Free Malware Removal Forum

by **HerrLugner** » February 28th, 2010, 3:07 pm

Started with pop ups yesterday (Saturday) afternoon. When it first hit, it looked like my McAfee security software had caught it as McAfee posted an alert, then I started getting pop ups about security breach, my information is in danger, etc. requesting that I use their software and I have an unregistered version. I ran MalwareBytes and it removed some registry entries, but didn't locate any other problems. The pop ups when away for the remainder of Saturday. Today (Sunday) I went to use a photo editing program, and the pop ups started again. Again I tried to use MalwareBytes, but it found nothing. I then tried to use Spybot Search & Destroy. When I tried to update the definitions, it wouldn't allow everything to update, so I hit "ignore". Spybot locked up about 1/3 of the way through the scan, so now I am turning to here. Following are my HJT log and uninstall list.

Thanks in advance for your assistance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:55:44 PM, on 2/28/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe
C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe
C:\Program Files\Common Files\AOL\1148647217\ee\AOLSoftware.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\NoAds\NoAds.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\1148647217\ee\aolsoftware.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Paul Graf\Local Settings\Application Data\MSASCui.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [zzzHPSETUP] E:\Setup.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1148647217\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NoAds] "C:\Program Files\NoAds\NoAds.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Memeo AutoBackup Launcher.lnk = ?
O4 - Startup: Memeo AutoSync Launcher.lnk = C:\Program Files\Memeo\AutoSync\MemeoLauncher.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Exif Launcher.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra 'Tools' menuitem: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.com/applet-6.6.4.21/o ... -en_US.cab
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.6.4.29/a ... -en_US.cab
O16 - DPF: Ali Baba Slots TM by pogo - http://game1.pogo.com/applet-6.6.2.21/s ... -en_US.cab
O16 - DPF: Animal Ark by pogo - http://www.pogo.com/applet-6.3.4.49/ani ... assets.cab
O16 - DPF: Backgammon by pogo - http://game1.pogo.com/applet-6.3.3.27/b ... assets.cab
O16 - DPF: Battle Phlinx by pogo - http://game1.pogo.com/applet-6.4.0.34/b ... assets.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-6.6.0.34/b ... -en_US.cab
O16 - DPF: Blooop by pogo - http://game1.pogo.com/applet-6.6.3.34/c ... -en_US.cab
O16 - DPF: Bowling by pogo - http://game1.pogo.com/applet-6.6.4.29/b ... -en_US.cab
O16 - DPF: Bump by pogo - http://www.pogo.com/applet-6.5.2.33/bump/bump-en_US.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-6.5.4.34/c ... -en_US.cab
O16 - DPF: Checkers by pogo - http://game1.pogo.com/applet-6.5.3.37/c ... -en_US.cab
O16 - DPF: Chess by pogo - http://game1.pogo.com/applet-6.5.4.27/c ... -en_US.cab
O16 - DPF: Cribbage by pogo - http://game1.pogo.com/applet-6.5.5.36/c ... -en_US.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.6.2.21/c ... -en_US.cab
O16 - DPF: Dominoes by pogo - http://game1.pogo.com/applet-6.6.4.29/d ... -en_US.cab
O16 - DPF: Double Deuce Poker by pogo - http://game1.pogo.com/applet-6.4.0.34/v ... assets.cab
O16 - DPF: Euchre by pogo - http://game1.pogo.com/applet-6.6.0.27/e ... -en_US.cab
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.com/applet-6.6.2.21/f ... -en_US.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.com/applet-6.6.2.21/s ... -en_US.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-6.5.1.31/g ... -en_US.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.6.3.34/h ... -en_US.cab
O16 - DPF: Hearts by pogo - http://game1.pogo.com/applet-6.6.4.29/h ... -en_US.cab
O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.com/applet-6.5.4.27/d ... -en_US.cab
O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.com/applet-6.4.4.34/p ... assets.cab
O16 - DPF: Its Outta Here 2 by pogo - http://game1.pogo.com/applet-6.6.2.21/i ... -en_US.cab
O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.com/applet-6.6.2.21/j ... -en_US.cab
O16 - DPF: Jokers Wild Poker by pogo - http://game1.pogo.com/applet-6.6.0.34/v ... -en_US.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-6.6.2.35/gin/gin-en_US.cab
O16 - DPF: Keno by pogo - http://game1.pogo.com/applet-6.6.0.34/k ... -en_US.cab
O16 - DPF: Lost Temple Poker by pogo - http://game1.pogo.com/applet-6.6.3.34/m ... -en_US.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.6.4.21/l ... -en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.5.2.33/m ... -en_US.cab
O16 - DPF: Multiline Slots by pogo - http://game1.pogo.com/applet-6.4.4.34/m ... assets.cab
O16 - DPF: NASCAR Web Racing by pogo - http://game1.pogo.com/applet-6.4.2.23/n ... assets.cab
O16 - DPF: Pai Gow by pogo - http://game1.pogo.com/applet-6.4.4.34/p ... assets.cab
O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.com/applet-6.5.3.37/f ... -en_US.cab
O16 - DPF: Pebble Beach Golf by pogo - http://game1.pogo.com/applet-6.5.5.36/p ... -en_US.cab
O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.com/applet-6.6.3.34/p ... -en_US.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.com/applet-6.6.0.27/w ... -en_US.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.6.1.37/f ... -en_US.cab
O16 - DPF: Pinochle by pogo - http://game1.pogo.com/applet-6.6.3.34/p ... -en_US.cab
O16 - DPF: Pirate's Gold by pogo - http://game1.pogo.com/applet-6.4.0.41/p ... assets.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.5.3.44/p ... -en_US.cab
O16 - DPF: PoppaZoppa by pogo - http://game1.pogo.com/applet-6.6.4.21/p ... -en_US.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.6.4.21/p ... -en_US.cab
O16 - DPF: Quick Quack by pogo - http://game1.pogo.com/applet-6.6.4.21/h ... -en_US.cab
O16 - DPF: Quick Shot by pogo - http://game1.pogo.com/applet-6.6.3.34/q ... -en_US.cab
O16 - DPF: QWERTY by pogo - http://game1.pogo.com/applet-6.6.2.35/s ... -en_US.cab
O16 - DPF: Ride The Tide by pogo - http://game1.pogo.com/applet-6.5.3.37/r ... -en_US.cab
O16 - DPF: SciFi Slots by pogo - http://game1.pogo.com/applet-6.6.1.37/s ... -en_US.cab
O16 - DPF: Showbiz Slots 2 by pogo - http://game1.pogo.com/applet-6.4.3.28/s ... assets.cab
O16 - DPF: Showbiz Slots by pogo - http://game1.pogo.com/applet-6.2.0.37/s ... assets.cab
O16 - DPF: Shuffle Bump by pogo - http://game1.pogo.com/applet-6.6.4.29/p ... -en_US.cab
O16 - DPF: Spades 2 by pogo - http://game1.pogo.com/applet-6.6.1.29/s ... -en_US.cab
O16 - DPF: Spades by pogo - http://game1.pogo.com/applet-6.4.4.34/s ... assets.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-6.6.2.21/s ... -en_US.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.6.4.21/s ... -en_US.cab
O16 - DPF: Stax by pogo - http://game1.pogo.com/applet-6.6.4.21/s ... -en_US.cab
O16 - DPF: Stellar Sweeper by pogo - http://game1.pogo.com/applet-6.5.5.36/s ... -en_US.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.com/applet-6.6.2.21/s ... -en_US.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.5.1.24/h ... -en_US.cab
O16 - DPF: The Sims Pinball by pogo - http://game1.pogo.com/applet-6.2.3.39/s ... assets.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.6.4.21/p ... -en_US.cab
O16 - DPF: Tumble Bees by pogo - http://game1.pogo.com/applet-6.6.2.21/j ... -en_US.cab
O16 - DPF: Turbo 21 TM by pogo - http://game1.pogo.com/applet-6.5.1.24/t ... -en_US.cab
O16 - DPF: Video Poker by pogo - http://game1.pogo.com/applet-6.4.0.41/v ... assets.cab
O16 - DPF: Wonderland Memories by pogo - http://game1.pogo.com/applet-6.6.4.21/m ... -en_US.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.6.4.21/w ... -en_US.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-6.6.3.34/w ... -en_US.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.com/applet-6.6.1.29/w ... -en_US.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.6.3.34/w ... -en_US.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/c ... /tt3_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/c ... jst4_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/c ... pyt1_x.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.4.1.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mci ... insctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcg ... cgdmgr.cab
O18 - Protocol hijack: mhtml -
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 24239 bytes

