MSA maybe more?

Animehound · Mar 7, 2009

i have been his with MSA.exe however im not sure if its more than that. i have spy bot, it found nothing, then malwear bytes, that found nothing, then spywear doctor... that found nothing, as well as ad aware, that found nothing as well. the issues occuring are IE opening up to blank windows, a message flashing saying that there is a security problem would you like to scan for viruses window, and a little tab in my toolbar that is nothing more than a red circle with an x in it that keeps saying warning! you have a security problem. help me its driving me mad.

HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:17:34 PM, on 3/7/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\josh\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\DOCUME~1\KAREN~1.DB2\LOCALS~1\Temp\clclean.0001
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061016
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061016
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O1 - Hosts: 68.191.9.88 l2authd.lineage2.com
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Karen.DB2JRYB1\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1161829172203
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163261639734
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\josh\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 14112 bytes

Blade81 · Mar 8, 2009

Hi

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.

When done, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt
Save both reports to your desktop. Post them back to your topic.

Animehound · Mar 8, 2009

ok here they are

DDS (Ver_09-02-01.01) - NTFSx86
Run by Karen at 17:29:08.64 on Sun 03/08/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.278 [GMT -4:00]

AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated)
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
FW: ZoneAlarm Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
svchost.exe
C:\Program Files\josh\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Karen.DB2JRYB1\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Bar =
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061016
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
mURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: NoExplorer - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Yahoo! IE Suggest: {5a263cf7-56a6-4d68-a8cf-345be45bc911} - c:\program files\yahoo!\search\YSearchSuggest.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: AIM Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [SetDefaultMIDI] MIDIDef.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [MBMon] Rundll32 CTMBHA.DLL,MBMon
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\karen~1.db2\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-us\local\search.html
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\karen.db2jryb1\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1161829172203
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163261639734
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\karen~1.db2\applic~1\mozilla\firefox\profiles\fmudpqwd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50fftrie7
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=tb50fftrab&query=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll
FF - plugin: c:\documents and settings\karen.db2jryb1\application data\mozilla\firefox\profiles\fmudpqwd.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPZoneSB.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-5 64160]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-3-6 130424]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-5 325640]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-3-5 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-5 107912]
R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2008-8-24 127768]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-8-24 394952]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-3-5 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-3-5 298264]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2008-10-28 156968]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-10-10 24652]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 leafnets;Leaf Networks Adapter;c:\windows\system32\drivers\leafnets.sys [2007-5-2 55296]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 951120]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2004-12-10 30336]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-3-6 348752]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-3-6 1095560]
S3 WPRO_40_1123;WinPcap Packet Driver (WPRO_40_1123);c:\windows\system32\drivers\wpro_40_1123.sys --> c:\windows\system32\drivers\WPRO_40_1123.sys [?]

=============== Created Last 30 ================

2009-03-08 00:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Drivers HeadQuarters
2009-03-08 00:11 <DIR> --d----- c:\program files\PC Drivers HeadQuarters
2009-03-06 19:26 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-03-06 19:26 130,424 a------- c:\windows\system32\drivers\PCTCore.sys
2009-03-06 19:26 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-03-06 19:26 <DIR> --d----- c:\program files\common files\PC Tools
2009-03-06 19:26 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-03-05 23:24 <DIR> --d----- c:\docume~1\karen~1.db2\applic~1\Malwarebytes
2009-03-05 23:24 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-05 23:24 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-05 23:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-05 23:24 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-05 22:45 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-03-05 22:45 107,912 a------- c:\windows\system32\drivers\avgtdix.sys
2009-03-05 22:45 325,640 a------- c:\windows\system32\drivers\avgldx86.sys
2009-03-05 22:44 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-03-05 22:44 <DIR> --d----- c:\docume~1\karen~1.db2\applic~1\AVGTOOLBAR
2009-03-05 22:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-03-05 20:30 15,688 a------- c:\windows\system32\lsdelete.exe
2009-03-05 20:08 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-03-05 20:01 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-03-05 20:00 <DIR> --d----- c:\program files\Lavasoft
2009-03-04 18:34 61,440 a------- c:\windows\system32\digitbox.ocx
2009-03-04 18:34 <DIR> --d----- c:\program files\Alarm
2009-02-18 22:42 54,156 a---h--- c:\windows\QTFont.qfn
2009-02-18 22:42 1,409 a------- c:\windows\QTFont.for
2009-02-17 21:20 <DIR> --d----- c:\program files\Amazon
2009-02-17 20:48 <DIR> --d----- C:\My Music

==================== Find3M ====================

2009-03-08 17:29 86,331,424 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-03-08 00:37 1,013,996 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-03-07 15:15 8,558 a------- c:\docume~1\karen~1.db2\applic~1\wklnhst.dat
2009-03-05 18:57 25,088 a------- c:\windows\system32\userinit.exe
2009-01-20 17:12 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-01-16 22:35 3,594,752 a------- c:\windows\system32\dllcache\mshtml.dll
2009-01-10 17:20 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-19 05:10 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 05:10 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-12-19 01:25 634,024 -------- c:\windows\system32\dllcache\iexplore.exe
2008-12-19 01:23 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2008-12-11 07:57 333,184 -------- c:\windows\system32\dllcache\srv.sys
2008-08-21 18:20 61,224 a------- c:\documents and settings\karen.db2jryb1\GoToAssistDownloadHelper.exe
2008-01-01 02:11 40 a------- c:\documents and settings\karen.db2jryb1\language.dat
2007-10-24 19:40 630,784 a------- c:\documents and settings\karen.db2jryb1\GoToAssist_chat2way__317_en.exe
2007-06-04 21:33 72,168 a------- c:\docume~1\karen~1.db2\applic~1\GDIPFONTCACHEV1.DAT
2006-10-26 21:07 3,250,815 ac------ c:\program files\YVD086.exe
1998-04-21 03:57 131,072 a------- c:\program files\us_scd1_9210.bin
2008-10-09 00:23 88 ---shr-- c:\windows\system32\3E39A46BB8.sys
2008-10-18 20:11 8 ---shr-- c:\windows\system32\CD87AC12C5.sys
2008-12-04 23:20 3,140 a--sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 17:30:53.28 ===============

the other

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 10/20/2006 12:05:29 PM
System Uptime: 3/8/2009 2:25:53 PM (3 hours ago)

Motherboard: Dell Inc. | | 0YD612
Processor: Genuine Intel(R) CPU T2300 @ 1.66GHz | Microprocessor | 1662/166mhz
Processor: Genuine Intel(R) CPU T2300 @ 1.66GHz | Microprocessor | 1662/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 79 GiB total, 13.517 GiB free.
D: is FIXED (NTFS) - 26 GiB total, 25.584 GiB free.
E: is CDROM ()
F: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\3FFFFFFF5B4FC000
Manufacturer: Microsoft
Name: 1394 Net Adapter #2
PNP Device ID: V1394\NIC1394\3FFFFFFF5B4FC000
Service: NIC1394

Class GUID: {4D36E97B-E325-11CE-BFC1-08002BE10318}
Description: VAXSCSI Controller
Device ID: ACPI\PNPA000\4&48789D60&0
Manufacturer: (Standard mass storage controllers)
Name: VAXSCSI Controller
PNP Device ID: ACPI\PNPA000\4&48789D60&0
Service: vaxscsi

==== System Restore Points ===================

RP518: 12/10/2008 12:19:12 AM - System Checkpoint
RP519: 12/11/2008 1:02:26 AM - Software Distribution Service 3.0
RP520: 12/12/2008 9:22:16 PM - Removed Corel Photo Album 6
RP521: 12/16/2008 12:16:28 AM - Removed Mids' Hero Designer
RP522: 12/17/2008 12:22:34 AM - System Checkpoint
RP523: 12/19/2008 2:23:59 AM - Software Distribution Service 3.0
RP524: 12/20/2008 12:06:55 AM - Software Distribution Service 3.0
RP525: 12/20/2008 3:23:27 PM - Software Distribution Service 3.0
RP526: 1/6/2009 5:03:08 PM - Installed Bluetooth Stack for Windows by Toshiba.
RP527: 1/6/2009 5:11:04 PM - Removed Bluetooth Stack for Windows by Toshiba.
RP528: 1/10/2009 4:19:47 PM - Installed Java(TM) 6 Update 11
RP529: 1/14/2009 12:04:16 AM - Software Distribution Service 3.0
RP530: 1/14/2009 8:19:57 PM - Installed Full Tilt Poker
RP531: 1/18/2009 8:39:25 PM - Removed Doom 3
RP532: 1/19/2009 10:24:45 PM - Installed Seagate Manager Installer
RP533: 1/19/2009 10:32:54 PM - Installed Seagate Manager Installer
RP534: 1/20/2009 2:36:26 AM - Software Distribution Service 3.0
RP535: 1/27/2009 3:37:57 PM - System Checkpoint
RP536: 1/31/2009 2:30:56 PM - System Checkpoint
RP537: 1/31/2009 4:20:06 PM - Removed GameSpy Comrade.
RP538: 2/11/2009 2:34:23 PM - Software Distribution Service 3.0
RP539: 2/16/2009 5:44:32 PM - System Checkpoint
RP540: 2/18/2009 12:04:50 AM - System Checkpoint
RP541: 2/24/2009 6:49:56 PM - System Checkpoint
RP542: 2/25/2009 2:50:53 AM - Software Distribution Service 3.0
RP543: 2/26/2009 1:30:11 AM - Software Distribution Service 3.0
RP544: 2/27/2009 1:34:56 AM - Software Distribution Service 3.0
RP545: 2/28/2009 10:13:28 AM - Software Distribution Service 3.0
RP546: 3/3/2009 2:55:06 PM - Software Distribution Service 3.0
RP547: 3/5/2009 6:37:00 PM - Configured AVG Free 8.5
RP548: 3/5/2009 6:51:22 PM - Software Distribution Service 3.0
RP549: 3/5/2009 9:29:44 PM - Removed AVG Free 8.0
RP550: 3/5/2009 9:32:58 PM - Installed AVG Free 8.0
RP551: 3/5/2009 9:44:17 PM - Installed AVG Free 8.5
RP552: 3/6/2009 5:29:16 PM - Software Distribution Service 3.0
RP553: 3/6/2009 6:47:39 PM - Shockwave Player
RP554: 3/6/2009 7:13:32 PM - Spyware Doctor: Cleaning Threats
RP555: 3/6/2009 7:49:38 PM - Spyware Doctor: Cleaning Threats
RP556: 3/7/2009 1:09:23 AM - Software Distribution Service 3.0
RP557: 3/7/2009 4:10:37 PM - Software Distribution Service 3.0
RP558: 3/7/2009 11:11:28 PM - Installed Driver Detective
RP559: 3/7/2009 11:47:08 PM - Avg8 Update
RP560: 3/8/2009 4:19:56 PM - Software Distribution Service 3.0

==== Installed Programs ======================

7-Zip 4.57
Ad-Aware
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Photoshop 7.0
Adobe Reader 7.0.8
Adobe Shockwave Player 11
AIM 6
AIM Toolbar 5.0
Alarm 2.0.4
Amazon MP3 Downloader 1.0.3
Andrea VoiceCenter
AOLIcon
ArcSoft MediaConverter 2.5
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
AutoUpdate
AVG 8.5
Broadcom Management Programs
BUM
CCScore
City of Villains/City of Heroes (remove only)
Conexant HDA D110 MDC V.92 Modem
Creative Audio Pack
Creative MediaSource 5
DAEMON Tools Toolbar
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell System Restore
Dell Wireless WLAN Card
Diablo
Diablo II
Digital Content Portal
Digital Line Detect
DivX
DivX Converter
DivX Player
DivX Web Player
Documentation & Support Launcher
Driver Detective
ELIcon
EPSON Print CD
EPSON Printer Software
EPSON SPR340 User's Guide
ERUNT 1.1j
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
essvcpt
Fallout
Full Tilt Poker
Games, Music, & Photos Launcher
GOG.com Downloader
Google Toolbar for Firefox
Google Toolbar for Internet Explorer
Hamachi 1.0.1.1
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
HLPPDOCK
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB908673)
Hotfix for Windows XP (KB909095)
Hotfix for Windows XP (KB909394)
Hotfix for Windows XP (KB912024)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
HTML TADS Player Kit
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 11
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
KODAK EASYSHARE Gallery Easy Upload, v2.1
Kodak EasyShare software
KSU
Leaf
Lernout & Hauspie TruVoice American English TTS Engine
LiveUpdate 2.6 (Symantec Corporation)
Macromedia Extension Manager
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Macromedia Flash Player 8
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft ActiveSync
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Standard 2006
Microsoft Digital Image Standard 2006 Editor
Microsoft Digital Image Standard 2006 Library
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Streets & Trips 2006
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Word 2002
Microsoft Works
Microsoft Works Suite 2006 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Mids' Hero/Villain Designer
mIRC
Modem Helper
Mozilla Firefox (3.0.7)
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB954459)
Netflix Movie Viewer
NetWaiting
Notifier
OfotoXMI
OpenOffice.org Installer 1.0
Optimum Online net guide
OTtBP
OTtBPSDK
PowerDVD 5.7
QuickSet
QuickTime
RealPlayer
RPTools MapTool
SA32xx Device Manager
Sacred Gold
Scientific Atlanta WebSTAR 2000 series Cable Modem
Seagate Manager Installer
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960715)
SFR
SHASTA
Sid Meier's Civilization 4
Sid Meier's Civilization 4 - Beyond the Sword
Sid Meier's Civilization 4 - Warlords
SKIN0001
SKINXSDK
Skulltag
Skype™ 3.8
Sonic DLA
Sonic Encoders
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sound Blaster ADVANCED MB Drivers
Sound Blaster Audigy ADVANCED MB
Sound Blaster Audigy ADVANCED MB Product Registration
Speakonia
Spybot - Search & Destroy
Spyware Doctor 6.0
Starcraft
staticcr
Synaptics Pointing Device Driver
System Requirements Lab
TeamSpeak 2 RC2
The Sims™ 2 Double Deluxe
Unreal Tournament 2004
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update Rollup 2 for Windows XP Media Center Edition 2005
URL Assistant
VidiotMaps Map Overlay
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VPRINTOL
Warcraft II BNE
WebFldrs XP
Winamp (remove only)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Mobile® Device Handbook
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890927
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892627
Windows XP Hotfix - KB893056
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
WinRAR archiver
WIRELESS
Works Upgrade
Yahoo! Browser Services
Yahoo! IE Search Suggest
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Search Protection
Yugioh Virtual Desktop
Yugioh Virtual Dueling
ZoneAlarm
ZoneAlarm Spy Blocker

==== Event Viewer Messages From Past Week ========

3/3/2009 9:28:31 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
3/3/2009 9:28:30 PM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
3/3/2009 9:28:53 PM, error: Dhcp [1002] - The IP address lease 173.2.246.64 for the Network Card with network address 0018F357D1F2 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
3/4/2009 2:27:28 PM, error: Dhcp [1002] - The IP address lease 173.2.245.62 for the Network Card with network address 0018F357D1F2 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
3/5/2009 5:11:05 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the COM+ System Application service to connect.
3/5/2009 5:11:06 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service COMSysApp with arguments "" in order to run the server: {ECABAFBC-7F19-11D2-978E-0000F8757E2A}
3/5/2009 5:11:06 PM, error: Service Control Manager [7000] - The COM+ System Application service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/5/2009 8:12:33 PM, error: Service Control Manager [7034] - The Windows Audio service terminated unexpectedly. It has done this 1 time(s).
3/5/2009 8:12:33 PM, error: Service Control Manager [7034] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s).
3/5/2009 8:12:33 PM, error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s).
3/5/2009 8:12:33 PM, error: Service Control Manager [7034] - The DHCP Client service terminated unexpectedly. It has done this 1 time(s).
3/5/2009 8:12:33 PM, error: Service Control Manager [7034] - The Error Reporting Service service terminated unexpectedly. It has done this 1 time(s).
3/5/2009 8:12:33 PM, error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 1 time(s).
3/5/2009 8:12:33 PM, error: Service Control Manager [7031] - The Help and Support service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
3/5/2009 8:12:33 PM, error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 1 time(s).
3/5/2009 8:12:33 PM, error: Service Control Manager [7034] - The Workstation service terminated unexpectedly. It has done this 1 time(s).
3/5/2009 8:12:33 PM, error: Service Control Manager [7034] - The Network Connections service terminated unexpectedly. It has done this 1 time(s).
3/5/2009 8:12:33 PM, error: Service Control Manager [7034] - The Network Location Awareness (NLA) service terminated unexpectedly. It has done this 1 time(s).
3/5/2009 8:12:33 PM, error: Service Control Manager [7034] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s).
3/5/2009 8:12:33 PM, error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service.
3/5/2009 8:12:33 PM, error: Service Control Manager [7034] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s).
3/5/2009 8:12:33 PM, error: Service Control Manager [7034] - The System Event Notification service terminated unexpectedly. It has done this 1 time(s).
3/5/2009 8:12:33 PM, error: Service Control Manager [7034] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated unexpectedly. It has done this 1 time(s).
3/5/2009 8:12:33 PM, error: Service Control Manager [7034] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s).
3/5/2009 8:12:33 PM, error: Service Control Manager [7034] - The System Restore Service service terminated unexpectedly. It has done this 1 time(s).
3/5/2009 8:12:33 PM, error: Service Control Manager [7034] - The Telephony service terminated unexpectedly. It has done this 1 time(s).
3/5/2009 8:12:33 PM, error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/5/2009 8:12:33 PM, error: Service Control Manager [7034] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s).
3/5/2009 8:12:33 PM, error: Service Control Manager [7034] - The Windows Time service terminated unexpectedly. It has done this 1 time(s).
3/5/2009 8:12:33 PM, error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/5/2009 8:12:33 PM, error: Service Control Manager [7034] - The Security Center service terminated unexpectedly. It has done this 1 time(s).
3/5/2009 8:12:33 PM, error: Service Control Manager [7034] - The Automatic Updates service terminated unexpectedly. It has done this 1 time(s).
3/5/2009 8:13:10 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
3/5/2009 10:02:46 PM, error: Dhcp [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 0018F357D1F2 has been denied by the DHCP server 167.206.7.172 (The DHCP Server sent a DHCPNACK message).
3/6/2009 5:29:39 PM, error: Service Control Manager [7034] - The AVG Free8 E-mail Scanner service terminated unexpectedly. It has done this 1 time(s).
3/6/2009 5:30:51 PM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
3/6/2009 5:31:15 PM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
3/6/2009 5:31:22 PM, error: Service Control Manager [7034] - The AVG Free8 E-mail Scanner service terminated unexpectedly. It has done this 2 time(s).
3/6/2009 5:31:45 PM, error: Service Control Manager [7031] - The Media Center Extender Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
3/7/2009 12:10:38 AM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
3/7/2009 12:15:51 AM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 2 time(s).
3/7/2009 9:50:56 AM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0018F357D1F2. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
3/7/2009 10:49:50 AM, error: Dhcp [1002] - The IP address lease 173.2.249.225 for the Network Card with network address 0018F357D1F2 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
3/7/2009 11:24:11 AM, error: Dhcp [1002] - The IP address lease 173.2.245.22 for the Network Card with network address 0018F357D1F2 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
3/7/2009 6:53:42 PM, error: Service Control Manager [7031] - The AVG Free8 WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
3/7/2009 6:56:00 PM, error: Service Control Manager [7034] - The PC Tools Auxiliary Service service terminated unexpectedly. It has done this 1 time(s).
3/7/2009 6:56:17 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Lavasoft Ad-Aware Service service, but this action failed with the following error: The service database is locked.
3/7/2009 8:39:37 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.

