Possible browser hijack

**clamenza** · 2009-08-28, 05:55

I'm not sure, though. Thanks for your help in advance.

(referral thread http://forums.spybot.info/showthread...448#post331448)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:53:08 PM, on 8/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\avgwdsvc.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\avgrsx.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\KeyText\KeyText.exe
C:\Program Files\RSIGuard\RSIGuard.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Documents and Settings\Atheist\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.live.com/sphome.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchgateway.net/search/%s
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: FCTBPos00Pos - {28A27F58-704F-40E1-8053-28E909FBF604} - C:\Program Files\Mob Wars Toolbar\Toolbar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O3 - Toolbar: Mob Wars Toolbar - {6857857C-15D3-435D-AF19-E0217298B416} - C:\Program Files\Mob Wars Toolbar\Toolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON\daemon.exe" -autorun
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2" -"http://www.iwon.com/modules/launchGame/games/includes/blockDotGameIFrame.jhtml?categoryId=3&gameId=9006&browser=IE"
O4 - Global Startup: Firefox.lnk = C:\Program Files\Firefox\firefox.exe
O4 - Global Startup: KeyText.lnk = C:\Program Files\KeyText\KeyText.exe
O4 - Global Startup: RSIGuard.lnk = ?
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\ZoneAlarm\zlclient.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...tml?p=ZUfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...nt/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanage...vex-latest.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B7A3BF85-3D73-44EF-9FB0-06224C0D8D58}: NameServer = 192.168.1.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\avgwdsvc.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Mozy, Inc. - C:\Program Files\MozyHome\mozybackup.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7250 bytes

**Blade81** · 2009-08-29, 17:17

Hi,

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.

When done, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt
Save both reports to your desktop. Post them back to your topic.

Download GMER here by clicking download exe -button and then saving it your desktop:

Double-click .exe that you downloaded
Click rootkit-tab and then scan.
Don't check
Show All
box while scanning in progress!
When scanning is ready, click Copy.
This copies log to clipboard
Post log in your reply.

**clamenza** · 2009-08-29, 23:12

DDS (Ver_09-07-30.01) - NTFSx86
Run by Atheist at 17:09:49.40 on Sat 08/29/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2037.1477 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\KeyText\KeyText.exe
C:\Program Files\RSIGuard\RSIGuard.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\PROGRA~1\AVG\avgwdsvc.exe
C:\PROGRA~1\AVG\avgrsx.exe
C:\Documents and Settings\Atheist\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://my.yahoo.com/
uSearch Page = hxxp://search.live.com
uSearch Bar = hxxp://search.live.com/sphome.aspx
uSearchURL,(Default) = hxxp://www.searchgateway.net/search/%s
mSearchAssistant = hxxp://search.live.com/sphome.aspx
uURLSearchHooks: H - No File
BHO: Freecause Toolbar BHO: {28a27f58-704f-40e1-8053-28e909fbf604} - c:\program files\mob wars toolbar\Toolbar.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avgssie.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
TB: Mob Wars Toolbar: {6857857c-15d3-435d-af19-e0217298b416} - c:\program files\mob wars toolbar\Toolbar.dll
TB: {719D74AB-1AF9-43A1-8C62-D8750628D93E} - No File
TB: {2787EA8E-8D87-48AF-88AD-B30246C917AB} - No File
TB: {D1A1FD57-93FC-45FE-BC2A-B3A5D47D6674} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon\daemon.exe" -autorun
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2" -"http://www.iwon.com/modules/launchGame/games/includes/blockDotGameIFrame.jhtml?categoryId=3&gameId=9006&browser=IE"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [ZoneAlarm Client] "c:\program files\zonealarm\zlclient.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [dvd43] c:\program files\dvd43\dvd43_tray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\firefox.lnk - c:\program files\firefox\firefox.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\keytext.lnk - c:\program files\keytext\KeyText.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\rsiguard.lnk - c:\program files\rsiguard\RSIGuard.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\zoneal~1.lnk - c:\program files\zonealarm\zlclient.exe
uPolicies-explorer: NoLogoff = 01000000
uPolicies-explorer: NoActiveDesktop = 01000000
uPolicies-explorer: NoRecentDocsNetHood = 01000000
uPolicies-explorer: NoSMMyDocs = 01000000
uPolicies-explorer: NoSMMyPictures = 01000000
uPolicies-explorer: NoNetworkConnections = 01000000
uPolicies-system: NoColorChoice = 0 (0x0)
uPolicies-system: NoSizeChoice = 0 (0x0)
uPolicies-system: NoVisualStyleChoice = 0 (0x0)
uPolicies-system: SetVisualStyle = c:\windows\resources\themes\Luna.theme
IE: &Search - http://edits.mywebsearch.com/toolbar...tml?p=ZUfox000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-latest.cab
TCP: {B7A3BF85-3D73-44EF-9FB0-06224C0D8D58} = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\atheist\applic~1\mozilla\firefox\profiles\zcnsf976.dawkins\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com
FF - plugin: c:\program files\firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-6-5 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-6-5 27784]
R1 mozyFilter;mozyFilter;c:\windows\system32\drivers\mozy.sys [2009-2-7 54776]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-1-30 353672]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avgwdsvc.exe [2008-6-5 297752]
R2 HssSrv;Hotspot Shield Routing Service;c:\program files\hotspot shield\hsswpr\hsssrv.exe [2009-8-6 331824]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-7-4 24652]
R3 HssDrv;Hotspot Shield Helper Miniport;c:\windows\system32\drivers\hssdrv.sys [2009-5-20 33840]
R3 tap0901;TAP-Win32 Adapter V9;c:\windows\system32\drivers\tap0901.sys [2009-7-21 28592]
S2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2008-6-21 13352]
S3 HssTrayService;Hotspot Shield Tray Service;c:\program files\hotspot shield\bin\HssTrayService.exe [2009-8-10 57640]
S3 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-12-9 13088]
S3 s125bus;Sony Ericsson Device 125 driver (WDM);c:\windows\system32\drivers\s125bus.sys [2007-4-24 83336]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;c:\windows\system32\drivers\s125mdfl.sys [2007-4-24 15112]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;c:\windows\system32\drivers\s125mdm.sys [2007-4-24 108680]
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s125mgmt.sys [2007-4-24 100488]
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;c:\windows\system32\drivers\s125obex.sys [2007-4-24 98696]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [2006-10-1 26624]

============== File Associations ===============

chm.file="hh.exe" %1
txtfile=c:\windows\notepad.exe %1

=============== Created Last 30 ================

2009-08-27 23:35 <DIR> --d----- C:\Hotspot Shield
2009-08-27 23:34 <DIR> --d----- c:\program files\Hotspot Shield
2009-08-20 19:44 <DIR> --d----- c:\program files\Amazon
2009-08-13 09:22 128,512 -------- c:\windows\system32\dllcache\dhtmled.ocx
2009-08-13 09:22 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll
2009-08-12 11:50 <DIR> --d----- c:\docume~1\alluse~1\applic~1\TVU Networks
2009-08-11 15:21 <DIR> --d----- c:\program files\WMV9_VCM
2009-08-11 15:21 162,168 a------- c:\windows\Screen Recorder Uninstaller.exe
2009-08-11 15:21 <DIR> --d----- c:\program files\Screen Recorder
2009-08-11 15:21 <DIR> --d----- c:\program files\common files\River Past
2009-08-11 15:21 <DIR> --d----- c:\docume~1\atheist\applic~1\River Past G5
2009-08-11 15:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\River Past G5
2009-08-10 21:59 <DIR> --d----- c:\program files\uTorrent
2009-08-10 21:58 <DIR> --d----- c:\docume~1\atheist\applic~1\uTorrent
2009-08-09 17:00 <DIR> --d----- c:\docume~1\atheist\applic~1\tor
2009-08-09 10:36 <DIR> --d----- c:\program files\Tor Browser
2009-08-08 22:13 18,816 a------- c:\windows\system32\drivers\dvd43llh.sys
2009-08-08 22:13 <DIR> --d----- c:\program files\dvd43
2009-08-05 05:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll

==================== Find3M ====================

2009-08-28 09:42 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-08-28 09:42 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-22 15:13 28,592 a------- c:\windows\system32\drivers\tap0901.sys
2009-07-19 18:48 11,067,392 a------- c:\windows\system32\dllcache\ieframe.dll
2009-07-19 09:18 5,937,152 a------- c:\windows\system32\dllcache\mshtml.dll
2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 15:01 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-13 23:43 10,841,088 -------- c:\windows\system32\dllcache\wmp.dll
2009-07-13 23:43 286,208 -------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-03 13:09 915,456 a------- c:\windows\system32\wininet.dll
2009-07-03 13:09 915,456 a------- c:\windows\system32\dllcache\wininet.dll
2009-07-03 13:09 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-07-03 13:09 1,208,832 a------- c:\windows\system32\dllcache\urlmon.dll
2009-07-03 13:09 206,848 a------- c:\windows\system32\dllcache\occache.dll
2009-07-03 13:09 594,432 a------- c:\windows\system32\dllcache\msfeeds.dll
2009-07-03 13:09 55,296 a------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-03 13:09 1,985,536 a------- c:\windows\system32\dllcache\iertutil.dll
2009-07-03 13:09 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll
2009-07-03 13:09 184,320 a------- c:\windows\system32\dllcache\iepeers.dll
2009-07-03 13:09 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-07-03 13:09 386,048 a------- c:\windows\system32\dllcache\iedkcs32.dll
2009-07-03 07:01 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-06-25 04:25 730,112 a------- c:\windows\system32\lsasrv.dll
2009-06-25 04:25 301,568 a------- c:\windows\system32\kerberos.dll
2009-06-25 04:25 147,456 a------- c:\windows\system32\schannel.dll
2009-06-25 04:25 136,192 a------- c:\windows\system32\msv1_0.dll
2009-06-25 04:25 56,832 a------- c:\windows\system32\secur32.dll
2009-06-25 04:25 54,272 a------- c:\windows\system32\wdigest.dll
2009-06-25 04:25 730,112 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-06-25 04:25 301,568 -------- c:\windows\system32\dllcache\kerberos.dll
2009-06-25 04:25 147,456 -------- c:\windows\system32\dllcache\schannel.dll
2009-06-25 04:25 136,192 -------- c:\windows\system32\dllcache\msv1_0.dll
2009-06-25 04:25 56,832 -------- c:\windows\system32\dllcache\secur32.dll
2009-06-25 04:25 54,272 -------- c:\windows\system32\dllcache\wdigest.dll
2009-06-24 07:18 92,928 -------- c:\windows\system32\dllcache\ksecdd.sys
2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-16 10:36 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 10:36 81,920 -------- c:\windows\system32\dllcache\fontsub.dll
2009-06-12 08:31 76,288 a------- c:\windows\system32\telnet.exe
2009-06-12 08:31 76,288 -------- c:\windows\system32\dllcache\telnet.exe
2009-06-10 10:13 84,992 a------- c:\windows\system32\avifil32.dll
2009-06-10 10:13 84,992 -------- c:\windows\system32\dllcache\avifil32.dll
2009-06-10 09:19 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-06-10 09:19 2,066,432 -------- c:\windows\system32\dllcache\mstscax.dll
2009-06-10 02:14 132,096 a------- c:\windows\system32\wkssvc.dll
2009-06-10 02:14 132,096 -------- c:\windows\system32\dllcache\wkssvc.dll
2009-06-03 15:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-06-03 15:09 1,291,264 -------- c:\windows\system32\dllcache\quartz.dll
2009-06-02 06:12 102,912 a------- c:\windows\system32\dllcache\iecompat.dll
2007-02-16 11:31 227,328 a------- c:\program files\mpTrim.exe
2008-06-27 23:13 4,184 a--sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 17:10:17.40 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 6/3/2008 7:23:26 AM
System Uptime: 8/26/2009 3:29:32 PM (74 hours ago)

Motherboard: Dell Inc. | | 0CU409
Processor: Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz | Socket 775 | 2327/333mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 125 GiB total, 40.018 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: TAP-Win32 Adapter V8
Device ID: ROOT\NET\0000
Manufacturer: TAP-Win32 Provider
Name: TAP-Win32 Adapter V8
PNP Device ID: ROOT\NET\0000
Service: tap0801

==== System Restore Points ===================

RP398: 7/29/2009 9:36:21 AM - Software Distribution Service 3.0
RP399: 7/30/2009 3:12:20 PM - System Checkpoint
RP400: 8/1/2009 12:11:52 AM - Removed Live Search Club Toolbar
RP401: 8/2/2009 10:32:34 AM - System Checkpoint
RP402: 8/3/2009 1:08:44 PM - System Checkpoint
RP403: 8/4/2009 3:51:09 PM - System Checkpoint
RP404: 8/4/2009 9:48:02 PM - Installed Java(TM) 6 Update 15
RP405: 8/6/2009 11:06:03 AM - System Checkpoint
RP406: 8/7/2009 7:43:49 PM - System Checkpoint
RP407: 8/8/2009 2:12:30 PM - Installed MozyHome Remote Backup
RP408: 8/10/2009 11:42:53 AM - System Checkpoint
RP409: 8/11/2009 1:53:50 PM - System Checkpoint
RP410: 8/13/2009 9:24:16 AM - Software Distribution Service 3.0
RP411: 8/14/2009 6:39:56 PM - System Checkpoint
RP412: 8/15/2009 7:50:46 PM - System Checkpoint
RP413: 8/17/2009 12:08:49 AM - System Checkpoint
RP414: 8/19/2009 4:26:07 PM - System Checkpoint
RP415: 8/21/2009 11:32:19 AM - System Checkpoint
RP416: 8/22/2009 3:38:19 PM - System Checkpoint
RP417: 8/23/2009 4:48:33 PM - System Checkpoint
RP418: 8/24/2009 5:13:47 PM - System Checkpoint
RP419: 8/24/2009 11:14:33 PM - Removed Nero 8 Ultra Edition HD
RP420: 8/26/2009 9:54:05 AM - Software Distribution Service 3.0
RP421: 8/27/2009 11:03:08 AM - System Checkpoint
RP422: 8/28/2009 12:55:13 PM - System Checkpoint

==== Installed Programs ======================

µTorrent
7-Zip 4.65
Adobe Digital Editions
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.6
Adobe Shockwave Player 11.5
Amazon MP3 Downloader 1.0.5
AnswerWorks 5.0 English Runtime
Audacity 1.2.6
AVG Free 8.5
AVIcodec (remove only)
Canon Digital Camera USB WIA Driver
Chinese Simplified Fonts Support For Adobe Reader 8
Coupon Printer for Windows
Critical Update for Windows Media Player 11 (KB959772)
DAEMON Tools Toolbar
DVD Shrink 3.2
DVD43 v4.4.1
Eraser
FLVPlayer4Free Free FLV Player 2.8.0.0
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hooked on Phonics Learn to Read
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB970653-v3)
Hotspot Shield 1.22
ImgBurn
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections 12.1.8.0
IrfanView (remove only)
Java(TM) 6 Update 15
KeyText v2.25
Logitech MouseWare 9.79.1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Media Video 9 VCM
MIKSOFT Mobile AMR converter
Mob Wars Toolbar
Mozilla Firefox (3.5.2)
MozyHome Remote Backup
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
Need for Speed™ ProStreet Demo
neroxml
NoteTab Light 5 (Remove only)
OpenVPN 2.0.9
PDFCreator
PowerDVD
River Past Screen Recorder
RSIGuard Stretch Edition
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Spybot - Search & Destroy
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wnyiper
TurboTax 2008 wrapper
TVUPlayer 2.4.7.2
Tweak UI
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office PowerPoint 2007 Help (KB957247)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
VC 9.0 Runtime
Viewpoint Media Player
VLC media player 1.0.1
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live installer
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
WinISO 5.3
WinRAR archiver
ZoneAlarm

==== Event Viewer Messages From Past Week ========

8/29/2009 4:17:20 PM, error: Dhcp [1002] - The IP address lease 10.10.35.234 for the Network Card with network address 00FF636CE4BA has been denied by the DHCP server 10.17.95.254 (The DHCP Server sent a DHCPNACK message).
8/29/2009 12:14:07 AM, error: Dhcp [1002] - The IP address lease 10.13.28.151 for the Network Card with network address 00FF636CE4BA has been denied by the DHCP server 10.10.47.254 (The DHCP Server sent a DHCPNACK message).
8/29/2009 12:08:27 AM, error: Dhcp [1002] - The IP address lease 10.20.116.218 for the Network Card with network address 00FF636CE4BA has been denied by the DHCP server 10.13.31.254 (The DHCP Server sent a DHCPNACK message).
8/29/2009 12:02:07 AM, error: Dhcp [1002] - The IP address lease 10.6.114.185 for the Network Card with network address 00FF636CE4BA has been denied by the DHCP server 10.20.127.254 (The DHCP Server sent a DHCPNACK message).
8/28/2009 3:51:01 PM, error: Dhcp [1002] - The IP address lease 10.8.96.13 for the Network Card with network address 00FF636CE4BA has been denied by the DHCP server 10.6.127.254 (The DHCP Server sent a DHCPNACK message).
8/24/2009 7:13:26 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
8/24/2009 11:15:25 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.