Acrobat.com
Acrobat.com
Ad-Aware SE Personal
Adobe Acrobat 9 Standard - English, Français, Deutsch
Adobe Acrobat 9 Standard - English, Français, Deutsch
Adobe Acrobat 5.0
Adobe AIR
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 9.1
Adobe Shockwave Player
AOL Toolbar 5.0
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
Apple Mobile Device Support
Apple Software Update
ArcSoft Funhouse
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DSLR 5 for ZoomBrowser EX
Canon Camera Window MC 5 for ZoomBrowser EX
Canon EOS Kiss_N REBEL_XT 350D WIA Driver
Canon i960
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities Digital Photo Professional 2.0
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PhotoPrint Plus
Canon Utilities EOS Capture 1.5
Canon Utilities PhotoStitch 3.1
Canon ZoomBrowser EX (E)
CCHelp
CCScore
Citrix Web Client
Classic PhoneTools
Compatibility Pack for the 2007 Office system
Conexant HSF V92 56K RTAD Speakerphone PCI Modem
Critical Update for Windows Media Player 11 (KB959772)
DAO 3.5
Dell Modem-On-Hold
Dell Picture Studio - Dell Image Expert
Dell Solution Center
Dell Support Center
DellSupport
Digital Line Detect
DVDSentry
Dynomite 2.00y
Easy CD Creator 5 Basic
Easy-WebPrint
ESSAdpt
ESSANUP
ESSCAM
ESSCDBK
ESScore
ESSgui
ESShelp
ESSini
ESSPCD
ESSSONIC
ESSvpaht
ESSvpot
FinePixViewer Ver.4.0
FUJIFILM USB Driver
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
HaxFix 4.14
HijackThis 2.0.2
HLPIndex
HLPRFO
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
hp instant support
HP Photo and Imaging 1.2 - Scanjet 4570c Series
ImageMixer VCD for FinePix
Intel(R) PRO Ethernet Adapter and Software
Intel(R) PROSet II
iTunes
J2SE Runtime Environment 5.0 Update 8
J2SE Runtime Environment 5.0 Update 9
Jasc Paint Shop Pro 8 Dell Edition
Java(TM) 6 Update 15
Java(TM) 6 Update 3
Java(TM) 6 Update 7
Kaspersky Online Scanner
Kodak EasyShare software
KSU
LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
Lottso! Deluxe
Mahjong Garden Deluxe
Malwarebytes' Anti-Malware
McAfee SecurityCenter
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Interactive Training
Microsoft Office PowerPoint Viewer 2003
Microsoft Office XP Media Content
Microsoft Office XP Small Business
Microsoft Train Simulator
Microsoft User-Mode Driver Framework Feature Pack 1.0
MicroStaff WINASPI NT
Modem Helper
Mozilla Firefox (3.5.

MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MUSICMATCH Jukebox
NoAds
Notifier
NVIDIA Display Driver
NVIDIA Drivers
OpenMG Limited Patch 4.1-05-13-31-01
OpenMG Secure Module 4.1.00
Operation Mania
OTtBP
OTtBPSDK
Panda ActiveScan
PCDADDIN
PCDHELP
PCDLNCH
PICTUREKA! MUSEUM MAYHEM
PowerDVD
Quicken 2007
Quicken WillMaker Plus 2004
QuickTime
RAW FILE CONVERTER LE
RealPlayer Basic
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 8 (KB917734)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
SFR
SFR2
Shockwave
Sid Meier's Railroad Tycoon
Sound Blaster Live!
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
Symantec pcAnywhere
System Requirements Lab
TBS WMP Plug-in
The Poppit! Show
The Right Track (R) Software
The Right Track Software
Trainz Driver - North American Edition
TrojanHunter 4.6
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Verizon Online
Verizon Online Control Pad
Verizon Online DSL
Verizon Online Help and Support
Viewpoint Media Player
Visual IP InSight(Verizon Online)
VPRINTOL
WD Diagnostics
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
Word Whomp( TM) Underground
Yahoo! Messenger
Yahoo! Messenger Explorer Bar

Paul

by **MWR 3 day Mod** » March 4th, 2010, 4:02 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.

by **gringo_pr** » March 6th, 2010, 6:00 pm

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

1.Please do not run any other tool untill instructed to do so!

2.

do not start another!

3.

4.

5.

If you follow these instructions, everything should go smoothly.

I would like to get a better look at your system, please do the following so I can get some more detailed logs.

DeFogger:

DeFogger

desktop

DeFogger

The application window will appear
Click the Disable button to disable your CD Emulation drivers
Click Yes to continue
A 'Finished!' message will appear
Click OK
DeFogger may ask you to reboot the machine, if it does - click OK

Do not

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

CKScanner:

Please download CKScanner By askey127 ... Save it to your desktop.
Make sure that CKScanner.exe is on the your desktop before running the application!

Double-click on the CKScanner.exe icon... then click the Search For Files button.
When the scan is finished (the cursor hourglass disappears) click the Save List To File button.
A text file will be created on your desktop named "ckfiles.txt"
Click OK at the file saved message box. Double-click on the ckfiles.txt icon on your desktop.
Please copy/paste the contents of ckfiles.txt in your next reply.

Download DDS:

DDS by sUBs

Link1

Link2

Link3

Please disable any anti-malware program that will block scripts from running before running DDS.

Double-Click on dds.scr and a command window will appear. This is normal.
Shortly after two logs will appear:
- DDS.txt
- Attach.txt
A window will open instructing you save & post the logs
Save the logs to a convenient place such as your desktop
Copy the contents of both logs & post in your next reply

GMER:

here

Extract the contents of the zipped file to desktop.
Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan..

In the right panel, you will see several boxes that have been checked. Uncheck the following ...
- Sections
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.

information and logs:

Gringo

by **HerrLugner** » March 6th, 2010, 10:47 pm

Gringo,

Thanks for the reply. I had run additional scans using AdAware, iobit360 and pandasoft, as well as running malware bytes in safe mode, and the pop ups are gone, but the system still seems slow. I tried to run gmer, and it scanned for about 15 minutes, then crashed my computer and it rebooted. The logs from the other programs are listed below.