==== End Of File ===========================

Blade81 · Mar 9, 2009

Hi again,

Disable Ad-Watch

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds.txt log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Animehound · Mar 10, 2009

well combofix, rebooted my computer and now explorer wont start, its sitting at my background picture and thats it... its been sitting that way since it rebooted, what should i do now. it produced no logs no nothing...

Blade81 · Mar 10, 2009

Hi

Reboot the system manually, please.

Animehound · Mar 10, 2009

done and still sits on the same screen -_-

Animehound · Mar 10, 2009

i wound up force running explorer to get it to load here is the log

ComboFix 09-03-06.02 - Karen 2009-03-10 12:11:52.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.507 [GMT -4:00]
Running from: c:\documents and settings\Karen.DB2JRYB1\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated)
FW: ZoneAlarm Firewall *disabled*
.

((((((((((((((((((((((((( Files Created from 2009-02-10 to 2009-03-10 )))))))))))))))))))))))))))))))
.

2009-03-08 00:11 . 2009-03-08 00:11 <DIR> d-------- c:\program files\PC Drivers HeadQuarters
2009-03-08 00:11 . 2009-03-08 00:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-03-06 21:14 . 2009-03-06 21:15 <DIR> d-------- c:\program files\ERUNT
2009-03-06 19:26 . 2009-03-06 19:40 <DIR> d-------- c:\program files\Common Files\PC Tools
2009-03-06 19:26 . 2009-03-10 01:48 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-03-06 19:26 . 2008-12-11 09:38 159,600 --a------ c:\windows\system32\drivers\pctgntdi.sys
2009-03-06 19:26 . 2009-02-23 11:11 130,424 --a------ c:\windows\system32\drivers\PCTCore.sys
2009-03-06 19:26 . 2008-12-18 13:16 73,840 --a------ c:\windows\system32\drivers\PCTAppEvent.sys
2009-03-06 19:26 . 2008-12-10 13:36 64,392 --a------ c:\windows\system32\drivers\pctplsg.sys
2009-03-05 23:24 . 2009-03-05 23:24 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-05 23:24 . 2009-03-05 23:24 <DIR> d-------- c:\documents and settings\Karen.DB2JRYB1\Application Data\Malwarebytes
2009-03-05 23:24 . 2009-03-05 23:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-05 23:24 . 2009-02-11 11:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-05 23:24 . 2009-02-11 11:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-05 22:45 . 2009-03-05 22:45 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-03-05 22:45 . 2009-03-05 22:45 107,912 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-03-05 22:45 . 2009-03-05 22:45 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-03-05 22:44 . 2009-03-08 17:32 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-03-05 22:44 . 2009-03-06 18:30 <DIR> d-------- c:\documents and settings\Karen.DB2JRYB1\Application Data\AVGTOOLBAR
2009-03-05 22:44 . 2009-03-10 11:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-03-05 20:00 . 2009-03-10 01:23 <DIR> d-------- c:\program files\Lavasoft
2009-03-04 18:34 . 2009-03-04 18:34 <DIR> d-------- c:\program files\Alarm
2009-03-04 18:34 . 2007-04-30 00:24 61,440 --a------ c:\windows\system32\digitbox.ocx
2009-02-18 22:42 . 2009-03-08 01:20 54,156 --ah----- c:\windows\QTFont.qfn
2009-02-18 22:42 . 2009-02-18 22:42 1,409 --a------ c:\windows\QTFont.for
2009-02-17 21:21 . 2009-02-17 21:21 <DIR> d-------- c:\documents and settings\Karen.DB2JRYB1\Application Data\Amazon
2009-02-17 21:20 . 2009-02-17 21:20 <DIR> d-------- c:\program files\Amazon
2009-02-17 20:48 . 2009-02-17 20:48 <DIR> d-------- C:\My Music

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-10 16:19 86,888,480 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-03-10 16:03 1,020,548 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-03-10 16:03 --------- d-----w c:\documents and settings\Karen.DB2JRYB1\Application Data\Skype
2009-03-10 15:34 --------- d-----w c:\documents and settings\Karen.DB2JRYB1\Application Data\skypePM
2009-03-10 15:28 21,185,567 ----a-w c:\windows\Internet Logs\vsmon_on_demand_2009_03_10_03_36_49_full.dmp.zip
2009-03-10 05:23 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-09 02:50 --------- d-----w c:\program files\City of Heroes
2009-03-09 01:48 --------- d-----w c:\documents and settings\Karen.DB2JRYB1\Application Data\teamspeak2
2009-03-08 04:13 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-07 19:15 8,558 ----a-w c:\documents and settings\Karen.DB2JRYB1\Application Data\wklnhst.dat
2009-03-07 05:34 --------- d-----w c:\program files\LimeWire
2009-03-07 01:24 --------- d-----w c:\program files\Trend Micro
2009-03-07 00:54 --------- d-----w c:\program files\Spyware Doctor
2009-03-05 23:56 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-05 23:53 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-05 22:57 25,088 ----a-w c:\windows\system32\userinit.exe
2009-03-05 22:09 6,408,779 ----a-w c:\windows\Internet Logs\tvDebug.zip
2009-03-02 04:03 --------- d-----w c:\program files\josh
2009-02-28 00:35 --------- d-----w c:\documents and settings\Karen.DB2JRYB1\Application Data\Hamachi
2009-02-26 19:19 --------- d-----w c:\program files\Starcraft
2009-02-25 22:23 --------- d-----w c:\program files\CohTest
2009-02-18 00:59 --------- d-----w c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire
2009-02-07 00:41 --------- d-----w c:\program files\Google
2009-01-31 02:40 --------- d-----w c:\program files\Maptools
2009-01-31 01:46 --------- d-----w c:\program files\gba
2009-01-23 23:05 --------- d--h--r c:\documents and settings\Karen.DB2JRYB1\Application Data\yahoo!
2009-01-22 20:10 --------- d-----w c:\program files\GOG.com
2009-01-21 00:51 --------- d-----w c:\program files\Full Tilt Poker
2009-01-20 21:12 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-01-20 20:48 --------- d-----w c:\program files\EA GAMES
2009-01-20 03:25 --------- d-----w c:\program files\Seagate
2009-01-20 03:25 --------- d-----w c:\documents and settings\All Users\Application Data\Seagate
2009-01-20 03:24 --------- d-----w c:\program files\MSXML 6.0
2009-01-19 03:47 --------- d-----w c:\program files\GOG.com Downloader
2009-01-19 03:47 --------- d-----w c:\documents and settings\Karen.DB2JRYB1\Application Data\com.gog.downloader.87F90EC6C28C7E479115BE2E026DB87A08BC420D.1
2009-01-19 03:46 --------- d-----w c:\program files\Common Files\Adobe AIR
2009-01-19 00:31 --------- d-----w c:\program files\SystemRequirementsLab
2009-01-19 00:31 --------- d-----w c:\documents and settings\Karen.DB2JRYB1\Application Data\SystemRequirementsLab
2009-01-18 02:27 --------- d-----w c:\program files\Diablo II
2009-01-17 02:35 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll
2009-01-15 05:45 --------- d-----w c:\program files\Macromedia
2009-01-10 21:20 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-01-10 21:19 --------- d-----w c:\program files\Java
2009-01-04 02:30 2,639,872 ----a-w c:\windows\Internet Logs\xDB22.tmp
2009-01-01 07:05 21,191,331 ----a-w c:\windows\Internet Logs\vsmon_on_demand_2009_01_01_00_01_37_full.dmp.zip
2008-12-19 09:10 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 09:10 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-12-19 05:25 634,024 ------w c:\windows\system32\dllcache\iexplore.exe
2008-12-19 05:23 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-12-11 11:57 333,184 ------w c:\windows\system32\dllcache\srv.sys
2008-08-21 22:20 61,224 ----a-w c:\documents and settings\Karen.DB2JRYB1\GoToAssistDownloadHelper.exe
2008-01-01 06:11 40 ----a-w c:\documents and settings\Karen.DB2JRYB1\language.dat
2007-10-24 23:40 630,784 ----a-w c:\documents and settings\Karen.DB2JRYB1\GoToAssist_chat2way__317_en.exe
2007-06-05 01:33 72,168 ----a-w c:\documents and settings\Karen.DB2JRYB1\Application Data\GDIPFONTCACHEV1.DAT
2006-10-27 01:07 3,250,815 -c--a-w c:\program files\YVD086.exe
1998-04-21 07:57 131,072 ----a-w c:\program files\us_scd1_9210.bin
2008-10-09 04:23 88 --sh--r c:\windows\system32\3E39A46BB8.sys
2008-10-19 00:11 8 --sh--r c:\windows\system32\CD87AC12C5.sys
2008-12-05 03:20 3,140 --sha-w c:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------

2008-04-13 20:12 26112 a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\userinit.exe
2009-03-05 18:57 25088 7c2e2b79bcc4eb29a20745b53ce53a58 c:\windows\system32\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-10 68856]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 c:\windows\MIDIDEF.EXE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1024000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-10 136600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-01-07 155648]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-05 1932568]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 c:\windows\stsystra.exe]
"MBMon"="CTMBHA.DLL" [2006-06-29 c:\windows\system32\CTMBHA.DLL]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-10 c:\windows\system32\narrator.exe]

c:\documents and settings\Karen.DB2JRYB1\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-05 22:45 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdWareProT]
c:\program files\AdWare Pro\AdWarePro.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-08-06 11:21 50472 c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
--a------ 2008-04-17 15:14 98616 c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2006-01-02 18:41 45056 c:\program files\ATI Technologies\ATI.ACE\CLI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BuildBU]
--a------ 2004-02-19 07:23 61440 c:\dell\bldbubg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cognac]
c:\docume~1\KAREN~1.DB2\LOCALS~1\Temp\3065.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
c:\program files\GameSpy\Comrade\Comrade.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-08-08 08:11 490952 c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
--a------ 2006-08-03 19:51 1032192 c:\program files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2005-12-09 21:29 49152 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Leaf]
--a------ 2008-04-26 14:34 554896 c:\program files\Leaf Networks\Leaf\bin\Leaf.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxMenuMgr]
--a------ 2008-10-28 17:42 181544 c:\program files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
--a------ 2008-05-27 21:58 4269296 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchAndDestroyT]
c:\program files\Search And Destroy\SearchAndDestroy.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--------- 2009-02-11 11:31 2262872 c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-07-10 17:59 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoiceCenter]
--------- 2006-02-16 10:20 1118208 c:\program files\Creative\VoiceCenter\AndreaVC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
--a------ 2007-03-28 18:10 224248 c:\program files\Yahoo!\Search Protection\SearchProtection.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)
"aawservice"=2 (0x2)
"gusvc"=3 (0x3)
"Spooler"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"Fax"=2 (0x2)
"ACDaemon"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\josh\\mIRC\\mirc.exe"=
"c:\\Program Files\\josh\\YGO Virtual Desktop V086.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\josh\\snes9x\\snes9x.exe"=
"c:\\Program Files\\josh\\Fusion.exe"=
"c:\\Program Files\\josh\\snes9x.exe"=
"c:\\Program Files\\josh\\Zsnesw.exe"=
"c:\\Program Files\\Skulltag\\skulltag.exe"=
"c:\\Program Files\\Skulltag\\IdeSE.exe"=
"c:\\Program Files\\josh\\Skulltag\\IdeSE.exe"=
"c:\\Program Files\\josh\\Skulltag\\skulltag.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\javaws.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\Warcraft II BNE\\lancraft.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"c:\\Program Files\\Leaf Networks\\Leaf\\bin\\Leaf.exe"=
"c:\\Program Files\\GOG.com\\Unreal Tournament 2004\\System\\UT2004.exe"=
"c:\\Program Files\\GOG.com\\Sacred Gold\\GameServer.exe"=
"c:\\Program Files\\GOG.com\\Sacred Gold\\Sacred.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"6112:TCP"= 6112:TCP:star

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-03-06 130424]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-05 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-05 107912]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-03-05 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-05 298264]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2008-10-28 156968]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-10-10 24652]
R3 leafnets;Leaf Networks Adapter;c:\windows\system32\drivers\leafnets.sys [2007-05-02 55296]
S3 WPRO_40_1123;WinPcap Packet Driver (WPRO_40_1123);c:\windows\system32\drivers\WPRO_40_1123.sys --> c:\windows\system32\drivers\WPRO_40_1123.sys [?]
S4 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-03-06 348752]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{325a36f6-7084-11dd-91c2-0018f357d1f2}]
\Shell\AutoRun\command - F:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-03-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []

2009-03-10 c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
- c:\windows\msa.exe []
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Karen.DB2JRYB1\Start Menu\Programs\IMVU\Run IMVU.lnk
FF - ProfilePath - c:\documents and settings\Karen.DB2JRYB1\Application Data\Mozilla\Firefox\Profiles\fmudpqwd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50fftrie7
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=tb50fftrab&query=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-10 12:18:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1220)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
.
Completion time: 2009-03-10 12:24:09
ComboFix-quarantined-files.txt 2009-03-10 16:23:48
ComboFix2.txt 2009-03-10 15:51:40

Pre-Run: 16,846,184,448 bytes free
Post-Run: 16,830,189,568 bytes free

301 --- E O F --- 2009-03-09 05:22:09

Blade81 · Mar 10, 2009

Hi

Please re-run DDS and post back dds.txt log as well

Also, I'd like to see contents of ComboFix2.txt file (probably in c:\ComboFix folder).