==== End Of File ===========================

**clamenza** · 2009-08-30, 00:51

GMER 1.0.15.15077 [0pslw3j3.exe] - http://www.gmer.net
Rootkit scan 2009-08-29 18:50:23
Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwConnectPort [0xA900DFC0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateFile [0xA900AC80]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateKey [0xA9025170]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreatePort [0xA900E580]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xA9022900]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xA9022B10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateSection [0xA9026B10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xA900E670]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xA900B210]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xA90259F0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xA90257A0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xA9022280]
SSDT spqi.sys ZwEnumerateKey [0xB9EC5CA4]
SSDT spqi.sys ZwEnumerateValueKey [0xB9EC6032]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey [0xA9025F10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xA9025F90]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenFile [0xA900B070]
SSDT spqi.sys ZwOpenKey [0xB9EA70C0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xA9024180]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenThread [0xA9023F40]
SSDT spqi.sys ZwQueryKey [0xB9EC610A]
SSDT spqi.sys ZwQueryValueKey [0xB9EC5F8A]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRenameKey [0xA90266F0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xA9026150]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xA900DBE0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xA9026540]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xA900E190]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xA900B440]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xA90254E0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xA9023200]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xA9023080]

INT 0x63 ? 8A4F5BF8
INT 0x73 ? 8A614BF8
INT 0x73 ? 8A614BF8
INT 0x73 ? 8A614BF8
INT 0x73 ? 8A614BF8
INT 0x73 ? 8A4F5BF8
INT 0x73 ? 8A4F5BF8
INT 0x73 ? 8A614BF8
INT 0x94 ? 8A4F5BF8
INT 0xA4 ? 8A4F5BF8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2C7C 80504518 12 Bytes [80, E5, 00, A9, 00, 29, 02, ...]
? spqi.sys The system cannot find the file specified. !
? srescan.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload B95F88AC 5 Bytes JMP 8A4F51D8
.text asw2e9fl.SYS B93B4386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text asw2e9fl.SYS B93B43AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text asw2e9fl.SYS B93B43C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text asw2e9fl.SYS B93B43C9 1 Byte [30]
.text asw2e9fl.SYS B93B43C9 11 Bytes [30, 00, 00, 00, 5C, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESP; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
? System32\Drivers\hiber_WMILIB.SYS The system cannot find the path specified. !

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EA8042] spqi.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EA813E] spqi.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EA80C0] spqi.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EA8800] spqi.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EA86D6] spqi.sys
IAT \SystemRoot\System32\Drivers\asw2e9fl.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\asw2e9fl.SYS[HAL.dll!READ_PORT_UCHAR] 1C8D9E88
IAT \SystemRoot\System32\Drivers\asw2e9fl.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\asw2e9fl.SYS[HAL.dll!KfRaiseIrql] 00001CA9
IAT \SystemRoot\System32\Drivers\asw2e9fl.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\asw2e9fl.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\asw2e9fl.SYS[HAL.dll!HalTranslateBusAddress] 8186C636
IAT \SystemRoot\System32\Drivers\asw2e9fl.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\asw2e9fl.SYS[HAL.dll!KfReleaseSpinLock] 1C8386C6
IAT \SystemRoot\System32\Drivers\asw2e9fl.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\asw2e9fl.SYS[HAL.dll!READ_PORT_USHORT] 001C8E86
IAT \SystemRoot\System32\Drivers\asw2e9fl.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\asw2e9fl.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CAA
IAT \SystemRoot\System32\Drivers\asw2e9fl.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\System32\Drivers\asw2e9fl.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB19E
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [A9012B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [A9012930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [A9013260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [A9010E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [A9010E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [A9012B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [A9012930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [A9013260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [A9012B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [A9010E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [A9013260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [A9012930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [A9013260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [A9012930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [A9012B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [A9010E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [A9012B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [A9012930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [A9013260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A6821F8

AttachedDevice \FileSystem\Ntfs \Ntfs mozy.sys (Mozy Change Monitor Filter Driver/Mozy, Inc.)

Device \FileSystem\Fastfat \FatCdrom 8926F1F8
Device \FileSystem\Udfs \UdfsCdRom 895B61F8
Device \FileSystem\Udfs \UdfsDisk 895B61F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{636CE4BA-5FA5-48EF-9709-51C294E2168F} 898111F8
Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\sptd \Device\2197283876 spqi.sys
Device \Driver\usbuhci \Device\USBPDO-0 8A4F41F8
Device \Driver\usbehci \Device\USBPDO-1 8A4F31F8
Device \Driver\usbuhci \Device\USBPDO-2 8A4F41F8
Device \Driver\usbuhci \Device\USBPDO-3 8A4F41F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{0225C3CC-961E-43FD-AE15-3C4737267C61} 898111F8
Device \Driver\usbuhci \Device\USBPDO-4 8A4F41F8
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\usbuhci \Device\USBPDO-5 8A4F41F8
Device \Driver\usbehci \Device\USBPDO-6 8A4F31F8
Device \Driver\usbuhci \Device\USBPDO-7 8A4F41F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A6841F8
Device \Driver\Cdrom \Device\CdRom0 8A4F6500
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A6841F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 8A6841F8
Device \Driver\Ftdisk \Device\HarddiskVolume4 8A6841F8
Device \Driver\Ftdisk \Device\HarddiskVolume5 8A6841F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 898111F8
Device \Driver\NetBT \Device\NetbiosSmb 898111F8
Device \Driver\PCI_PNP7626 \Device\0000004d spqi.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{B7A3BF85-3D73-44EF-9FB0-06224C0D8D58} 898111F8
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\usbuhci \Device\USBFDO-0 8A4F41F8
Device \Driver\usbuhci \Device\USBFDO-1 8A4F41F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89665500
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\usbuhci \Device\USBFDO-2 8A4F41F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 89665500
Device \Driver\usbehci \Device\USBFDO-3 8A4F31F8
Device \Driver\usbuhci \Device\USBFDO-4 8A4F41F8
Device \Driver\Ftdisk \Device\FtControl 8A6841F8
Device \Driver\usbuhci \Device\USBFDO-5 8A4F41F8
Device \Driver\usbuhci \Device\USBFDO-6 8A4F41F8
Device \Driver\usbehci \Device\USBFDO-7 8A4F31F8
Device \Driver\asw2e9fl \Device\Scsi\asw2e9fl1 8A48D500
Device \FileSystem\Fastfat \Fat 8926F1F8

AttachedDevice \FileSystem\Fastfat \Fat mozy.sys (Mozy Change Monitor Filter Driver/Mozy, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 895E81F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xAF 0x66 0xFF 0x40 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xB2 0x39 0xAE 0x18 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x83 0xB6 0x02 0xD1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xAF 0x1D 0x32 0x8A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x61 0x5C 0x8D 0xA6 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xAF 0x66 0xFF 0x40 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xB2 0x39 0xAE 0x18 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x83 0xB6 0x02 0xD1 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xAF 0x1D 0x32 0x8A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x61 0x5C 0x8D 0xA6 ...