DDS (Ver_09-12-01.01) - NTFSx86
Run by Paul Graf at 20:47:29.02 on Sat 03/06/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.106 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe
C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe
C:\Program Files\Common Files\AOL\1148647217\ee\AOLSoftware.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\NoAds\NoAds.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\1148647217\ee\aolsoftware.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe
C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe
C:\PROGRA~1\COMMON~1\McAfee\MSC\McUICnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
c:\PROGRA~1\mcafee\msc\mcshell.exe
C:\Documents and Settings\Paul Graf\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.aol.com
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.dellnet.com
uWindow Title = Microsoft Internet Explorer provided by Verizon Online
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\program files\yahoo!\messenger\yhexbmes0411.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [NoAds] "c:\program files\noads\NoAds.exe"
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [MoneyAgent] "c:\program files\microsoft money\system\Money Express.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [diagent] "c:\program files\creative\sblive\diagnostics\diagent.exe" startup
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [DVDSentry] c:\windows\system32\DSentry.exe
mRun: [AdaptecDirectCD] "c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe"
mRun: [zzzHPSETUP] E:\Setup.exe
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [IPInSightLAN 01] "c:\program files\verizon online\visual ip insight\IPClient.exe" -l
mRun: [IPInSightMonitor 01] "c:\program files\verizon online\visual ip insight\IPMon32.exe"
mRun: [nwiz] nwiz.exe /install
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [HostManager] c:\program files\common files\aol\1148647217\ee\AOLSoftware.exe
mRun: [Share-to-Web Namespace Daemon] c:\program files\hewlett-packard\hp share-to-web\hpgs2wnd.exe
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Verizon_McciTrayApp] c:\program files\verizon\McciTrayApp.exe
mRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [IObit Security 360] "c:\program files\iobit\iobit security 360\IS360tray.exe" /autostart
StartupFolder: c:\docume~1\paulgr~1\startm~1\programs\startup\memeoa~1.lnk - c:\docume~1\paulgr~1\applic~1\microsoft\installer\{6bceb97b-f315-455d-bc2d-565a1a6781e8}\NewShortcut4_51A847D327C24F7797772AF2A4E486ED.exe
StartupFolder: c:\docume~1\paulgr~1\startm~1\programs\startup\memeoa~2.lnk - c:\program files\memeo\autosync\MemeoLauncher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewer\QuickDCF.exe
mPolicies-explorer: <NO NAME> =
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - c:\program files\verizon online\verizon online control pad\VerizonControlPad.Exe
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD} - c:\program files\yahoo!\messenger\yhexbmes0411.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: 6th Street Omaha Poker by pogo - hxxp://game1.pogo.com/applet-6.6.4.21/o ... -en_US.cab
DPF: Aces Up! by pogo - hxxp://game1.pogo.com/applet-6.6.4.29/a ... -en_US.cab
DPF: Ali Baba Slots TM by pogo - hxxp://game1.pogo.com/applet-6.6.2.21/s ... -en_US.cab
DPF: Animal Ark by pogo - hxxp://www.pogo.com/applet-6.3.4.49/ani ... assets.cab
DPF: Backgammon by pogo - hxxp://game1.pogo.com/applet-6.3.3.27/b ... assets.cab
DPF: Battle Phlinx by pogo - hxxp://game1.pogo.com/applet-6.4.0.34/b ... assets.cab
DPF: Blackjack by pogo - hxxp://game1.pogo.com/applet-6.6.0.34/b ... -en_US.cab
DPF: Blooop by pogo - hxxp://game1.pogo.com/applet-6.6.3.34/c ... -en_US.cab
DPF: Bowling by pogo - hxxp://game1.pogo.com/applet-6.6.4.29/b ... -en_US.cab
DPF: Bump by pogo - hxxp://www.pogo.com/applet-6.5.2.33/bump/bump-en_US.cab
DPF: Canasta by pogo - hxxp://game1.pogo.com/applet-6.5.4.34/c ... -en_US.cab
DPF: Checkers by pogo - hxxp://game1.pogo.com/applet-6.5.3.37/c ... -en_US.cab
DPF: Chess by pogo - hxxp://game1.pogo.com/applet-6.5.4.27/c ... -en_US.cab
DPF: Cribbage by pogo - hxxp://game1.pogo.com/applet-6.5.5.36/c ... -en_US.cab
DPF: Dice Derby by pogo - hxxp://game1.pogo.com/applet-6.6.2.21/c ... -en_US.cab
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Dominoes by pogo - hxxp://game1.pogo.com/applet-6.6.4.29/d ... -en_US.cab
DPF: Double Deuce Poker by pogo - hxxp://game1.pogo.com/applet-6.4.0.34/v ... assets.cab
DPF: Euchre by pogo - hxxp://game1.pogo.com/applet-6.6.0.27/e ... -en_US.cab
DPF: First Class Solitaire by pogo - hxxp://game1.pogo.com/applet-6.6.2.21/f ... -en_US.cab
DPF: Fortune Bingo by pogo - hxxp://game1.pogo.com/applet-6.6.2.21/s ... -en_US.cab
DPF: Greenback Bayou by pogo - hxxp://game1.pogo.com/applet-6.5.1.31/g ... -en_US.cab
DPF: Harvest Mania by pogo - hxxp://game1.pogo.com/applet-6.6.3.34/h ... -en_US.cab
DPF: Hearts by pogo - hxxp://game1.pogo.com/applet-6.6.4.29/h ... -en_US.cab
DPF: High Stakes Poker by pogo - hxxp://game1.pogo.com/applet-6.5.4.27/d ... -en_US.cab
DPF: High Stakes Pool by pogo - hxxp://game1.pogo.com/applet-6.4.4.34/p ... assets.cab
DPF: Its Outta Here 2 by pogo - hxxp://game1.pogo.com/applet-6.6.2.21/i ... -en_US.cab
DPF: Jigsaw Detective by pogo - hxxp://game1.pogo.com/applet-6.6.2.21/j ... -en_US.cab
DPF: Jokers Wild Poker by pogo - hxxp://game1.pogo.com/applet-6.6.0.34/v ... -en_US.cab
DPF: Jungle Gin by pogo - hxxp://game1.pogo.com/applet-6.6.2.35/gin/gin-en_US.cab
DPF: Keno by pogo - hxxp://game1.pogo.com/applet-6.6.0.34/k ... -en_US.cab
DPF: Lost Temple Poker by pogo - hxxp://game1.pogo.com/applet-6.6.3.34/m ... -en_US.cab
DPF: Lottso by pogo - hxxp://game1.pogo.com/applet-6.6.4.21/l ... -en_US.cab
DPF: Mah Jong Garden by pogo - hxxp://game1.pogo.com/applet-6.5.2.33/m ... -en_US.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: Multiline Slots by pogo - hxxp://game1.pogo.com/applet-6.4.4.34/m ... assets.cab
DPF: NASCAR Web Racing by pogo - hxxp://game1.pogo.com/applet-6.4.2.23/n ... assets.cab
DPF: Pai Gow by pogo - hxxp://game1.pogo.com/applet-6.4.4.34/p ... assets.cab
DPF: Payday FreeCell by pogo - hxxp://game1.pogo.com/applet-6.5.3.37/f ... -en_US.cab
DPF: Pebble Beach Golf by pogo - hxxp://game1.pogo.com/applet-6.5.5.36/p ... -en_US.cab
DPF: Penguin Blocks by pogo - hxxp://game1.pogo.com/applet-6.6.3.34/p ... -en_US.cab
DPF: Perfect Pair Solitaire by pogo - hxxp://game1.pogo.com/applet-6.6.0.27/w ... -en_US.cab
DPF: Phlinx by pogo - hxxp://game1.pogo.com/applet-6.6.1.37/f ... -en_US.cab
DPF: Pinochle by pogo - hxxp://game1.pogo.com/applet-6.6.3.34/p ... -en_US.cab
DPF: Pirate's Gold by pogo - hxxp://game1.pogo.com/applet-6.4.0.41/p ... assets.cab
DPF: Pop Fu by pogo - hxxp://game1.pogo.com/applet-6.5.3.44/p ... -en_US.cab
DPF: PoppaZoppa by pogo - hxxp://game1.pogo.com/applet-6.6.4.21/p ... -en_US.cab
DPF: Poppit by pogo - hxxp://game1.pogo.com/applet-6.6.4.21/p ... -en_US.cab
DPF: Quick Quack by pogo - hxxp://game1.pogo.com/applet-6.6.4.21/h ... -en_US.cab
DPF: Quick Shot by pogo - hxxp://game1.pogo.com/applet-6.6.3.34/q ... -en_US.cab
DPF: QWERTY by pogo - hxxp://game1.pogo.com/applet-6.6.2.35/s ... -en_US.cab
DPF: Ride The Tide by pogo - hxxp://game1.pogo.com/applet-6.5.3.37/r ... -en_US.cab
DPF: SciFi Slots by pogo - hxxp://game1.pogo.com/applet-6.6.1.37/s ... -en_US.cab
DPF: Showbiz Slots 2 by pogo - hxxp://game1.pogo.com/applet-6.4.3.28/s ... assets.cab
DPF: Showbiz Slots by pogo - hxxp://game1.pogo.com/applet-6.2.0.37/s ... assets.cab
DPF: Shuffle Bump by pogo - hxxp://game1.pogo.com/applet-6.6.4.29/p ... -en_US.cab
DPF: Spades 2 by pogo - hxxp://game1.pogo.com/applet-6.6.1.29/s ... -en_US.cab
DPF: Spades by pogo - hxxp://game1.pogo.com/applet-6.4.4.34/s ... assets.cab
DPF: Spider Solitaire by pogo - hxxp://game1.pogo.com/applet-6.6.2.21/s ... -en_US.cab
DPF: Squelchies by pogo - hxxp://game1.pogo.com/applet-6.6.4.21/s ... -en_US.cab
DPF: Stax by pogo - hxxp://game1.pogo.com/applet-6.6.4.21/s ... -en_US.cab
DPF: Stellar Sweeper by pogo - hxxp://game1.pogo.com/applet-6.5.5.36/s ... -en_US.cab
DPF: Sweet Tooth TM by pogo - hxxp://game1.pogo.com/applet-6.6.2.21/s ... -en_US.cab
DPF: Texas Hold'em Poker by pogo - hxxp://game1.pogo.com/applet-6.5.1.24/h ... -en_US.cab
DPF: The Sims Pinball by pogo - hxxp://game1.pogo.com/applet-6.2.3.39/s ... assets.cab
DPF: Tri-Peaks by pogo - hxxp://game1.pogo.com/applet-6.6.4.21/p ... -en_US.cab
DPF: Tumble Bees by pogo - hxxp://game1.pogo.com/applet-6.6.2.21/j ... -en_US.cab
DPF: Turbo 21 TM by pogo - hxxp://game1.pogo.com/applet-6.5.1.24/t ... -en_US.cab
DPF: Video Poker by pogo - hxxp://game1.pogo.com/applet-6.4.0.41/v ... assets.cab
DPF: Wonderland Memories by pogo - hxxp://game1.pogo.com/applet-6.6.4.21/m ... -en_US.cab
DPF: Word Whomp by pogo - hxxp://game1.pogo.com/applet-6.6.4.21/w ... -en_US.cab
DPF: Word Whomp Whackdown by pogo - hxxp://game1.pogo.com/applet-6.6.3.34/w ... -en_US.cab
DPF: WordJong by pogo - hxxp://game1.pogo.com/applet-6.6.1.29/w ... -en_US.cab
DPF: World Class Solitaire by pogo - hxxp://game1.pogo.com/applet-6.6.3.34/w ... -en_US.cab
DPF: Yahoo! Literati - hxxp://download.games.yahoo.com/games/c ... /tt3_x.cab
DPF: Yahoo! MahJong Solitaire - hxxp://download.games.yahoo.com/games/c ... jst4_x.cab
DPF: Yahoo! Pyramids - hxxp://download.games.yahoo.com/games/c ... pyt1_x.cab
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/eng/partne ... nicode.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - hxxp://download.yahoo.com/dl/installs/yinst0309.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/ ... mv9VCM.CAB
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/v ... .2.4.1.cab
DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - hxxp://aolcc.aol.com/computercheckup/qdiagcc.cab
DPF: {4B48D5DF-9021-45F7-A240-60304302A215} - hxxp://download.microsoft.com/download/ ... leaner.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://bin.mcafee.com/molbin/shared/mci ... insctl.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resourc ... oscan8.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://acs.pandasoftware.com/activescan ... asinst.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://bin.mcafee.com/molbin/shared/mcg ... cgdmgr.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: PCANotify - PCANotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: CShellExecuteHookImpl Object: {57b86673-276a-48b2-bae7-c6dbb3020eb8} - c:\program files\ewido anti-spyware 4.0\shellexecutehook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\paulgr~1\applic~1\mozilla\firefox\profiles\ls9hoxy3.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.pogo.com/home/home.do
FF - plugin: c:\documents and settings\paul graf\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npitunes.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint_0305000D.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-3-1 64288]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-2-28 28552]
R1 AW_HOST;AW_HOST;c:\windows\system32\drivers\AW_HOST5.sys [2005-11-21 11008]
R1 ewido anti-spyware 4.0 driver;ewido anti-spyware 4.0 driver;c:\program files\ewido anti-spyware 4.0\guard.sys [2006-6-16 3968]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-3-15 214664]
R2 ewido anti-spyware 4.0 guard;ewido anti-spyware 4.0 guard;c:\program files\ewido anti-spyware 4.0\guard.exe [2006-6-16 172032]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2007-3-15 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2007-3-15 144704]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-3-15 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-3-15 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-3-15 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-3-15 40552]
S2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2010-3-1 311568]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1229232]
S3 awhost32;Symantec pcAnywhere Host Service;c:\program files\symantec\pcanywhere\awhost32.exe [2006-4-25 106496]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-3-15 34248]
S4 AutoSyncService;Memeo AutoSync ;c:\program files\memeo\autosync\MemeoService.exe [2007-7-6 31768]