Animehound · Mar 10, 2009

i dont know if we will get to this but i have had to force explorer to run whenever this comp reboots... will that get fixed too? anyway here are the logs

DDS (Ver_09-02-01.01) - NTFSx86
Run by Karen at 15:20:20.79 on Tue 03/10/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.357 [GMT -4:00]

AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated)
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
FW: ZoneAlarm Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
svchost.exe
C:\Program Files\josh\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\DOCUME~1\KAREN~1.DB2\LOCALS~1\Temp\clclean.0001
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Karen.DB2JRYB1\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: NoExplorer - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Yahoo! IE Suggest: {5a263cf7-56a6-4d68-a8cf-345be45bc911} - c:\program files\yahoo!\search\YSearchSuggest.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: AIM Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [SetDefaultMIDI] MIDIDef.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [MBMon] Rundll32 CTMBHA.DLL,MBMon
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\karen~1.db2\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-us\local\search.html
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\karen.db2jryb1\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1161829172203
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163261639734
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\karen~1.db2\applic~1\mozilla\firefox\profiles\fmudpqwd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50fftrie7
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=tb50fftrab&query=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll
FF - plugin: c:\documents and settings\karen.db2jryb1\application data\mozilla\firefox\profiles\fmudpqwd.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPZoneSB.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-3-6 130424]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-5 325640]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-3-5 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-5 107912]
R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2008-8-24 127768]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-8-24 394952]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-3-5 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-3-5 298264]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2008-10-28 156968]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-10-10 24652]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 leafnets;Leaf Networks Adapter;c:\windows\system32\drivers\leafnets.sys [2007-5-2 55296]
S3 WPRO_40_1123;WinPcap Packet Driver (WPRO_40_1123);c:\windows\system32\drivers\wpro_40_1123.sys --> c:\windows\system32\drivers\WPRO_40_1123.sys [?]
S4 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-3-6 348752]
S4 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-3-6 1095560]

=============== Created Last 30 ================

2009-03-10 02:01 <DIR> a-dshr-- C:\cmdcons
2009-03-10 01:52 161,792 a------- c:\windows\SWREG.exe
2009-03-10 01:52 98,816 a------- c:\windows\sed.exe
2009-03-08 00:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Drivers HeadQuarters
2009-03-08 00:11 <DIR> --d----- c:\program files\PC Drivers HeadQuarters
2009-03-06 19:26 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-03-06 19:26 130,424 a------- c:\windows\system32\drivers\PCTCore.sys
2009-03-06 19:26 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-03-06 19:26 <DIR> --d----- c:\program files\common files\PC Tools
2009-03-06 19:26 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-03-05 23:24 <DIR> --d----- c:\docume~1\karen~1.db2\applic~1\Malwarebytes
2009-03-05 23:24 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-05 23:24 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-05 23:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-05 23:24 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-05 22:45 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-03-05 22:45 107,912 a------- c:\windows\system32\drivers\avgtdix.sys
2009-03-05 22:45 325,640 a------- c:\windows\system32\drivers\avgldx86.sys
2009-03-05 22:44 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-03-05 22:44 <DIR> --d----- c:\docume~1\karen~1.db2\applic~1\AVGTOOLBAR
2009-03-05 22:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-03-05 20:00 <DIR> --d----- c:\program files\Lavasoft
2009-03-04 18:34 61,440 a------- c:\windows\system32\digitbox.ocx
2009-03-04 18:34 <DIR> --d----- c:\program files\Alarm
2009-02-18 22:42 54,156 a---h--- c:\windows\QTFont.qfn
2009-02-18 22:42 1,409 a------- c:\windows\QTFont.for
2009-02-17 21:20 <DIR> --d----- c:\program files\Amazon
2009-02-17 20:48 <DIR> --d----- C:\My Music

==================== Find3M ====================

2009-03-10 12:30 86,904,864 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-03-10 12:03 1,020,548 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-03-07 15:15 8,558 a------- c:\docume~1\karen~1.db2\applic~1\wklnhst.dat
2009-03-05 18:57 25,088 a------- c:\windows\system32\userinit.exe
2009-01-20 17:12 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-01-16 22:35 3,594,752 a------- c:\windows\system32\dllcache\mshtml.dll
2009-01-10 17:20 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-19 05:10 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 05:10 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-12-19 01:25 634,024 -------- c:\windows\system32\dllcache\iexplore.exe
2008-12-19 01:23 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2008-12-11 07:57 333,184 -------- c:\windows\system32\dllcache\srv.sys
2008-08-21 18:20 61,224 a------- c:\documents and settings\karen.db2jryb1\GoToAssistDownloadHelper.exe
2008-01-01 02:11 40 a------- c:\documents and settings\karen.db2jryb1\language.dat
2007-10-24 19:40 630,784 a------- c:\documents and settings\karen.db2jryb1\GoToAssist_chat2way__317_en.exe
2007-06-04 21:33 72,168 a------- c:\docume~1\karen~1.db2\applic~1\GDIPFONTCACHEV1.DAT
2006-10-26 21:07 3,250,815 ac------ c:\program files\YVD086.exe
1998-04-21 03:57 131,072 a------- c:\program files\us_scd1_9210.bin
2008-10-09 00:23 88 ---shr-- c:\windows\system32\3E39A46BB8.sys
2008-10-18 20:11 8 ---shr-- c:\windows\system32\CD87AC12C5.sys
2008-12-04 23:20 3,140 a--sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 15:21:59.48 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 10/20/2006 12:05:29 PM
System Uptime: 3/10/2009 1:46:04 PM (2 hours ago)

Motherboard: Dell Inc. | | 0YD612
Processor: Genuine Intel(R) CPU T2300 @ 1.66GHz | Microprocessor | 1662/166mhz
Processor: Genuine Intel(R) CPU T2300 @ 1.66GHz | Microprocessor | 1662/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 79 GiB total, 15.675 GiB free.
D: is FIXED (NTFS) - 26 GiB total, 25.584 GiB free.
E: is CDROM ()
F: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\3FFFFFFF5B4FC000
Manufacturer: Microsoft
Name: 1394 Net Adapter #2
PNP Device ID: V1394\NIC1394\3FFFFFFF5B4FC000
Service: NIC1394

Class GUID: {4D36E97B-E325-11CE-BFC1-08002BE10318}
Description: VAXSCSI Controller
Device ID: ACPI\PNPA000\4&48789D60&0
Manufacturer: (Standard mass storage controllers)
Name: VAXSCSI Controller
PNP Device ID: ACPI\PNPA000\4&48789D60&0
Service: vaxscsi

==== System Restore Points ===================

RP518: 12/10/2008 12:19:12 AM - System Checkpoint
RP519: 12/11/2008 1:02:26 AM - Software Distribution Service 3.0
RP520: 12/12/2008 9:22:16 PM - Removed Corel Photo Album 6
RP521: 12/16/2008 12:16:28 AM - Removed Mids' Hero Designer
RP522: 12/17/2008 12:22:34 AM - System Checkpoint
RP523: 12/19/2008 2:23:59 AM - Software Distribution Service 3.0
RP524: 12/20/2008 12:06:55 AM - Software Distribution Service 3.0
RP525: 12/20/2008 3:23:27 PM - Software Distribution Service 3.0
RP526: 1/6/2009 5:03:08 PM - Installed Bluetooth Stack for Windows by Toshiba.
RP527: 1/6/2009 5:11:04 PM - Removed Bluetooth Stack for Windows by Toshiba.
RP528: 1/10/2009 4:19:47 PM - Installed Java(TM) 6 Update 11
RP529: 1/14/2009 12:04:16 AM - Software Distribution Service 3.0
RP530: 1/14/2009 8:19:57 PM - Installed Full Tilt Poker
RP531: 1/18/2009 8:39:25 PM - Removed Doom 3
RP532: 1/19/2009 10:24:45 PM - Installed Seagate Manager Installer
RP533: 1/19/2009 10:32:54 PM - Installed Seagate Manager Installer
RP534: 1/20/2009 2:36:26 AM - Software Distribution Service 3.0
RP535: 1/27/2009 3:37:57 PM - System Checkpoint
RP536: 1/31/2009 2:30:56 PM - System Checkpoint
RP537: 1/31/2009 4:20:06 PM - Removed GameSpy Comrade.
RP538: 2/11/2009 2:34:23 PM - Software Distribution Service 3.0
RP539: 2/16/2009 5:44:32 PM - System Checkpoint
RP540: 2/18/2009 12:04:50 AM - System Checkpoint
RP541: 2/24/2009 6:49:56 PM - System Checkpoint
RP542: 2/25/2009 2:50:53 AM - Software Distribution Service 3.0
RP543: 2/26/2009 1:30:11 AM - Software Distribution Service 3.0
RP544: 2/27/2009 1:34:56 AM - Software Distribution Service 3.0
RP545: 2/28/2009 10:13:28 AM - Software Distribution Service 3.0
RP546: 3/3/2009 2:55:06 PM - Software Distribution Service 3.0
RP547: 3/5/2009 6:37:00 PM - Configured AVG Free 8.5
RP548: 3/5/2009 6:51:22 PM - Software Distribution Service 3.0
RP549: 3/5/2009 9:29:44 PM - Removed AVG Free 8.0
RP550: 3/5/2009 9:32:58 PM - Installed AVG Free 8.0
RP551: 3/5/2009 9:44:17 PM - Installed AVG Free 8.5
RP552: 3/6/2009 5:29:16 PM - Software Distribution Service 3.0
RP553: 3/6/2009 6:47:39 PM - Shockwave Player
RP554: 3/6/2009 7:13:32 PM - Spyware Doctor: Cleaning Threats
RP555: 3/6/2009 7:49:38 PM - Spyware Doctor: Cleaning Threats
RP556: 3/7/2009 1:09:23 AM - Software Distribution Service 3.0
RP557: 3/7/2009 4:10:37 PM - Software Distribution Service 3.0
RP558: 3/7/2009 11:11:28 PM - Installed Driver Detective
RP559: 3/7/2009 11:47:08 PM - Avg8 Update
RP560: 3/8/2009 4:19:56 PM - Software Distribution Service 3.0
RP561: 3/9/2009 12:19:49 AM - Software Distribution Service 3.0
RP562: 3/10/2009 12:26:50 AM - Removed AVG Free 8.0
RP563: 3/10/2009 12:29:51 AM - Removed AVG Free 8.0
RP564: 3/10/2009 12:41:32 AM - Removed AVG Free 8.0
RP565: 3/10/2009 12:53:19 AM - ComboFix created restore point
RP566: 3/10/2009 12:56:36 AM - ComboFix created restore point
RP567: 3/10/2009 10:40:01 AM - Configured AVG Free 8.5

==== Installed Programs ======================

7-Zip 4.57
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Photoshop 7.0
Adobe Reader 7.0.8
Adobe Shockwave Player 11
AIM 6
AIM Toolbar 5.0
Alarm 2.0.4
Amazon MP3 Downloader 1.0.3
Andrea VoiceCenter
AOLIcon
ArcSoft MediaConverter 2.5
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
AutoUpdate
AVG 8.5
Broadcom Management Programs
BUM
CCScore
City of Villains/City of Heroes (remove only)
Conexant HDA D110 MDC V.92 Modem
Creative Audio Pack
Creative MediaSource 5
DAEMON Tools Toolbar
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell System Restore
Dell Wireless WLAN Card
Diablo
Diablo II
Digital Content Portal
Digital Line Detect
DivX
DivX Converter
DivX Player
DivX Web Player
Documentation & Support Launcher
Driver Detective
ELIcon
EPSON Print CD
EPSON Printer Software
EPSON SPR340 User's Guide
ERUNT 1.1j
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
essvcpt
Fallout
Full Tilt Poker
Games, Music, & Photos Launcher
GOG.com Downloader
Google Toolbar for Firefox
Google Toolbar for Internet Explorer
Hamachi 1.0.1.1
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
HLPPDOCK
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB908673)
Hotfix for Windows XP (KB909095)
Hotfix for Windows XP (KB909394)
Hotfix for Windows XP (KB912024)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
HTML TADS Player Kit
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 11
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
KODAK EASYSHARE Gallery Easy Upload, v2.1
Kodak EasyShare software
KSU
Leaf
Lernout & Hauspie TruVoice American English TTS Engine
LiveUpdate 2.6 (Symantec Corporation)
Macromedia Extension Manager
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Macromedia Flash Player 8
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft ActiveSync
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Standard 2006
Microsoft Digital Image Standard 2006 Editor
Microsoft Digital Image Standard 2006 Library
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Streets & Trips 2006
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Word 2002
Microsoft Works
Microsoft Works Suite 2006 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Mids' Hero/Villain Designer
mIRC
Modem Helper
Mozilla Firefox (3.0.7)
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB954459)
Netflix Movie Viewer
NetWaiting
Notifier
OfotoXMI
OpenOffice.org Installer 1.0
Optimum Online net guide
OTtBP
OTtBPSDK
PowerDVD 5.7
QuickSet
QuickTime
RealPlayer
RPTools MapTool
SA32xx Device Manager
Sacred Gold
Scientific Atlanta WebSTAR 2000 series Cable Modem
Seagate Manager Installer
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960715)
SFR
SHASTA
Sid Meier's Civilization 4
Sid Meier's Civilization 4 - Beyond the Sword
Sid Meier's Civilization 4 - Warlords
SKIN0001
SKINXSDK
Skulltag
Skype™ 3.8
Sonic DLA
Sonic Encoders
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sound Blaster ADVANCED MB Drivers
Sound Blaster Audigy ADVANCED MB
Sound Blaster Audigy ADVANCED MB Product Registration
Speakonia
Spybot - Search & Destroy
Spyware Doctor 6.0
Starcraft
staticcr
Synaptics Pointing Device Driver
System Requirements Lab
TeamSpeak 2 RC2
The Sims™ 2 Double Deluxe
Unreal Tournament 2004
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update Rollup 2 for Windows XP Media Center Edition 2005
URL Assistant
VidiotMaps Map Overlay
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VPRINTOL
Warcraft II BNE
WebFldrs XP
Winamp (remove only)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Mobile® Device Handbook
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890927
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892627
Windows XP Hotfix - KB893056
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
WinRAR archiver
WIRELESS
Works Upgrade
Yahoo! Browser Services
Yahoo! IE Search Suggest
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Search Protection
Yugioh Virtual Desktop
Yugioh Virtual Dueling
ZoneAlarm
ZoneAlarm Spy Blocker

==== Event Viewer Messages From Past Week ========

3/10/2009 11:06:56 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
3/10/2009 11:24:18 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

==== End Of File ===========================

ComboFix 09-03-06.02 - Karen 2009-03-10 2:05:21.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.470 [GMT -4:00]
Running from: c:\documents and settings\Karen.DB2JRYB1\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Karen.DB2JRYB1\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated)
FW: ZoneAlarm Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Need2Find
c:\program files\Need2Find\bar\1.bin\N2FFXTBR.JAR
c:\program files\Need2Find\bar\1.bin\N2NTSTBR.JAR
c:\program files\Need2Find\bar\1.bin\PARTNER.DAT
c:\program files\Need2Find\bar\Cache\00165E51
c:\program files\Need2Find\bar\History\search
c:\program files\Need2Find\bar\Settings\prevcfg.htm
c:\program files\Need2Find\NetMeeting\Blip.wav
c:\program files\Need2Find\NetMeeting\callcont.dll
c:\program files\Need2Find\NetMeeting\cb32.exe
c:\program files\Need2Find\NetMeeting\conf.exe
c:\program files\Need2Find\NetMeeting\confmrsl.dll
c:\program files\Need2Find\NetMeeting\dcap32.dll
c:\program files\Need2Find\NetMeeting\h323cc.dll
c:\program files\Need2Find\NetMeeting\MST120.DLL
c:\program files\Need2Find\NetMeeting\MST123.DLL
c:\program files\Need2Find\NetMeeting\nac.dll
c:\program files\Need2Find\NetMeeting\netmeet.htm
c:\program files\Need2Find\NetMeeting\nmas.dll
c:\program files\Need2Find\NetMeeting\nmasnt.dll
c:\program files\Need2Find\NetMeeting\nmchat.dll
c:\program files\Need2Find\NetMeeting\nmcom.dll
c:\program files\Need2Find\NetMeeting\nmft.dll
c:\program files\Need2Find\NetMeeting\nmoldwb.dll
c:\program files\Need2Find\NetMeeting\nmwb.dll
c:\program files\Need2Find\NetMeeting\rrcm.dll
c:\program files\Need2Find\NetMeeting\TestSnd.wav
c:\program files\Need2Find\NetMeeting\wb32.exe
c:\windows\system32\_000004_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\_000009_.tmp.dll
c:\windows\system32\cache329
c:\windows\system32\cache329\B_329_0_0_105300.htm
c:\windows\system32\cache329\B_329_0_0_106800.htm
c:\windows\system32\cache329\B_329_0_0_107400.htm
c:\windows\system32\cache329\B_329_1_0_449200.gif
c:\windows\system32\cache329\B_329_1_0_449600.gif
c:\windows\system32\cache329\B_329_1_0_454300.gif
c:\windows\system32\cache329\B_329_2_0_105300.htm
c:\windows\system32\cache329\B_329_2_0_106800.htm
c:\windows\system32\cache329\B_329_2_0_107400.htm
c:\windows\system32\cache329\B_329_3_0_105300.htm
c:\windows\system32\cache329\B_329_3_0_106800.htm
c:\windows\system32\cache329\B_329_3_0_107400.htm
c:\windows\system32\cache329\B_329_4_0_111600.htm
c:\windows\system32\cache329\B_329_4_0_152400.htm
c:\windows\system32\cache329\B_329_4_0_155300.htm
c:\windows\system32\cache329\B_329_4_0_164100.htm
c:\windows\system32\cache329\t_B_329_0_0_105300.htm
c:\windows\system32\cache329\t_B_329_0_0_106800.htm
c:\windows\system32\cache329\t_B_329_0_0_107400.htm
c:\windows\system32\cache329\t_B_329_2_0_105300.htm
c:\windows\system32\cache329\t_B_329_2_0_106800.htm
c:\windows\system32\cache329\t_B_329_2_0_107400.htm
c:\windows\system32\cache329\t_B_329_3_0_105300.htm
c:\windows\system32\cache329\t_B_329_3_0_106800.htm
c:\windows\system32\cache329\t_B_329_3_0_107400.htm
c:\windows\system32\cache329\t_B_329_4_0_111600.htm
c:\windows\system32\cache329\t_B_329_4_0_152400.htm
c:\windows\system32\cache329\t_B_329_4_0_155300.htm
c:\windows\system32\cache329\t_B_329_4_0_164100.htm
c:\windows\system32\drivers\npf.sys
c:\windows\system32\init32.exe
c:\windows\system32\packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wpcap.dll
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF

((((((((((((((((((((((((( Files Created from 2009-02-10 to 2009-03-10 )))))))))))))))))))))))))))))))
.

