommended to my sons that they connect to aol.com through a browser.

New HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:47:22 PM, on 8/26/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6711
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AOL Toolbar Loader - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - http://netscape.musicnotes.com/download/mnviewer.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://logon.tarponpointe.com/iNotes6W.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.5.0.cab
O16 - DPF: {4CCA4E6B-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/ins ... gr_v01.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {72D59B9C-1E59-4958-803A-ABDEE2D4CFA6} - http://download.divx.com/player/DivXPlayerInstaller.exe
O16 - DPF: {85C6BF10-C016-4071-A0B7-EF2E3DFCEF51} (BLDM DLMCtl Class) - http://dlm.burnlounge.com/BLDM.ocx
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} - http://www.napster.com/client/isetup.cab
O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} (Domino Web Access 8 Control) - http://logon.tarponpointe.com/dwa8W.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/53/i ... downls.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup.cab
O16 - DPF: {EDD6C042-E583-42FA-9211-282AC1A99195} - https://streaming.endeavors.com/appx/cl ... s/OTAI.CAB
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.compani ... 3_16_0.cab
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c917aea0c75a5c) (gupdate1c917aea0c75a5c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 9737 bytes

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

ComboFix 09-08-26.05 - Doug Knapp 08/26/2009 16:11.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.227 [GMT -4:00]
Running from: c:\documents and settings\Doug Knapp\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\DOUGKN~1\LOCALS~1\Temp\catchme.dll
c:\documents and settings\Doug Knapp\Local Settings\temp\catchme.dll
.
---- Previous Run -------
.
c:\docume~1\DOUGKN~1\LOCALS~1\Temp\catchme.dll
c:\documents and settings\Doug Knapp\Local Settings\Temp\catchme.dll
c:\documents and settings\Kevin Knapp\Application Data\Hotbar\reports.txt
c:\windows\Installer\17a59de.msi
c:\windows\Installer\26458e3.msi
c:\windows\Installer\3a4fb.msp
c:\windows\Installer\45fb66.msi
c:\windows\Installer\46ca7.msi
c:\windows\Installer\feb4d.msi
c:\windows\Readme.txt
c:\windows\system32\Data\HwLocal.xdb
c:\windows\system32\userdata.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_gxvxcserv.sys
-------\Legacy_IPRIP
-------\Service_gxvxcserv.sys


((((((((((((((((((((((((( Files Created from 2009-07-26 to 2009-08-26 )))))))))))))))))))))))))))))))
.

2009-08-26 14:17 . 2009-07-28 20:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-26 14:17 . 2009-03-30 14:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-08-26 14:17 . 2009-02-13 16:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-08-26 14:17 . 2009-02-13 16:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-08-26 14:17 . 2009-08-26 14:17 -------- d-----w- c:\program files\Avira
2009-08-26 14:17 . 2009-08-26 14:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-08-26 03:02 . 2009-08-26 03:02 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-26 03:02 . 2009-08-26 03:02 -------- d-----w- c:\program files\MSBuild
2009-08-26 03:01 . 2009-08-26 03:01 -------- d-----w- c:\program files\Reference Assemblies
2009-08-26 03:01 . 2009-08-26 03:01 -------- d-----w- C:\99e9264807e479e74e7b
2009-08-26 03:01 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-26 03:01 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-26 03:01 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-26 03:01 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-26 03:01 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-26 03:01 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-26 03:01 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-26 03:00 . 2009-08-26 11:19 -------- d-----w- c:\windows\SxsCaPendDel
2009-08-26 02:46 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
2009-08-25 19:50 . 2009-08-25 19:50 -------- d-----w- c:\documents and settings\Cindy Knapp\Application Data\Malwarebytes
2009-08-25 15:36 . 2009-08-25 15:36 -------- d-----w- c:\documents and settings\Doug Knapp\Application Data\Malwarebytes
2009-08-25 15:35 . 2009-08-25 19:43 -------- d-----w- C:\rsit
2009-08-25 15:29 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-25 15:29 . 2009-08-25 15:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-25 15:29 . 2009-08-25 15:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-25 15:29 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-25 15:24 . 2009-08-25 15:24 -------- d-----w- c:\program files\Trend Micro
2009-08-17 12:34 . 2009-08-17 18:54 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-08 16:15 . 2009-08-08 16:15 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-08-08 16:15 . 2009-07-08 17:28 2920112 -c--a-w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe
2009-08-05 09:01 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-01 14:53 . 2009-08-01 14:54 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-07-31 17:42 . 2009-07-31 17:42 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-07-31 17:41 . 2008-04-07 09:38 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2009-07-31 17:41 . 2008-04-07 09:38 45392 ----a-r- c:\windows\system32\AdobePDF.dll
2009-07-31 16:26 . 2009-07-31 18:03 -------- d-----w- c:\documents and settings\Cindy Knapp\Application Data\Download Manager
2009-07-29 23:04 . 2009-07-29 23:04 -------- d-----w- c:\program files\Viewpoint
2009-07-29 04:37 . 2009-07-29 04:37 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2009-07-29 04:37 . 2009-07-29 04:37 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2009-07-28 20:44 . 2009-07-28 20:44 -------- d-----w- c:\program files\Microsoft Silverlight