**clamenza** · 2009-08-30, 00:51

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\C18DUOHT\0730_save4[1].gif 10315 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\C18DUOHT\08_01_09[1].jpg 28758 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\C18DUOHT\1000_arrow_safecount_li-350x250-1l-eng-usd[1].swf 9532 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\C18DUOHT\10098_s[1].jpg 767 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\C18DUOHT\100px-Gold_Christian_Cross_no_Red.svg[1].png 3016 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\C18DUOHT\bar_back[1].gif 166 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\C18DUOHT\bcom_etaf_scripts[1].js 3896 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\C18DUOHT\beacon[2].htm 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\C18DUOHT\beacon[5].htm 253 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\C18DUOHT\beacon[6].htm 253 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\C18DUOHT\beacon[8].htm 253 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\C18DUOHT\begley_237-thumb7[1].jpg 3882 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\C18DUOHT\bg[2].gif 1367 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\C18DUOHT\desktop.ini 67 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\G9BK7TUW\023073_160_600[1].swf 28535 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\G9BK7TUW\charity_sm[5].gif 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\G9BK7TUW\charity_sm[6].gif 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\G9BK7TUW\charity_sm[7].gif 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\G9BK7TUW\charity_sm[8].gif 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\G9BK7TUW\charity_sm[9].gif 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\G9BK7TUW\chart-nav-bg[1].png 235 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\H2Z069PW\072709_TRU_BillMeLater[1].jpg 50661 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\H2Z069PW\0810_1834_1293356[1].htm 103263 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\H2Z069PW\082409dayahead_115x65[1].jpg 2575 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\H2Z069PW\082809spiegel_115x65[1].jpg 3015 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\H2Z069PW\090522-cps-sc-480x60[1].gif 11753 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\H2Z069PW\090624-siemens_tg-660x90[1].swf 15805 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\H2Z069PW\090712_DS_01_10__img_2070949085[1].jpg 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\J7NKMXQA\chrissi[1].jpg 2226 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\J7NKMXQA\christiancafe[1].jpg 5538 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\J7NKMXQA\Chicktionary_smallCANF0JY5.gif 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\J7NKMXQA\Chicktionary_smallCANF0SWU.gif 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\J7NKMXQA\Chicktionary_smallCANQLC73.gif 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\J7NKMXQA\Chicktionary_smallCANVDN0G.gif 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\J7NKMXQA\Chicktionary_smallCAOF1AG9.gif 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\J7NKMXQA\Chicktionary_smallCAP1K16A.gif 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\J7NKMXQA\Chicktionary_smallCAP2C12A.gif 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\J7NKMXQA\Chicktionary_smallCAP8QI38.gif 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\J7NKMXQA\Chicktionary_smallCAPL9B7Y.gif 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\J7NKMXQA\Chicktionary_smallCAPLC7NB.gif 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\J7NKMXQA\Chicktionary_smallCAPMX5BH.gif 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\J7NKMXQA\Chicktionary_smallCAPNLFTH.gif 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\J7NKMXQA\Chicktionary_smallCAPOR14A.gif 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\J7NKMXQA\Chicktionary_smallCAPS9JTW.gif 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\J7NKMXQA\Chicktionary_smallCAPXDTML.gif 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\J7NKMXQA\Chicktionary_smallCAQ0U16G.gif 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\J7NKMXQA\Chicktionary_smallCAQ2QMYD.gif 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\J7NKMXQA\Chicktionary_smallCAQ2SESA.gif 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\J7NKMXQA\Chicktionary_smallCAQE7M7F.gif 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\J7NKMXQA\Chicktionary_smallCAQO5PBH.gif 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\J7NKMXQA\Chicktionary_smallCAQZ97C2.gif 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\J7NKMXQA\Chicktionary_smallCAR22B9D.gif 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\J7NKMXQA\Chicktionary_smallCAR24BCP.gif 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\J7NKMXQA\Chicktionary_smallCARDB98J.gif 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\J7NKMXQA\Chicktionary_smallCARFCCHF.gif 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\JVHQ1NDN\airmiles2500_smCA0DUAP0.gif 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\JVHQ1NDN\airmiles2500_smCA1MA4B7.gif 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\JVHQ1NDN\airmiles2500_smCA1NB1ZV.gif 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\JVHQ1NDN\airmiles2500_smCA306RGV.gif 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\JVHQ1NDN\airmiles2500_smCA3G4V47.gif 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\JVHQ1NDN\airmiles2500_smCA5ZM51M.gif 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\K076DGPA\Chicktionary_smallCAC9VW04.gif 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\K076DGPA\Chicktionary_smallCACCLJZ1.gif 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\K076DGPA\Chicktionary_smallCACFWSML.gif 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\K076DGPA\Chicktionary_smallCACMOZXV.gif 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\K076DGPA\Chicktionary_smallCACY1FIJ.gif 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\K076DGPA\Chicktionary_smallCAD0JT96.gif 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\K076DGPA\Chicktionary_smallCAD9U3SG.gif 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\K076DGPA\Chicktionary_smallCADEJ6I8.gif 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\K076DGPA\Chicktionary_smallCADOZPUA.gif 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\K076DGPA\Chicktionary_smallCADUQIKE.gif 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\K076DGPA\Chicktionary_smallCAE02QD7.gif 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\K076DGPA\Chicktionary_smallCAE71C7J.gif 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\K076DGPA\Chicktionary_smallCAEI2D34.gif 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\MU7QXMXQ\00615748000-1[1].jpg 1535 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\MU7QXMXQ\073109weisman_115x65[1].jpg 2892 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\MU7QXMXQ\0c97cdf7843828fe0dc528a94be360a1[1].jpg 2473 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\MU7QXMXQ\1-1[1].htm 5568 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\MU7QXMXQ\Chicktionary_small[5].gif 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\MU7QXMXQ\Chicktionary_small[6].gif 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\MU7QXMXQ\Chicktionary_small[7].gif 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\MU7QXMXQ\Chicktionary_small[8].gif 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\MU7QXMXQ\Chicktionary_small[9].gif 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\NG1P2OWB\f2[1].gif 216 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\NG1P2OWB\favicon[1].ico 6598 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\NG1P2OWB\favicon[1].png 306 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\NG1P2OWB\favicon[2].ico 1406 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\NG1P2OWB\favicon[4].ico 1406 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\NG1P2OWB\FeatureLoader.js[1].php 17062 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\NG1P2OWB\female[1].gif 1284 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\NG1P2OWB\fireseeds[1].jpg 39111 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\080209reuterscollapse_115x65[1].jpg 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\080608_mscm_stationery_announcement_image[1].gif 640 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\090712_ALB_01_72__img_1549193217[1].jpg 1586 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\home_sel[1].png 1586 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\honcode08[1].gif 1931 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\hoverchart_r4_c1_f56[1].png 705 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\hoverchart_r4_c4_f14[1].png 428 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\hoverchart_r4_c5_f14[1].png 674 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\hrdp_0812w_z_federal_cash_for_clunkers+crusher_camaro+side_view[1].jpg 5802 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\JR900001_smCA4RZEWG.png 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\JR900001_smCA4SEJWV.png 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\JR900001_smCA58AZHU.png 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\JR900001_smCA5E1WAF.png 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\JR900001_smCA5SPVTE.png 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\JR900001_smCA6D9SU9.png 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\JR900001_smCA6S4DI2.png 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\JR900001_smCA85O8UO.png 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\JR900001_smCA86P7IE.png 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\JR900001_smCA89JSVI.png 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\JR900001_smCA89OJW9.png 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\JR900001_smCA8RKNVR.png 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\JR900001_smCA8S6LT9.png 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\JR900001_smCA8VSADD.png 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\JR900001_smCA8W0P54.png 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\JR900001_smCA92RXAJ.png 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\JR900001_smCA9C25YB.png 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\JR900001_smCA9IRLZ4.png 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\JR900001_smCA9PJ5HB.png 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\JR900001_smCA9VVTYS.png 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\JR900001_smCAA3NDV2.png 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\JR900001_smCAB3KLPS.png 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\JR900001_smCABDJ5XY.png 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\JR900001_smCABGWQVD.png 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\JR900001_smCABIK774.png 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\JR900001_smCABRP8Z2.png 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\JR900001_smCABSDGT8.png 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\JR900001_smCABVZMKM.png 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\JR900001_smCAC8AVBF.png 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\news-ultraviolet-t[1].jpg 12266 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\newsgoth-editors-picks[1].gif 1002 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\newsgoth-real-or-fake[1].gif 993 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\newsletter-textarea[1].gif 447 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\newsreel_next[1].gif 322 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\noimage[1].gif 3198 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\now-playing-arrow[1].gif 114 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\MattLauer_small[3].gif 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\MattLauer_small[4].gif 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\MattLauer_small[5].gif 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\MattLauer_small[6].gif 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\MattLauer_small[7].gif 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\MattLauer_small[8].gif 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\MattLauer_small[9].gif 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\ma_mail_1[1].gif 1402 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\menuLeftBG[1].jpg 568 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\menuRightBG_btm[1].jpg 1106 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\Flexicon_smallCA30PJDA.gif 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\Flexicon_smallCAETK281.gif 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\Flexicon_smallCAJ582BO.gif 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\Flexicon_smallCAQ64Z8L.gif 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\Flexicon_small[4].gif 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\fms[1].htm 379 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\ft[3] 4327 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\hat[1].css 15072 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\Chicktionary_smallCASEGQ8F.gif 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\Chicktionary_smallCASFOEFF.gif 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\Chicktionary_smallCASI2DBR.gif 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\Chicktionary_smallCASIRM3L.gif 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\Chicktionary_smallCASISUAX.gif 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\Chicktionary_smallCASX443N.gif 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\Chicktionary_smallCASXFFUR.gif 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\Chicktionary_smallCASZ52ZY.gif 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\Chicktionary_smallCAT7SBS9.gif 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\Chicktionary_smallCAT9ITMJ.gif 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\Chicktionary_smallCATC3XHD.gif 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\Chicktionary_smallCATMMSSV.gif 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\Chicktionary_smallCATVBDRY.gif 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\Chicktionary_smallCATX2HTK.gif 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\JR900001_smCAFRITWO.png 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\JR900001_smCAFZ49JT.png 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\JR900001_smCAG2FDBL.png 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\JR900001_smCAGFXMDB.png 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\JR900001_smCAGNRGSY.png 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\JR900001_smCAH18U55.png 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\JR900001_smCAHB7DXR.png 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\JR900001_smCAHF1Q4D.png 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\JR900001_smCAHSDEOP.png 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\JR900001_smCAI07GC2.png 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\JR900001_smCAICJ3HZ.png 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\JR900001_smCAINXDXX.png 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\JR900001_smCAJ12IO8.png 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\JR900001_smCAJIT35N.png 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\JR900001_smCAJPVAVN.png 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\JR900001_smCAJRYTA4.png 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\JR900001_smCAJW8XXN.png 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\JR900001_smCAK3LZ2E.png 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\JR900001_smCAK76SWO.png 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\JR900001_smCAKLDEED.png 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\JR900001_smCAKLZZ8X.png 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\RIN8FSHY\JR900001_smCALGEY1H.png 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\T1IP0QRX\ebel[1].png 1159 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\T1IP0QRX\email-small[1].png 747 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\T1IP0QRX\Empty_Movie[1].swf 30 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\T1IP0QRX\endfiller[1].gif 1016 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\T1IP0QRX\epop[1].js 3335 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\T1IP0QRX\expand_main_table[1].gif 45 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\T1IP0QRX\f1[1].gif 216 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\T1IP0QRX\favicon[1].ico 25214 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\T1IP0QRX\favicon[2].ico 1150 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\T1IP0QRX\fav[1].ico 1150 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\WIVK3KTW\-1[1].js 0 bytes
File C:\Documents and Settings\Atheist\Local Settings\Temporary Internet Files\Content.IE5\WIVK3KTW\080309angwingoogle_115x65[1].jpg 2659 bytes