2009-03-08 00:11 . 2009-03-08 00:11 <DIR> d-------- c:\program files\PC Drivers HeadQuarters
2009-03-08 00:11 . 2009-03-08 00:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-03-06 21:14 . 2009-03-06 21:15 <DIR> d-------- c:\program files\ERUNT
2009-03-06 19:26 . 2009-03-06 19:40 <DIR> d-------- c:\program files\Common Files\PC Tools
2009-03-06 19:26 . 2009-03-10 01:48 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-03-06 19:26 . 2008-12-11 09:38 159,600 --a------ c:\windows\system32\drivers\pctgntdi.sys
2009-03-06 19:26 . 2009-02-23 11:11 130,424 --a------ c:\windows\system32\drivers\PCTCore.sys
2009-03-06 19:26 . 2008-12-18 13:16 73,840 --a------ c:\windows\system32\drivers\PCTAppEvent.sys
2009-03-06 19:26 . 2008-12-10 13:36 64,392 --a------ c:\windows\system32\drivers\pctplsg.sys
2009-03-05 23:24 . 2009-03-05 23:24 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-05 23:24 . 2009-03-05 23:24 <DIR> d-------- c:\documents and settings\Karen.DB2JRYB1\Application Data\Malwarebytes
2009-03-05 23:24 . 2009-03-05 23:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-05 23:24 . 2009-02-11 11:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-05 23:24 . 2009-02-11 11:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-05 22:45 . 2009-03-05 22:45 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-03-05 22:45 . 2009-03-05 22:45 107,912 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-03-05 22:45 . 2009-03-05 22:45 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-03-05 22:44 . 2009-03-08 17:32 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-03-05 22:44 . 2009-03-06 18:30 <DIR> d-------- c:\documents and settings\Karen.DB2JRYB1\Application Data\AVGTOOLBAR
2009-03-05 22:44 . 2009-03-10 11:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-03-05 20:00 . 2009-03-10 01:23 <DIR> d-------- c:\program files\Lavasoft
2009-03-04 18:34 . 2009-03-04 18:34 <DIR> d-------- c:\program files\Alarm
2009-03-04 18:34 . 2007-04-30 00:24 61,440 --a------ c:\windows\system32\digitbox.ocx
2009-02-18 22:42 . 2009-03-08 01:20 54,156 --ah----- c:\windows\QTFont.qfn
2009-02-18 22:42 . 2009-02-18 22:42 1,409 --a------ c:\windows\QTFont.for
2009-02-17 21:21 . 2009-02-17 21:21 <DIR> d-------- c:\documents and settings\Karen.DB2JRYB1\Application Data\Amazon
2009-02-17 21:20 . 2009-02-17 21:20 <DIR> d-------- c:\program files\Amazon
2009-02-17 20:48 . 2009-02-17 20:48 <DIR> d-------- C:\My Music

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-10 15:41 86,808,608 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-03-10 15:41 --------- d-----w c:\documents and settings\Karen.DB2JRYB1\Application Data\Skype
2009-03-10 15:34 --------- d-----w c:\documents and settings\Karen.DB2JRYB1\Application Data\skypePM
2009-03-10 07:37 1,020,116 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-03-10 05:23 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-09 02:50 --------- d-----w c:\program files\City of Heroes
2009-03-09 01:48 --------- d-----w c:\documents and settings\Karen.DB2JRYB1\Application Data\teamspeak2
2009-03-08 04:13 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-07 19:15 8,558 ----a-w c:\documents and settings\Karen.DB2JRYB1\Application Data\wklnhst.dat
2009-03-07 05:34 --------- d-----w c:\program files\LimeWire
2009-03-07 01:24 --------- d-----w c:\program files\Trend Micro
2009-03-07 00:54 --------- d-----w c:\program files\Spyware Doctor
2009-03-05 23:56 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-05 23:53 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-02 04:03 --------- d-----w c:\program files\josh
2009-02-28 00:35 --------- d-----w c:\documents and settings\Karen.DB2JRYB1\Application Data\Hamachi
2009-02-26 19:19 --------- d-----w c:\program files\Starcraft
2009-02-25 22:23 --------- d-----w c:\program files\CohTest
2009-02-18 00:59 --------- d-----w c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire
2009-02-07 00:41 --------- d-----w c:\program files\Google
2009-01-31 02:40 --------- d-----w c:\program files\Maptools
2009-01-31 01:46 --------- d-----w c:\program files\gba
2009-01-23 23:05 --------- d--h--r c:\documents and settings\Karen.DB2JRYB1\Application Data\yahoo!
2009-01-22 20:10 --------- d-----w c:\program files\GOG.com
2009-01-21 00:51 --------- d-----w c:\program files\Full Tilt Poker
2009-01-20 20:48 --------- d-----w c:\program files\EA GAMES
2009-01-20 03:25 --------- d-----w c:\program files\Seagate
2009-01-20 03:25 --------- d-----w c:\documents and settings\All Users\Application Data\Seagate
2009-01-20 03:24 --------- d-----w c:\program files\MSXML 6.0
2009-01-19 03:47 --------- d-----w c:\program files\GOG.com Downloader
2009-01-19 03:47 --------- d-----w c:\documents and settings\Karen.DB2JRYB1\Application Data\com.gog.downloader.87F90EC6C28C7E479115BE2E026DB87A08BC420D.1
2009-01-19 03:46 --------- d-----w c:\program files\Common Files\Adobe AIR
2009-01-19 00:31 --------- d-----w c:\program files\SystemRequirementsLab
2009-01-19 00:31 --------- d-----w c:\documents and settings\Karen.DB2JRYB1\Application Data\SystemRequirementsLab
2009-01-18 02:27 --------- d-----w c:\program files\Diablo II
2009-01-15 05:45 --------- d-----w c:\program files\Macromedia
2009-01-10 21:19 --------- d-----w c:\program files\Java
2008-08-21 22:20 61,224 ----a-w c:\documents and settings\Karen.DB2JRYB1\GoToAssistDownloadHelper.exe
2008-01-01 06:11 40 ----a-w c:\documents and settings\Karen.DB2JRYB1\language.dat
2007-10-24 23:40 630,784 ----a-w c:\documents and settings\Karen.DB2JRYB1\GoToAssist_chat2way__317_en.exe
2007-06-05 01:33 72,168 ----a-w c:\documents and settings\Karen.DB2JRYB1\Application Data\GDIPFONTCACHEV1.DAT
2006-10-27 01:07 3,250,815 -c--a-w c:\program files\YVD086.exe
1998-04-21 07:57 131,072 ----a-w c:\program files\us_scd1_9210.bin
2008-10-09 04:23 88 --sh--r c:\windows\system32\3E39A46BB8.sys
2008-10-19 00:11 8 --sh--r c:\windows\system32\CD87AC12C5.sys
2008-12-05 03:20 3,140 --sha-w c:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------

2008-04-13 20:12 26112 a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\userinit.exe
2009-03-05 18:57 25088 7c2e2b79bcc4eb29a20745b53ce53a58 c:\windows\system32\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-10 68856]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 c:\windows\MIDIDEF.EXE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1024000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-10 136600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-01-07 155648]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 c:\windows\stsystra.exe]
"MBMon"="CTMBHA.DLL" [2006-06-29 c:\windows\system32\CTMBHA.DLL]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-10 c:\windows\system32\narrator.exe]

c:\documents and settings\Karen.DB2JRYB1\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-05 22:45 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-08-06 11:21 50472 c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
--a------ 2008-04-17 15:14 98616 c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2006-01-02 18:41 45056 c:\program files\ATI Technologies\ATI.ACE\CLI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
--a------ 2009-03-05 22:44 1932568 c:\progra~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BuildBU]
--a------ 2004-02-19 07:23 61440 c:\dell\bldbubg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-08-08 08:11 490952 c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
--a------ 2006-08-03 19:51 1032192 c:\program files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2005-12-09 21:29 49152 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Leaf]
--a------ 2008-04-26 14:34 554896 c:\program files\Leaf Networks\Leaf\bin\Leaf.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxMenuMgr]
--a------ 2008-10-28 17:42 181544 c:\program files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
--a------ 2008-05-27 21:58 4269296 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--------- 2009-02-11 11:31 2262872 c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-07-10 17:59 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoiceCenter]
--------- 2006-02-16 10:20 1118208 c:\program files\Creative\VoiceCenter\AndreaVC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
--a------ 2007-03-28 18:10 224248 c:\program files\Yahoo!\Search Protection\SearchProtection.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)
"avg8wd"=2 (0x2)
"avg8emc"=2 (0x2)
"aawservice"=2 (0x2)
"gusvc"=3 (0x3)
"Spooler"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"Fax"=2 (0x2)
"ACDaemon"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\josh\\mIRC\\mirc.exe"=
"c:\\Program Files\\josh\\YGO Virtual Desktop V086.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\josh\\snes9x\\snes9x.exe"=
"c:\\Program Files\\josh\\Fusion.exe"=
"c:\\Program Files\\josh\\snes9x.exe"=
"c:\\Program Files\\josh\\Zsnesw.exe"=
"c:\\Program Files\\Skulltag\\skulltag.exe"=
"c:\\Program Files\\Skulltag\\IdeSE.exe"=
"c:\\Program Files\\josh\\Skulltag\\IdeSE.exe"=
"c:\\Program Files\\josh\\Skulltag\\skulltag.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\javaws.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\Warcraft II BNE\\lancraft.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"c:\\Program Files\\Leaf Networks\\Leaf\\bin\\Leaf.exe"=
"c:\\Program Files\\GOG.com\\Unreal Tournament 2004\\System\\UT2004.exe"=
"c:\\Program Files\\GOG.com\\Sacred Gold\\GameServer.exe"=
"c:\\Program Files\\GOG.com\\Sacred Gold\\Sacred.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"6112:TCP"= 6112:TCP:star

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-03-06 130424]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-05 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-05 107912]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2008-10-28 156968]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-10-10 24652]
R3 leafnets;Leaf Networks Adapter;c:\windows\system32\drivers\leafnets.sys [2007-05-02 55296]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-03-06 348752]
S3 WPRO_40_1123;WinPcap Packet Driver (WPRO_40_1123);c:\windows\system32\drivers\WPRO_40_1123.sys --> c:\windows\system32\drivers\WPRO_40_1123.sys [?]
S4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-03-05 908056]
S4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-05 298264]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{325a36f6-7084-11dd-91c2-0018f357d1f2}]
\Shell\AutoRun\command - F:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-03-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []

2009-03-10 c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
- c:\windows\msa.exe []
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Ad-Watch - c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
MSConfigStartUp-AdWareProT - c:\program files\AdWare Pro\AdWarePro.exe
MSConfigStartUp-Cognac - c:\docume~1\KAREN~1.DB2\LOCALS~1\Temp\3065.exe
MSConfigStartUp-Comrade - c:\program files\GameSpy\Comrade\Comrade.exe
MSConfigStartUp-SearchAndDestroyT - c:\program files\Search And Destroy\SearchAndDestroy.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Karen.DB2JRYB1\Start Menu\Programs\IMVU\Run IMVU.lnk
FF - ProfilePath - c:\documents and settings\Karen.DB2JRYB1\Application Data\Mozilla\Firefox\Profiles\fmudpqwd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50fftrie7
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=tb50fftrab&query=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\Karen.DB2JRYB1\Application Data\Mozilla\Firefox\Profiles\fmudpqwd.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPZoneSB.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-10 11:40:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1220)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
c:\windows\system32\CTSVCCDA.EXE
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\program files\josh\Alcohol 120\StarWind\StarWindService.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\rundll32.exe
c:\docume~1\KAREN~1.DB2\LOCALS~1\Temp\clclean.0001
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-03-10 11:51:38 - machine was rebooted [Karen]
ComboFix-quarantined-files.txt 2009-03-10 15:51:34

Pre-Run: 14,126,206,976 bytes free
Post-Run: 16,838,152,192 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

397 --- E O F --- 2009-03-09 05:22:09

Blade81 · Mar 11, 2009

Hi

I hope we can fix explorer related issue along the way

Uninstall ZoneAlarm Spy Blocker if not installed on purpose.

Does your Spyware Doctor contain antivirus component? If it does, either uninstall Spyware Doctor or AVG antivirus.

Uninstall these vulnerable Javas:
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1

Upload following files to http://www.virustotal.com and post back the results:
c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\userinit.exe
c:\windows\system32\userinit.exe

Uninstall old Adobe Reader versions and get the latest one here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader!

Open notepad and copy/paste the text in the quotebox below into it:

Code:

File::
c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job

Folder::
c:\program files\LimeWire
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire

DDS::
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: NoExplorer - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdWareProT]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cognac]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchAndDestroyT]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=-

Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here. If you get a message that latest Java must be installed "enable" the Java add-ons in IE7. Do that using "manage add-ons" from the IE7 toolbar.

Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.

Animehound · Mar 12, 2009

this is the first userinit.exe

MD5: a93aee1928a9d7ce3e16d24ec7380f89
First received: -
Date: 03.09.2009 14:29:01 (CET) [>2D]
Results: 0/39
Permalink: analisis/99b42e7b5fdac4ae9af2576d5181240

permalink info

Antivirus Version Last Update Result
a-squared 4.0.0.101 2009.03.09 -
AhnLab-V3 5.0.0.2 2009.02.27 -
AntiVir 7.9.0.107 2009.03.09 -
Authentium 5.1.0.4 2009.03.08 -
Avast 4.8.1335.0 2009.03.09 -
AVG 8.0.0.237 2009.03.09 -
BitDefender 7.2 2009.03.09 -
CAT-QuickHeal 10.00 2009.03.09 -
ClamAV 0.94.1 2009.03.06 -
Comodo 1037 2009.03.08 -
DrWeb 4.44.0.09170 2009.03.09 -
eSafe 7.0.17.0 2009.03.08 -
eTrust-Vet 31.6.6386 2009.03.06 -
F-Prot 4.4.4.56 2009.03.08 -
F-Secure 8.0.14470.0 2009.03.09 -
Fortinet 3.117.0.0 2009.03.09 -
GData 19 2009.03.09 -
Ikarus T3.1.1.45.0 2009.03.09 -
K7AntiVirus 7.10.664 2009.03.09 -
Kaspersky 7.0.0.125 2009.03.09 -
McAfee 5547 2009.03.08 -
McAfee+Artemis 5547 2009.03.08 -
Microsoft 1.4405 2009.03.09 -
NOD32 3919 2009.03.09 -
Norman 6.00.06 2009.03.06 -
nProtect 2009.1.8.0 2009.03.09 -
Panda 10.0.0.10 2009.03.09 -
PCTools 4.4.2.0 2009.03.09 -
Prevx1 V2 2009.03.09 -
Rising 21.20.02.00 2009.03.09 -
SecureWeb-Gateway 6.7.6 2009.03.09 -
Sophos 4.39.0 2009.03.09 -
Sunbelt 3.2.1858.2 2009.03.08 -
Symantec 1.4.4.12 2009.03.09 -
TheHacker 6.3.2.7.277 2009.03.09 -
TrendMicro 8.700.0.1004 2009.03.09 -
VBA32 3.12.10.1 2009.03.09 -
ViRobot 2009.3.9.1641 2009.03.09 -
VirusBuster 4.5.11.0 2009.03.08 -
Additional information
File size: 26112 bytes
MD5...: a93aee1928a9d7ce3e16d24ec7380f89
SHA1..: 513f8bdf67a5a9e09803cfb61f590b39f2683853
SHA256: 944cd2135e171af338352568aa7fe1b8004733a4281395ad6723e0cf43d5f53f
SHA512: b4df088a96dda785b1a2edb32ef72554fb8000d01a29668f0da0614f6100c8ea
59c31790d5248e551543efd36684b12b687df55cbeaa36b8c31decf686980f42
ssdeep: 768:0RMJi8jDLIDSAaQFxfftjaLacmkLGKOq:0RMJbDMDSA7FxffJaLaSLG9q
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x54ad
timedatestamp.....: 0x480251a8 (Sun Apr 13 18:32:08 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x520e 0x5400 5.95 099b53205ad3f1c3b853a5310d08a9b1
.data 0x7000 0x14c 0x200 1.86 0bb948f267e82975313a03d8c0e8a1cf
.rsrc 0x8000 0xb50 0xc00 3.27 bac832e39f87c4f5f640e5d5c6a1c2fc