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-26 18:27 . 2003-01-09 02:16 123400 -c--a-w- c:\documents and settings\Doug Knapp\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-26 13:38 . 2006-07-29 20:51 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-08-26 13:32 . 2003-03-08 03:07 -------- d-----w- c:\program files\Common Files\AOL
2009-08-26 13:29 . 2003-08-05 18:48 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2009-08-26 02:47 . 2009-08-26 02:47 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-08-26 02:47 . 2009-08-26 02:47 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-08-17 18:52 . 2004-09-19 02:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-05 09:01 . 2004-03-12 00:41 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 23:12 . 2003-01-11 13:20 138384 -c--a-w- c:\documents and settings\Cindy Knapp\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-31 17:43 . 2003-02-05 00:00 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-31 01:05 . 2008-06-23 00:46 -------- d-----w- c:\documents and settings\Cindy Knapp\Application Data\Move Networks
2009-07-30 16:00 . 2009-07-15 05:00 -------- d-----w- c:\program files\AOL 9.1
2009-07-29 20:16 . 2003-01-05 17:29 -------- d-----w- c:\program files\Dell Modem-On-Hold
2009-07-29 04:37 . 2002-08-29 11:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:37 . 2002-08-29 11:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-28 19:57 . 2006-06-06 20:51 -------- d-----w- c:\program files\Google
2009-07-28 17:36 . 2008-10-08 00:53 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-07-28 17:36 . 2008-10-08 00:53 -------- d-----w- c:\program files\NOS
2009-07-28 02:20 . 2008-06-04 19:34 -------- d-----w- c:\documents and settings\Cindy Knapp\Application Data\LimeWire
2009-07-17 19:01 . 2002-08-29 11:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-15 05:07 . 2005-01-20 22:37 -------- d-----w- c:\program files\Common Files\aolshare
2009-07-15 05:04 . 2009-07-15 05:04 -------- d-----w- c:\program files\AOL Toolbar
2009-07-15 04:58 . 2009-07-15 04:58 99200 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\comps\sm\sminstlp.exe
2009-07-15 04:58 . 2009-07-15 04:58 1895720 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\waol-0.4334.34.14.exe
2009-07-15 04:58 . 2009-07-15 04:58 142040 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\comps\aolload\alsetup.exe
2009-07-15 04:58 . 2009-07-15 04:57 8139800 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\comps\acs\acssetup.exe
2009-07-15 04:55 . 2009-07-15 04:55 359184 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\comps\tb\tbsetup.exe
2009-07-15 04:55 . 2009-07-15 04:55 75104 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\comps\ocp\instSup.dll
2009-07-15 04:55 . 2009-07-15 04:55 223152 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\comps\afix\wsfinst.exe
2009-07-15 04:55 . 2009-07-15 04:55 175224 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\comps\sm\stmninst.exe
2009-07-15 04:55 . 2009-07-15 04:55 1475416 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\comps\ocp\ocpinst.exe
2009-07-15 04:54 . 2009-07-15 04:54 15712 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\comps\ocp\ocpchk.dll
2009-07-15 04:54 . 2009-07-15 04:54 390704 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\comps\afix\WinsockFix.exe
2009-07-15 04:54 . 2003-08-05 18:37 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Downloads
2009-07-14 03:43 . 2004-08-11 05:45 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-05 17:35 . 2009-07-05 17:35 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-07-05 16:37 . 2008-12-15 17:00 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-05 16:35 . 2009-07-05 16:35 152576 ----a-w- c:\documents and settings\Doug Knapp\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-07-05 16:25 . 2009-05-15 00:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-07-05 16:24 . 2009-06-04 00:42 -------- d-----w- c:\program files\MetaTrader - Alpari UK
2009-07-05 16:22 . 2006-04-22 14:29 -------- d-----w- c:\program files\Java
2009-07-03 14:49 . 2009-02-05 04:03 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-07-03 14:49 . 2009-02-05 04:19 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-29 16:12 . 2004-02-06 22:05 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2002-08-29 11:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-23 10:09 . 2009-06-23 10:09 152576 ----a-w- c:\documents and settings\Doug Knapp\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-12 12:31 . 2002-08-29 11:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2002-08-29 11:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 13:19 . 2002-08-29 11:00 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2002-08-29 11:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-06 21:56 . 2009-06-06 21:56 0 -c--a-w- c:\documents and settings\David Knapp\ntuser.tmp
2009-06-03 19:09 . 2004-03-12 00:41 1291264 ----a-w- c:\windows\system32\quartz.dll
2003-08-27 19:19 . 2003-11-02 22:30 36963 -c----w- c:\program files\Common Files\SM1updtr.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2003-09-19 294912]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\SYSTEM32\narrator.exe [2008-04-14 53760]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Audible Download Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk
backup=c:\windows\pss\Audible Download Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\GStartup.lnk
backup=c:\windows\pss\GStartup.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk
backup=c:\windows\pss\MyWebSearch Email Plugin.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WebSecureAlert.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WebSecureAlert.lnk
backup=c:\windows\pss\WebSecureAlert.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Brian Knapp^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
path=c:\documents and settings\Brian Knapp\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk
backup=c:\windows\pss\MyWebSearch Email Plugin.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Cindy Knapp^Start Menu^Programs^Startup^AOL Desktop.lnk]
path=c:\documents and settings\Cindy Knapp\Start Menu\Programs\Startup\AOL Desktop.lnk
backup=c:\windows\pss\AOL Desktop.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Cindy Knapp^Start Menu^Programs^Startup^DING!.lnk]
path=c:\documents and settings\Cindy Knapp\Start Menu\Programs\Startup\DING!.lnk
backup=c:\windows\pss\DING!.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^David Knapp^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
path=c:\documents and settings\David Knapp\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk
backup=c:\windows\pss\MyWebSearch Email Plugin.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL TopSpeedMonitor"=2 (0x2)
"WZCSVC"=2 (0x2)
"WmiApSrv"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"WANMiniportService"=2 (0x2)
"VSS"=3 (0x3)
"McODS"=2 (0x2)
"McLogManagerService"=2 (0x2)
"Schedule"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\America Online 9.0a\\waol.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\1128783280\\ee\\aolservicehost.exe"=
"c:\\Program Files\\AIM95\\aim.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Common Files\\AOL\\1128783280\\EE\\aolsoftware.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=

R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [2/5/2009 12:03 AM 64160]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/26/2009 10:17 AM 108289]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 6:45 AM 13088]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 10:49 AM 1029456]
S2 gupdate1c917aea0c75a5c;Google Update Service (gupdate1c917aea0c75a5c);c:\program files\Google\Update\GoogleUpdate.exe [9/15/2008 11:45 PM 133104]
S3 LCcFltr;Logitech USB Filter Driver;c:\windows\SYSTEM32\DRIVERS\LCcFltr.Sys [1/5/2003 1:27 PM 13052]
S3 pelmouse;Mouse Suite Driver;c:\windows\SYSTEM32\DRIVERS\PELMOUSE.SYS [1/2/2006 11:38 AM 16384]
S3 pelusblf;USB Mouse Low Filter Driver;c:\windows\SYSTEM32\DRIVERS\pelusblf.sys [1/2/2006 11:38 AM 12288]
.
Contents of the 'Scheduled Tasks' folder

2009-02-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]

2009-03-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-09-16 03:56]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKLM-Run-sr1exe - c:\documents and settings\All Users\Application Data\Dell\Alert\252\updtSup3.exe
HKU-Default-Run-AOL Fast Start - c:\program files\America Online 9.0f\AOL.EXE
HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil9e.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mWindow Title = Internet Explorer for Mplayer
mSearch Bar =
uInternet Settings,ProxyServer = http=127.0.0.1:6711
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: ppctlcab - hxxp://www.pestscan.com/scanner/ppctlcab.cab
DPF: {72D59B9C-1E59-4958-803A-ABDEE2D4CFA6} - hxxp://download.divx.com/player/DivXPlayerInstaller.exe
DPF: {85C6BF10-C016-4071-A0B7-EF2E3DFCEF51} - hxxp://dlm.burnlounge.com/BLDM.ocx
DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} - hxxp://logon.tarponpointe.com/dwa8W.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EDD6C042-E583-42FA-9211-282AC1A99195} - hxxps://streaming.endeavors.com/appx/cl ... s/OTAI.CAB
FF - ProfilePath - c:\documents and settings\Doug Knapp\Application Data\Mozilla\Firefox\Profiles\1h3ywr4e.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
.

**************************************************************************

disk not found C:\

please note that you need administrator rights to perform deep scan
scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DwlClient = c:\program files\Common Files\Dell\EUSW\Support.exe?l?e?s?\?D?e?l?l?\?E?U?S?W?\?S?u?p?p?o?r?t?.?e?x?e???X???????????x???????????????????H???P???? ?w? ?w)??p????????(????????U?w????????????0??????w, ?w?M?wW??w???w)??p????????x'@?????????X????????"@?e?????
sr1exe = "c:\documents and settings\All Users\Application Data\Dell\Alert\252\updtSup3.exe" ??????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
Completion time: 2009-08-26 16:53
ComboFix-quarantined-files.txt 2009-08-26 20:53

Pre-Run: 7,878,479,872 bytes free
Post-Run: 7,839,207,424 bytes free

290 --- E O F --- 2009-08-26 03:15

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

You did not ask for this one but..... here is the log from the Avira AntiVir Personal



Avira AntiVir Personal
Report file date: Wednesday, August 26, 2009 10:23

Scanning for 1662910 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : DD0WF821