---- EOF - GMER 1.0.15 ----

**Blade81** · 2009-08-30, 10:06

Hi,

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds.txt log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

**clamenza** · 2009-08-30, 19:23

ComboFix 09-08-29.01 - Atheist 08/30/2009 13:15.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2037.1423 [GMT -4:00]
Running from: c:\documents and settings\Atheist\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\RoomPanel.dll
c:\windows\COUPON~1.OCX
c:\windows\CouponPrinter.ocx
c:\windows\desktop
c:\windows\desktop\Hooked on Phonics Learn to Read.lnk
c:\windows\Installer\a63a0.msi
c:\windows\winhelp.ini

.
((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-30 )))))))))))))))))))))))))))))))
.

2009-08-28 03:35 . 2009-08-28 03:35 -------- d-----w- C:\Hotspot Shield
2009-08-28 03:34 . 2009-08-28 03:35 -------- d-----w- c:\program files\Hotspot Shield
2009-08-26 13:54 . 2009-08-28 03:34 -------- d-----w- c:\windows\LastGood
2009-08-25 01:41 . 2009-08-25 01:43 -------- d-----w- c:\documents and settings\Atheist\Application Data\ImgBurn
2009-08-25 01:38 . 2009-08-25 01:38 -------- d-----w- c:\program files\ImgBurn
2009-08-24 01:00 . 2009-08-24 01:00 -------- d-----w- c:\program files\7-Zip
2009-08-20 23:44 . 2009-08-20 23:44 -------- d-----w- c:\documents and settings\Atheist\Application Data\Amazon
2009-08-20 23:44 . 2009-08-20 23:44 -------- d-----w- c:\program files\Amazon
2009-08-14 21:50 . 2009-08-14 21:50 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-08-13 13:22 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-08-12 15:50 . 2009-08-12 15:50 -------- d-----w- c:\documents and settings\All Users\Application Data\TVU Networks
2009-08-12 13:58 . 2009-08-12 14:00 5519752 ----a-w- c:\documents and settings\Atheist\Application Data\TVU Networks\TVU AutoUpgrade\TVUPlayer2.4.7.2.exe
2009-08-11 19:21 . 2009-08-11 19:21 -------- d-----w- c:\program files\WMV9_VCM
2009-08-11 19:21 . 2009-08-11 19:23 -------- d-----w- c:\documents and settings\All Users\Application Data\River Past G5
2009-08-11 19:21 . 2009-08-11 19:21 162168 ----a-w- c:\windows\Screen Recorder Uninstaller.exe
2009-08-11 19:21 . 2009-08-11 19:21 -------- d-----w- c:\program files\Screen Recorder
2009-08-11 19:21 . 2009-08-11 19:21 -------- d-----w- c:\program files\Common Files\River Past
2009-08-11 19:21 . 2009-08-11 19:21 -------- d-----w- c:\documents and settings\Atheist\Application Data\River Past G5
2009-08-11 01:59 . 2009-08-11 01:59 -------- d-----w- c:\program files\uTorrent
2009-08-11 01:58 . 2009-08-25 21:05 -------- d-----w- c:\documents and settings\Atheist\Application Data\uTorrent
2009-08-09 21:00 . 2009-08-10 00:43 -------- d-----w- c:\documents and settings\Atheist\Application Data\Vidalia
2009-08-09 21:00 . 2009-08-09 21:00 -------- d-----w- c:\documents and settings\Atheist\Application Data\tor
2009-08-09 14:36 . 2009-08-09 14:52 -------- d-----w- c:\program files\Tor Browser
2009-08-09 02:13 . 2009-08-09 02:13 18816 ----a-w- c:\windows\system32\drivers\dvd43llh.sys
2009-08-09 02:13 . 2009-08-09 02:13 -------- d-----w- c:\program files\dvd43
2009-08-06 01:24 . 2009-08-09 02:16 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-08-06 01:24 . 2009-08-09 02:16 -------- d-----w- c:\program files\NOS
2009-08-05 09:01 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-05 01:47 . 2009-08-05 01:47 152576 ----a-w- c:\documents and settings\Atheist\Application Data\Sun\Java\jre1.6.0_15\lzma.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-30 17:10 . 2008-06-03 23:20 -------- d-----w- c:\documents and settings\Atheist\Application Data\RSIGuard
2009-08-30 15:40 . 2008-06-05 17:15 -------- d-----w- c:\program files\Firefox
2009-08-29 13:17 . 2008-06-05 05:19 -------- d-----w- c:\program files\AVG
2009-08-28 21:55 . 2009-07-29 00:12 -------- d-----w- c:\documents and settings\Atheist\Application Data\vlc
2009-08-28 20:02 . 2008-09-19 06:00 -------- d-----w- c:\documents and settings\Atheist\Application Data\dvdcss
2009-08-28 13:42 . 2008-06-05 05:19 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-28 13:42 . 2008-06-05 05:19 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-28 13:42 . 2008-06-05 05:19 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-25 03:15 . 2008-08-02 17:54 -------- d-----w- c:\program files\Nero
2009-08-25 03:15 . 2008-08-02 17:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-08-25 03:15 . 2008-06-20 16:25 -------- d-----w- c:\program files\Common Files\Nero
2009-08-13 23:51 . 2008-06-05 02:11 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-08-12 15:50 . 2009-03-26 16:53 -------- d-----w- c:\program files\TVUPlayer
2009-08-11 01:57 . 2008-11-06 04:58 -------- d-----w- c:\program files\Vuze
2009-08-09 02:18 . 2009-04-09 13:18 2205390 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2009-08-08 18:12 . 2008-06-05 02:20 -------- d-----w- c:\program files\MozyHome
2009-08-08 18:07 . 2008-06-04 00:10 -------- d-----w- c:\program files\Spybot
2009-08-05 09:01 . 2004-08-10 17:51 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 01:48 . 2009-04-09 13:44 -------- d-----w- c:\program files\Java
2009-07-29 00:11 . 2008-09-16 22:57 -------- d-----w- c:\program files\VLC
2009-07-25 09:23 . 2008-11-23 14:31 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-22 19:13 . 2009-07-21 23:22 28592 ----a-w- c:\windows\system32\drivers\tap0901.sys
2009-07-17 19:01 . 2004-08-10 17:50 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-15 12:34 . 2009-06-14 04:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-07-14 03:43 . 2004-08-10 17:51 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2004-08-10 17:51 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-30 12:06 . 2009-05-20 19:54 33840 ----a-w- c:\windows\system32\drivers\hssdrv.sys
2009-06-25 08:25 . 2004-08-10 17:51 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-10 17:51 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-10 17:51 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-08-10 17:51 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:25 . 2004-08-10 17:51 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-10 17:51 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-24 23:06 . 2008-12-22 05:16 1 ----a-w- c:\documents and settings\Atheist\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-06-24 19:03 . 2009-02-07 15:54 54776 ----a-w- c:\windows\system32\drivers\mozy.sys