( 9 imports )
> USER32.dll: CreateWindowExW, DestroyWindow, RegisterClassExW, DefWindowProcW, LoadRemoteFonts, wsprintfW, GetSystemMetrics, GetKeyboardLayout, SystemParametersInfoW, GetDesktopWindow, LoadStringW, MessageBoxW, ExitWindowsEx, CharNextW
> ADVAPI32.dll: RegOpenKeyExA, ReportEventW, RegisterEventSourceW, DeregisterEventSource, OpenProcessToken, RegCreateKeyExW, RegSetValueExW, GetUserNameW, RegQueryValueExW, RegOpenKeyExW, RegQueryInfoKeyW, RegCloseKey, RegQueryValueExA
> CRYPT32.dll: CryptProtectData
> WINSPOOL.DRV: SpoolerInit
> ntdll.dll: RtlLengthSid, RtlCopySid, _itow, RtlFreeUnicodeString, DbgPrint, wcslen, wcscpy, wcscat, wcscmp, RtlInitUnicodeString, NtOpenKey, NtClose, _wcsicmp, memmove, RtlConvertSidToUnicodeString, NtQueryInformationToken
> NETAPI32.dll: DsGetDcNameW, NetApiBufferFree
> WLDAP32.dll: -, -, -, -, -, -
> msvcrt.dll: __setusermatherr, _initterm, __getmainargs, _acmdln, _adjust_fdiv, _XcptFilter, _exit, _c_exit, __p__commode, __p__fmode, __set_app_type, _except_handler3, _controlfp, _cexit, exit
> KERNEL32.dll: CompareFileTime, LoadLibraryW, GetProcAddress, FreeLibrary, lstrcpyW, CreateProcessW, lstrlenW, GetVersionExW, LocalFree, LocalAlloc, GetEnvironmentVariableW, CloseHandle, lstrcatW, WaitForSingleObject, DelayLoadFailureHook, GetStartupInfoA, GetModuleHandleA, SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, LoadLibraryA, InterlockedCompareExchange, LocalReAlloc, GetSystemTime, lstrcmpW, GetCurrentThread, SetThreadPriority, ExpandEnvironmentStringsW, SearchPathW, GetLastError, CreateThread, GetFileAttributesExW, GetSystemDirectoryW, SetCurrentDirectoryW, FormatMessageW, lstrcmpiW, GetCurrentProcess, GetUserDefaultLangID, GetCurrentProcessId, SetEvent, OpenEventW, Sleep, SetEnvironmentVariableW

( 0 exports )
ThreatExpert info: http://www.threatexpert.com/report.aspx?md5=a93aee1928a9d7ce3e16d24ec7380f89

second userinit.exe

MD5: 7c2e2b79bcc4eb29a20745b53ce53a58
First received: 03.05.2009 19:56:05 (CET)
Date: 03.11.2009 13:02:30 (CET) [<1D]
Results: 6/39
Permalink: analisis/ef1a82db2f226a0dc6a9af138bd7eb67

Antivirus Version Last Update Result
a-squared 4.0.0.101 2009.03.11 -
AhnLab-V3 5.0.0.2 2009.03.11 -
AntiVir 7.9.0.109 2009.03.11 -
Authentium 5.1.0.4 2009.03.10 -
Avast 4.8.1335.0 2009.03.10 -
AVG 8.0.0.237 2009.03.11 Agent2.EA
BitDefender 7.2 2009.03.11 -
CAT-QuickHeal 10.00 2009.03.11 -
ClamAV 0.94.1 2009.03.11 -
Comodo 1046 2009.03.10 -
DrWeb 4.44.0.09170 2009.03.11 -
eSafe 7.0.17.0 2009.03.11 Suspicious File
eTrust-Vet 31.6.6388 2009.03.09 -
F-Prot 4.4.4.56 2009.03.10 -
F-Secure 8.0.14470.0 2009.03.11 -
Fortinet 3.117.0.0 2009.03.11 -
GData 19 2009.03.11 -
Ikarus T3.1.1.45.0 2009.03.11 -
K7AntiVirus 7.10.665 2009.03.10 -
Kaspersky 7.0.0.125 2009.03.11 -
McAfee 5549 2009.03.10 -
McAfee+Artemis 5549 2009.03.10 Generic!Artemis
Microsoft 1.4405 2009.03.11 -
NOD32 3925 2009.03.11 Win32/TrojanDownloader.Zlob.CZG
Norman 6.00.06 2009.03.10 -
nProtect 2009.1.8.0 2009.03.11 -
Panda 10.0.0.10 2009.03.11 Suspicious file
PCTools 4.4.2.0 2009.03.11 -
Prevx1 V2 2009.03.11 -
Rising 21.20.22.00 2009.03.11 -
SecureWeb-Gateway 6.7.6 2009.03.11 -
Sophos 4.39.0 2009.03.11 -
Sunbelt 3.2.1858.2 2009.03.10 -
Symantec 1.4.4.12 2009.03.11 -
TheHacker 6.3.3.0.278 2009.03.11 -
TrendMicro 8.700.0.1004 2009.03.11 -
VBA32 3.12.10.1 2009.03.11 suspected of Malware-Cryptor.Win32.General.3
ViRobot 2009.3.11.1645 2009.03.11 -
VirusBuster 4.5.11.0 2009.03.10 -
Additional information
File size: 25088 bytes
MD5...: 7c2e2b79bcc4eb29a20745b53ce53a58
SHA1..: a0757789f4182d17a26c87e56499402a5cf74885
SHA256: 013ec3fb5514e4b0f056c3ec537475d076be4e494ea773ba48d12dd5de8aeb78
SHA512: 21674f090437bb71f9e650e09b94910bbd2cc0815e33fe478c687c7a9ee8e3b8
64ca315208c7406983489a2efea61e5360b7f457f733c8394f0d33fcc5e2d613
ssdeep: 384:gtzupwdy98T6hGBo48vXzwviQE/kkouOpOVvqkwP5LpG2o:ySpw0iR2DPQEM
kobowP5NG
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4e9e
timedatestamp.....: 0x47d0a9f0 (Fri Mar 07 02:35:28 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x4bad 0x4c00 7.82 fb730b4533d3027652f8dcf464320253
.rdata 0x6000 0x33c 0x400 4.29 e6cab6afe026c0e4f0a87c9cc140fc50
.data 0x7000 0x2e39 0xe00 5.11 a16fb76825bd6784621846e866c5583f

( 3 imports )
> ulib.dll: _Unlock@MESSAGE@@QAEXXZ, _QueryFullPath@PATH@@QBEPAV1@XZ, _Strrchr@WSTRING@@QBEKGK@Z, _Strcmp@WSTRING@@QBEJPBV1@@Z, _EndsWithDelimiter@PATH@@QBEEXZ, __0LONG_ARGUMENT@@QAE@XZ, _Strlwr@WSTRING@@QAEPAV1@KK@Z, _QueryWSTR@WSTRING@@QBEPAGKKPAGKE@Z
> ADVAPI32.dll: OpenProcessToken, CloseServiceHandle, GetKernelObjectSecurity, LookupPrivilegeValueW, FreeSid
> ole32.dll: CoTreatAsClass, CoCreateGuid, CoReleaseServerProcess, OleLockRunning, OleSetAutoConvert, OleRegGetUserType

( 0 exports )
ThreatExpert info: http://www.threatexpert.com/report.aspx?md5=7c2e2b79bcc4eb29a20745b53ce53a58

Kaspersky scan

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, March 12, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, March 12, 2009 09:18:06
Records in database: 1890971
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 144437
Threat name: 3
Infected objects: 6
Suspicious objects: 0
Duration of the scan: 02:27:56

File name / Threat name / Threats count
C:\Program Files\josh\MayHem\download\PROTECTION.zip Infected: not-a-virus:Client-IRC.Win32.mIRC.582 1
C:\Program Files\josh\MayHem\MayHem.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.591 1
C:\Program Files\josh\MayHem.zip Infected: not-a-virus:Client-IRC.Win32.mIRC.582 1
C:\Program Files\josh\MayHem.zip Infected: not-a-virus:Client-IRC.Win32.mIRC.591 1
C:\Program Files\josh\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.62 1
C:\Program Files\Trend Micro\Internet Security 12\VSSA5IMF.2HQ Infected: not-a-virus:Client-IRC.Win32.mIRC.591 1

The selected area was scanned.

Animehound · Mar 12, 2009

and because it was too long the new combofix part 1

combofix

ComboFix 09-03-10.03 - Karen 2009-03-11 18:50:17.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.394 [GMT -4:00]
Running from: c:\documents and settings\Karen.DB2JRYB1\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Karen.DB2JRYB1\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated)
FW: ZoneAlarm Firewall *disabled*
* Created a new restore point

FILE ::
c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\412splashfree.png
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\414splashfree.png
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\active.mojito
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xul-v2.0b2.4-do-not-remove
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\chrome\branding.jar
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\chrome\branding.manifest
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\chrome\classic.jar
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\chrome\classic.manifest
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\chrome\comm.jar
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\chrome\comm.manifest
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\chrome\en-US.jar
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\chrome\en-US.manifest
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\chrome\limewire.jar
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\chrome\limewire.manifest
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\chrome\pippki.jar
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\chrome\pippki.manifest
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.jar
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.manifest
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\accessibility-msaa.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\accessibility.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\alerts.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\appshell.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\appstartup.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\auth.dll
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\autocomplete.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\autoconfig.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\caps.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\chardet.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\chrome.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\commandhandler.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\commandlines.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\composer.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\content_base.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\content_html.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\content_htmldoc.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\content_xmldoc.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\content_xslt.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\content_xtf.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\contentprefs.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\cookie.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\directory.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\docshell_base.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\dom.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\dom_base.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\dom_canvas.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\dom_core.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\dom_css.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\dom_events.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\dom_html.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\dom_json.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\dom_loadsave.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\dom_offline.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\dom_range.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\dom_sidebar.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\dom_storage.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\dom_stylesheets.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\dom_svg.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\dom_traversal.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\dom_views.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\dom_xbl.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\dom_xpath.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\dom_xul.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\downloads.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\editor.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\embed_base.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\extensions.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\exthandler.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\exthelper.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\fastfind.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\FeedProcessor.js
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\feeds.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\find.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\gfx.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\htmlparser.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\imgicon.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\imglib2.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\inspector.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\intl.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\jar.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\jsconsole-clhandler.js
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\jsdservice.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\layout_base.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\layout_printing.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\layout_xul.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\layout_xul_tree.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\locale.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\loginmgr.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\lwbrk.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\mimetype.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\mozbrwsr.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\mozfind.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\necko.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\necko_about.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\necko_cache.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\necko_cookie.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\necko_dns.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\necko_file.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\necko_ftp.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\necko_http.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\necko_res.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\necko_socket.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\necko_strconv.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\necko_viewsource.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\nsAddonRepository.js
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\nsBadCertHandler.js
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\nsBlocklistService.js
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\nsContentDispatchChooser.js
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\nsContentPrefService.js
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\nsDefaultCLH.js
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\nsDictionary.js
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\nsDownloadManagerUI.js
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\nsExtensionManager.js
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\nsHandlerService.js
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\nsHelperAppDlg.js
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\nsLivemarkService.js
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\nsLoginInfo.js
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\nsLoginManager.js
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\nsLoginManagerPrompter.js
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\nsPostUpdateWin.js
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\nsProgressDialog.js
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\nsProxyAutoConfig.js
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\nsResetPref.js
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\nsTaggingService.js
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\nsTryToClose.js
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\nsUpdateService.js
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\nsURLFormatter.js
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\nsWebHandlerApp.js
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\nsXmlRpcClient.js
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\nsXULAppInstall.js
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\oji.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\parentalcontrols.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\pipboot.dll
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\pipboot.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\pipnss.dll
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\pipnss.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\pippki.dll
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\pippki.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\places.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\plugin.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\pluginGlue.js
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\pref.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\prefetch.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\profile.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\proxyObject.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\rdf.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\satchel.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\saxparser.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\shistory.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\spellchecker.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\storage-Legacy.js
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\storage.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\toolkitprofile.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\transformiix.dll
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\txEXSLTRegExFunctions.js
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\txmgr.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\txtsvc.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\uconv.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\unicharutil.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\universalchardet.dll
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\update.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\uriloader.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\urlformatter.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\webBrowser_core.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\webbrowserpersist.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\webshell_idls.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\websrvcs.dll
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\widget.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\windowds.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\windowwatcher.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\xml-rpc.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\xmlextras.dll
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\xpcom_base.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\xpcom_components.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\xpcom_ds.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\xpcom_io.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\xpcom_system.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\xpcom_thread.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\xpcom_xpti.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\xpconnect.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\xpinstall.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\xulapp.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\xulapp_setup.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\xuldoc.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\xultmpl.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\xulutil.dll
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\components\zipwriter.xpt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\crashreporter.exe
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\crashreporter.ini
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\platform.js
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\prefcalls.js
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\defaults\pref\xulrunner.js
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userChrome-example.css
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userContent-example.css
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\defaults\profile\localstore.rdf
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userChrome-example.css
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userContent-example.css
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\localstore.rdf
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\dependentlibs.list
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.aff
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.dic
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\freebl3.chk
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\freebl3.dll
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\greprefs\all.js
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\greprefs\security-prefs.js
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\greprefs\xpinstall.js
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\javaxpcom.jar
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\javaxpcomglue.dll
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\js3250.dll
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\LICENSE
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\modules\debug.js
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\modules\DownloadUtils.jsm
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\modules\ISO8601DateUtils.jsm
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\modules\JSON.jsm
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\modules\Microformats.js
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\modules\PluralForm.jsm
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\modules\utils.js
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\modules\XPCOMUtils.jsm
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\mozctl.dll
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\mozctlx.dll
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\MSVCP71.DLL
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\msvcr71.dll
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\nspr4.dll
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\nss3.dll
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\nssckbi.dll
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\nssdbm3.dll
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\nssutil3.dll
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\platform.ini
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\plc4.dll
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\plds4.dll
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\plugins\npnul32.dll
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\README.txt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\res\arrow.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\res\arrowd.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\res\broken-image.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\res\charsetalias.properties
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\res\charsetData.properties
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\res\contenteditable.css
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\res\designmode.css
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\res\dtd\mathml.dtd
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\res\dtd\xhtml11.dtd
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\res\EditorOverride.css
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Latin1.properties
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Special.properties
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Symbols.properties
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\res\entityTables\htmlEntityVersions.properties
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\res\entityTables\mathml20.properties
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\res\entityTables\transliterate.properties
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfont.properties
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontStandardSymbolsL.properties
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXNonUnicode.properties
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXSize1.properties
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSymbol.properties
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontUnicode.properties
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\res\forms.css
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\res\grabber.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\res\hiddenWindow.html
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\res\html.css
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\res\html\folder.png
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\res\langGroups.properties
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\res\language.properties
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\res\loading-image.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\res\mathml.css
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\res\quirk.css
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\res\svg.css
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-active.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-hover.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-active.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-hover.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-active.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-hover.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-active.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-hover.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-active.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-hover.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\res\table-remove-column.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-active.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-hover.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\res\table-remove-row.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\res\ua.css
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\res\viewsource.css
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\res\wincharset.properties
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\smime3.dll
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\softokn3.chk
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\softokn3.dll
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\sqlite3.dll
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\ssl3.dll
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\updater.exe
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\version.properties
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\xpcom.dll
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\xpcshell.exe
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\xpidl.exe
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\xpt_link.exe
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\xul.dll
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\browser\xulrunner\xulrunner.exe
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\certificate\limewire.keystore
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\createtimes.cache
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\data.ser
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\downloads.dat
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\fileurns.bak
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\fileurns.cache
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\filters.props
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\gnutella.net
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\installation.props
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\library.dat
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\library5.dat
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\limewire.props
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\mojito.props
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\mozilla-profile\.autoreg
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_001_
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_002_
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_003_
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_MAP_
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\mozilla-profile\Cache\279A4B22d01
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\mozilla-profile\Cache\2E093111d01
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\mozilla-profile\Cache\3816C1E5d01
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\mozilla-profile\Cache\406BE98Dd01
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\mozilla-profile\Cache\6A326B34d01
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\mozilla-profile\Cache\6B5B8EF7d01
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\mozilla-profile\Cache\739DDC02d01
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\mozilla-profile\Cache\7BD6A121d01
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\mozilla-profile\Cache\8EF0EEE3d01
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\mozilla-profile\Cache\9027D38Ad01
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\mozilla-profile\Cache\9191BB34d01
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\mozilla-profile\Cache\962A51B9d01
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\mozilla-profile\Cache\9C1DA776d01
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\mozilla-profile\Cache\F2DA65AFd01
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\mozilla-profile\cert8.db
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\mozilla-profile\compreg.dat
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\mozilla-profile\cookies.sqlite
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\mozilla-profile\downloads.sqlite
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\mozilla-profile\extensions.cache
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\mozilla-profile\extensions.ini
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\mozilla-profile\history.dat
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\mozilla-profile\key3.db
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\mozilla-profile\permissions.sqlite
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\mozilla-profile\places.sqlite-journal
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\mozilla-profile\places.sqlite
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\mozilla-profile\pluginreg.dat
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\mozilla-profile\prefs.js
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\mozilla-profile\secmod.db
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\mozilla-profile\XPC.mfl
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\mozilla-profile\xpti.dat
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\passive.mojito
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\promotion\promodb.properties
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\promotion\promodb.script
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\pub1.key
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\public.key
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\questions.props
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\responses.cache
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\secureMessage.key
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\simpp.xml
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\spam.dat
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\tables.props
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\black_theme.lwtp
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\black_theme\01_star.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\black_theme\02_star.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\black_theme\03_star.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\black_theme\04_star.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\black_theme\05_star.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\black_theme\chat.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\black_theme\dir_closed.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\black_theme\dir_open.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\black_theme\forward_dn.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\black_theme\forward_up.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\black_theme\kill.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\black_theme\kill_on.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\black_theme\lime.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\black_theme\logo.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\black_theme\notsearching.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\black_theme\pause_dn.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\black_theme\pause_up.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\black_theme\play_dn.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\black_theme\play_up.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\black_theme\question.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\black_theme\rewind_dn.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\black_theme\rewind_up.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\black_theme\searching.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\black_theme\splash.png
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\black_theme\splashpro.png
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\black_theme\stop_dn.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\black_theme\stop_up.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\black_theme\theme.txt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\black_theme\warning.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\classic_theme.lwtp
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\classic_theme\01_star.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\classic_theme\02_star.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\classic_theme\03_star.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\classic_theme\04_star.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\classic_theme\05_star.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\classic_theme\chat.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\classic_theme\dir_closed.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\classic_theme\dir_open.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\classic_theme\forward_dn.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\classic_theme\forward_up.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\classic_theme\kill.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\classic_theme\logo.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\classic_theme\notsearching.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\classic_theme\pause_dn.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\classic_theme\pause_up.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\classic_theme\play_dn.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\classic_theme\play_up.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\classic_theme\question.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\classic_theme\rewind_dn.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\classic_theme\rewind_up.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\classic_theme\search.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\classic_theme\searching.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\classic_theme\splash.png
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\classic_theme\splashpro.png
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\classic_theme\stop_dn.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\classic_theme\stop_up.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\classic_theme\theme.txt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\classic_theme\warning.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\limewire_theme.lwtp
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\limewire_theme\01_star.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\limewire_theme\02_star.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\limewire_theme\03_star.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\limewire_theme\04_star.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\limewire_theme\05_star.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\limewire_theme\chat.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\limewire_theme\dir_closed.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\limewire_theme\dir_open.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\limewire_theme\forward_dn.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\limewire_theme\forward_up.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\limewire_theme\kill.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\limewire_theme\kill_on.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\limewire_theme\lime.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\limewire_theme\logo.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\limewire_theme\notsearching.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\limewire_theme\pause_dn.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\limewire_theme\pause_up.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\limewire_theme\play_dn.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\limewire_theme\play_up.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\limewire_theme\question.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\limewire_theme\rewind_dn.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\limewire_theme\rewind_up.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\limewire_theme\searching.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\limewire_theme\splash.png
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\limewire_theme\splashpro.png
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\limewire_theme\stop_dn.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\limewire_theme\stop_up.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\limewire_theme\theme.txt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\limewire_theme\warning.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\other_theme.lwtp
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\other_theme\01_star.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\other_theme\02_star.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\other_theme\03_star.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\other_theme\04_star.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\other_theme\05_star.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\other_theme\chat.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\other_theme\forward_dn.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\other_theme\forward_up.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\other_theme\kill.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\other_theme\kill_on.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\other_theme\logo.png
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\other_theme\name.txt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\other_theme\notsearching.png
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\other_theme\pause_dn.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\other_theme\pause_up.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\other_theme\play_dn.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\other_theme\play_up.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\other_theme\question.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\other_theme\rewind_dn.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\other_theme\rewind_up.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\other_theme\searching.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\other_theme\splash.png
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\other_theme\splashpro.png
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\other_theme\stop_dn.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\other_theme\stop_up.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\other_theme\theme.txt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\other_theme\warning.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\windows_theme.lwtp
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\windows_theme\01_star.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\windows_theme\02_star.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\windows_theme\03_star.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\windows_theme\04_star.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\windows_theme\05_star.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\windows_theme\chat.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\windows_theme\forward_dn.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\windows_theme\forward_up.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\windows_theme\kill.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\windows_theme\kill_on.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\windows_theme\logo.png
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\windows_theme\notsearching.png
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\windows_theme\pause_dn.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\windows_theme\pause_up.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\windows_theme\play_dn.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\windows_theme\play_up.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\windows_theme\question.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\windows_theme\rewind_up.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\windows_theme\searching.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\windows_theme\splash.png
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\windows_theme\splashpro.png
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\windows_theme\stop_dn.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\windows_theme\stop_up.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\windows_theme\theme.txt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\windows_theme\version.txt
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\themes\windows_theme\warning.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\ttree.cache
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\ttrees.cache
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\ttroot.cache
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\update.xml
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\version.key
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\version.xml
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\versions.props
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\xml\data\audio.sxml2
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\xml\data\audio.sxml3
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\xml\data\delete_me
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\xml\misc\application.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\xml\misc\audio.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\xml\misc\document.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\xml\misc\image.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\xml\misc\video.gif
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\xml\schemas\application.xsd
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\xml\schemas\audio.xsd
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\xml\schemas\document.xsd
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\xml\schemas\image.xsd
c:\documents and settings\Karen.DB2JRYB1\Application Data\LimeWire\xml\schemas\video.xsd
c:\program files\LimeWire
c:\program files\LimeWire\hs_err_pid2448.log
c:\program files\LimeWire\hs_err_pid2524.log
c:\program files\LimeWire\hs_err_pid2884.log
c:\program files\LimeWire\hs_err_pid3092.log
c:\program files\LimeWire\hs_err_pid3696.log
c:\program files\LimeWire\hs_err_pid400.log
c:\program files\LimeWire\hs_err_pid4132.log
c:\program files\LimeWire\hs_err_pid4832.log
c:\program files\LimeWire\hs_err_pid5632.log
c:\program files\LimeWire\hs_err_pid5712.log
c:\program files\LimeWire\hs_err_pid636.log
c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job