Version information:
BUILD.DAT : 9.0.0.407 17961 Bytes 7/29/2009 10:34:00
AVSCAN.EXE : 9.0.3.7 466689 Bytes 7/21/2009 18:36:14
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 15:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 16:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 15:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 17:30:36
ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 6/24/2009 14:21:42
ANTIVIR2.VDF : 7.1.5.146 3087360 Bytes 8/21/2009 14:21:21
ANTIVIR3.VDF : 7.1.5.166 161792 Bytes 8/26/2009 14:21:24
Engineversion : 8.2.1.7
AEVDF.DLL : 8.1.1.1 106868 Bytes 7/28/2009 18:31:50
AESCRIPT.DLL : 8.1.2.26 463227 Bytes 8/26/2009 14:21:44
AESCN.DLL : 8.1.2.4 127348 Bytes 7/23/2009 14:59:39
AERDL.DLL : 8.1.2.4 430452 Bytes 7/23/2009 14:59:39
AEPACK.DLL : 8.1.3.18 401783 Bytes 7/28/2009 18:31:50
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 7/23/2009 14:59:39
AEHEUR.DLL : 8.1.0.155 1921400 Bytes 8/26/2009 14:21:42
AEHELP.DLL : 8.1.6.0 233846 Bytes 8/26/2009 14:21:30
AEGEN.DLL : 8.1.1.59 356725 Bytes 8/26/2009 14:21:28
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/9/2008 19:32:40
AECORE.DLL : 8.1.7.6 184694 Bytes 7/23/2009 14:59:39
AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 19:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 13:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 12/5/2008 15:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 19:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 15:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 20:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 15:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 20:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 13:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 15:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 20:39:58
RCTEXT.DLL : 9.0.37.0 86785 Bytes 4/17/2009 15:19:48

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, G:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Wednesday, August 26, 2009 10:23

Starting search for hidden objects.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gxvxcserv.sys\modules
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gxvxcserv.sys\start
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gxvxcserv.sys\type
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gxvxcserv.sys\imagepath
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gxvxcserv.sys\group
[INFO] The registry entry is invisible.
'132865' objects were checked, '5' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'AAWTray.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'Support.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'UNSECAPP.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MsPMSPSv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'TCPSVCS.EXE' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdate.exe' - '1' Module(s) have been scanned
Scan process 'IntuitUpdateService.exe' - '1' Module(s) have been scanned
Scan process 'CTsvcCDA.EXE' - '1' Module(s) have been scanned
Scan process 'cisvc.exe' - '1' Module(s) have been scanned
Scan process 'CDAC11BA.EXE' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'AOLacsd.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'AAWService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
39 processes with 39 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!
Master boot sector HD4
[INFO] No virus was found!
Master boot sector HD5
[INFO] No virus was found!
Master boot sector HD6
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'G:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '58' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0e\AdminChk1.exe
[DETECTION] Is the TR/ATRAPS.Gen Trojan
C:\Documents and Settings\Brian Knapp\Incomplete\Preview-T-1132585-Quarashi - Make A Move.wma
[DETECTION] Is the TR/Dldr.Age.1171323 Trojan
C:\Documents and Settings\Brian Knapp\Incomplete\T-1132585-Quarashi - Make A Move.wma
[DETECTION] Is the TR/Dldr.Age.1171323 Trojan
C:\Documents and Settings\Brian Knapp\Local Settings\Temp\5622E.tmp
[0] Archive type: CAB (Microsoft)
--> tsi2.dat
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\Cindy Knapp\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\OP.jar-55ec6b27-4915bdb9.zip
[0] Archive type: ZIP
--> OP.class
[DETECTION] Contains recognition pattern of the EXP/ByteVerify.I exploit
C:\Documents and Settings\David Knapp\Application Data\Sun\Java\Deployment\cache\6.0\20\40eba354-5325fac4
[0] Archive type: ZIP
--> HiPointInstallShieldJS.class
[DETECTION] Is the TR/Java.Downloader.Gen Trojan
C:\Documents and Settings\David Knapp\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nJS.jar-1dbcf992-6503c2d1.zip
[0] Archive type: ZIP
--> HiPointInstallShieldJS.class
[DETECTION] Is the TR/Java.Downloader.Gen Trojan
C:\Documents and Settings\David Knapp\Desktop\newmusicfromlimewire\Local H - Hands On The Bible.wma
[DETECTION] Is the TR/Dldr.Age.1171323 Trojan
C:\Documents and Settings\David Knapp\Desktop\newmusicfromlimewire\Smashing Pumpkins The - Tristessa.wma
[DETECTION] Is the TR/Dldr.Age.1171323 Trojan
C:\Documents and Settings\David Knapp\Desktop\newmusicfromlimewire\Snoop Dogg - The Mac Bible.wma
[DETECTION] Is the TR/Dldr.Age.1171323 Trojan
C:\Documents and Settings\David Knapp\Desktop\newmusicfromlimewire\Specials The - Break Down the Door.wma
[DETECTION] Is the TR/Dldr.Age.1171323 Trojan
C:\Documents and Settings\David Knapp\My Documents\rpmworld.exe
[DETECTION] Is the TR/Agent.2211128 Trojan
C:\Documents and Settings\Kevin 2\Desktop\Roxio\John Mayor - Back To You.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
C:\Documents and Settings\Kevin Knapp\Local Settings\Temp\1CB1A4.dmp
[DETECTION] Is the TR/Dldr.Keenval.3 Trojan
C:\Program Files\Common Files\AOL\Proofreader\uninst.exe
[DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware
C:\Program Files\Microsoft AntiSpyware\Quarantine\5D65F3F2-EB39-4E6A-ACF3-7B4AE5\6B16C2E9-6853-49B0-AFAE-B72842
[DETECTION] Is the TR/Spy.Delf.NCS Trojan
C:\Program Files\Microsoft AntiSpyware\Quarantine\5D65F3F2-EB39-4E6A-ACF3-7B4AE5\D5652B5B-247A-46AA-BBB8-E0EDC1
[DETECTION] Is the TR/Spy.Delf.NCS Trojan
C:\WINDOWS\SYSTEM32\gxvxcqtjijxxpjnrvjprpvtlndlkuiyjosoyp.dll
[DETECTION] Is the TR/TDss.acdc Trojan
Begin scan in 'G:\'
G:\RECYCLER\S-6-0-34-100023800-100028889-100001710-3201.com
[DETECTION] Is the TR/Alureon.G Trojan