=============== Created Last 30 ================

2010-03-07 01:08:13 0 ----a-w- c:\documents and settings\paul graf\defogger_reenable
2010-03-03 00:16:42 54156 ---ha-w- c:\windows\QTFont.qfn
2010-03-03 00:16:42 1409 ----a-w- c:\windows\QTFont.for
2010-03-02 12:30:33 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-03-02 03:41:59 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-03-02 03:41:49 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-03-02 03:38:23 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-03-01 21:59:09 0 d-----w- c:\docume~1\alluse~1\applic~1\IObit
2010-03-01 21:59:01 0 d-----w- c:\program files\IObit
2010-03-01 01:48:53 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-03-01 01:47:42 0 d-----w- c:\program files\Panda Security
2010-02-28 22:21:31 0 d-----w- c:\docume~1\paulgr~1\applic~1\AVG8
2010-02-28 15:05:44 0 d-----w- c:\program files\Trend Micro
2010-02-28 14:48:09 0 d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2010-02-28 14:48:09 0 d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2010-02-28 14:48:09 0 d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2010-02-28 14:48:09 0 d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)

==================== Find3M ====================

2009-12-31 16:50:03 353792 ------w- c:\windows\system32\dllcache\srv.sys
2009-12-21 13:19:18 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-16 18:43:27 343040 ------w- c:\windows\system32\dllcache\mspaint.exe
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-14 07:08:23 33280 ------w- c:\windows\system32\dllcache\csrsrv.dll
2009-12-09 05:53:44 726528 ----a-w- c:\windows\system32\dllcache\jscript.dll
2009-12-08 19:27:51 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 19:27:51 2189184 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-12-08 19:26:15 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-08 18:43:51 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-08 18:43:50 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 18:43:50 2066048 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-08 09:23:28 474112 ------w- c:\windows\system32\dllcache\shlwapi.dll
2009-10-15 08:22:12 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat

============= FINISH: 20:49:46.27 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 2/6/2003 6:58:00 PM
System Uptime: 3/6/2010 8:32:27 AM (12 hours ago)

Motherboard: Dell Computer Corp. | |
Processor: Intel(R) Pentium(R) 4 CPU 2.40GHz | Microprocessor | 2386/533mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 112 GiB total, 54.251 GiB free.
D: is Removable
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1115: 12/7/2009 4:58:04 PM - System Checkpoint
RP1116: 12/8/2009 7:19:28 PM - System Checkpoint
RP1117: 12/9/2009 3:00:23 AM - Software Distribution Service 3.0
RP1118: 12/10/2009 3:22:30 AM - System Checkpoint
RP1119: 12/11/2009 3:30:12 AM - System Checkpoint
RP1120: 12/12/2009 4:30:12 AM - System Checkpoint
RP1121: 12/13/2009 5:30:12 AM - System Checkpoint
RP1122: 12/14/2009 6:30:13 AM - System Checkpoint
RP1123: 12/15/2009 7:29:41 AM - System Checkpoint
RP1124: 12/16/2009 7:30:11 AM - System Checkpoint
RP1125: 12/17/2009 7:31:11 AM - System Checkpoint
RP1126: 12/18/2009 8:30:05 AM - System Checkpoint
RP1127: 12/19/2009 8:56:27 AM - System Checkpoint
RP1128: 12/20/2009 9:36:12 AM - System Checkpoint
RP1129: 12/21/2009 9:40:43 AM - System Checkpoint
RP1130: 12/22/2009 10:30:08 AM - System Checkpoint
RP1131: 12/23/2009 11:30:07 AM - System Checkpoint
RP1132: 12/24/2009 11:41:38 AM - System Checkpoint
RP1133: 12/25/2009 12:31:03 PM - System Checkpoint
RP1134: 12/26/2009 1:24:09 PM - System Checkpoint
RP1135: 12/27/2009 1:29:54 PM - System Checkpoint
RP1136: 12/28/2009 1:40:15 PM - System Checkpoint
RP1137: 12/29/2009 2:29:55 PM - System Checkpoint
RP1138: 12/30/2009 2:38:01 PM - System Checkpoint
RP1139: 12/31/2009 2:45:04 PM - System Checkpoint
RP1140: 1/1/2010 6:18:48 PM - System Checkpoint
RP1141: 1/2/2010 6:55:43 PM - System Checkpoint
RP1142: 1/3/2010 7:04:49 PM - System Checkpoint
RP1143: 1/4/2010 7:29:48 PM - System Checkpoint
RP1144: 1/5/2010 7:50:23 PM - System Checkpoint
RP1145: 1/6/2010 8:30:16 PM - System Checkpoint
RP1146: 1/7/2010 10:45:42 PM - System Checkpoint
RP1147: 1/8/2010 11:34:05 PM - System Checkpoint
RP1148: 1/10/2010 1:43:45 AM - System Checkpoint
RP1149: 1/11/2010 2:29:39 AM - System Checkpoint
RP1150: 1/12/2010 2:42:39 AM - System Checkpoint
RP1151: 1/13/2010 3:29:40 AM - System Checkpoint
RP1152: 1/14/2010 3:00:24 AM - Software Distribution Service 3.0
RP1153: 1/15/2010 3:26:44 AM - System Checkpoint
RP1154: 1/16/2010 8:25:15 AM - System Checkpoint
RP1155: 1/17/2010 10:09:49 AM - System Checkpoint
RP1156: 1/18/2010 10:27:51 AM - System Checkpoint
RP1157: 1/19/2010 11:26:47 AM - System Checkpoint
RP1158: 1/20/2010 12:26:47 PM - System Checkpoint
RP1159: 1/21/2010 1:26:38 PM - System Checkpoint
RP1160: 1/22/2010 3:00:24 AM - Software Distribution Service 3.0
RP1161: 1/23/2010 3:27:14 AM - System Checkpoint
RP1162: 1/24/2010 4:27:15 AM - System Checkpoint
RP1163: 1/25/2010 5:27:13 AM - System Checkpoint
RP1164: 1/26/2010 6:38:08 AM - System Checkpoint
RP1165: 1/27/2010 7:27:15 AM - System Checkpoint
RP1166: 1/28/2010 8:27:06 AM - System Checkpoint
RP1167: 1/29/2010 8:39:09 AM - System Checkpoint
RP1168: 1/30/2010 8:48:37 AM - System Checkpoint
RP1169: 1/31/2010 9:31:50 AM - System Checkpoint
RP1170: 2/1/2010 10:55:28 AM - System Checkpoint
RP1171: 2/2/2010 11:27:04 AM - System Checkpoint
RP1172: 2/3/2010 11:30:06 AM - System Checkpoint
RP1173: 2/4/2010 12:26:56 PM - System Checkpoint
RP1174: 2/5/2010 1:02:43 PM - System Checkpoint
RP1175: 2/6/2010 1:17:13 PM - System Checkpoint
RP1176: 2/7/2010 2:02:45 PM - System Checkpoint
RP1177: 2/8/2010 2:29:15 PM - System Checkpoint
RP1178: 2/9/2010 3:02:45 PM - System Checkpoint
RP1179: 2/10/2010 3:49:00 PM - System Checkpoint
RP1180: 2/11/2010 3:00:23 AM - Software Distribution Service 3.0
RP1181: 2/12/2010 3:27:03 AM - System Checkpoint
RP1182: 2/13/2010 4:46:53 AM - System Checkpoint
RP1183: 2/14/2010 5:27:04 AM - System Checkpoint
RP1184: 2/15/2010 3:00:07 PM - System Checkpoint
RP1185: 2/16/2010 3:28:10 PM - System Checkpoint
RP1186: 2/17/2010 4:27:04 PM - System Checkpoint
RP1187: 2/18/2010 8:59:06 PM - System Checkpoint
RP1188: 2/19/2010 3:00:21 AM - Software Distribution Service 3.0
RP1189: 2/20/2010 3:26:32 AM - System Checkpoint
RP1190: 2/21/2010 3:39:32 AM - System Checkpoint
RP1191: 2/22/2010 4:26:32 AM - System Checkpoint
RP1192: 2/23/2010 5:25:55 AM - System Checkpoint
RP1193: 2/24/2010 5:26:32 AM - System Checkpoint
RP1194: 2/25/2010 3:00:23 AM - Software Distribution Service 3.0
RP1195: 2/26/2010 3:24:19 AM - System Checkpoint
RP1196: 2/27/2010 4:24:21 AM - System Checkpoint
RP1197: 2/28/2010 4:33:05 AM - System Checkpoint
RP1198: 3/1/2010 5:06:11 AM - System Checkpoint
RP1199: 3/2/2010 6:06:07 AM - System Checkpoint
RP1200: 3/3/2010 6:22:07 AM - System Checkpoint
RP1201: 3/4/2010 8:16:37 AM - System Checkpoint
RP1202: 3/5/2010 8:34:19 AM - System Checkpoint
RP1203: 3/6/2010 11:42:35 AM - System Checkpoint