.
((((((((((((((((((((((((( Files Created from 2009-02-11 to 2009-03-11 )))))))))))))))))))))))))))))))
.

2009-03-11 18:08 . 2008-08-24 15:33 262,144 --a------ c:\program files\Uninstall Spy Blocker.dll
2009-03-08 00:11 . 2009-03-08 00:11 <DIR> d-------- c:\program files\PC Drivers HeadQuarters
2009-03-08 00:11 . 2009-03-08 00:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-03-06 21:14 . 2009-03-06 21:15 <DIR> d-------- c:\program files\ERUNT
2009-03-06 19:26 . 2009-03-06 19:40 <DIR> d-------- c:\program files\Common Files\PC Tools
2009-03-06 19:26 . 2009-03-10 01:48 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-03-06 19:26 . 2008-12-11 09:38 159,600 --a------ c:\windows\system32\drivers\pctgntdi.sys
2009-03-06 19:26 . 2009-02-23 11:11 130,424 --a------ c:\windows\system32\drivers\PCTCore.sys
2009-03-06 19:26 . 2008-12-18 13:16 73,840 --a------ c:\windows\system32\drivers\PCTAppEvent.sys
2009-03-06 19:26 . 2008-12-10 13:36 64,392 --a------ c:\windows\system32\drivers\pctplsg.sys
2009-03-05 23:24 . 2009-03-05 23:24 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-05 23:24 . 2009-03-05 23:24 <DIR> d-------- c:\documents and settings\Karen.DB2JRYB1\Application Data\Malwarebytes
2009-03-05 23:24 . 2009-03-05 23:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-05 23:24 . 2009-02-11 11:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-05 23:24 . 2009-02-11 11:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-05 22:45 . 2009-03-05 22:45 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-03-05 22:45 . 2009-03-05 22:45 107,912 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-03-05 22:45 . 2009-03-05 22:45 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-03-05 22:44 . 2009-03-11 18:40 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-03-05 22:44 . 2009-03-06 18:30 <DIR> d-------- c:\documents and settings\Karen.DB2JRYB1\Application Data\AVGTOOLBAR
2009-03-05 22:44 . 2009-03-10 11:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-03-05 20:00 . 2009-03-10 01:23 <DIR> d-------- c:\program files\Lavasoft
2009-03-04 18:34 . 2009-03-04 18:34 <DIR> d-------- c:\program files\Alarm
2009-03-04 18:34 . 2007-04-30 00:24 61,440 --a------ c:\windows\system32\digitbox.ocx
2009-02-18 22:42 . 2009-03-08 01:20 54,156 --ah----- c:\windows\QTFont.qfn
2009-02-18 22:42 . 2009-02-18 22:42 1,409 --a------ c:\windows\QTFont.for
2009-02-17 21:21 . 2009-02-17 21:21 <DIR> d-------- c:\documents and settings\Karen.DB2JRYB1\Application Data\Amazon
2009-02-17 21:20 . 2009-02-17 21:20 <DIR> d-------- c:\program files\Amazon
2009-02-17 20:48 . 2009-02-17 20:48 <DIR> d-------- C:\My Music

.

Animehound · Mar 12, 2009

combofix part 2

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-11 22:59 87,066,656 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-03-11 22:25 --------- d-----w c:\documents and settings\Karen.DB2JRYB1\Application Data\Skype
2009-03-11 22:18 1,022,540 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-03-11 22:15 --------- d-----w c:\program files\Common Files\Adobe
2009-03-11 22:07 --------- d-----w c:\program files\Java
2009-03-11 21:41 --------- d-----w c:\documents and settings\Karen.DB2JRYB1\Application Data\skypePM
2009-03-11 03:18 --------- d-----w c:\program files\josh
2009-03-10 15:28 21,185,567 ----a-w c:\windows\Internet Logs\vsmon_on_demand_2009_03_10_03_36_49_full.dmp.zip
2009-03-10 05:23 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-09 02:50 --------- d-----w c:\program files\City of Heroes
2009-03-09 01:48 --------- d-----w c:\documents and settings\Karen.DB2JRYB1\Application Data\teamspeak2
2009-03-08 04:13 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-07 19:15 8,558 ----a-w c:\documents and settings\Karen.DB2JRYB1\Application Data\wklnhst.dat
2009-03-07 01:24 --------- d-----w c:\program files\Trend Micro
2009-03-07 00:54 --------- d-----w c:\program files\Spyware Doctor
2009-03-05 23:56 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-05 23:53 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-05 22:57 25,088 ----a-w c:\windows\system32\userinit.exe
2009-03-05 22:09 6,408,779 ----a-w c:\windows\Internet Logs\tvDebug.zip
2009-02-28 00:35 --------- d-----w c:\documents and settings\Karen.DB2JRYB1\Application Data\Hamachi
2009-02-26 19:19 --------- d-----w c:\program files\Starcraft
2009-02-25 22:23 --------- d-----w c:\program files\CohTest
2009-02-09 10:19 1,846,272 ----a-w c:\windows\system32\win32k.sys
2009-02-09 10:19 1,846,272 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-07 00:41 --------- d-----w c:\program files\Google
2009-01-31 02:40 --------- d-----w c:\program files\Maptools
2009-01-31 01:46 --------- d-----w c:\program files\gba
2009-01-23 23:05 --------- d--h--r c:\documents and settings\Karen.DB2JRYB1\Application Data\yahoo!
2009-01-22 20:10 --------- d-----w c:\program files\GOG.com
2009-01-21 00:51 --------- d-----w c:\program files\Full Tilt Poker
2009-01-20 21:12 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-01-20 20:48 --------- d-----w c:\program files\EA GAMES
2009-01-20 03:25 --------- d-----w c:\program files\Seagate
2009-01-20 03:25 --------- d-----w c:\documents and settings\All Users\Application Data\Seagate
2009-01-20 03:24 --------- d-----w c:\program files\MSXML 6.0
2009-01-19 03:47 --------- d-----w c:\program files\GOG.com Downloader
2009-01-19 03:47 --------- d-----w c:\documents and settings\Karen.DB2JRYB1\Application Data\com.gog.downloader.87F90EC6C28C7E479115BE2E026DB87A08BC420D.1
2009-01-19 03:46 --------- d-----w c:\program files\Common Files\Adobe AIR
2009-01-19 00:31 --------- d-----w c:\program files\SystemRequirementsLab
2009-01-19 00:31 --------- d-----w c:\documents and settings\Karen.DB2JRYB1\Application Data\SystemRequirementsLab
2009-01-18 02:27 --------- d-----w c:\program files\Diablo II
2009-01-17 02:35 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll
2009-01-15 05:45 --------- d-----w c:\program files\Macromedia
2009-01-10 21:20 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-01-04 02:30 2,639,872 ----a-w c:\windows\Internet Logs\xDB22.tmp
2009-01-01 07:05 21,191,331 ----a-w c:\windows\Internet Logs\vsmon_on_demand_2009_01_01_00_01_37_full.dmp.zip
2008-12-19 09:10 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 09:10 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-12-19 05:25 634,024 ------w c:\windows\system32\dllcache\iexplore.exe
2008-12-19 05:23 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-12-11 11:57 333,184 ------w c:\windows\system32\dllcache\srv.sys
2008-08-21 22:20 61,224 ----a-w c:\documents and settings\Karen.DB2JRYB1\GoToAssistDownloadHelper.exe
2008-01-01 06:11 40 ----a-w c:\documents and settings\Karen.DB2JRYB1\language.dat
2007-10-24 23:40 630,784 ----a-w c:\documents and settings\Karen.DB2JRYB1\GoToAssist_chat2way__317_en.exe
2007-06-05 01:33 72,168 ----a-w c:\documents and settings\Karen.DB2JRYB1\Application Data\GDIPFONTCACHEV1.DAT
2006-10-27 01:07 3,250,815 -c--a-w c:\program files\YVD086.exe
1998-04-21 07:57 131,072 ----a-w c:\program files\us_scd1_9210.bin
2008-10-09 04:23 88 --sh--r c:\windows\system32\3E39A46BB8.sys
2008-10-19 00:11 8 --sh--r c:\windows\system32\CD87AC12C5.sys
2008-12-05 03:20 3,140 --sha-w c:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------

2008-04-13 20:12 26112 a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\userinit.exe
2009-03-05 18:57 25088 7c2e2b79bcc4eb29a20745b53ce53a58 c:\windows\system32\userinit.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-03-10_11.50.00.79 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-09 10:20:05 1,847,424 ----a-w c:\windows\$hf_mig$\KB958690\SP2QFE\win32k.sys
+ 2009-02-09 11:13:27 1,846,784 ----a-w c:\windows\$hf_mig$\KB958690\SP3GDR\win32k.sys
+ 2009-02-09 11:08:53 1,847,552 ----a-w c:\windows\$hf_mig$\KB958690\SP3QFE\win32k.sys
+ 2008-07-09 07:38:24 17,272 ----a-w c:\windows\$hf_mig$\KB958690\spmsg.dll
+ 2008-07-09 07:38:25 231,288 ----a-w c:\windows\$hf_mig$\KB958690\spuninst.exe
+ 2008-07-09 07:38:24 26,488 ----a-w c:\windows\$hf_mig$\KB958690\update\spcustom.dll
+ 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB958690\update\update.exe
+ 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB958690\update\updspapi.dll
+ 2008-12-05 06:41:26 144,896 ----a-w c:\windows\$hf_mig$\KB960225\SP2QFE\schannel.dll
+ 2008-12-05 06:54:55 144,896 ----a-w c:\windows\$hf_mig$\KB960225\SP3GDR\schannel.dll
+ 2008-12-05 06:58:08 144,896 ----a-w c:\windows\$hf_mig$\KB960225\SP3QFE\schannel.dll
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB960225\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB960225\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB960225\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB960225\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB960225\update\updspapi.dll
+ 2005-10-20 17:02:28 163,328 ----a-w c:\windows\ERDNT\AutoBackup\3-11-2009\ERDNT.EXE
+ 2009-03-11 21:40:45 9,060,352 ----a-w c:\windows\ERDNT\AutoBackup\3-11-2009\Users\00000001\ntuser.dat
+ 2009-03-11 21:40:46 208,896 ----a-w c:\windows\ERDNT\AutoBackup\3-11-2009\Users\00000002\UsrClass.dat
- 2006-10-16 17:07:22 262,144 ---ha-w c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
+ 2009-03-11 21:56:29 262,144 ---ha-w c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
- 2007-04-25 14:21:15 144,896 ------w c:\windows\system32\dllcache\schannel.dll
+ 2008-12-05 07:12:45 144,896 ------w c:\windows\system32\dllcache\schannel.dll
- 2009-02-01 05:51:00 238,352 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-03-11 21:36:54 238,352 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2007-04-25 14:21:15 144,896 ----a-w c:\windows\system32\schannel.dll
+ 2008-12-05 07:12:45 144,896 ----a-w c:\windows\system32\schannel.dll
- 2008-07-09 07:38:24 17,272 ------w c:\windows\system32\spmsg.dll
+ 2007-11-30 11:18:51 17,272 ------w c:\windows\system32\spmsg.dll
- 2006-09-25 21:58:48 23,856 ----a-w c:\windows\system32\spupdsvc.exe
+ 2007-07-27 13:41:38 26,488 ----a-w c:\windows\system32\spupdsvc.exe
- 2007-06-12 03:51:12 10,834,944 ----a-w c:\windows\system32\wmp.dll
+ 2008-11-11 22:34:42 10,838,016 ----a-w c:\windows\system32\wmp.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-10 68856]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 c:\windows\MIDIDEF.EXE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1024000]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-01-07 155648]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-05 1932568]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-10 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 c:\windows\stsystra.exe]
"MBMon"="CTMBHA.DLL" [2006-06-29 c:\windows\system32\CTMBHA.DLL]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-10 c:\windows\system32\narrator.exe]