Beginning disinfection:
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0e\AdminChk1.exe
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4b027d33.qua'!
C:\Documents and Settings\Brian Knapp\Incomplete\Preview-T-1132585-Quarashi - Make A Move.wma
[DETECTION] Is the TR/Dldr.Age.1171323 Trojan
[NOTE] The file was moved to '4afa7d41.qua'!
C:\Documents and Settings\Brian Knapp\Incomplete\T-1132585-Quarashi - Make A Move.wma
[DETECTION] Is the TR/Dldr.Age.1171323 Trojan
[NOTE] The file was moved to '4ac67cfc.qua'!
C:\Documents and Settings\Cindy Knapp\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\OP.jar-55ec6b27-4915bdb9.zip
[NOTE] The file was moved to '4ac37d1f.qua'!
C:\Documents and Settings\David Knapp\Application Data\Sun\Java\Deployment\cache\6.0\20\40eba354-5325fac4
[NOTE] The file was moved to '4afa7d00.qua'!
C:\Documents and Settings\David Knapp\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nJS.jar-1dbcf992-6503c2d1.zip
[NOTE] The file was moved to '4ae87d1a.qua'!
C:\Documents and Settings\David Knapp\Desktop\newmusicfromlimewire\Local H - Hands On The Bible.wma
[DETECTION] Is the TR/Dldr.Age.1171323 Trojan
[NOTE] The file was moved to '4af87d3f.qua'!
C:\Documents and Settings\David Knapp\Desktop\newmusicfromlimewire\Smashing Pumpkins The - Tristessa.wma
[DETECTION] Is the TR/Dldr.Age.1171323 Trojan
[NOTE] The file was moved to '4af67d3d.qua'!
C:\Documents and Settings\David Knapp\Desktop\newmusicfromlimewire\Snoop Dogg - The Mac Bible.wma
[DETECTION] Is the TR/Dldr.Age.1171323 Trojan
[NOTE] The file was moved to '4b047d3e.qua'!
C:\Documents and Settings\David Knapp\Desktop\newmusicfromlimewire\Specials The - Break Down the Door.wma
[DETECTION] Is the TR/Dldr.Age.1171323 Trojan
[NOTE] The file was moved to '4afa7d40.qua'!
C:\Documents and Settings\David Knapp\My Documents\rpmworld.exe
[DETECTION] Is the TR/Agent.2211128 Trojan
[NOTE] The file was moved to '4b027d40.qua'!
C:\Documents and Settings\Kevin 2\Desktop\Roxio\John Mayor - Back To You.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was moved to '4afd7d40.qua'!
C:\Documents and Settings\Kevin Knapp\Local Settings\Temp\1CB1A4.dmp
[DETECTION] Is the TR/Dldr.Keenval.3 Trojan
[NOTE] The file was moved to '4ad77d14.qua'!
C:\Program Files\Common Files\AOL\Proofreader\uninst.exe
[DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware
[NOTE] The file was moved to '4afe7d3f.qua'!
C:\Program Files\Microsoft AntiSpyware\Quarantine\5D65F3F2-EB39-4E6A-ACF3-7B4AE5\6B16C2E9-6853-49B0-AFAE-B72842
[DETECTION] Is the TR/Spy.Delf.NCS Trojan
[NOTE] The file was moved to '4ac67d13.qua'!
C:\Program Files\Microsoft AntiSpyware\Quarantine\5D65F3F2-EB39-4E6A-ACF3-7B4AE5\D5652B5B-247A-46AA-BBB8-E0EDC1
[DETECTION] Is the TR/Spy.Delf.NCS Trojan
[NOTE] The file was moved to '4acb7d06.qua'!
C:\WINDOWS\SYSTEM32\gxvxcqtjijxxpjnrvjprpvtlndlkuiyjosoyp.dll
[DETECTION] Is the TR/TDss.acdc Trojan
[NOTE] The file was moved to '4b0b7d49.qua'!
G:\RECYCLER\S-6-0-34-100023800-100028889-100001710-3201.com
[DETECTION] Is the TR/Alureon.G Trojan
[NOTE] The file was moved to '4acb7cfe.qua'!


End of the scan: Wednesday, August 26, 2009 14:20
Used time: 3:21:04 Hour(s)

The scan has been done completely.

19713 Scanned directories
617580 Files were scanned
16 Viruses and/or unwanted programs were found
2 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
18 Files were moved to quarantine
0 Files were renamed
2 Files cannot be scanned
617560 Files not concerned
3781 Archives were scanned
4 Warnings
20 Notes
132865 Objects were scanned with rootkit scan
5 Hidden objects were found

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Thanks again for all of your help!
Doug
Dougster
Regular Member
 
Posts: 45
Joined: August 22nd, 2009, 12:15 pm

Re: HiJack This - Dougster

Unread postby muppy03 » August 26th, 2009, 7:34 pm

Hi there, How is the computer running now? Re- directs stopped?

1. IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer and this will be removed in the following fixes.

LimeWire

I'd like you to read the MRU policy for P2P Programs.

2. Go to Start-Settings-Control Panel, click on Add remove Programs. If any of the following programs are listed there, click on the program to highlight it, and click on remove. Then close the Control Panel.
    LiveUpdate
This is a remnant of Symantec


3. Open Hijack This and select Do a System Scan Only place a check next to the below lines if still present
    NOTE The 09 lines seem to be left overs from previously installed programs.

    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
    O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
    O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
    O16 - DPF: ppctlcab - <http://www.pestscan.com/scanner/ppctlcab.cab>
    O16 - DPF: {85C6BF10-C016-4071-A0B7-EF2E3DFCEF51} (BLDM DLMCtl Class) - <http://dlm.burnlounge.com/BLDM.ocx>


Once selected close all windows except HJT an click on Fix Checked


4. COMBOFIX-Script
A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.


  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    Folder::
    c:\documents and settings\All Users\Application Data\McAfee
    c:\documents and settings\Cindy Knapp\Application Data\LimeWire
    
    Registry::
    [-HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
    
    [-HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WebSecureAlert.lnk]
    
    [-HKLM\~\startupfolder\C:^Documents and Settings^Brian Knapp^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
    
    [-HKLM\~\startupfolder\C:^Documents and Settings^David Knapp^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
    
    Firefox::
    DPF: ppctlcab - hxxp://www.pestscan.com/scanner/ppctlcab.cab
    DPF: {85C6BF10-C016-4071-A0B7-EF2E3DFCEF51} - hxxp://dlm.burnlounge.com/BLDM.ocx
     
    

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Image
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • If you need help to disable your protection programs see here.
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Please reply with:-
  • Combofix log
  • New HJT log
  • Update on how things are running
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: HiJack This - Dougster

Unread postby Dougster » August 26th, 2009, 10:05 pm

Yeah!
Machine is running much faster and there are no re directs.

A couple of questions after removing the remnants from empire poker, party poker, limewire, etc.

I see the following in that same list:
Napster
AdAware (i used to use for spyware and can be dropped)
Walmart photo (we no longer use)
Netscape music
Repeat process and check the box??

I also have an "Updates are Ready" icon in my system tray. Or did....I now do not see it. Go ahead and allow update once we are complete?
Doug


Here are the updated logs.