==== Installed Programs ======================

Acrobat.com
Ad-Aware
Ad-Aware Email Scanner for Outlook
Ad-Aware SE Personal
Adobe Acrobat 9 Standard - English, Français, Deutsch
Adobe Acrobat 5.0
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 9.1
Adobe Shockwave Player
AOL Toolbar 5.0
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
Apple Mobile Device Support
Apple Software Update
ArcSoft Funhouse
Camera Support Core Library
Camera Window DS
Camera Window DVC
Camera Window MC
Canon Camera Support Core Library
Canon Camera WIA Driver
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DSLR 5 for ZoomBrowser EX
Canon Camera Window MC 5 for ZoomBrowser EX
Canon EOS Kiss_N REBEL_XT 350D WIA Driver
Canon i960
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities Digital Photo Professional 2.0
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PhotoPrint Plus
Canon Utilities EOS Capture 1.5
Canon Utilities PhotoStitch 3.1
Canon ZoomBrowser EX (E)
CCHelp
CCScore
Citrix Web Client
Classic PhoneTools
Compatibility Pack for the 2007 Office system
Conexant HSF V92 56K RTAD Speakerphone PCI Modem
Critical Update for Windows Media Player 11 (KB959772)
DAO 3.5
Dell Modem-On-Hold
Dell Picture Studio - Dell Image Expert
Dell Solution Center
Dell Support Center
DellSupport
Digital Line Detect
DVDSentry
Dynomite 2.00y
Easy-WebPrint
Easy CD Creator 5 Basic
EOS Capture 1.5
ESSAdpt
ESSANUP
ESSCAM
ESSCDBK
ESScore
ESSgui
ESShelp
ESSini
ESSPCD
ESSSONIC
ESSvpaht
ESSvpot
FinePixViewer Ver.4.0
FUJIFILM USB Driver
Google Toolbar for Internet Explorer
HaxFix 4.14
Help and Support Customization
HijackThis 2.0.2
HLPIndex
HLPRFO
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
hp instant support
HP Photo and Imaging 1.2 - Scanjet 4570c Series
ImageMixer VCD for FinePix
Intel(R) PRO Ethernet Adapter and Software
Intel(R) PROSet II
IObit Security 360
iTunes
J2SE Runtime Environment 5.0 Update 8
J2SE Runtime Environment 5.0 Update 9
Jasc Paint Shop Pro 8 Dell Edition
Java(TM) 6 Update 15
Java(TM) 6 Update 3
Java(TM) 6 Update 7
Kaspersky Online Scanner
Kodak EasyShare software
KSU
LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
Lottso! Deluxe
Mahjong Garden Deluxe
Malwarebytes' Anti-Malware
McAfee SecurityCenter
Memeo AutoBackup
Memeo AutoSync
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft IntelliPoint 6.1
Microsoft Interactive Training
Microsoft Office PowerPoint Viewer 2003
Microsoft Office XP Media Content
Microsoft Office XP Small Business
Microsoft Train Simulator
Microsoft User-Mode Driver Framework Feature Pack 1.0
MicroStaff WINASPI NT
Modem Helper
Move Media Player
Mozilla Firefox (3.5.

MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MUSICMATCH Jukebox
NoAds
Notifier
NVIDIA Display Driver
NVIDIA Drivers
OpenMG Limited Patch 4.1-05-13-31-01
OpenMG Secure Module 4.1.00
Operation Mania
OTtBP
OTtBPSDK
Panda ActiveScan
Panda ActiveScan 2.0
PCDADDIN
PCDHELP
PCDLNCH
PhotoStitch
PICTUREKA! MUSEUM MAYHEM
PowerDVD
Quicken 2007
Quicken WillMaker Plus 2004
QuickTime
RAW FILE CONVERTER LE
RAW Image Task 2.2
RealPlayer Basic
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 8 (KB917734)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
SFR
SFR2
ShareIns
Shockwave
Sid Meier's Railroad Tycoon
Sound Blaster Live!
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
Symantec pcAnywhere
System Requirements Lab
TBS WMP Plug-in
The Poppit! Show
The Right Track (R) Software
The Right Track Software
Trainz Driver - North American Edition
TrojanHunter 4.6
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Verizon Online
Verizon Online Control Pad
Verizon Online DSL
Verizon Online Help and Support
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual IP InSight(Verizon Online)
VPRINTOL
WD Diagnostics
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Word Whomp( TM) Underground
Yahoo! Messenger
Yahoo! Messenger Explorer Bar

==== End Of File ===========================

CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\jasc software inc\paint shop pro 8\picture frames\black crackle.pspframe
c:\program files\jasc software inc\paint shop pro 8\presets\preset_fineleather_more cracks.pspscript
c:\program files\jasc software inc\paint shop pro 8\presets\preset_fineleather_small cracks.pspscript
scanner sequence 3.CP.11
----- EOF -----

Paul

by **gringo_pr** » March 6th, 2010, 11:31 pm

Hello

It may be helpful for you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

I would like you to delete the Gmer you have now and download this version from here.

GMER:

I would like you to download this "special version of gmer." and save it to your desktop.

Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan..

In the right panel, you will see several boxes that have been checked. Uncheck the following ...
- Sections
- IAT/EAT
- devices(don't miss this one) <--this one is different than the picture
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.

Save it where you can easily find it, such as your desktop

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

If Gmer runs then please give me the log and pass on the next step.

If Gmer still does not run and Only if it don't run please do the following.

I would like you to try and run Gmer in Safe mode to enter safe mode do the following.

Boot into Safe Mode

Reboot your computer in Safe Mode.

If the computer is running, shut down Windows, and then turn off the power.
Wait 30 seconds, and then turn the computer on.
Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Ensure that the Safe Mode option is selected.
Press Enter. The computer then begins to start in Safe mode.
Login on your usual account.

If Gmer does run to the end please send me the log in your next reply and If it still does not run please let me know and we will try something else

"information and logs"

log from Gmer
let me know of any problems you may have had
How is the computer doing now?

Gringo

by **HerrLugner** » March 7th, 2010, 7:56 am

Gringo,

I ran the gmer scan overnight. It made it all the way through, the log is posted below. After I saved the log, the entire system froze and I had to shut it down and restart it.

Paul

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-07 06:22:36
Windows 5.1.2600 Service Pack 3
Running: dgq8ubto.exe; Driver: C:\DOCUME~1\PAULGR~1\LOCALS~1\Temp\pxtdapod.sys

---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF888687E]
SSDT IPVNMon.sys (IPVNMon/Visual Networks) ZwDeviceIoControlFile [0xF864DB23]
SSDT \??\C:\Program Files\ewido anti-spyware 4.0\guard.sys ZwOpenProcess [0xF8EBF8AC]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF8886BFE]
SSDT \??\C:\Program Files\ewido anti-spyware 4.0\guard.sys ZwTerminateProcess [0xF8EBF812]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xF620478E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xF620473C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xF6204750]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xF620483B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF6204867]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xF62048D5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xF62048BF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF62047CE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xF6204901]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xF6204811]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xF6204728]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xF62047A2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xF620493D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xF62048A9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xF6204893]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xF6204851]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xF6204929]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xF6204915]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xF620477A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xF6204766]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xF62048EB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF62047E4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xF62047B8]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Files - GMER 1.0.15 ----

File C:\I386\ASMS\10100\MSFT\WINDOWS\GDIPLUS\GDIPLUS.CA_ 0 bytes
File C:\I386\ASMS\10100\MSFT\WINDOWS\GDIPLUS\GDIPLUS.DL_ 0 bytes
File C:\I386\ASMS\10100\MSFT\WINDOWS\GDIPLUS\GDIPLUS.MAN 0 bytes

---- EOF - GMER 1.0.15 ----

by **gringo_pr** » March 7th, 2010, 2:30 pm

Hello

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

uninstall some programs:

1.

start

2.

settings

3.

control panel

4.

add or remove programs

J2SE Runtime Environment 5.0 Update 8
J2SE Runtime Environment 5.0 Update 9
Jasc Paint Shop Pro 8 Dell Edition
Java(TM) 6 Update 3
Java(TM) 6 Update 7

remove

Run Combofix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
This allows us to more easily help you should your computer have a problem after an attempted removal of malware.
It is a simple procedure that will only take a few moments of your time.

The Recovery Console was successfully installed.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Click Yes to allow ComboFix to continue scanning for malware.

C:\ComboFix.txt

"information and logs"

Log from Combofix
let me know of any problems you may have had
How is the computer doing now?

Gringo

by **HerrLugner** » March 7th, 2010, 3:41 pm

Is it absolutely necessary to uninstall Paint Shop Pro? I need it for photo editing and I don't have the original disks any longer.