c:\documents and settings\Karen.DB2JRYB1\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-05 22:45 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-08-06 11:21 50472 c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
--a------ 2008-04-17 15:14 98616 c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2006-01-02 18:41 45056 c:\program files\ATI Technologies\ATI.ACE\CLI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BuildBU]
--a------ 2004-02-19 07:23 61440 c:\dell\bldbubg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-08-08 08:11 490952 c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
--a------ 2006-08-03 19:51 1032192 c:\program files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2005-12-09 21:29 49152 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Leaf]
--a------ 2008-04-26 14:34 554896 c:\program files\Leaf Networks\Leaf\bin\Leaf.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxMenuMgr]
--a------ 2008-10-28 17:42 181544 c:\program files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
--a------ 2008-05-27 21:58 4269296 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--------- 2009-02-11 11:31 2262872 c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-07-10 17:59 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoiceCenter]
--------- 2006-02-16 10:20 1118208 c:\program files\Creative\VoiceCenter\AndreaVC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
--a------ 2007-03-28 18:10 224248 c:\program files\Yahoo!\Search Protection\SearchProtection.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)
"aawservice"=2 (0x2)
"gusvc"=3 (0x3)
"Spooler"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"Fax"=2 (0x2)
"ACDaemon"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\josh\\mIRC\\mirc.exe"=
"c:\\Program Files\\josh\\YGO Virtual Desktop V086.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\josh\\snes9x\\snes9x.exe"=
"c:\\Program Files\\josh\\Fusion.exe"=
"c:\\Program Files\\josh\\snes9x.exe"=
"c:\\Program Files\\josh\\Zsnesw.exe"=
"c:\\Program Files\\Skulltag\\skulltag.exe"=
"c:\\Program Files\\Skulltag\\IdeSE.exe"=
"c:\\Program Files\\josh\\Skulltag\\IdeSE.exe"=
"c:\\Program Files\\josh\\Skulltag\\skulltag.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\WINDOWS\\system32\\javaws.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\Warcraft II BNE\\lancraft.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"c:\\Program Files\\Leaf Networks\\Leaf\\bin\\Leaf.exe"=
"c:\\Program Files\\GOG.com\\Unreal Tournament 2004\\System\\UT2004.exe"=
"c:\\Program Files\\GOG.com\\Sacred Gold\\GameServer.exe"=
"c:\\Program Files\\GOG.com\\Sacred Gold\\Sacred.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"6112:TCP"= 6112:TCP:star

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-03-06 130424]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-05 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-05 107912]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-03-05 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-05 298264]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2008-10-28 156968]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-10-10 24652]
R3 leafnets;Leaf Networks Adapter;c:\windows\system32\drivers\leafnets.sys [2007-05-02 55296]
S3 WPRO_40_1123;WinPcap Packet Driver (WPRO_40_1123);c:\windows\system32\drivers\WPRO_40_1123.sys --> c:\windows\system32\drivers\WPRO_40_1123.sys [?]
S4 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-03-06 348752]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{325a36f6-7084-11dd-91c2-0018f357d1f2}]
\Shell\AutoRun\command - F:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-03-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Karen.DB2JRYB1\Start Menu\Programs\IMVU\Run IMVU.lnk
FF - ProfilePath - c:\documents and settings\Karen.DB2JRYB1\Application Data\Mozilla\Firefox\Profiles\fmudpqwd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50fftrie7
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=tb50fftrab&query=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\Karen.DB2JRYB1\Application Data\Mozilla\Firefox\Profiles\fmudpqwd.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-11 18:58:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1224)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
.
Completion time: 2009-03-11 19:02:22
ComboFix-quarantined-files.txt 2009-03-11 23:02:18
ComboFix2.txt 2009-03-10 16:24:10
ComboFix3.txt 2009-03-10 15:51:40

Pre-Run: 20,996,317,184 bytes free
Post-Run: 20,965,425,152 bytes free

887 --- E O F --- 2009-03-11 21:35:12

Blade81 · Mar 12, 2009

Hi again,

Open notepad and copy/paste the text in the quotebox below into it:

Code:

FCopy::
c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\userinit.exe | c:\windows\system32\userinit.exe

Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log & a fresh dds.txt log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

Animehound · Mar 12, 2009

it asked me if i wanted to keep the unrecognised files? and another window asked me to put in the windows XP disk while running combofix... what should i do?

Animehound · Mar 12, 2009

ComboFix 09-03-10.03 - Karen 2009-03-12 15:21:48.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.377 [GMT -4:00]
Running from: c:\documents and settings\Karen.DB2JRYB1\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Karen.DB2JRYB1\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated)
FW: ZoneAlarm Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\userinit.exe --> c:\windows\system32\userinit.exe
.
((((((((((((((((((((((((( Files Created from 2009-02-12 to 2009-03-12 )))))))))))))))))))))))))))))))
.

2009-03-08 00:11 . 2009-03-08 00:11 <DIR> d-------- c:\program files\PC Drivers HeadQuarters
2009-03-08 00:11 . 2009-03-08 00:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-03-06 21:14 . 2009-03-06 21:15 <DIR> d-------- c:\program files\ERUNT
2009-03-06 19:26 . 2009-03-06 19:40 <DIR> d-------- c:\program files\Common Files\PC Tools
2009-03-06 19:26 . 2009-03-10 01:48 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-03-06 19:26 . 2008-12-11 09:38 159,600 --a------ c:\windows\system32\drivers\pctgntdi.sys
2009-03-06 19:26 . 2009-02-23 11:11 130,424 --a------ c:\windows\system32\drivers\PCTCore.sys
2009-03-06 19:26 . 2008-12-18 13:16 73,840 --a------ c:\windows\system32\drivers\PCTAppEvent.sys
2009-03-06 19:26 . 2008-12-10 13:36 64,392 --a------ c:\windows\system32\drivers\pctplsg.sys
2009-03-05 23:24 . 2009-03-05 23:24 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-05 23:24 . 2009-03-05 23:24 <DIR> d-------- c:\documents and settings\Karen.DB2JRYB1\Application Data\Malwarebytes
2009-03-05 23:24 . 2009-03-05 23:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-05 23:24 . 2009-02-11 11:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-05 23:24 . 2009-02-11 11:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-05 22:45 . 2009-03-05 22:45 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-03-05 22:45 . 2009-03-05 22:45 107,912 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-03-05 22:45 . 2009-03-05 22:45 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-03-05 22:44 . 2009-03-12 09:50 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-03-05 22:44 . 2009-03-06 18:30 <DIR> d-------- c:\documents and settings\Karen.DB2JRYB1\Application Data\AVGTOOLBAR
2009-03-05 22:44 . 2009-03-10 11:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-03-05 20:00 . 2009-03-10 01:23 <DIR> d-------- c:\program files\Lavasoft
2009-03-04 18:34 . 2009-03-04 18:34 <DIR> d-------- c:\program files\Alarm
2009-03-04 18:34 . 2007-04-30 00:24 61,440 --a------ c:\windows\system32\digitbox.ocx
2009-02-18 22:42 . 2009-03-08 01:20 54,156 --ah----- c:\windows\QTFont.qfn
2009-02-18 22:42 . 2009-02-18 22:42 1,409 --a------ c:\windows\QTFont.for
2009-02-17 21:21 . 2009-02-17 21:21 <DIR> d-------- c:\documents and settings\Karen.DB2JRYB1\Application Data\Amazon
2009-02-17 21:20 . 2009-02-17 21:20 <DIR> d-------- c:\program files\Amazon
2009-02-17 20:48 . 2009-02-17 20:48 <DIR> d-------- C:\My Music

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-12 19:31 --------- d-----w c:\documents and settings\Karen.DB2JRYB1\Application Data\Skype
2009-03-12 19:16 --------- d-----w c:\documents and settings\Karen.DB2JRYB1\Application Data\skypePM
2009-03-12 19:08 87,164,960 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-03-12 19:08 1,022,540 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-03-11 22:15 --------- d-----w c:\program files\Common Files\Adobe
2009-03-11 22:07 --------- d-----w c:\program files\Java
2009-03-11 03:18 --------- d-----w c:\program files\josh
2009-03-10 15:28 21,185,567 ----a-w c:\windows\Internet Logs\vsmon_on_demand_2009_03_10_03_36_49_full.dmp.zip
2009-03-10 05:23 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-09 02:50 --------- d-----w c:\program files\City of Heroes
2009-03-09 01:48 --------- d-----w c:\documents and settings\Karen.DB2JRYB1\Application Data\teamspeak2
2009-03-08 04:13 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-07 19:15 8,558 ----a-w c:\documents and settings\Karen.DB2JRYB1\Application Data\wklnhst.dat
2009-03-07 01:24 --------- d-----w c:\program files\Trend Micro
2009-03-07 00:54 --------- d-----w c:\program files\Spyware Doctor
2009-03-05 23:56 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-05 23:53 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-05 22:09 6,408,779 ----a-w c:\windows\Internet Logs\tvDebug.zip
2009-02-28 00:35 --------- d-----w c:\documents and settings\Karen.DB2JRYB1\Application Data\Hamachi
2009-02-26 19:19 --------- d-----w c:\program files\Starcraft
2009-02-25 22:23 --------- d-----w c:\program files\CohTest
2009-02-09 10:19 1,846,272 ----a-w c:\windows\system32\win32k.sys
2009-02-09 10:19 1,846,272 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-07 00:41 --------- d-----w c:\program files\Google
2009-01-31 02:40 --------- d-----w c:\program files\Maptools
2009-01-31 01:46 --------- d-----w c:\program files\gba
2009-01-23 23:05 --------- d--h--r c:\documents and settings\Karen.DB2JRYB1\Application Data\yahoo!
2009-01-22 20:10 --------- d-----w c:\program files\GOG.com
2009-01-21 00:51 --------- d-----w c:\program files\Full Tilt Poker
2009-01-20 21:12 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-01-20 20:48 --------- d-----w c:\program files\EA GAMES
2009-01-20 03:25 --------- d-----w c:\program files\Seagate
2009-01-20 03:25 --------- d-----w c:\documents and settings\All Users\Application Data\Seagate
2009-01-20 03:24 --------- d-----w c:\program files\MSXML 6.0
2009-01-19 03:47 --------- d-----w c:\program files\GOG.com Downloader
2009-01-19 03:47 --------- d-----w c:\documents and settings\Karen.DB2JRYB1\Application Data\com.gog.downloader.87F90EC6C28C7E479115BE2E026DB87A08BC420D.1
2009-01-19 03:46 --------- d-----w c:\program files\Common Files\Adobe AIR
2009-01-19 00:31 --------- d-----w c:\program files\SystemRequirementsLab
2009-01-19 00:31 --------- d-----w c:\documents and settings\Karen.DB2JRYB1\Application Data\SystemRequirementsLab
2009-01-18 02:27 --------- d-----w c:\program files\Diablo II
2009-01-17 02:35 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll
2009-01-15 05:45 --------- d-----w c:\program files\Macromedia
2009-01-10 21:20 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-01-04 02:30 2,639,872 ----a-w c:\windows\Internet Logs\xDB22.tmp
2009-01-01 07:05 21,191,331 ----a-w c:\windows\Internet Logs\vsmon_on_demand_2009_01_01_00_01_37_full.dmp.zip
2008-12-19 09:10 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 09:10 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-12-19 05:25 634,024 ------w c:\windows\system32\dllcache\iexplore.exe
2008-12-19 05:23 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-08-21 22:20 61,224 ----a-w c:\documents and settings\Karen.DB2JRYB1\GoToAssistDownloadHelper.exe
2008-01-01 06:11 40 ----a-w c:\documents and settings\Karen.DB2JRYB1\language.dat
2007-10-24 23:40 630,784 ----a-w c:\documents and settings\Karen.DB2JRYB1\GoToAssist_chat2way__317_en.exe
2007-06-05 01:33 72,168 ----a-w c:\documents and settings\Karen.DB2JRYB1\Application Data\GDIPFONTCACHEV1.DAT
2006-10-27 01:07 3,250,815 -c--a-w c:\program files\YVD086.exe
1998-04-21 07:57 131,072 ----a-w c:\program files\us_scd1_9210.bin
2008-10-09 04:23 88 --sh--r c:\windows\system32\3E39A46BB8.sys
2008-10-19 00:11 8 --sh--r c:\windows\system32\CD87AC12C5.sys
2008-12-05 03:20 3,140 --sha-w c:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------

2008-04-13 20:12 26112 a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\userinit.exe
2008-04-13 20:12 26112 a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\system32\userinit.exe
.
((((((((((((((((((((((((((((( SnapShot_2009-03-11_19.00.11.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 17:02:28 163,328 ----a-w c:\windows\ERDNT\AutoBackup\3-12-2009\ERDNT.EXE
+ 2009-03-12 19:15:16 9,060,352 ----a-w c:\windows\ERDNT\AutoBackup\3-12-2009\Users\00000001\ntuser.dat
+ 2009-03-12 19:15:17 208,896 ----a-w c:\windows\ERDNT\AutoBackup\3-12-2009\Users\00000002\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-10 68856]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 c:\windows\MIDIDEF.EXE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1024000]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-01-07 155648]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-05 1932568]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-10 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 c:\windows\stsystra.exe]
"MBMon"="CTMBHA.DLL" [2006-06-29 c:\windows\system32\CTMBHA.DLL]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-10 c:\windows\system32\narrator.exe]

c:\documents and settings\Karen.DB2JRYB1\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-05 22:45 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-08-06 11:21 50472 c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
--a------ 2008-04-17 15:14 98616 c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2006-01-02 18:41 45056 c:\program files\ATI Technologies\ATI.ACE\CLI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BuildBU]
--a------ 2004-02-19 07:23 61440 c:\dell\bldbubg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-08-08 08:11 490952 c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
--a------ 2006-08-03 19:51 1032192 c:\program files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2005-12-09 21:29 49152 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Leaf]
--a------ 2008-04-26 14:34 554896 c:\program files\Leaf Networks\Leaf\bin\Leaf.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxMenuMgr]
--a------ 2008-10-28 17:42 181544 c:\program files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
--a------ 2008-05-27 21:58 4269296 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--------- 2009-02-11 11:31 2262872 c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-07-10 17:59 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoiceCenter]
--------- 2006-02-16 10:20 1118208 c:\program files\Creative\VoiceCenter\AndreaVC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
--a------ 2007-03-28 18:10 224248 c:\program files\Yahoo!\Search Protection\SearchProtection.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)
"aawservice"=2 (0x2)
"gusvc"=3 (0x3)
"Spooler"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"Fax"=2 (0x2)
"ACDaemon"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\josh\\mIRC\\mirc.exe"=
"c:\\Program Files\\josh\\YGO Virtual Desktop V086.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\josh\\snes9x\\snes9x.exe"=
"c:\\Program Files\\josh\\Fusion.exe"=
"c:\\Program Files\\josh\\snes9x.exe"=
"c:\\Program Files\\josh\\Zsnesw.exe"=
"c:\\Program Files\\Skulltag\\skulltag.exe"=
"c:\\Program Files\\Skulltag\\IdeSE.exe"=
"c:\\Program Files\\josh\\Skulltag\\IdeSE.exe"=
"c:\\Program Files\\josh\\Skulltag\\skulltag.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\WINDOWS\\system32\\javaws.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\Warcraft II BNE\\lancraft.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"c:\\Program Files\\Leaf Networks\\Leaf\\bin\\Leaf.exe"=
"c:\\Program Files\\GOG.com\\Unreal Tournament 2004\\System\\UT2004.exe"=
"c:\\Program Files\\GOG.com\\Sacred Gold\\GameServer.exe"=
"c:\\Program Files\\GOG.com\\Sacred Gold\\Sacred.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"6112:TCP"= 6112:TCP:star

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-03-06 130424]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-05 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-05 107912]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-03-05 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-05 298264]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2008-10-28 156968]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-10-10 24652]
R3 leafnets;Leaf Networks Adapter;c:\windows\system32\drivers\leafnets.sys [2007-05-02 55296]
S3 WPRO_40_1123;WinPcap Packet Driver (WPRO_40_1123);c:\windows\system32\drivers\WPRO_40_1123.sys --> c:\windows\system32\drivers\WPRO_40_1123.sys [?]
S4 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-03-06 348752]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{325a36f6-7084-11dd-91c2-0018f357d1f2}]
\Shell\AutoRun\command - F:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-03-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Karen.DB2JRYB1\Start Menu\Programs\IMVU\Run IMVU.lnk
FF - ProfilePath - c:\documents and settings\Karen.DB2JRYB1\Application Data\Mozilla\Firefox\Profiles\fmudpqwd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50fftrie7
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=tb50fftrab&query=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\Karen.DB2JRYB1\Application Data\Mozilla\Firefox\Profiles\fmudpqwd.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-12 15:30:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1220)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
.
Completion time: 2009-03-12 15:34:19
ComboFix-quarantined-files.txt 2009-03-12 19:34:16
ComboFix2.txt 2009-03-11 23:02:25
ComboFix3.txt 2009-03-10 16:24:10
ComboFix4.txt 2009-03-10 15:51:40