ComboFix 09-08-26.05 - Doug Knapp 08/26/2009 21:04.3.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.261 [GMT -4:00]
Running from: c:\documents and settings\Doug Knapp\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Doug Knapp\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\DOUGKN~1\LOCALS~1\Temp\catchme.dll
c:\documents and settings\All Users\Application Data\McAfee
c:\documents and settings\All Users\Application Data\McAfee\Installer\Logs\aol.inf000.log
c:\documents and settings\All Users\Application Data\McAfee\Installer\Logs\Cleanup000.log
c:\documents and settings\All Users\Application Data\McAfee\Installer\Logs\Common000.log
c:\documents and settings\All Users\Application Data\McAfee\Installer\Logs\mccore.inf000.log
c:\documents and settings\All Users\Application Data\McAfee\Installer\Logs\mccore.inf001.log
c:\documents and settings\All Users\Application Data\McAfee\Installer\Logs\msvcrt.inf000.log
c:\documents and settings\All Users\Application Data\McAfee\Installer\Logs\msxml4.inf000.log
c:\documents and settings\All Users\Application Data\McAfee\Installer\Logs\oasbin.inf000.log
c:\documents and settings\All Users\Application Data\McAfee\Installer\Logs\oasbin.inf001.log
c:\documents and settings\All Users\Application Data\McAfee\Installer\Logs\oasres.inf000.log
c:\documents and settings\All Users\Application Data\McAfee\Installer\Logs\oasres.inf001.log
c:\documents and settings\All Users\Application Data\McAfee\Installer\Logs\unicows.inf000.log
c:\documents and settings\All Users\Application Data\McAfee\Installer\Logs\unicows.inf001.log
c:\documents and settings\All Users\Application Data\McAfee\Installer\Logs\vsmain.inf000.log
c:\documents and settings\All Users\Application Data\McAfee\Installer\Logs\vsmain.inf001.log
c:\documents and settings\All Users\Application Data\McAfee\Installer\Logs\vso.inf000.log
c:\documents and settings\All Users\Application Data\McAfee\Installer\Logs\vso.inf001.log
c:\documents and settings\All Users\Application Data\McAfee\Installer\Logs\vsoeng.inf001.log
c:\documents and settings\All Users\Application Data\McAfee\Installer\Logs\vsores.inf000.log
c:\documents and settings\All Users\Application Data\McAfee\Installer\Logs\vsores.inf001.log
c:\documents and settings\All Users\Application Data\McAfee\Installer\Logs\vspost.inf000.log
c:\documents and settings\All Users\Application Data\McAfee\McCleanup\mccleanup.log
c:\documents and settings\All Users\Application Data\McAfee\MSC\Cache\McSubDB.Bak
c:\documents and settings\All Users\Application Data\McAfee\MSC\mcifolog.log
c:\documents and settings\All Users\Application Data\McAfee\MSC\mcini.ini
c:\documents and settings\All Users\Application Data\McAfee\MSC\McSubDB.Dat
c:\documents and settings\Cindy Knapp\Application Data\LimeWire
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xul-v2.0b2.4-do-not-remove
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\chrome\branding.jar
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\chrome\branding.manifest
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\chrome\classic.jar
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\chrome\classic.manifest
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\chrome\comm.jar
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\chrome\comm.manifest
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\chrome\en-US.jar
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\chrome\en-US.manifest
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\chrome\limewire.jar
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\chrome\limewire.manifest
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\chrome\pippki.jar
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\chrome\pippki.manifest
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.jar
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.manifest
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\accessibility-msaa.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\accessibility.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\alerts.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\appshell.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\appstartup.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\auth.dll
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\autocomplete.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\autoconfig.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\caps.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\chardet.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\chrome.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\commandhandler.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\commandlines.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\composer.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\content_base.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\content_html.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\content_htmldoc.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\content_xmldoc.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\content_xslt.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\content_xtf.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\contentprefs.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\cookie.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\directory.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\docshell_base.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\dom.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\dom_base.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\dom_canvas.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\dom_core.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\dom_css.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\dom_events.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\dom_html.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\dom_json.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\dom_loadsave.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\dom_offline.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\dom_range.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\dom_sidebar.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\dom_storage.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\dom_stylesheets.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\dom_svg.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\dom_traversal.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\dom_views.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\dom_xbl.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\dom_xpath.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\dom_xul.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\downloads.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\editor.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\embed_base.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\extensions.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\exthandler.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\exthelper.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\fastfind.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\FeedProcessor.js
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\feeds.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\find.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\gfx.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\htmlparser.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\imgicon.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\imglib2.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\inspector.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\intl.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\jar.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\jsconsole-clhandler.js
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\jsdservice.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\layout_base.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\layout_printing.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\layout_xul.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\layout_xul_tree.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\locale.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\loginmgr.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\lwbrk.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\mimetype.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\mozbrwsr.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\mozfind.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\necko.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\necko_about.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\necko_cache.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\necko_cookie.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\necko_dns.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\necko_file.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\necko_ftp.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\necko_http.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\necko_res.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\necko_socket.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\necko_strconv.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\necko_viewsource.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\nsAddonRepository.js
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\nsBadCertHandler.js
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\nsBlocklistService.js
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\nsContentDispatchChooser.js
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\nsContentPrefService.js
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\nsDefaultCLH.js
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\nsDictionary.js
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\nsDownloadManagerUI.js
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\nsExtensionManager.js
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\nsHandlerService.js
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\nsHelperAppDlg.js
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\nsLivemarkService.js
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\nsLoginInfo.js
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\nsLoginManager.js
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\nsLoginManagerPrompter.js
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\nsPostUpdateWin.js
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\nsProgressDialog.js
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\nsProxyAutoConfig.js
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\nsResetPref.js
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\nsTaggingService.js
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\nsTryToClose.js
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\nsUpdateService.js
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\nsURLFormatter.js
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\nsWebHandlerApp.js
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\nsXmlRpcClient.js
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\nsXULAppInstall.js
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\oji.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\parentalcontrols.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\pipboot.dll
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\pipboot.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\pipnss.dll
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\pipnss.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\pippki.dll
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\pippki.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\places.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\plugin.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\pluginGlue.js
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\pref.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\prefetch.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\profile.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\proxyObject.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\rdf.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\satchel.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\saxparser.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\shistory.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\spellchecker.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\storage-Legacy.js
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\storage.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\toolkitprofile.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\transformiix.dll
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\txEXSLTRegExFunctions.js
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\txmgr.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\txtsvc.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\uconv.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\unicharutil.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\universalchardet.dll
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\update.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\uriloader.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\urlformatter.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\webBrowser_core.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\webbrowserpersist.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\webshell_idls.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\websrvcs.dll
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\widget.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\windowds.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\windowwatcher.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\xml-rpc.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\xmlextras.dll
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\xpcom_base.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\xpcom_components.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\xpcom_ds.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\xpcom_io.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\xpcom_system.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\xpcom_thread.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\xpcom_xpti.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\xpconnect.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\xpinstall.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\xulapp.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\xulapp_setup.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\xuldoc.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\xultmpl.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\xulutil.dll
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\components\zipwriter.xpt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\crashreporter.exe
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\crashreporter.ini
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\platform.js
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\prefcalls.js
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\defaults\pref\xulrunner.js
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userChrome-example.css
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userContent-example.css
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\defaults\profile\localstore.rdf
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userChrome-example.css
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userContent-example.css
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\localstore.rdf
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\dependentlibs.list
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.aff
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.dic
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\freebl3.chk
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\freebl3.dll
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\greprefs\all.js
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\greprefs\security-prefs.js
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\greprefs\xpinstall.js
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\javaxpcom.jar
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\javaxpcomglue.dll
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\js3250.dll
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\LICENSE
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\modules\debug.js
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\modules\DownloadUtils.jsm
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\modules\ISO8601DateUtils.jsm
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\modules\JSON.jsm
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\modules\Microformats.js
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\modules\PluralForm.jsm
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\modules\utils.js
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\modules\XPCOMUtils.jsm
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\mozctl.dll
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\mozctlx.dll
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\MSVCP71.DLL
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\msvcr71.dll
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\nspr4.dll
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\nss3.dll
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\nssckbi.dll
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\nssdbm3.dll
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\nssutil3.dll
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\platform.ini
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\plc4.dll
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\plds4.dll
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\plugins\npnul32.dll
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\README.txt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\res\arrow.gif
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\res\arrowd.gif
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\res\broken-image.gif
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\res\charsetalias.properties
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\res\charsetData.properties
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\res\contenteditable.css
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\res\designmode.css
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\res\dtd\mathml.dtd
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\res\dtd\xhtml11.dtd
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\res\EditorOverride.css
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Latin1.properties
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Special.properties
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Symbols.properties
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\res\entityTables\htmlEntityVersions.properties
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\res\entityTables\mathml20.properties
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\res\entityTables\transliterate.properties
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfont.properties
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontStandardSymbolsL.properties
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXNonUnicode.properties
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXSize1.properties
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSymbol.properties
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontUnicode.properties
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\res\forms.css
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\res\grabber.gif
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\res\hiddenWindow.html
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\res\html.css
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\res\html\folder.png
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\res\langGroups.properties
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\res\language.properties
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\res\loading-image.gif
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\res\mathml.css
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\res\quirk.css
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\res\svg.css
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-active.gif
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-hover.gif
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after.gif
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-active.gif
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-hover.gif
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before.gif
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-active.gif
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-hover.gif
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after.gif
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-active.gif
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-hover.gif
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before.gif
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-active.gif
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-hover.gif
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\res\table-remove-column.gif
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-active.gif
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-hover.gif
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\res\table-remove-row.gif
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\res\ua.css
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\res\viewsource.css
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\res\wincharset.properties
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\smime3.dll
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\softokn3.chk
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\softokn3.dll
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\sqlite3.dll
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\ssl3.dll
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\updater.exe
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\version.properties
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\xpcom.dll
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\xpcshell.exe
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\xpidl.exe
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\xpt_link.exe
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\xul.dll
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\browser\xulrunner\xulrunner.exe
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\certificate\limewire.keystore
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\createtimes.cache
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\downloads.dat
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\fileurns.cache
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\filters.props
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\installation.props
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\library.dat
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\library5.dat
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\limewire.props
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\lock
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\mojito.props
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\mozilla-profile\.autoreg
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_001_
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_002_
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_003_
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_MAP_
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\mozilla-profile\Cache\621685CBd01
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\mozilla-profile\Cache\7BD6A121d01
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\mozilla-profile\Cache\AE98BDFBd01
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\mozilla-profile\Cache\BAFF9A9Bd01
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\mozilla-profile\cert8.db
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\mozilla-profile\compreg.dat
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\mozilla-profile\cookies.sqlite
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\mozilla-profile\downloads.sqlite
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\mozilla-profile\extensions.cache
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\mozilla-profile\extensions.ini
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\mozilla-profile\history.dat
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\mozilla-profile\key3.db
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\mozilla-profile\permissions.sqlite
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\mozilla-profile\places.sqlite-journal
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\mozilla-profile\places.sqlite
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\mozilla-profile\pluginreg.dat
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\mozilla-profile\prefs.js
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\mozilla-profile\secmod.db
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\mozilla-profile\XPC.mfl
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\mozilla-profile\xpti.dat
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\promotion\promodb.backup
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\promotion\promodb.data
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\promotion\promodb.lck
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\promotion\promodb.log
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\promotion\promodb.properties
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\promotion\promodb.script
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\questions.props
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\responses.cache
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\simpp.xml
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\spam.dat
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\tables.props
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\themes\windows_theme.lwtp
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\themes\windows_theme\01_star.gif
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\themes\windows_theme\02_star.gif
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\themes\windows_theme\03_star.gif
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\themes\windows_theme\04_star.gif
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\themes\windows_theme\05_star.gif
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\themes\windows_theme\chat.gif
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\themes\windows_theme\forward_dn.gif
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\themes\windows_theme\forward_up.gif
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\themes\windows_theme\kill.gif
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\themes\windows_theme\kill_on.gif
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\themes\windows_theme\pause_dn.gif
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\themes\windows_theme\pause_up.gif
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\themes\windows_theme\play_dn.gif
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\themes\windows_theme\play_up.gif
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\themes\windows_theme\question.gif
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\themes\windows_theme\rewind_up.gif
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\themes\windows_theme\stop_dn.gif
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\themes\windows_theme\stop_up.gif
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\themes\windows_theme\theme.txt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\themes\windows_theme\version.txt
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\themes\windows_theme\warning.gif
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\ttrees.cache
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\ttroot.cache
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\version.xml
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\versions.props
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\xml\data\audio.sxml2
c:\documents and settings\Cindy Knapp\Application Data\LimeWire\xml\data\video.sxml2
c:\documents and settings\Doug Knapp\Local Settings\temp\catchme.dll
c:\windows\Installer\260ee23.msi