2009-06-24 11:18 . 2004-08-10 17:51 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-18 16:47 . 2008-06-30 17:07 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-06-16 14:36 . 2004-08-10 17:51 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2004-08-10 17:51 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 00:46 . 2008-06-03 11:24 69232 ----a-w- c:\documents and settings\Atheist\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-12 12:31 . 2004-08-10 17:51 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-11 02:33 . 2009-06-11 02:33 152576 ----a-w- c:\documents and settings\Atheist\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-10 14:13 . 2004-08-10 17:50 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 13:19 . 2004-08-10 18:01 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2004-08-10 17:51 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:09 . 2004-08-10 17:51 1291264 ----a-w- c:\windows\system32\quartz.dll
2007-02-16 15:31 . 2008-06-23 20:27 227328 ----a-w- c:\program files\mpTrim.exe
2008-06-28 03:13 . 2008-06-28 03:13 4184 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{28A27F58-704F-40E1-8053-28E909FBF604}]
2009-05-31 00:52 1297920 ----a-w- c:\program files\Mob Wars Toolbar\Toolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-08-28 03:34 218160 ----a-w- c:\program files\Hotspot Shield\hssie\HssIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6857857C-15D3-435D-AF19-E0217298B416}"= "c:\program files\Mob Wars Toolbar\Toolbar.dll" [2009-05-31 1297920]

[HKEY_CLASSES_ROOT\clsid\{6857857c-15d3-435d-af19-e0217298b416}]
[HKEY_CLASSES_ROOT\FCTB000058757.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{AD0FF573-4DD1-4CF7-AA25-41280783CA54}]
[HKEY_CLASSES_ROOT\FCTB000058757.IEToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{6857857C-15D3-435D-AF19-E0217298B416}"= "c:\program files\Mob Wars Toolbar\Toolbar.dll" [2009-05-31 1297920]

[HKEY_CLASSES_ROOT\clsid\{6857857c-15d3-435d-af19-e0217298b416}]
[HKEY_CLASSES_ROOT\FCTB000058757.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{AD0FF573-4DD1-4CF7-AA25-41280783CA54}]
[HKEY_CLASSES_ROOT\FCTB000058757.IEToolbar]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2009-06-24 19:03 2835256 ----a-w- c:\program files\MozyHome\mozyshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2009-06-24 19:03 2835256 ----a-w- c:\program files\MozyHome\mozyshell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON\daemon.exe" [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-14 142104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-14 138008]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-09-17 124200]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"ZoneAlarm Client"="c:\program files\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2009-06-29 827904]
"Logitech Utility"="Logi_MwX.Exe" - c:\windows\LOGI_MWX.EXE [2003-12-17 19968]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Firefox.lnk - c:\program files\Firefox\firefox.exe [2008-6-5 908280]
KeyText.lnk - c:\program files\KeyText\KeyText.exe [2008-6-5 409600]
RSIGuard.lnk - c:\program files\RSIGuard\RSIGuard.exe [2008-6-5 6926336]
ZoneAlarm.lnk - c:\program files\ZoneAlarm\zlclient.exe [2009-3-29 981384]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogoff"= 01000000
"NoRecentDocsNetHood"= 01000000
"NoSMMyDocs"= 01000000
"NoSMMyPictures"= 01000000
"NoNetworkConnections"= 01000000

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-28 13:42 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\avgupd.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Screen Recorder\\ScreenRecorder.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/5/2008 1:19 AM 335240]
R1 mozyFilter;mozyFilter;c:\windows\system32\drivers\mozy.sys [2/7/2009 11:54 AM 54776]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\avgwdsvc.exe [6/5/2008 1:19 AM 297752]
R2 HssSrv;Hotspot Shield Routing Service;c:\program files\Hotspot Shield\HssWPR\hsssrv.exe [8/6/2009 2:58 PM 331824]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [7/4/2008 6:08 PM 24652]
R3 HssDrv;Hotspot Shield Helper Miniport;c:\windows\system32\drivers\hssdrv.sys [5/20/2009 3:54 PM 33840]
R3 tap0901;TAP-Win32 Adapter V9;c:\windows\system32\drivers\tap0901.sys [7/21/2009 7:22 PM 28592]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [6/21/2008 10:19 PM 13352]
S3 HssTrayService;Hotspot Shield Tray Service;c:\program files\Hotspot Shield\bin\HssTrayService.exe [8/10/2009 7:19 PM 57640]
S3 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [12/9/2008 12:37 PM 13088]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [10/1/2006 8:37 AM 26624]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - AUJASNKJ
*NewlyCreated* - HOTSPOTSHIELDSERVICE
*NewlyCreated* - HSSSRV
*NewlyCreated* - HSSTRAYSERVICE
*Deregistered* - aujasnkj

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
HKCU-RunOnce-Shockwave Updater - c:\windows\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2
HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
uSearchURL,(Default) = hxxp://www.searchgateway.net/search/%s
IE: &Search - http://edits.mywebsearch.com/toolbar...tml?p=ZUfox000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
FF - ProfilePath - c:\documents and settings\Atheist\Application Data\Mozilla\Firefox\Profiles\de6b8akp.default\
FF - prefs.js: browser.search.selectedEngine - Answers.com
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=58757&p=
FF - component: c:\documents and settings\Atheist\Application Data\Mozilla\Firefox\Profiles\de6b8akp.default\extensions\{18b8f08d-62fe-4dfc-ad6c-9ce46515d5ec}\components\Engine.dll
FF - plugin: c:\documents and settings\Atheist\Application Data\Mozilla\Firefox\Profiles\de6b8akp.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\program files\Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
.
------- File Associations -------
.
chm.file="hh.exe" %1
txtfile=c:\windows\notepad.exe %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-30 13:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2009-08-30 13:20
ComboFix-quarantined-files.txt 2009-08-30 17:19