Paul

by **gringo_pr** » March 7th, 2010, 6:20 pm

no. sorry that was a copy past error - leave that in

gringo

by **HerrLugner** » March 7th, 2010, 8:54 pm

Gringo,

The past 3 days or so, Outlook keeps crashing on me and giving me an error, I forget what it said, either Visual something or C++ error. If it happens again, I will make sure to write it down

I deleted the files as requested, and ran combofix, the log is posted below. When combofix ended, it restarted Spybot Search & Destroy, and it also changed my wallpaper, but I had no problems running it.

ComboFix 10-03-07.02 - Paul Graf 03/07/2010 19:09:16.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.190 [GMT -5:00]
Running from: c:\documents and settings\Paul Graf\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Paul Graf\Local Settings\Temporary Internet Files\temp.dmf
c:\documents and settings\Paul Graf\Local Settings\Temporary Internet Files\zap7F6.tmp
c:\documents and settings\Paul Graf\My Documents\ZbThumbnail.info
c:\windows\Downloaded Program Files\Install.dll
c:\windows\system32\Data
c:\windows\system32\twain_32.dll
c:\windows\system32\VB40032.DLL

.
((((((((((((((((((((((((( Files Created from 2010-02-08 to 2010-03-08 )))))))))))))))))))))))))))))))
.

2010-03-02 12:30 . 2010-03-02 03:41 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-03-02 03:41 . 2010-02-04 15:53 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-03-02 03:41 . 2010-03-02 03:41 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-03-02 03:38 . 2010-03-02 03:38 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-03-02 03:36 . 2010-03-02 03:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-03-01 21:59 . 2010-03-01 21:59 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2010-03-01 21:59 . 2010-03-01 21:59 -------- d-----w- c:\program files\IObit
2010-03-01 01:48 . 2009-06-30 14:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-03-01 01:47 . 2010-03-01 01:47 -------- d-----w- c:\program files\Panda Security
2010-02-28 22:21 . 2010-02-28 22:21 -------- d-----w- c:\documents and settings\Paul Graf\Application Data\AVG8
2010-02-28 15:05 . 2010-02-28 15:05 -------- d-----w- c:\program files\Trend Micro
2010-02-28 14:48 . 2010-02-28 14:48 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2010-02-28 14:48 . 2010-02-28 14:48 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2010-02-28 14:48 . 2010-02-28 14:48 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2010-02-28 14:48 . 2010-02-28 14:48 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-07 23:39 . 2006-09-07 10:51 -------- d-----w- c:\program files\Java
2010-03-07 07:53 . 2007-12-20 23:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive
2010-03-03 00:41 . 2004-03-04 02:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-02 21:53 . 2009-12-08 11:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-02 03:38 . 2006-07-27 02:26 -------- d-----w- c:\program files\Lavasoft
2010-02-28 14:55 . 2004-03-04 02:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-31 16:50 . 2002-08-29 11:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-30 19:55 . 2009-12-08 11:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-30 19:54 . 2009-12-08 11:38 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-21 19:14 . 2006-06-23 15:33 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-16 18:43 . 2002-08-29 11:00 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2002-08-29 11:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:27 . 1980-01-01 06:00 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 1980-01-01 06:00 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NoAds"="c:\program files\NoAds\NoAds.exe" [2004-03-04 122880]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-21 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2002-08-15 28672]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 679936]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248]
"IPInSightLAN 01"="c:\program files\Verizon Online\Visual IP InSight\IPClient.exe" [2002-03-18 364544]
"IPInSightMonitor 01"="c:\program files\Verizon Online\Visual IP InSight\IPMon32.exe" [2002-03-18 102400]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2002-08-29 44032]
"MSPY2002"="c:\windows\System32\IME\PINTLGNT\ImScInst.exe" [2002-08-29 59392]
"PHIME2002ASync"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 455168]
"PHIME2002A"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 455168]
"HostManager"="c:\program files\Common Files\AOL\1148647217\ee\AOLSoftware.exe" [2007-10-08 41824]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2003-01-15 26112]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-07-10 270648]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2007-09-28 936960]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-02-27 38768]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-02-27 640376]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-12-24 1280272]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]

c:\documents and settings\Paul Graf\Start Menu\Programs\Startup\
Memeo AutoBackup Launcher.lnk - c:\documents and settings\Paul Graf\Application Data\Microsoft\Installer\{6BCEB97B-F315-455D-BC2D-565A1A6781E8}\NewShortcut4_51A847D327C24F7797772AF2A4E486ED.exe [2008-6-1 73728]
Memeo AutoSync Launcher.lnk - c:\program files\Memeo\AutoSync\MemeoLauncher.exe [2007-7-6 125976]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2003-1-15 24576]
Exif Launcher.lnk - c:\program files\FinePixViewer\QuickDCF.exe [2003-12-28 200704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2006-04-25 16:01 8704 ----a-w- c:\windows\SYSTEM32\PCANotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1148647217\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\ani\\winvnc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [3/1/2010 10:41 PM 64288]
R0 pavboot;pavboot;c:\windows\SYSTEM32\DRIVERS\pavboot.sys [2/28/2010 8:48 PM 28552]
S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [3/1/2010 4:59 PM 311568]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 10:52 AM 1229232]
S4 AutoSyncService;Memeo AutoSync ;c:\program files\Memeo\AutoSync\MemeoService.exe [7/6/2007 4:28 PM 31768]

--- Other Services/Drivers In Memory ---

*Deregistered* - IPVNMon
.
Contents of the 'Scheduled Tasks' folder

2010-03-07 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 03:41]

2010-02-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-03-15 16:22]

2010-03-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-03-15 16:22]

2007-11-18 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2007-02-05 23:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
DPF: 6th Street Omaha Poker by pogo - hxxp://game1.pogo.com/applet-6.6.4.21/o ... -en_US.cab
DPF: Aces Up! by pogo - hxxp://game1.pogo.com/applet-6.6.4.29/a ... -en_US.cab
DPF: Ali Baba Slots TM by pogo - hxxp://game1.pogo.com/applet-6.6.2.21/s ... -en_US.cab
DPF: Animal Ark by pogo - hxxp://www.pogo.com/applet-6.3.4.49/ani ... assets.cab
DPF: Backgammon by pogo - hxxp://game1.pogo.com/applet-6.3.3.27/b ... assets.cab
DPF: Battle Phlinx by pogo - hxxp://game1.pogo.com/applet-6.4.0.34/b ... assets.cab
DPF: Blackjack by pogo - hxxp://game1.pogo.com/applet-6.6.0.34/b ... -en_US.cab
DPF: Blooop by pogo - hxxp://game1.pogo.com/applet-6.6.3.34/c ... -en_US.cab
DPF: Bowling by pogo - hxxp://game1.pogo.com/applet-6.6.4.29/b ... -en_US.cab
DPF: Bump by pogo - hxxp://www.pogo.com/applet-6.5.2.33/bump/bump-en_US.cab
DPF: Canasta by pogo - hxxp://game1.pogo.com/applet-6.5.4.34/c ... -en_US.cab
DPF: Checkers by pogo - hxxp://game1.pogo.com/applet-6.5.3.37/c ... -en_US.cab
DPF: Chess by pogo - hxxp://game1.pogo.com/applet-6.5.4.27/c ... -en_US.cab
DPF: Cribbage by pogo - hxxp://game1.pogo.com/applet-6.5.5.36/c ... -en_US.cab
DPF: Dice Derby by pogo - hxxp://game1.pogo.com/applet-6.6.2.21/c ... -en_US.cab
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Dominoes by pogo - hxxp://game1.pogo.com/applet-6.6.4.29/d ... -en_US.cab
DPF: Double Deuce Poker by pogo - hxxp://game1.pogo.com/applet-6.4.0.34/v ... assets.cab
DPF: Euchre by pogo - hxxp://game1.pogo.com/applet-6.6.0.27/e ... -en_US.cab
DPF: First Class Solitaire by pogo - hxxp://game1.pogo.com/applet-6.6.2.21/f ... -en_US.cab
DPF: Fortune Bingo by pogo - hxxp://game1.pogo.com/applet-6.6.2.21/s ... -en_US.cab
DPF: Greenback Bayou by pogo - hxxp://game1.pogo.com/applet-6.5.1.31/g ... -en_US.cab
DPF: Harvest Mania by pogo - hxxp://game1.pogo.com/applet-6.6.3.34/h ... -en_US.cab
DPF: Hearts by pogo - hxxp://game1.pogo.com/applet-6.6.4.29/h ... -en_US.cab
DPF: High Stakes Poker by pogo - hxxp://game1.pogo.com/applet-6.5.4.27/d ... -en_US.cab
DPF: High Stakes Pool by pogo - hxxp://game1.pogo.com/applet-6.4.4.34/p ... assets.cab
DPF: Its Outta Here 2 by pogo - hxxp://game1.pogo.com/applet-6.6.2.21/i ... -en_US.cab
DPF: Jigsaw Detective by pogo - hxxp://game1.pogo.com/applet-6.6.2.21/j ... -en_US.cab
DPF: Jokers Wild Poker by pogo - hxxp://game1.pogo.com/applet-6.6.0.34/v ... -en_US.cab
DPF: Jungle Gin by pogo - hxxp://game1.pogo.com/applet-6.6.2.35/gin/gin-en_US.cab
DPF: Keno by pogo - hxxp://game1.pogo.com/applet-6.6.0.34/k ... -en_US.cab
DPF: Lost Temple Poker by pogo - hxxp://game1.pogo.com/applet-6.6.3.34/m ... -en_US.cab
DPF: Lottso by pogo - hxxp://game1.pogo.com/applet-6.6.4.21/l ... -en_US.cab
DPF: Mah Jong Garden by pogo - hxxp://game1.pogo.com/applet-6.5.2.33/m ... -en_US.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: Multiline Slots by pogo - hxxp://game1.pogo.com/applet-6.4.4.34/m ... assets.cab
DPF: NASCAR Web Racing by pogo - hxxp://game1.pogo.com/applet-6.4.2.23/n ... assets.cab
DPF: Pai Gow by pogo - hxxp://game1.pogo.com/applet-6.4.4.34/p ... assets.cab
DPF: Payday FreeCell by pogo - hxxp://game1.pogo.com/applet-6.5.3.37/f ... -en_US.cab
DPF: Pebble Beach Golf by pogo - hxxp://game1.pogo.com/applet-6.5.5.36/p ... -en_US.cab
DPF: Penguin Blocks by pogo - hxxp://game1.pogo.com/applet-6.6.3.34/p ... -en_US.cab
DPF: Perfect Pair Solitaire by pogo - hxxp://game1.pogo.com/applet-6.6.0.27/w ... -en_US.cab
DPF: Phlinx by pogo - hxxp://game1.pogo.com/applet-6.6.1.37/f ... -en_US.cab
DPF: Pinochle by pogo - hxxp://game1.pogo.com/applet-6.6.3.34/p ... -en_US.cab
DPF: Pirate's Gold by pogo - hxxp://game1.pogo.com/applet-6.4.0.41/p ... assets.cab
DPF: Pop Fu by pogo - hxxp://game1.pogo.com/applet-6.5.3.44/p ... -en_US.cab
DPF: PoppaZoppa by pogo - hxxp://game1.pogo.com/applet-6.6.4.21/p ... -en_US.cab
DPF: Poppit by pogo - hxxp://game1.pogo.com/applet-6.6.4.21/p ... -en_US.cab
DPF: Quick Quack by pogo - hxxp://game1.pogo.com/applet-6.6.4.21/h ... -en_US.cab
DPF: Quick Shot by pogo - hxxp://game1.pogo.com/applet-6.6.3.34/q ... -en_US.cab
DPF: QWERTY by pogo - hxxp://game1.pogo.com/applet-6.6.2.35/s ... -en_US.cab
DPF: Ride The Tide by pogo - hxxp://game1.pogo.com/applet-6.5.3.37/r ... -en_US.cab
DPF: SciFi Slots by pogo - hxxp://game1.pogo.com/applet-6.6.1.37/s ... -en_US.cab
DPF: Showbiz Slots 2 by pogo - hxxp://game1.pogo.com/applet-6.4.3.28/s ... assets.cab
DPF: Showbiz Slots by pogo - hxxp://game1.pogo.com/applet-6.2.0.37/s ... assets.cab
DPF: Shuffle Bump by pogo - hxxp://game1.pogo.com/applet-6.6.4.29/p ... -en_US.cab
DPF: Spades 2 by pogo - hxxp://game1.pogo.com/applet-6.6.1.29/s ... -en_US.cab
DPF: Spades by pogo - hxxp://game1.pogo.com/applet-6.4.4.34/s ... assets.cab
DPF: Spider Solitaire by pogo - hxxp://game1.pogo.com/applet-6.6.2.21/s ... -en_US.cab
DPF: Squelchies by pogo - hxxp://game1.pogo.com/applet-6.6.4.21/s ... -en_US.cab
DPF: Stax by pogo - hxxp://game1.pogo.com/applet-6.6.4.21/s ... -en_US.cab
DPF: Stellar Sweeper by pogo - hxxp://game1.pogo.com/applet-6.5.5.36/s ... -en_US.cab
DPF: Sweet Tooth TM by pogo - hxxp://game1.pogo.com/applet-6.6.2.21/s ... -en_US.cab
DPF: Texas Hold'em Poker by pogo - hxxp://game1.pogo.com/applet-6.5.1.24/h ... -en_US.cab
DPF: The Sims Pinball by pogo - hxxp://game1.pogo.com/applet-6.2.3.39/s ... assets.cab
DPF: Tri-Peaks by pogo - hxxp://game1.pogo.com/applet-6.6.4.21/p ... -en_US.cab
DPF: Tumble Bees by pogo - hxxp://game1.pogo.com/applet-6.6.2.21/j ... -en_US.cab
DPF: Turbo 21 TM by pogo - hxxp://game1.pogo.com/applet-6.5.1.24/t ... -en_US.cab
DPF: Video Poker by pogo - hxxp://game1.pogo.com/applet-6.4.0.41/v ... assets.cab
DPF: Wonderland Memories by pogo - hxxp://game1.pogo.com/applet-6.6.4.21/m ... -en_US.cab
DPF: Word Whomp by pogo - hxxp://game1.pogo.com/applet-6.6.4.21/w ... -en_US.cab
DPF: Word Whomp Whackdown by pogo - hxxp://game1.pogo.com/applet-6.6.3.34/w ... -en_US.cab
DPF: WordJong by pogo - hxxp://game1.pogo.com/applet-6.6.1.29/w ... -en_US.cab
DPF: World Class Solitaire by pogo - hxxp://game1.pogo.com/applet-6.6.3.34/w ... -en_US.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
FF - ProfilePath - c:\documents and settings\Paul Graf\Application Data\Mozilla\Firefox\Profiles\ls9hoxy3.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.pogo.com/home/home.do
FF - plugin: c:\documents and settings\Paul Graf\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npitunes.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint_0305000D.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-MoneyAgent - c:\program files\Microsoft Money\System\Money Express.exe
HKLM-Run-zzzHPSETUP - E:\Setup.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-07 19:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-03-07 19:37:20
ComboFix-quarantined-files.txt 2010-03-08 00:36
ComboFix2.txt 2006-09-30 22:24

Pre-Run: 58,323,546,112 bytes free
Post-Run: 58,480,410,624 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - D9B4A4EC5704320212859B7D92472ABE

Paul

by **gringo_pr** » March 7th, 2010, 11:12 pm

Hello

How is the computer doing now?

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

Your Java is out of date.

It can be updated by the Java control panel

click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup) -> Update Tab -> Update Now.
An update should begin;
follow the prompts
After the update is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
- On the General tab, under Temporary Internet Files, click the Settings button.
- Next, click on the Delete Files button
- There are two options in the window to clear the cache - Leave BOTH Checked
- Click OK on Delete Temporary Files Window
  Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
- Click OK to leave the Temporary Files Window
- Click OK to leave the Java Control Panel.

TFC(Temp File Cleaner):

Please download TFC to your desktop,
Save any unsaved work. TFC will close all open application windows.
Double-click TFC.exe to run the program.
If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

Malwarebytes' Anti-Malware

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
- Update Malwarebytes' Anti-Malware
- and Launch Malwarebytes' Anti-Malware
then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
- If you accidently close it, the log file is saved here and will be named like this:
- C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

:Kaspersky scan:

Kaspersky website

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply.

"information and logs"

Log From MBAM
Log From Kaspersky
let me know of any problems you may have had
How is the computer doing now?

Gringo

by **HerrLugner** » March 8th, 2010, 11:23 pm

Hello Gringo,

Ran the scans as requested. Here are the results. While updating Java, AOL Security Software found a backdoor called bifrost, which was removed and deleted.

MBAM log

Malwarebytes' Anti-Malware 1.44
Database version: 3835
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/8/2010 4:56:13 PM
mbam-log-2010-03-08 (16-56-13).txt

Scan type: Quick Scan
Objects scanned: 135075
Time elapsed: 13 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Kaspersky Log

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, March 8, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, March 08, 2010 18:01:31
Records in database: 3740411
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Objects scanned: 138221
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 04:26:41

No threats found. Scanned area is clean.

Selected area has been scanned.

The computer has been running OK. Seems to still be a little slow, but I think it is in part due to all of the antivirus stuff that loads at start up. It takes about 15 minutes to boot.

Paul

by **gringo_pr** » March 9th, 2010, 1:19 pm

Hello

It takes about 15 minutes to boot.
that is a long time let me see if I can help it some

The following programs are not needed as they are outdated and you also have malwarebytes installed

uninstall some programs

1.

start

2.

settings

3.

control panel

4.

add/remove programs

Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
TrojanHunter 4.6

remove

download ResetTeaTimer.exe and double click to run

now reboot the computer for the changes to take affect

--------------------------------------------------------------------------------------------------------------------------------------

O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName

"Part of MS Input Method Editor which is used to ease the input of Asian characters in MS Office"
all of the above are used for input of Asian characters if you don't need it then add to the fix below, if you use it then leave it out

:Remove unneeded startup entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

Run HijackThis
Click on the Scan button
Put a check beside all of the items listed below (if present):
Close all open windows and browsers/email, etc...
Click on the "Fix Checked" button
When completed, close the application.