.
((((((((((((((((((((((((( Files Created from 2009-07-27 to 2009-08-27 )))))))))))))))))))))))))))))))
.

2009-08-27 00:01 . 2009-08-27 00:04 505245 ----a-w- c:\documents and settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ppclean.exe
2009-08-26 21:45 . 2009-08-26 21:45 -------- dc----w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-08-26 14:17 . 2009-07-28 20:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-26 14:17 . 2009-03-30 14:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-08-26 14:17 . 2009-02-13 16:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-08-26 14:17 . 2009-02-13 16:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-08-26 14:17 . 2009-08-26 14:17 -------- d-----w- c:\program files\Avira
2009-08-26 14:17 . 2009-08-26 14:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-08-26 03:02 . 2009-08-26 03:02 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-26 03:02 . 2009-08-26 03:02 -------- d-----w- c:\program files\MSBuild
2009-08-26 03:01 . 2009-08-26 03:01 -------- d-----w- c:\program files\Reference Assemblies
2009-08-26 03:01 . 2009-08-26 03:01 -------- d-----w- C:\99e9264807e479e74e7b
2009-08-26 03:01 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-26 03:01 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-26 03:01 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-26 03:01 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-26 03:01 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-26 03:01 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-26 03:01 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-26 03:00 . 2009-08-26 11:19 -------- d-----w- c:\windows\SxsCaPendDel
2009-08-26 02:46 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
2009-08-25 19:50 . 2009-08-25 19:50 -------- d-----w- c:\documents and settings\Cindy Knapp\Application Data\Malwarebytes
2009-08-25 15:36 . 2009-08-25 15:36 -------- d-----w- c:\documents and settings\Doug Knapp\Application Data\Malwarebytes
2009-08-25 15:35 . 2009-08-25 19:43 -------- d-----w- C:\rsit
2009-08-25 15:29 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-25 15:29 . 2009-08-25 15:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-25 15:29 . 2009-08-25 15:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-25 15:29 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-25 15:24 . 2009-08-25 15:24 -------- d-----w- c:\program files\Trend Micro
2009-08-17 12:34 . 2009-08-17 18:54 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-08 16:15 . 2009-08-08 16:15 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-08-08 16:15 . 2009-07-08 17:28 2920112 -c--a-w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe
2009-08-05 09:01 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-01 14:53 . 2009-08-01 14:54 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-07-31 17:42 . 2009-07-31 17:42 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-07-31 17:41 . 2008-04-07 09:38 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2009-07-31 17:41 . 2008-04-07 09:38 45392 ----a-r- c:\windows\system32\AdobePDF.dll
2009-07-31 16:26 . 2009-07-31 18:03 -------- d-----w- c:\documents and settings\Cindy Knapp\Application Data\Download Manager
2009-07-29 23:04 . 2009-07-29 23:04 -------- d-----w- c:\program files\Viewpoint
2009-07-29 04:37 . 2009-07-29 04:37 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2009-07-29 04:37 . 2009-07-29 04:37 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2009-07-28 20:44 . 2009-07-28 20:44 -------- d-----w- c:\program files\Microsoft Silverlight