Pre-Run: 20,760,141,824 bytes free
Post-Run: 20,809,863,168 bytes free

312 --- E O F --- 2009-03-11 21:35:12

dds

DDS (Ver_09-02-01.01) - NTFSx86
Run by Karen at 15:51:08.81 on Thu 03/12/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.268 [GMT -4:00]

AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated)
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
FW: ZoneAlarm Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
svchost.exe
C:\Program Files\josh\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Karen.DB2JRYB1\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: NoExplorer - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Yahoo! IE Suggest: {5a263cf7-56a6-4d68-a8cf-345be45bc911} - c:\program files\yahoo!\search\YSearchSuggest.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: AIM Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [SetDefaultMIDI] MIDIDef.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [MBMon] Rundll32 CTMBHA.DLL,MBMon
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\karen~1.db2\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-us\local\search.html
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\karen.db2jryb1\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1161829172203
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163261639734
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\karen~1.db2\applic~1\mozilla\firefox\profiles\fmudpqwd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50fftrie7
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=tb50fftrab&query=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll
FF - plugin: c:\documents and settings\karen.db2jryb1\application data\mozilla\firefox\profiles\fmudpqwd.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-3-6 130424]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-5 325640]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-3-5 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-5 107912]
R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2008-8-24 127768]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-8-24 394952]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-3-5 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-3-5 298264]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2008-10-28 156968]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-10-10 24652]
R3 leafnets;Leaf Networks Adapter;c:\windows\system32\drivers\leafnets.sys [2007-5-2 55296]
S2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S3 WPRO_40_1123;WinPcap Packet Driver (WPRO_40_1123);c:\windows\system32\drivers\wpro_40_1123.sys --> c:\windows\system32\drivers\WPRO_40_1123.sys [?]
S4 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-3-6 348752]
S4 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-3-6 1095560]

=============== Created Last 30 ================

2009-03-10 02:01 <DIR> a-dshr-- C:\cmdcons
2009-03-10 01:52 161,792 a------- c:\windows\SWREG.exe
2009-03-10 01:52 98,816 a------- c:\windows\sed.exe
2009-03-08 00:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Drivers HeadQuarters
2009-03-08 00:11 <DIR> --d----- c:\program files\PC Drivers HeadQuarters
2009-03-06 19:26 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-03-06 19:26 130,424 a------- c:\windows\system32\drivers\PCTCore.sys
2009-03-06 19:26 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-03-06 19:26 <DIR> --d----- c:\program files\common files\PC Tools
2009-03-06 19:26 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-03-05 23:24 <DIR> --d----- c:\docume~1\karen~1.db2\applic~1\Malwarebytes
2009-03-05 23:24 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-05 23:24 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-05 23:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-05 23:24 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-05 22:45 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-03-05 22:45 107,912 a------- c:\windows\system32\drivers\avgtdix.sys
2009-03-05 22:45 325,640 a------- c:\windows\system32\drivers\avgldx86.sys
2009-03-05 22:44 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-03-05 22:44 <DIR> --d----- c:\docume~1\karen~1.db2\applic~1\AVGTOOLBAR
2009-03-05 22:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-03-05 20:00 <DIR> --d----- c:\program files\Lavasoft
2009-03-04 18:34 61,440 a------- c:\windows\system32\digitbox.ocx
2009-03-04 18:34 <DIR> --d----- c:\program files\Alarm
2009-02-18 22:42 54,156 a---h--- c:\windows\QTFont.qfn
2009-02-18 22:42 1,409 a------- c:\windows\QTFont.for
2009-02-17 21:20 <DIR> --d----- c:\program files\Amazon
2009-02-17 20:48 <DIR> --d----- C:\My Music

==================== Find3M ====================

2009-03-12 15:08 87,164,960 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-03-12 15:08 1,022,540 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-03-07 15:15 8,558 a------- c:\docume~1\karen~1.db2\applic~1\wklnhst.dat
2009-02-09 06:19 1,846,272 a------- c:\windows\system32\win32k.sys
2009-02-09 06:19 1,846,272 -------- c:\windows\system32\dllcache\win32k.sys
2009-01-20 17:12 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-01-16 22:35 3,594,752 a------- c:\windows\system32\dllcache\mshtml.dll
2009-01-10 17:20 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-19 05:10 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 05:10 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-12-19 01:25 634,024 -------- c:\windows\system32\dllcache\iexplore.exe
2008-12-19 01:23 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2008-08-21 18:20 61,224 a------- c:\documents and settings\karen.db2jryb1\GoToAssistDownloadHelper.exe
2008-01-01 02:11 40 a------- c:\documents and settings\karen.db2jryb1\language.dat
2007-10-24 19:40 630,784 a------- c:\documents and settings\karen.db2jryb1\GoToAssist_chat2way__317_en.exe
2007-06-04 21:33 72,168 a------- c:\docume~1\karen~1.db2\applic~1\GDIPFONTCACHEV1.DAT
2006-10-26 21:07 3,250,815 ac------ c:\program files\YVD086.exe
1998-04-21 03:57 131,072 a------- c:\program files\us_scd1_9210.bin
2008-10-09 00:23 88 ---shr-- c:\windows\system32\3E39A46BB8.sys
2008-10-18 20:11 8 ---shr-- c:\windows\system32\CD87AC12C5.sys
2008-12-04 23:20 3,140 a--sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 15:51:52.20 ===============

attatch

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 10/20/2006 12:05:29 PM
System Uptime: 3/12/2009 2:08:54 PM (1 hours ago)

Motherboard: Dell Inc. | | 0YD612
Processor: Genuine Intel(R) CPU T2300 @ 1.66GHz | Microprocessor | 1662/166mhz
Processor: Genuine Intel(R) CPU T2300 @ 1.66GHz | Microprocessor | 1662/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 79 GiB total, 19.398 GiB free.
D: is FIXED (NTFS) - 26 GiB total, 25.584 GiB free.
E: is CDROM ()
F: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\3FFFFFFF5B4FC000
Manufacturer: Microsoft
Name: 1394 Net Adapter #2
PNP Device ID: V1394\NIC1394\3FFFFFFF5B4FC000
Service: NIC1394

Class GUID: {4D36E97B-E325-11CE-BFC1-08002BE10318}
Description: VAXSCSI Controller
Device ID: ACPI\PNPA000\4&48789D60&0
Manufacturer: (Standard mass storage controllers)
Name: VAXSCSI Controller
PNP Device ID: ACPI\PNPA000\4&48789D60&0
Service: vaxscsi

==== System Restore Points ===================

RP519: 12/11/2008 1:02:26 AM - Software Distribution Service 3.0
RP520: 12/12/2008 9:22:16 PM - Removed Corel Photo Album 6
RP521: 12/16/2008 12:16:28 AM - Removed Mids' Hero Designer
RP522: 12/17/2008 12:22:34 AM - System Checkpoint
RP523: 12/19/2008 2:23:59 AM - Software Distribution Service 3.0
RP524: 12/20/2008 12:06:55 AM - Software Distribution Service 3.0
RP525: 12/20/2008 3:23:27 PM - Software Distribution Service 3.0
RP526: 1/6/2009 5:03:08 PM - Installed Bluetooth Stack for Windows by Toshiba.
RP527: 1/6/2009 5:11:04 PM - Removed Bluetooth Stack for Windows by Toshiba.
RP528: 1/10/2009 4:19:47 PM - Installed Java(TM) 6 Update 11
RP529: 1/14/2009 12:04:16 AM - Software Distribution Service 3.0
RP530: 1/14/2009 8:19:57 PM - Installed Full Tilt Poker
RP531: 1/18/2009 8:39:25 PM - Removed Doom 3
RP532: 1/19/2009 10:24:45 PM - Installed Seagate Manager Installer
RP533: 1/19/2009 10:32:54 PM - Installed Seagate Manager Installer
RP534: 1/20/2009 2:36:26 AM - Software Distribution Service 3.0
RP535: 1/27/2009 3:37:57 PM - System Checkpoint
RP536: 1/31/2009 2:30:56 PM - System Checkpoint
RP537: 1/31/2009 4:20:06 PM - Removed GameSpy Comrade.
RP538: 2/11/2009 2:34:23 PM - Software Distribution Service 3.0
RP539: 2/16/2009 5:44:32 PM - System Checkpoint
RP540: 2/18/2009 12:04:50 AM - System Checkpoint
RP541: 2/24/2009 6:49:56 PM - System Checkpoint
RP542: 2/25/2009 2:50:53 AM - Software Distribution Service 3.0
RP543: 2/26/2009 1:30:11 AM - Software Distribution Service 3.0
RP544: 2/27/2009 1:34:56 AM - Software Distribution Service 3.0
RP545: 2/28/2009 10:13:28 AM - Software Distribution Service 3.0
RP546: 3/3/2009 2:55:06 PM - Software Distribution Service 3.0
RP547: 3/5/2009 6:37:00 PM - Configured AVG Free 8.5
RP548: 3/5/2009 6:51:22 PM - Software Distribution Service 3.0
RP549: 3/5/2009 9:29:44 PM - Removed AVG Free 8.0
RP550: 3/5/2009 9:32:58 PM - Installed AVG Free 8.0
RP551: 3/5/2009 9:44:17 PM - Installed AVG Free 8.5
RP552: 3/6/2009 5:29:16 PM - Software Distribution Service 3.0
RP553: 3/6/2009 6:47:39 PM - Shockwave Player
RP554: 3/6/2009 7:13:32 PM - Spyware Doctor: Cleaning Threats
RP555: 3/6/2009 7:49:38 PM - Spyware Doctor: Cleaning Threats
RP556: 3/7/2009 1:09:23 AM - Software Distribution Service 3.0
RP557: 3/7/2009 4:10:37 PM - Software Distribution Service 3.0
RP558: 3/7/2009 11:11:28 PM - Installed Driver Detective
RP559: 3/7/2009 11:47:08 PM - Avg8 Update
RP560: 3/8/2009 4:19:56 PM - Software Distribution Service 3.0
RP561: 3/9/2009 12:19:49 AM - Software Distribution Service 3.0
RP562: 3/10/2009 12:26:50 AM - Removed AVG Free 8.0
RP563: 3/10/2009 12:29:51 AM - Removed AVG Free 8.0
RP564: 3/10/2009 12:41:32 AM - Removed AVG Free 8.0
RP565: 3/10/2009 12:53:19 AM - ComboFix created restore point
RP566: 3/10/2009 12:56:36 AM - ComboFix created restore point
RP567: 3/10/2009 10:40:01 AM - Configured AVG Free 8.5
RP568: 3/11/2009 4:30:03 PM - Software Distribution Service 3.0
RP569: 3/11/2009 4:54:10 PM - Removed J2SE Runtime Environment 5.0 Update 6
RP570: 3/11/2009 4:56:25 PM - Removed Java(TM) 6 Update 2
RP571: 3/11/2009 4:58:08 PM - Removed Java(TM) 6 Update 3
RP572: 3/11/2009 5:01:05 PM - Removed Java(TM) 6 Update 5
RP573: 3/11/2009 5:04:09 PM - Removed Java(TM) 6 Update 7
RP574: 3/11/2009 5:07:07 PM - Removed Java(TM) SE Runtime Environment 6 Update 1
RP575: 3/11/2009 5:11:37 PM - Removed Adobe Reader 7.0.8
RP576: 3/11/2009 5:14:56 PM - Installed Adobe Reader 9.1.
RP577: 3/11/2009 5:49:05 PM - ComboFix created restore point
RP578: 3/12/2009 2:20:51 PM - ComboFix created restore point

==== Installed Programs ======================

7-Zip 4.57
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Photoshop 7.0
Adobe Reader 9.1
Adobe Shockwave Player 11
AIM 6
AIM Toolbar 5.0
Alarm 2.0.4
Amazon MP3 Downloader 1.0.3
Andrea VoiceCenter
AOLIcon
ArcSoft MediaConverter 2.5
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
AutoUpdate
AVG 8.5
Broadcom Management Programs
BUM
CCScore
City of Villains/City of Heroes (remove only)
Conexant HDA D110 MDC V.92 Modem
Creative Audio Pack
Creative MediaSource 5
Critical Update for Windows Media Player 11 (KB959772)
DAEMON Tools Toolbar
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell System Restore
Dell Wireless WLAN Card
Diablo
Diablo II
Digital Content Portal
Digital Line Detect
DivX
DivX Converter
DivX Player
DivX Web Player
Documentation & Support Launcher
Driver Detective
ELIcon
EPSON Print CD
EPSON Printer Software
EPSON SPR340 User's Guide
ERUNT 1.1j
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
essvcpt
Fallout
Full Tilt Poker
Games, Music, & Photos Launcher
GOG.com Downloader
Google Toolbar for Firefox
Google Toolbar for Internet Explorer
Hamachi 1.0.1.1
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
HLPPDOCK
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB908673)
Hotfix for Windows XP (KB909095)
Hotfix for Windows XP (KB909394)
Hotfix for Windows XP (KB912024)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
HTML TADS Player Kit
Java(TM) 6 Update 11
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
KODAK EASYSHARE Gallery Easy Upload, v2.1
Kodak EasyShare software
KSU
Leaf
Lernout & Hauspie TruVoice American English TTS Engine
LiveUpdate 2.6 (Symantec Corporation)
Macromedia Extension Manager
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Macromedia Flash Player 8
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft ActiveSync
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Standard 2006
Microsoft Digital Image Standard 2006 Editor
Microsoft Digital Image Standard 2006 Library
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Streets & Trips 2006
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Word 2002
Microsoft Works
Microsoft Works Suite 2006 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Mids' Hero/Villain Designer
mIRC
Modem Helper
Mozilla Firefox (3.0.7)
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB954459)
Netflix Movie Viewer
NetWaiting
Notifier
OfotoXMI
OpenOffice.org Installer 1.0
Optimum Online net guide
OTtBP
OTtBPSDK
PowerDVD 5.7
QuickSet
QuickTime
RealPlayer
RPTools MapTool
SA32xx Device Manager
Sacred Gold
Scientific Atlanta WebSTAR 2000 series Cable Modem
Seagate Manager Installer
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
SFR
SHASTA
Sid Meier's Civilization 4
Sid Meier's Civilization 4 - Beyond the Sword
Sid Meier's Civilization 4 - Warlords
SKIN0001
SKINXSDK
Skulltag
Skype™ 3.8
Sonic DLA
Sonic Encoders
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sound Blaster ADVANCED MB Drivers
Sound Blaster Audigy ADVANCED MB
Sound Blaster Audigy ADVANCED MB Product Registration
Speakonia
Spybot - Search & Destroy
Spyware Doctor 6.0
Starcraft
staticcr
Synaptics Pointing Device Driver
System Requirements Lab
TeamSpeak 2 RC2
The Sims™ 2 Double Deluxe
Unreal Tournament 2004
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update Rollup 2 for Windows XP Media Center Edition 2005
URL Assistant
VidiotMaps Map Overlay
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VPRINTOL
Warcraft II BNE
WebFldrs XP
Winamp (remove only)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Mobile® Device Handbook
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890927
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892627
Windows XP Hotfix - KB893056
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
WinRAR archiver
WIRELESS
Works Upgrade
Yahoo! Browser Services
Yahoo! IE Search Suggest
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Search Protection
Yugioh Virtual Desktop
Yugioh Virtual Dueling
ZoneAlarm

==== Event Viewer Messages From Past Week ========

3/11/2009 4:34:42 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
3/10/2009 11:24:18 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
3/12/2009 3:22:15 AM, error: Dhcp [1002] - The IP address lease 173.2.246.39 for the Network Card with network address 0018F357D1F2 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
3/12/2009 3:22:15 AM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
3/12/2009 3:23:47 AM, error: Service Control Manager [7000] - The AVG Free AVI Loader Driver x86 service failed to start due to the following error: %%3758161921
3/12/2009 2:02:08 PM, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{161A7C24-BDF2-4BF4-8AF1-BFED38DAD9BF} because another computer on the network has the same name. The server could not start.
3/12/2009 2:17:11 PM, error: Dhcp [1002] - The IP address lease 173.2.248.6 for the Network Card with network address 0018F357D1F2 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
3/12/2009 2:50:56 PM, information: Windows File Protection [64005] - The protected system file userinit.exe was not restored to its original, valid version because the Windows File Protection restoration process was cancelled by user interaction, user name is Karen. The file version of the bad file is 5.1.2600.5512.

==== End Of File ===========================

Animehound · Mar 12, 2009

system also stated that i didnt have the cd in drive so i could replace it

Animehound · Mar 12, 2009

system also stated that i didnt have the cd in drive so i could replace it

Blade81 · Mar 13, 2009

Hi

Despite of those notifications it seems that process ended successfully. How is the system running now?

MSA maybe more?

New member

Security Expert: Emeritus

New member

Security Expert: Emeritus

New member

Security Expert: Emeritus

New member

New member

Security Expert: Emeritus

New member

Security Expert: Emeritus

New member

New member

New member

Security Expert: Emeritus

New member

New member

New member

New member

Security Expert: Emeritus