You can research each of those lines >here< and see if you want to keep them or not
just copy the name between the brakets and paste into the search space

O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"

reboot the computer - and let me have a new hijackthis log and let me know how the computer is doing now

Gringo

by **HerrLugner** » March 9th, 2010, 9:39 pm

Hi Gringo,

Followed instructions as requested HJT log below.

A couple of questions - Ad-Aware is loading on every boot - can I delete it and/or can you help me make it so it doesn't load on start up?
Memeo AutoSynch and Memeo AutoBackup also load on every boot - these are trial versions that have expired - can you help me make these not load on start up.

Things seem to be running OK so far. Boot time has been cut down to a few minutes

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:36:26 PM, on 3/9/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\AOL\1148647217\ee\AOLSoftware.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\NoAds\NoAds.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\AOL\1148647217\ee\aolsoftware.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1148647217\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [NoAds] "C:\Program Files\NoAds\NoAds.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - Startup: Memeo AutoBackup Launcher.lnk = ?
O4 - Startup: Memeo AutoSync Launcher.lnk = C:\Program Files\Memeo\AutoSync\MemeoLauncher.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Exif Launcher.lnk = ?
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra 'Tools' menuitem: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.com/applet-6.6.4.21/o ... -en_US.cab
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.6.4.29/a ... -en_US.cab
O16 - DPF: Ali Baba Slots TM by pogo - http://game1.pogo.com/applet-6.6.2.21/s ... -en_US.cab
O16 - DPF: Animal Ark by pogo - http://www.pogo.com/applet-6.3.4.49/ani ... assets.cab
O16 - DPF: Backgammon by pogo - http://game1.pogo.com/applet-6.3.3.27/b ... assets.cab
O16 - DPF: Battle Phlinx by pogo - http://game1.pogo.com/applet-6.4.0.34/b ... assets.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-6.6.0.34/b ... -en_US.cab
O16 - DPF: Blooop by pogo - http://game1.pogo.com/applet-6.6.3.34/c ... -en_US.cab
O16 - DPF: Bowling by pogo - http://game1.pogo.com/applet-6.6.4.29/b ... -en_US.cab
O16 - DPF: Bump by pogo - http://www.pogo.com/applet-6.5.2.33/bump/bump-en_US.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-6.5.4.34/c ... -en_US.cab
O16 - DPF: Checkers by pogo - http://game1.pogo.com/applet-6.5.3.37/c ... -en_US.cab
O16 - DPF: Chess by pogo - http://game1.pogo.com/applet-6.5.4.27/c ... -en_US.cab
O16 - DPF: Cribbage by pogo - http://game1.pogo.com/applet-6.5.5.36/c ... -en_US.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.6.2.21/c ... -en_US.cab
O16 - DPF: Dominoes by pogo - http://game1.pogo.com/applet-6.6.4.29/d ... -en_US.cab
O16 - DPF: Double Deuce Poker by pogo - http://game1.pogo.com/applet-6.4.0.34/v ... assets.cab
O16 - DPF: Euchre by pogo - http://game1.pogo.com/applet-6.6.0.27/e ... -en_US.cab
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.com/applet-6.6.2.21/f ... -en_US.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.com/applet-6.6.2.21/s ... -en_US.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-6.5.1.31/g ... -en_US.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.6.3.34/h ... -en_US.cab
O16 - DPF: Hearts by pogo - http://game1.pogo.com/applet-6.6.4.29/h ... -en_US.cab
O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.com/applet-6.5.4.27/d ... -en_US.cab
O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.com/applet-6.4.4.34/p ... assets.cab
O16 - DPF: Its Outta Here 2 by pogo - http://game1.pogo.com/applet-6.6.2.21/i ... -en_US.cab
O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.com/applet-6.6.2.21/j ... -en_US.cab
O16 - DPF: Jokers Wild Poker by pogo - http://game1.pogo.com/applet-6.6.0.34/v ... -en_US.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-6.6.2.35/gin/gin-en_US.cab
O16 - DPF: Keno by pogo - http://game1.pogo.com/applet-6.6.0.34/k ... -en_US.cab
O16 - DPF: Lost Temple Poker by pogo - http://game1.pogo.com/applet-6.6.3.34/m ... -en_US.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.6.4.21/l ... -en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.5.2.33/m ... -en_US.cab
O16 - DPF: Multiline Slots by pogo - http://game1.pogo.com/applet-6.4.4.34/m ... assets.cab
O16 - DPF: NASCAR Web Racing by pogo - http://game1.pogo.com/applet-6.4.2.23/n ... assets.cab
O16 - DPF: Pai Gow by pogo - http://game1.pogo.com/applet-6.4.4.34/p ... assets.cab
O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.com/applet-6.5.3.37/f ... -en_US.cab
O16 - DPF: Pebble Beach Golf by pogo - http://game1.pogo.com/applet-6.5.5.36/p ... -en_US.cab
O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.com/applet-6.6.3.34/p ... -en_US.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.com/applet-6.6.0.27/w ... -en_US.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.6.1.37/f ... -en_US.cab
O16 - DPF: Pinochle by pogo - http://game1.pogo.com/applet-6.6.3.34/p ... -en_US.cab
O16 - DPF: Pirate's Gold by pogo - http://game1.pogo.com/applet-6.4.0.41/p ... assets.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.5.3.44/p ... -en_US.cab
O16 - DPF: PoppaZoppa by pogo - http://game1.pogo.com/applet-6.6.4.21/p ... -en_US.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.6.4.21/p ... -en_US.cab
O16 - DPF: Quick Quack by pogo - http://game1.pogo.com/applet-6.6.4.21/h ... -en_US.cab
O16 - DPF: Quick Shot by pogo - http://game1.pogo.com/applet-6.6.3.34/q ... -en_US.cab
O16 - DPF: QWERTY by pogo - http://game1.pogo.com/applet-6.6.2.35/s ... -en_US.cab
O16 - DPF: Ride The Tide by pogo - http://game1.pogo.com/applet-6.5.3.37/r ... -en_US.cab
O16 - DPF: SciFi Slots by pogo - http://game1.pogo.com/applet-6.6.1.37/s ... -en_US.cab
O16 - DPF: Showbiz Slots 2 by pogo - http://game1.pogo.com/applet-6.4.3.28/s ... assets.cab
O16 - DPF: Showbiz Slots by pogo - http://game1.pogo.com/applet-6.2.0.37/s ... assets.cab
O16 - DPF: Shuffle Bump by pogo - http://game1.pogo.com/applet-6.6.4.29/p ... -en_US.cab
O16 - DPF: Spades 2 by pogo - http://game1.pogo.com/applet-6.6.1.29/s ... -en_US.cab
O16 - DPF: Spades by pogo - http://game1.pogo.com/applet-6.4.4.34/s ... assets.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-6.6.2.21/s ... -en_US.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.6.4.21/s ... -en_US.cab
O16 - DPF: Stax by pogo - http://game1.pogo.com/applet-6.6.4.21/s ... -en_US.cab
O16 - DPF: Stellar Sweeper by pogo - http://game1.pogo.com/applet-6.5.5.36/s ... -en_US.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.com/applet-6.6.2.21/s ... -en_US.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.5.1.24/h ... -en_US.cab
O16 - DPF: The Sims Pinball by pogo - http://game1.pogo.com/applet-6.2.3.39/s ... assets.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.6.4.21/p ... -en_US.cab
O16 - DPF: Tumble Bees by pogo - http://game1.pogo.com/applet-6.6.2.21/j ... -en_US.cab
O16 - DPF: Turbo 21 TM by pogo - http://game1.pogo.com/applet-6.5.1.24/t ... -en_US.cab
O16 - DPF: Video Poker by pogo - http://game1.pogo.com/applet-6.4.0.41/v ... assets.cab
O16 - DPF: Wonderland Memories by pogo - http://game1.pogo.com/applet-6.6.4.21/m ... -en_US.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.6.4.21/w ... -en_US.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-6.6.3.34/w ... -en_US.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.com/applet-6.6.1.29/w ... -en_US.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.6.3.34/w ... -en_US.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/c ... /tt3_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/c ... jst4_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/c ... pyt1_x.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.4.1.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mci ... insctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcg ... cgdmgr.cab
O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} (Java Plug-in 1.5.0_08) -
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Plug-in 1.5.0_09) -
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07) -
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} (Java Plug-in 1.6.0_15) -
O18 - Protocol hijack: mhtml -
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 19869 bytes

Paul

by **HerrLugner** » March 9th, 2010, 10:10 pm

Gringo,

Outlook crashed again on me just now. The error message was there was a Visual C++ Error that caused it to close

Paul

Free Malware Removal Forum

XP Internet Security 2010 Malware

XP Internet Security 2010 Malware

Re: XP Internet Security 2010 Malware

Re: XP Internet Security 2010 Malware

Re: XP Internet Security 2010 Malware

Re: XP Internet Security 2010 Malware

Re: XP Internet Security 2010 Malware

Re: XP Internet Security 2010 Malware

Re: XP Internet Security 2010 Malware

Re: XP Internet Security 2010 Malware

Re: XP Internet Security 2010 Malware

Re: XP Internet Security 2010 Malware

Re: XP Internet Security 2010 Malware

Re: XP Internet Security 2010 Malware

Re: XP Internet Security 2010 Malware

Re: XP Internet Security 2010 Malware

Who is online