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-27 00:50 . 2003-01-05 17:27 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-27 00:50 . 2005-05-15 01:46 -------- d-----w- c:\program files\LiveUpdate
2009-08-26 18:27 . 2003-01-09 02:16 123400 -c--a-w- c:\documents and settings\Doug Knapp\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-26 13:32 . 2003-03-08 03:07 -------- d-----w- c:\program files\Common Files\AOL
2009-08-26 13:29 . 2003-08-05 18:48 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2009-08-26 02:47 . 2009-08-26 02:47 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-08-26 02:47 . 2009-08-26 02:47 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-08-17 18:52 . 2004-09-19 02:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-05 09:01 . 2004-03-12 00:41 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 23:12 . 2003-01-11 13:20 138384 -c--a-w- c:\documents and settings\Cindy Knapp\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-31 17:43 . 2003-02-05 00:00 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-31 01:05 . 2008-06-23 00:46 -------- d-----w- c:\documents and settings\Cindy Knapp\Application Data\Move Networks
2009-07-30 16:00 . 2009-07-15 05:00 -------- d-----w- c:\program files\AOL 9.1
2009-07-29 20:16 . 2003-01-05 17:29 -------- d-----w- c:\program files\Dell Modem-On-Hold
2009-07-29 04:37 . 2002-08-29 11:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:37 . 2002-08-29 11:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-28 19:57 . 2006-06-06 20:51 -------- d-----w- c:\program files\Google
2009-07-28 17:36 . 2008-10-08 00:53 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-07-28 17:36 . 2008-10-08 00:53 -------- d-----w- c:\program files\NOS
2009-07-17 19:01 . 2002-08-29 11:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-15 05:07 . 2005-01-20 22:37 -------- d-----w- c:\program files\Common Files\aolshare
2009-07-15 05:04 . 2009-07-15 05:04 -------- d-----w- c:\program files\AOL Toolbar
2009-07-15 04:58 . 2009-07-15 04:58 99200 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\comps\sm\sminstlp.exe
2009-07-15 04:58 . 2009-07-15 04:58 1895720 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\waol-0.4334.34.14.exe
2009-07-15 04:58 . 2009-07-15 04:58 142040 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\comps\aolload\alsetup.exe
2009-07-15 04:58 . 2009-07-15 04:57 8139800 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\comps\acs\acssetup.exe
2009-07-15 04:55 . 2009-07-15 04:55 359184 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\comps\tb\tbsetup.exe
2009-07-15 04:55 . 2009-07-15 04:55 75104 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\comps\ocp\instSup.dll
2009-07-15 04:55 . 2009-07-15 04:55 223152 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\comps\afix\wsfinst.exe
2009-07-15 04:55 . 2009-07-15 04:55 175224 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\comps\sm\stmninst.exe
2009-07-15 04:55 . 2009-07-15 04:55 1475416 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\comps\ocp\ocpinst.exe
2009-07-15 04:54 . 2009-07-15 04:54 15712 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\comps\ocp\ocpchk.dll
2009-07-15 04:54 . 2009-07-15 04:54 390704 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\comps\afix\WinsockFix.exe
2009-07-15 04:54 . 2003-08-05 18:37 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Downloads
2009-07-14 03:43 . 2004-08-11 05:45 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-05 17:35 . 2009-07-05 17:35 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-07-05 16:37 . 2008-12-15 17:00 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-05 16:35 . 2009-07-05 16:35 152576 ----a-w- c:\documents and settings\Doug Knapp\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-07-05 16:25 . 2009-05-15 00:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-07-05 16:24 . 2009-06-04 00:42 -------- d-----w- c:\program files\MetaTrader - Alpari UK
2009-07-05 16:22 . 2006-04-22 14:29 -------- d-----w- c:\program files\Java
2009-07-03 14:49 . 2009-02-05 04:03 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-07-03 14:49 . 2009-02-05 04:19 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-29 16:12 . 2004-02-06 22:05 827392 ------w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2002-08-29 11:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-23 10:09 . 2009-06-23 10:09 152576 ----a-w- c:\documents and settings\Doug Knapp\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-12 12:31 . 2002-08-29 11:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2002-08-29 11:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 13:19 . 2002-08-29 11:00 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2002-08-29 11:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-06 21:56 . 2009-06-06 21:56 0 -c--a-w- c:\documents and settings\David Knapp\ntuser.tmp
2009-06-03 19:09 . 2004-03-12 00:41 1291264 ----a-w- c:\windows\system32\quartz.dll
2003-08-27 19:19 . 2003-11-02 22:30 36963 -c----w- c:\program files\Common Files\SM1updtr.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-08-26_20.41.53 )))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2003-09-19 294912]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\SYSTEM32\narrator.exe [2008-04-14 53760]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Audible Download Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk
backup=c:\windows\pss\Audible Download Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\GStartup.lnk
backup=c:\windows\pss\GStartup.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Cindy Knapp^Start Menu^Programs^Startup^AOL Desktop.lnk]
path=c:\documents and settings\Cindy Knapp\Start Menu\Programs\Startup\AOL Desktop.lnk
backup=c:\windows\pss\AOL Desktop.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Cindy Knapp^Start Menu^Programs^Startup^DING!.lnk]
path=c:\documents and settings\Cindy Knapp\Start Menu\Programs\Startup\DING!.lnk
backup=c:\windows\pss\DING!.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL TopSpeedMonitor"=2 (0x2)
"WZCSVC"=2 (0x2)
"WmiApSrv"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"WANMiniportService"=2 (0x2)
"VSS"=3 (0x3)
"McODS"=2 (0x2)
"McLogManagerService"=2 (0x2)
"Schedule"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\America Online 9.0a\\waol.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\1128783280\\ee\\aolservicehost.exe"=
"c:\\Program Files\\AIM95\\aim.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Common Files\\AOL\\1128783280\\EE\\aolsoftware.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=

R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [2/5/2009 12:03 AM 64160]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/26/2009 10:17 AM 108289]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 6:45 AM 13088]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 10:49 AM 1029456]
S2 gupdate1c917aea0c75a5c;Google Update Service (gupdate1c917aea0c75a5c);c:\program files\Google\Update\GoogleUpdate.exe [9/15/2008 11:45 PM 133104]
S3 LCcFltr;Logitech USB Filter Driver;c:\windows\SYSTEM32\DRIVERS\LCcFltr.Sys [1/5/2003 1:27 PM 13052]
S3 pelmouse;Mouse Suite Driver;c:\windows\SYSTEM32\DRIVERS\PELMOUSE.SYS [1/2/2006 11:38 AM 16384]
S3 pelusblf;USB Mouse Low Filter Driver;c:\windows\SYSTEM32\DRIVERS\pelusblf.sys [1/2/2006 11:38 AM 12288]
.
Contents of the 'Scheduled Tasks' folder

2009-02-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]

2009-03-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-09-16 03:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mWindow Title = Internet Explorer for Mplayer
mSearch Bar =
uInternet Settings,ProxyServer = http=127.0.0.1:6711
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {72D59B9C-1E59-4958-803A-ABDEE2D4CFA6} - hxxp://download.divx.com/player/DivXPlayerInstaller.exe
DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} - hxxp://logon.tarponpointe.com/dwa8W.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EDD6C042-E583-42FA-9211-282AC1A99195} - hxxps://streaming.endeavors.com/appx/cl ... s/OTAI.CAB
FF - ProfilePath - c:\documents and settings\Doug Knapp\Application Data\Mozilla\Firefox\Profiles\1h3ywr4e.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
.