Pre-Run: 43,797,123,072 bytes free
Post-Run: 43,919,659,008 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

308 --- E O F --- 2009-08-26 13:54

**clamenza** · 2009-08-30, 19:26

DDS (Ver_09-07-30.01) - NTFSx86
Run by Atheist at 13:24:53.42 on Sun 08/30/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2037.1439 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\KeyText\KeyText.exe
C:\Program Files\RSIGuard\RSIGuard.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\PROGRA~1\AVG\avgwdsvc.exe
C:\PROGRA~1\AVG\avgrsx.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Atheist\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://my.yahoo.com/
uSearchURL,(Default) = hxxp://www.searchgateway.net/search/%s
uURLSearchHooks: H - No File
BHO: Freecause Toolbar BHO: {28a27f58-704f-40e1-8053-28e909fbf604} - c:\program files\mob wars toolbar\Toolbar.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avgssie.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
TB: Mob Wars Toolbar: {6857857c-15d3-435d-af19-e0217298b416} - c:\program files\mob wars toolbar\Toolbar.dll
TB: {719D74AB-1AF9-43A1-8C62-D8750628D93E} - No File
TB: {2787EA8E-8D87-48AF-88AD-B30246C917AB} - No File
TB: {D1A1FD57-93FC-45FE-BC2A-B3A5D47D6674} - No File
uRun: [DAEMON Tools Lite] "c:\program files\daemon\daemon.exe" -autorun
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [ZoneAlarm Client] "c:\program files\zonealarm\zlclient.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [dvd43] c:\program files\dvd43\dvd43_tray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\firefox.lnk - c:\program files\firefox\firefox.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\keytext.lnk - c:\program files\keytext\KeyText.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\rsiguard.lnk - c:\program files\rsiguard\RSIGuard.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\zoneal~1.lnk - c:\program files\zonealarm\zlclient.exe
uPolicies-explorer: NoLogoff = 01000000
uPolicies-explorer: NoRecentDocsNetHood = 01000000
uPolicies-explorer: NoSMMyDocs = 01000000
uPolicies-explorer: NoSMMyPictures = 01000000
uPolicies-explorer: NoNetworkConnections = 01000000
IE: &Search - http://edits.mywebsearch.com/toolbar...tml?p=ZUfox000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-latest.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\atheist\applic~1\mozilla\firefox\profiles\de6b8akp.default\
FF - prefs.js: browser.search.selectedEngine - Answers.com
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=58757&p=
FF - component: c:\documents and settings\atheist\application data\mozilla\firefox\profiles\de6b8akp.default\extensions\{18b8f08d-62fe-4dfc-ad6c-9ce46515d5ec}\components\Engine.dll
FF - plugin: c:\documents and settings\atheist\application data\mozilla\firefox\profiles\de6b8akp.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\program files\firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-6-5 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-6-5 27784]
R1 mozyFilter;mozyFilter;c:\windows\system32\drivers\mozy.sys [2009-2-7 54776]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-1-30 353672]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avgwdsvc.exe [2008-6-5 297752]
R2 HssSrv;Hotspot Shield Routing Service;c:\program files\hotspot shield\hsswpr\hsssrv.exe [2009-8-6 331824]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-7-4 24652]
R3 HssDrv;Hotspot Shield Helper Miniport;c:\windows\system32\drivers\hssdrv.sys [2009-5-20 33840]
R3 tap0901;TAP-Win32 Adapter V9;c:\windows\system32\drivers\tap0901.sys [2009-7-21 28592]
S2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2008-6-21 13352]
S3 HssTrayService;Hotspot Shield Tray Service;c:\program files\hotspot shield\bin\HssTrayService.exe [2009-8-10 57640]
S3 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-12-9 13088]
S3 s125bus;Sony Ericsson Device 125 driver (WDM);c:\windows\system32\drivers\s125bus.sys [2007-4-24 83336]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;c:\windows\system32\drivers\s125mdfl.sys [2007-4-24 15112]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;c:\windows\system32\drivers\s125mdm.sys [2007-4-24 108680]
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s125mgmt.sys [2007-4-24 100488]
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;c:\windows\system32\drivers\s125obex.sys [2007-4-24 98696]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [2006-10-1 26624]

============== File Associations ===============

chm.file="hh.exe" %1
txtfile=c:\windows\notepad.exe %1

=============== Created Last 30 ================

2009-08-30 13:18 <DIR> --d----- c:\windows\system32\dllcache\cache
2009-08-30 13:14 <DIR> a-dshr-- C:\cmdcons
2009-08-30 13:13 229,376 a------- c:\windows\PEV.exe
2009-08-30 13:13 161,792 a------- c:\windows\SWREG.exe
2009-08-30 13:13 98,816 a------- c:\windows\sed.exe
2009-08-30 13:12 <DIR> --ds---- C:\ComboFix
2009-08-27 23:35 <DIR> --d----- C:\Hotspot Shield
2009-08-27 23:34 <DIR> --d----- c:\program files\Hotspot Shield
2009-08-20 19:44 <DIR> --d----- c:\program files\Amazon
2009-08-13 09:22 128,512 -------- c:\windows\system32\dllcache\dhtmled.ocx
2009-08-13 09:22 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll
2009-08-12 11:50 <DIR> --d----- c:\docume~1\alluse~1\applic~1\TVU Networks
2009-08-11 15:21 <DIR> --d----- c:\program files\WMV9_VCM
2009-08-11 15:21 162,168 a------- c:\windows\Screen Recorder Uninstaller.exe
2009-08-11 15:21 <DIR> --d----- c:\program files\Screen Recorder
2009-08-11 15:21 <DIR> --d----- c:\program files\common files\River Past
2009-08-11 15:21 <DIR> --d----- c:\docume~1\atheist\applic~1\River Past G5
2009-08-11 15:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\River Past G5
2009-08-10 21:59 <DIR> --d----- c:\program files\uTorrent
2009-08-10 21:58 <DIR> --d----- c:\docume~1\atheist\applic~1\uTorrent
2009-08-09 17:00 <DIR> --d----- c:\docume~1\atheist\applic~1\tor
2009-08-09 10:36 <DIR> --d----- c:\program files\Tor Browser
2009-08-08 22:13 18,816 a------- c:\windows\system32\drivers\dvd43llh.sys
2009-08-08 22:13 <DIR> --d----- c:\program files\dvd43
2009-08-05 05:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll

==================== Find3M ====================

2009-08-28 09:42 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-08-28 09:42 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-22 15:13 28,592 a------- c:\windows\system32\drivers\tap0901.sys
2009-07-19 18:48 11,067,392 a------- c:\windows\system32\dllcache\ieframe.dll
2009-07-19 09:18 5,937,152 a------- c:\windows\system32\dllcache\mshtml.dll
2009-07-19 09:18 5,937,152 a------- c:\windows\system32\dllcache\cache\mshtml.dll
2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 15:01 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-13 23:43 10,841,088 -------- c:\windows\system32\dllcache\wmp.dll
2009-07-13 23:43 286,208 -------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-03 07:01 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-06-25 04:25 730,112 a------- c:\windows\system32\lsasrv.dll
2009-06-25 04:25 301,568 a------- c:\windows\system32\kerberos.dll
2009-06-25 04:25 147,456 a------- c:\windows\system32\schannel.dll
2009-06-25 04:25 136,192 a------- c:\windows\system32\msv1_0.dll
2009-06-25 04:25 56,832 a------- c:\windows\system32\secur32.dll
2009-06-25 04:25 54,272 a------- c:\windows\system32\wdigest.dll
2009-06-25 04:25 730,112 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-06-25 04:25 301,568 -------- c:\windows\system32\dllcache\kerberos.dll
2009-06-25 04:25 147,456 -------- c:\windows\system32\dllcache\schannel.dll
2009-06-25 04:25 136,192 -------- c:\windows\system32\dllcache\msv1_0.dll
2009-06-25 04:25 56,832 -------- c:\windows\system32\dllcache\secur32.dll
2009-06-25 04:25 54,272 -------- c:\windows\system32\dllcache\wdigest.dll
2009-06-24 07:18 92,928 -------- c:\windows\system32\dllcache\ksecdd.sys
2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-16 10:36 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 10:36 81,920 -------- c:\windows\system32\dllcache\fontsub.dll
2009-06-12 08:31 76,288 a------- c:\windows\system32\telnet.exe
2009-06-12 08:31 76,288 -------- c:\windows\system32\dllcache\telnet.exe
2009-06-10 10:13 84,992 a------- c:\windows\system32\avifil32.dll
2009-06-10 10:13 84,992 -------- c:\windows\system32\dllcache\avifil32.dll
2009-06-10 09:19 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-06-10 09:19 2,066,432 -------- c:\windows\system32\dllcache\mstscax.dll
2009-06-10 02:14 132,096 a------- c:\windows\system32\wkssvc.dll
2009-06-10 02:14 132,096 -------- c:\windows\system32\dllcache\wkssvc.dll
2009-06-03 15:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-06-03 15:09 1,291,264 -------- c:\windows\system32\dllcache\quartz.dll
2009-06-02 06:12 102,912 a------- c:\windows\system32\dllcache\iecompat.dll
2007-02-16 11:31 227,328 a------- c:\program files\mpTrim.exe
2008-06-27 23:13 4,184 a--sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 13:25:02.87 ===============

**clamenza** · 2009-08-30, 19:27

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 6/3/2008 7:23:26 AM
System Uptime: 8/27/2009 12:19:25 AM (85 hours ago)

Motherboard: Dell Inc. | | 0CU409
Processor: Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz | Socket 775 | 2327/333mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 125 GiB total, 40.935 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: TAP-Win32 Adapter V8
Device ID: ROOT\NET\0000
Manufacturer: TAP-Win32 Provider
Name: TAP-Win32 Adapter V8
PNP Device ID: ROOT\NET\0000
Service: tap0801

==== System Restore Points ===================

RP398: 7/29/2009 9:36:21 AM - Software Distribution Service 3.0
RP399: 7/30/2009 3:12:20 PM - System Checkpoint
RP400: 8/1/2009 12:11:52 AM - Removed Live Search Club Toolbar
RP401: 8/2/2009 10:32:34 AM - System Checkpoint
RP402: 8/3/2009 1:08:44 PM - System Checkpoint
RP403: 8/4/2009 3:51:09 PM - System Checkpoint
RP404: 8/4/2009 9:48:02 PM - Installed Java(TM) 6 Update 15
RP405: 8/6/2009 11:06:03 AM - System Checkpoint
RP406: 8/7/2009 7:43:49 PM - System Checkpoint
RP407: 8/8/2009 2:12:30 PM - Installed MozyHome Remote Backup
RP408: 8/10/2009 11:42:53 AM - System Checkpoint
RP409: 8/11/2009 1:53:50 PM - System Checkpoint
RP410: 8/13/2009 9:24:16 AM - Software Distribution Service 3.0
RP411: 8/14/2009 6:39:56 PM - System Checkpoint
RP412: 8/15/2009 7:50:46 PM - System Checkpoint
RP413: 8/17/2009 12:08:49 AM - System Checkpoint
RP414: 8/19/2009 4:26:07 PM - System Checkpoint
RP415: 8/21/2009 11:32:19 AM - System Checkpoint
RP416: 8/22/2009 3:38:19 PM - System Checkpoint
RP417: 8/23/2009 4:48:33 PM - System Checkpoint
RP418: 8/24/2009 5:13:47 PM - System Checkpoint
RP419: 8/24/2009 11:14:33 PM - Removed Nero 8 Ultra Edition HD
RP420: 8/26/2009 9:54:05 AM - Software Distribution Service 3.0
RP421: 8/27/2009 11:03:08 AM - System Checkpoint
RP422: 8/28/2009 12:55:13 PM - System Checkpoint
RP423: 8/30/2009 1:13:36 PM - ComboFix created restore point

==== Installed Programs ======================

µTorrent
7-Zip 4.65
Adobe Digital Editions
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.6
Adobe Shockwave Player 11.5
Amazon MP3 Downloader 1.0.5
AnswerWorks 5.0 English Runtime
Audacity 1.2.6
AVG Free 8.5
AVIcodec (remove only)
Chinese Simplified Fonts Support For Adobe Reader 8
Coupon Printer for Windows
Critical Update for Windows Media Player 11 (KB959772)
DVD Shrink 3.2
DVD43 v4.4.1
Eraser
FLVPlayer4Free Free FLV Player 2.8.0.0
High Definition Audio Driver Package - KB835221
Hooked on Phonics Learn to Read
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB970653-v3)
Hotspot Shield 1.22
ImgBurn
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections 12.1.8.0
IrfanView (remove only)
Java(TM) 6 Update 15
KeyText v2.25
Logitech MouseWare 9.79.1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Media Video 9 VCM
MIKSOFT Mobile AMR converter
Mob Wars Toolbar
Mozilla Firefox (3.5.2)
MozyHome Remote Backup
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
Need for Speed™ ProStreet Demo
neroxml
NoteTab Light 5 (Remove only)
OpenVPN 2.0.9
PDFCreator
PowerDVD
River Past Screen Recorder
RSIGuard Stretch Edition
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Spybot - Search & Destroy
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wnyiper
TurboTax 2008 wrapper
TVUPlayer 2.4.7.2
Tweak UI
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office PowerPoint 2007 Help (KB957247)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
VC 9.0 Runtime
Viewpoint Media Player
VLC media player 1.0.1
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live installer
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
WinISO 5.3
WinRAR archiver
ZoneAlarm

==== Event Viewer Messages From Past Week ========

8/30/2009 12:07:20 AM, error: Dhcp [1002] - The IP address lease 10.11.19.63 for the Network Card with network address 00FF636CE4BA has been denied by the DHCP server 10.10.63.254 (The DHCP Server sent a DHCPNACK message).
8/30/2009 12:04:30 AM, error: Dhcp [1002] - The IP address lease 10.17.95.140 for the Network Card with network address 00FF636CE4BA has been denied by the DHCP server 10.11.31.254 (The DHCP Server sent a DHCPNACK message).
8/30/2009 1:14:49 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
8/29/2009 4:17:20 PM, error: Dhcp [1002] - The IP address lease 10.10.35.234 for the Network Card with network address 00FF636CE4BA has been denied by the DHCP server 10.17.95.254 (The DHCP Server sent a DHCPNACK message).
8/29/2009 12:14:07 AM, error: Dhcp [1002] - The IP address lease 10.13.28.151 for the Network Card with network address 00FF636CE4BA has been denied by the DHCP server 10.10.47.254 (The DHCP Server sent a DHCPNACK message).
8/29/2009 12:08:27 AM, error: Dhcp [1002] - The IP address lease 10.20.116.218 for the Network Card with network address 00FF636CE4BA has been denied by the DHCP server 10.13.31.254 (The DHCP Server sent a DHCPNACK message).
8/29/2009 12:02:07 AM, error: Dhcp [1002] - The IP address lease 10.6.114.185 for the Network Card with network address 00FF636CE4BA has been denied by the DHCP server 10.20.127.254 (The DHCP Server sent a DHCPNACK message).
8/28/2009 3:51:01 PM, error: Dhcp [1002] - The IP address lease 10.8.96.13 for the Network Card with network address 00FF636CE4BA has been denied by the DHCP server 10.6.127.254 (The DHCP Server sent a DHCPNACK message).
8/24/2009 7:13:26 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
8/24/2009 11:15:26 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.

==== End Of File ===========================

**Blade81** · 2009-08-30, 19:40

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

µTorrent
Tor Browser

I'd like you to read this thread.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

I'm really doubtful about the deletions...

Any specific reason for that statement?

Thread: Possible browser hijack

Thread Tools

Display

Possible browser hijack

DDS.txt / Attach.txt - Thanks a lot.

GMER log 1/2

GMER log 2/2

I'm really doubtful about the deletions...

DDS.txt

Attach.txt (not sure if you want it)

Posting Permissions