**************************************************************************

disk not found C:\

please note that you need administrator rights to perform deep scan
scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DwlClient = c:\program files\Common Files\Dell\EUSW\Support.exe?l?e?s?\?D?e?l?l?\?E?U?S?W?\?S?u?p?p?o?r?t?.?e?x?e???X???????????x???????????????????H???P???? ?w? ?w)??p????????(????????U?w????????????0??????w, ?w?M?wW??w???w)??p????????x'@?????????X????????"@?e?????

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
Completion time: 2009-08-27 21:48
ComboFix-quarantined-files.txt 2009-08-27 01:48
ComboFix2.txt 2009-08-26 20:53

Pre-Run: 7,800,573,952 bytes free
Post-Run: 7,810,932,736 bytes free

665 --- E O F --- 2009-08-26 03:15

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:56:18 PM, on 8/26/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\1128783280\EE\aolsoftware.exe
C:\Program Files\Common Files\AOL\1128783280\EE\aolsoftware.exe
c:\program files\common files\aol\1128783280\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6711
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AOL Toolbar Loader - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - http://netscape.musicnotes.com/download/mnviewer.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://logon.tarponpointe.com/iNotes6W.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.5.0.cab
O16 - DPF: {4CCA4E6B-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/ins ... gr_v01.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {72D59B9C-1E59-4958-803A-ABDEE2D4CFA6} - http://download.divx.com/player/DivXPlayerInstaller.exe
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} - http://www.napster.com/client/isetup.cab
O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} (Domino Web Access 8 Control) - http://logon.tarponpointe.com/dwa8W.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/53/i ... downls.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup.cab
O16 - DPF: {EDD6C042-E583-42FA-9211-282AC1A99195} - https://streaming.endeavors.com/appx/cl ... s/OTAI.CAB
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.compani ... 3_16_0.cab
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c917aea0c75a5c) (gupdate1c917aea0c75a5c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 8970 bytes
Dougster
Regular Member
 
Posts: 45
Joined: August 22nd, 2009, 12:15 pm

Re: HiJack This - Dougster

Unread postby muppy03 » August 26th, 2009, 10:26 pm

Machine is running much faster and there are no re directs.

Excellent! :cheers:

I see the following in that same list:
Napster
AdAware (i used to use for spyware and can be dropped)
Walmart photo (we no longer use)
Netscape music
Repeat process and check the box??


You mean the 016’s? Yes you can check those and select fix checked. If for some reason you do visit that site again it will be redownloaded if needed.

I also have an "Updates are Ready" icon in my system tray. Or did....I now do not see it. Go ahead and allow update once we are complete?

Lets do a couple of more jobs first. No point adding extra things we have to scan.

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.


Next Kaspersky Online Scan
Do an online scan with >Kaspersky Online Scanner<
  • Read through the requirements and privacy statement and click on Accept button
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run
  • When the downloads have finished, click on Settings
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan
  • Once the scan is complete, it will display the results. Click on View Scan Report
  • You will see a list of infected items there. Click on Save Report As...
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button
  • Please post this log in your next reply

Please reply with:-
  • Kaspersky report report
  • New HJT log
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: HiJack This - Dougster

Unread postby Dougster » August 28th, 2009, 2:29 pm

Yeah!! System continues to run without issues and is running much more quickly. Programs loading faster and my wife is no longer saying .. "this bleeping computer".

Kaspersky took quite a while but showed no threats.

Doug

Here are the logs.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:26:51 PM, on 8/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Doug Knapp\Local Settings\temp\jkos-Doug Knapp\binaries\ScanningProcess.exe
C:\Program Files\Microsoft Office\Office\EXCEL.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6711
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AOL Toolbar Loader - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.5.0.cab
O16 - DPF: {4CCA4E6B-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/ins ... gr_v01.cab
O16 - DPF: {72D59B9C-1E59-4958-803A-ABDEE2D4CFA6} - http://download.divx.com/player/DivXPlayerInstaller.exe
O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} (Domino Web Access 8 Control) - http://logon.tarponpointe.com/dwa8W.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/53/i ... downls.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup.cab
O16 - DPF: {EDD6C042-E583-42FA-9211-282AC1A99195} - https://streaming.endeavors.com/appx/cl ... s/OTAI.CAB
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.compani ... 3_16_0.cab
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c917aea0c75a5c) (gupdate1c917aea0c75a5c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 8283 bytes

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

KASPERSKY ONLINE SCANNER 7.0: scan reportKASPERSKY ONLINE SCANNER 7.0:
scan report
Friday, August 28, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build
2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, August 28, 2009 14:58:17
Records in database: 2696624


Scan settings
scan using the following databaseextended
Scan archivesyes
Scan e-mail databasesyes

Scan areaMy Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\
J:\
K:\
L:\
M:\

Scan statistics
Objects scanned233953
Threats found0
Infected objects found0
Suspicious objects found0
Scan duration04:44:15

No threats found. Scanned area is clean.
Selected area has been scanned.
Dougster
Regular Member
 
Posts: 45
Joined: August 22nd, 2009, 12:15 pm

Re: HiJack This - Dougster

Unread postby muppy03 » August 28th, 2009, 7:39 pm

It is looking good! :cheers:

Update Java Runtime

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 16.
  • Go to Java Site
  • Click to Download Java SE Runtime Environment (JRE) 6 Update 16
  • In Platform box choose Windows.
  • Check the box to Accept License Agreement and click Continue.
  • Click on Windows Offline Installation, click on the link under it which says "jre-6u16-windows-i586.exe" and save the downloaded file to your desktop.
  • Go to Start => Control Panel => Add or Remove Programs
  • Uninstall all old versions of Java (Java 3 Runtime Environment, JRE or JSE) listed below in the code box.
    Code: Select all
    J2SE Runtime Environment 5.0 Update 6
    Java(TM) 6 Update 13
  • Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
  • Reboot your computer


If all goes well and you are not having any further problems, I would suggest you proceed as follows.

Let's clean up

MBAM and TFC are great tools for you to keep and use on a regular basis.

You can delete RSIT from your Desktop and it associated folder C:\RSIT

Remove Combofix
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK ( please note the space between Combofix and the /)
  • Image
The above procedure will reset your System Restore and clear out the backups and quarantines created during the course of this fix.


Now that the infection is gone lets try to keep it that way by following the below recommendations.

Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
    • Change the Download signed ActiveX controls to Prompt
    • Change the Download unsigned ActiveX controls to Disable
    • Change the Initialise and script ActiveX controls not marked as safe to Disable
    • Change the Installation of desktop items to Prompt
    • Change the Launching programs and files in an IFRAME to Prompt
    • Change the Navigate sub-frames across different domains to Prompt
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.

Here are some free programs I recommend that could help you improve your computer's security.

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system. If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.

You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Install WinPatrol
Download it from here
Here you can find information about how WinPatrol works here

Install MVPS Hosts File from here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
Find Tutorial here : http://www.mvps.org/winhelp2002/hosts.htm

Read some information here how to prevent Malware.


Please reply if you have any problems or questions

Happy Safe Surfing
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: HiJack This - Dougster

Unread postby Dougster » August 29th, 2009, 10:42 pm

Thanks again.
I am traveling through 8.31.09 pm and will not get to these next steps until late that day. Will respond back with an update then.
Have a great weekend.
Doug
Dougster
Regular Member
 
Posts: 45
Joined: August 22nd, 2009, 12:15 pm

Re: HiJack This - Dougster

Unread postby muppy03 » August 29th, 2009, 11:26 pm

:thumbright:
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: HiJack This - Dougster

Unread postby chryssi2001 » September 5th, 2009, 3:04 am

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 41 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware