win32.tdss.rtk

[fdpatches]

Hello,
I found out that I have win32.tdss.rtk on my computer. I have tried malware bytes and Spybot search and destroy to no avail. Also I just notices that the system restore is not working, not sure how long since I haven
t used it in ages. It says there is not enough disk space but it says it needs at least %d MB of free space so it must be some kind of error. My web searches have been redirected for a few weeks now, but I didnt really think much of it. Here is a copy of my hihack this log.

Thanks in advance for your help,
Tom

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:48:29 AM, on 7/27/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINNT\System32\CTsvcCDA.exe
C:\WINNT\SYSTEM32\GEARSEC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINNT\system32\SK9910DM.EXE
C:\WINNT\GWMDMMSG.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\PhoneTools\CapFax.EXE
C:\WINNT\system32\PnkBstrA.exe
C:\WINNT\SM1BG.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1180989014\ee\AOLSoftware.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\BOINC\boincmgr.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\wanmpsvc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\BOINC\boinc.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\system32\spider.exe
C:\Program Files\BOINC\projects\setiathome.berkeley.edu\setiathome_6.03_windows_intelx86.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.runevillage.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [AtiPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [CapFax] C:\Program Files\PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINNT\SM1BG.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [PSPVideo9] C:\Program Files\pspvideo9\pspVideo9.exe -t
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1180989014\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8557] command /c del "C:\WINNT\system32\drivers\hjgruialmlxqtq.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3458] cmd /c del "C:\WINNT\system32\drivers\hjgruialmlxqtq.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7956] command /c del "C:\WINNT\system32\hjgruiapltqiah.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC342] cmd /c del "C:\WINNT\system32\hjgruiapltqiah.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6886] command /c del "C:\WINNT\system32\hjgruiflqnawvc.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7694] cmd /c del "C:\WINNT\system32\hjgruiflqnawvc.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9114] command /c del "C:\WINNT\temp\hjgruitllweoufpe.tmp"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9325] cmd /c del "C:\WINNT\temp\hjgruitllweoufpe.tmp"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5380] command /c del "C:\WINNT\system32\hjgruinklqxwyo.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2776] cmd /c del "C:\WINNT\system32\hjgruinklqxwyo.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingA749] command /c del "C:\WINNT\system32\hjgruivjwmhcpn.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9255] cmd /c del "C:\WINNT\system32\hjgruivjwmhcpn.dat"
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB5411] command /c del "C:\WINNT\system32\drivers\hjgruialmlxqtq.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7093] cmd /c del "C:\WINNT\system32\drivers\hjgruialmlxqtq.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7336] command /c del "C:\WINNT\system32\hjgruiapltqiah.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3318] cmd /c del "C:\WINNT\system32\hjgruiapltqiah.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9285] command /c del "C:\WINNT\system32\hjgruiflqnawvc.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1166] cmd /c del "C:\WINNT\system32\hjgruiflqnawvc.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4976] command /c del "C:\WINNT\temp\hjgruitllweoufpe.tmp"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9861] cmd /c del "C:\WINNT\temp\hjgruitllweoufpe.tmp"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9803] command /c del "C:\WINNT\system32\hjgruinklqxwyo.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2770] cmd /c del "C:\WINNT\system32\hjgruinklqxwyo.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6228] command /c del "C:\WINNT\system32\hjgruivjwmhcpn.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1827] cmd /c del "C:\WINNT\system32\hjgruivjwmhcpn.dat"
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Handspring\HOTSYNC.EXE
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: &Search - ?p=ZJxdm086YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon FiOS Installer.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://jcs.chat.dcn.yahoo.com/v45/yacscom.cab
O16 - DPF: {4129EA54-F04E-11D3-BF96-00C04F0E7BE2} - http://www112.coolsavings.com/LTC/download/cscmv4X.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...apple.com/qt505/us/win/QuickTimeInstaller.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229602947828
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {B9F3009B-976B-41C4-A992-229DCCF3367C} (CoAxTrack Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (&Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio4029.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} (PCUploader Class) - http://www.konicaminoltaonline.com/activex/PCAXSetup.cab?
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: avgrsstx.dll skofpi.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINNT\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: hgGyyxYo - hgGyyxYo.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINNT\SYSTEM32\GEARSEC.EXE
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINNT\system32\PnkBstrA.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

--
End of file - 15168 bytes

 

[Bio-Hazard]

Hello and Welcome to forums!

My name is Bio-Hazard and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:

• I will be working on your Malware issues this may or may not solve other issues you have with your machine.
• The fixes are specific to your problem and should only be used for this issue on this machine.
• I f you don't know or understand something please don't hesitate to ask.
• Please DO NOT run any other tools or scans whilst I am helping you.
• It is important that you reply to this thread. Do not start a new topic.
• Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
• Absence of symptoms does not mean that everything is clear.

No Reply Within 4 Days Will Result In Your Topic Being Closed!!

 

[Bio-Hazard]

Use of P2P (Person to Person) file sharing programs

I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Kazaa

Please read HERE the Safer Networking Forums policy on the use of P2P file sharing programs. Please remove it before we can continue any further. Post back when you have done it so we can continue the cleaning process.

NOTE: Even if you are using a safe P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.


STEP 1

Download DDS

Please download DDS by sUBs from one of the links below and save it to your desktop:

Download DDS and save it to your desktop from:

Link 1
Link 2

Please disable any anti-malware program that will block scripts from running before running DDS.

• Double-Click on dds.scr and a command window will appear. This is normal.
• Shortly after two logs will appear:
  • DDS.txt
  • Attach.txt
• A window will open instructing you save & post the logs
• Save the logs to a convenient place such as your desktop
• Copy the contents of both logs & post in your next reply

STEP 2


RootRepeal - Rootkit Detector

Download RootRepeal.zip and unzip it to your Desktop.

• Double click RootRepeal.exe to start the program
• Click on the Report tab at the bottom of the program window
• Clickthe Scan button
• In the Select Scan dialog, check:
  • Drivers
  • Files
  • Processes
  • SSDT
  • Stealth Objects
  • Hidden Services
• Click the OK button
• In the next dialog, select all drives showing
• Click OK to start the scan
  
  The scan can take some time. DO NOT run any other programs while the scan is running
• When the scan is complete, the Save Report button will become available
• Click this and save the report to your Desktop as RootRepeal.txt
• Go to File, then Exit to close the program

Next Reply

Please reply with:

• DDS.txt
• Attach.txt
• RootRepeal.txt

 

[fdpatches]

Hello,
I thought kazaa was removed, when I tried to remove it using add remove program I get an error message

Error loading
C:\winnt\system32\cd_clint.dll
the specific module could not be found.

Also when I tried to run the progam I get the error
couldn't load library
topseach.dll

Any other way to get rid of it?

Thanks,
Tom

 

[fdpatches]

Hello,
here are the DDS logs, when I tried to run rootrepeal, the computer actually shut down, when It rebooted I got a dos type window popup that said

16 bit ms-dos subsystem
c:\winnt\system32\command.com
c:\programfiles\symantic\s32eunt1.dll

close or ignore

I clicked both several times and it finally disappeared. When windows came up several of the same windows popped up, I was able to close them all. Then the windows box poped up and said it recovered from an error.


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\Harddisk0\DP(1)0x7e00-0x1bf26f0400+1
Install Date: 3/19/2002 4:03:19 PM
System Uptime: 7/26/2009 12:48:11 PM (25 hours ago)

Motherboard: Intel Corporation | | D850MV
Processor: Intel(R) Pentium(R) 4 CPU 2.20GHz | J2E1 | 2193/100mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 112 GiB total, 40.276 GiB free.
D: is CDROM ()
E: is CDROM (CDFS)
F: is CDROM ()
G: is CDROM (CDFS)

==== Disabled Device Manager Items =============

Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&3A2C8C4B&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&3A2C8C4B&0
Service: i8042prt

Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Easy Internet Keyboard
Device ID: ACPI\PNP0303\4&3A2C8C4B&0
Manufacturer: Logitech
Name: Easy Internet Keyboard
PNP Device ID: ACPI\PNP0303\4&3A2C8C4B&0
Service: i8042prt

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: MAC Bridge Miniport
Device ID: ROOT\MS_BRIDGEMP\0000
Manufacturer: Microsoft
Name: MAC Bridge Miniport
PNP Device ID: ROOT\MS_BRIDGEMP\0000
Service: BridgeMP

==== System Restore Points ===================

RP949: 6/27/2009 10:51:14 AM - Avg8 Update
RP950: 6/27/2009 10:51:18 AM - Avg8 Update
RP951: 6/27/2009 10:51:21 AM - System Checkpoint
RP952: 6/27/2009 10:51:23 AM - System Checkpoint
RP953: 6/27/2009 10:51:23 AM - System Checkpoint
RP954: 6/27/2009 10:51:24 AM - Avg8 Update
RP955: 6/27/2009 10:51:27 AM - Avg8 Update
RP956: 6/27/2009 10:51:27 AM - Avg8 Update
RP957: 6/27/2009 10:51:30 AM - Avg8 Update
RP958: 6/27/2009 10:51:32 AM - Avg8 Update
RP959: 6/27/2009 10:51:34 AM - Avg8 Update
RP960: 6/27/2009 10:51:36 AM - FiOS Installation
RP961: 6/27/2009 10:51:38 AM - System Checkpoint
RP962: 6/27/2009 10:51:40 AM - System Checkpoint
RP963: 6/27/2009 10:51:41 AM - System Checkpoint
RP964: 6/27/2009 10:51:43 AM - System Checkpoint
RP965: 6/27/2009 10:51:45 AM - Removed Verizon FiOS Connection Wizard
RP966: 6/27/2009 10:51:46 AM - Removed Monsters, Inc. Wreck Room Arcade
RP967: 6/27/2009 10:51:48 AM - Avg8 Update
RP968: 6/27/2009 10:51:48 AM - Avg8 Update

==== Installed Programs ======================

2002 TaxSlayer OLF
3D Groove Playback Engine
911 Fire Rescue
Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Reader 8
AFS780
AOL Instant Messenger
AOL Uninstaller (Choose which Products to Remove)
Apple Mobile Device Support
Apple Software Update
ARC-EazyStream Client
Army Men RTS
ATI - Software Uninstall Utility
ATI Control Panel
ATI Decoder
ATI Display Driver
ATI HYDRAVISION
ATI Multimedia Center
ATI Multimedia Center 9.01
ATI Remote Wonder 2.3
ATIRW2
AVG Free 8.5
AviSynth 2.5
Batch Assistant
Big Fish Games Client
BMSE dbl
Bob the Builder
Bob the Builder - Bob's Castle Adventure
BOINC
Call of Duty
Call of Duty - United Offensive
Call of Duty(R) 2
Call of Duty(R) 4 - Modern Warfare(TM)
Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
Chuzzle Deluxe 1.01
Command & Conquer Generals
Command & Conquer Renegade
Command and ConquerTM Generals Zero Hour
ComputerCOP (Remove Only)
Coupon Printer for Windows
Creative PlayCenter
Creative Recorder
Cypress USB Mass Storage Driver Installation
DAO
Data Compiler
Day of Defeat
Diner Dash®: Flo on the Go
Dora Lost City
DVD Copy Plus
DVD Decrypter (Remove Only)
DVD Player
DVD Shrink 3.2
DVDFab Decrypter 2.9.7.3
DVDXCopy (remove only)
EACOM Game Installer
Easy CD-DA Extractor 8.0.2
Easy CD Creator 5 Basic
ERUNT 1.1j
eXplorist Wizard
FDNY Firefighter: American Hero
Fisher Price ABC 32
GameSpy Arcade
GearDrivers
Google Earth
Google Toolbar for Internet Explorer
GTW V.92 Voice Modem
Guild Wars
Handmark Monopoly
Harry Potter II
HelpSpot
Hidden Expedition - Titanic (remove only)
Hidden Expedition Titanic (remove only)
Hidden Mysteries: Civil War
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
Hubble Images Screen Saver
HyperLoad
IE Help
IEC system
Imaginext(TM) Battle Castle
Indexing Function
Intel(R) PRO Ethernet Adapter and Software
InterActual Player
iTunes
Java(TM) 6 Update 14
Java(TM) 6 Update 7
Jewel Quest (remove only)
KartRider
Kazaa Media Desktop 2.1.1
KazStamp
Kids Next Door
Learn2 Player (Uninstall Only)
LEGO Digital Designer
LiveReg (Symantec Corporation)
LiveUpdate 2.5 (Symantec Corporation)
Logitech iTouch Software
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
MCP-1A
Medal of Honor Allied Assault
Media Library Management Wizard
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft Data Access Components KB870669
Microsoft Links 2001
Microsoft Links 2003
Microsoft Office XP Media Content
Microsoft Office XP Small Business
Microsoft Picture It! Photo Premium 9
Microsoft Rise Of Nations Trial
Microsoft Smart Card Base Components
Microsoft Visual C++ 2005 Redistributable
Microsoft XML Parser and SDK
mIRC
MobileDB for Palm OS
Monopoly Tycoon
Movie Maker Background Music Files
Movie Maker Sound Effects
Movie Maker Title Images
Mozilla Firefox (3.5.1)
MSN Gaming Zone
MSN Music Assistant
MSXML 4.0 SP2 (KB954430)
MSXML4 Parser
MUSICMATCH Jukebox
MyMouse 4.3
Nancy Drew: Ghost Dogs of Moon Lake
Nancy Drew: Secret of the Scarlet Hand
Nancy Drew: Stay Tuned For Danger
Napster
Napster Burn Engine
Napster Label Creator
Nero 7 Premium
neXBC 5.0
Operation
Paint Shop Pro 7 Try And Buy
Palm Desktop
Palm Desktop and Synchronization Software
PC-Doctor for Windows
Personal License Update Wizard for Windows Media Player
PhoneTools
PhotoParade Player
Plus! MP3 Audio Converter LE
Pokémon Edu Series
ProScan Client
ProScan Client 1.8
PS/2 Millennium Keyboard
PSP Video 9 1.51
Pure Networks Port Magic
QuickTime
RealPlayer
Rise of Nations
Roll
RollerCoaster Tycoon 2
SBM OS
Scooby-Doo(TM), Phantom of the Knight(TM)
SE Assistant
SE Help
Search Assistant
Search Function
Search OS
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960714)
ServerWatch AntiCheat
Shockwave
Shutterfly SmartUpload
Sidebar Search
Sierra Utilities
smart Card Reader
Solitare Pack I
Sound Blaster Live! Value
SpongeBob SquarePants Diner Dash (remove only)
SpongeBob SquarePants Diner Dash 2
SpongeBob SquarePants Obstacle Odyssey 2
Spybot - Search & Destroy
Spybot - Search & Destroy 1.3
Support Software
Support.com Web Controls
TeamSpeak 2 RC2
TeamSpeak 2 Server RC2
The Print Shop Ensemble III
Thomas & Friends - The Great Festival Adventure
Thomas New Line
TinyCars 1.1
To The Eds-treme
TONKA Firefighter
TONKA Search & Rescue 2
Tonka Search and Rescue
TrunkStar780
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB955839)
URL.IE APP
USB Storage Adapter FX (SM1)
Ventrilo Client
Verizon FiOS Activation
Verizon FiOS Connection Wizard
Verizon Help and Support Tool
Viewpoint Manager (Remove Only)
Viewpoint Media Player
WeatherBug
WebFldrs XP
Westwood Shared Internet Components
WildTangent GameChannel (remove only)
WildWest Version 1.12
WinAce Archiver
WinAce Archiver 2.0
Winamp (remove only)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Media Bonus Pack for Windows XP
Windows Media Encoder 9 Series
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player Playlist Import to Excel Wizard
Windows Media Player Skin Importer
Windows Media Player Tray Control
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinMX
Xfire (remove only)
XLink Kai Evolution 7
ZoneAlarm

==== Event Viewer Messages From Past Week ========

7/27/2009 1:04:05 PM, error: Service Control Manager [7016] - The GEARSecurity service has reported an invalid current state 0.
7/26/2009 12:45:41 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX cdudf_xp Fips i8042prt intelppm IPSec KLIF MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip vsdatant
7/26/2009 12:45:41 PM, error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the vsdatant service which failed to start because of the following error: A device attached to the system is not functioning.
7/26/2009 12:45:41 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
7/26/2009 12:45:41 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/26/2009 12:45:41 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/26/2009 12:45:41 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBT service which failed to start because of the following error: A device attached to the system is not functioning.
7/26/2009 12:45:41 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/26/2009 12:45:13 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
7/26/2009 12:45:08 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/22/2009 7:16:32 AM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer YOUR-XXSYYAOZ37 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{0E3DAB07-814. The master browser is stopping or an election is being forced.
7/20/2009 5:44:31 PM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: The system cannot find the drive specified.
7/20/2009 5:44:30 PM, error: SRService [104] - The System Restore initialization process failed.
7/20/2009 5:33:29 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt
7/20/2009 5:33:29 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the TrueVector Internet Monitor service to connect.
7/20/2009 5:33:29 PM, error: Service Control Manager [7000] - The TrueVector Internet Monitor service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

==== End Of File ===========================



DDS (Ver_09-06-26.01) - NTFSx86
Run by Owner at 13:03:59.79 on Mon 07/27/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.197 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost -k DcomLaunch
svchost.exe
C:\WINNT\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINNT\System32\CTsvcCDA.exe
C:\WINNT\SYSTEM32\GEARSEC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINNT\system32\SK9910DM.EXE
C:\WINNT\GWMDMMSG.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\PhoneTools\CapFax.EXE
C:\WINNT\system32\PnkBstrA.exe
C:\WINNT\SM1BG.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1180989014\ee\AOLSoftware.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\WINNT\System32\svchost.exe -k imgsvc
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\BOINC\boincmgr.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\wanmpsvc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\BOINC\boinc.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\BOINC\projects\setiathome.berkeley.edu\setiathome_6.03_windows_intelx86.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.runevillage.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.gateway.net
mSearch Bar =
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - No File
TB: {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\winnt\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [<NO NAME>]
uRun: [ATI Launchpad]
uRun: [ATI Remote Control] c:\program files\ati multimedia\remctrl\ATIRW.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [AdobeUpdater] c:\program files\common files\adobe\updater5\AdobeUpdater.exe
uRunOnce: [SpybotDeletingB5411] command /c del "c:\winnt\system32\drivers\hjgruialmlxqtq.sys"
uRunOnce: [SpybotDeletingD7093] cmd /c del "c:\winnt\system32\drivers\hjgruialmlxqtq.sys"
uRunOnce: [SpybotDeletingB7336] command /c del "c:\winnt\system32\hjgruiapltqiah.dll"
uRunOnce: [SpybotDeletingD3318] cmd /c del "c:\winnt\system32\hjgruiapltqiah.dll"
uRunOnce: [SpybotDeletingB9285] command /c del "c:\winnt\system32\hjgruiflqnawvc.dll"
uRunOnce: [SpybotDeletingD1166] cmd /c del "c:\winnt\system32\hjgruiflqnawvc.dll"
uRunOnce: [SpybotDeletingB4976] command /c del "c:\winnt\temp\hjgruitllweoufpe.tmp"
uRunOnce: [SpybotDeletingD9861] cmd /c del "c:\winnt\temp\hjgruitllweoufpe.tmp"
uRunOnce: [SpybotDeletingB9803] command /c del "c:\winnt\system32\hjgruinklqxwyo.dat"
uRunOnce: [SpybotDeletingD2770] cmd /c del "c:\winnt\system32\hjgruinklqxwyo.dat"
uRunOnce: [SpybotDeletingB6228] command /c del "c:\winnt\system32\hjgruivjwmhcpn.dat"
uRunOnce: [SpybotDeletingD1827] cmd /c del "c:\winnt\system32\hjgruivjwmhcpn.dat"
mRun: [AtiPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
mRun: [GWMDMMSG] GWMDMMSG.exe
mRun: [Keyboard Preload Check] c:\oemdrvrs\keyb\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"
mRun: [GWMDMpi] c:\winnt\GWMDMpi.exe
mRun: [UpdReg] c:\winnt\Updreg.exe
mRun: [AdaptecDirectCD] c:\program files\adaptec\easy cd creator 5\directcd\DirectCD.exe
mRun: [CapFax] c:\program files\phonetools\CapFax.EXE
mRun: [KAZAA] c:\program files\kazaa\kazaa.exe /SYSTRAY
mRun: [AceGain LiveUpdate] c:\program files\acegain\liveupdate\LiveUpdate.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Pure Networks Port Magic] "c:\progra~1\purene~1\portma~1\PortAOL.exe" -Run
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [SM1BG] c:\winnt\SM1BG.EXE
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [PSPVideo9] c:\program files\pspvideo9\pspVideo9.exe -t
mRun: [zBrowser Launcher] c:\program files\logitech\itouch\iTouch.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [WinampAgent] c:\program files\winamp\winampa.exe
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [<NO NAME>]
mRun: [ATI DeviceDetect] c:\program files\ati multimedia\main\ATIDtct.EXE
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HostManager] c:\program files\common files\aol\1180989014\ee\AOLSoftware.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"
mRunOnce: [SpybotDeletingA8557] command /c del "c:\winnt\system32\drivers\hjgruialmlxqtq.sys"
mRunOnce: [SpybotDeletingC3458] cmd /c del "c:\winnt\system32\drivers\hjgruialmlxqtq.sys"
mRunOnce: [SpybotDeletingA7956] command /c del "c:\winnt\system32\hjgruiapltqiah.dll"
mRunOnce: [SpybotDeletingC342] cmd /c del "c:\winnt\system32\hjgruiapltqiah.dll"
mRunOnce: [SpybotDeletingA6886] command /c del "c:\winnt\system32\hjgruiflqnawvc.dll"
mRunOnce: [SpybotDeletingC7694] cmd /c del "c:\winnt\system32\hjgruiflqnawvc.dll"
mRunOnce: [SpybotDeletingA9114] command /c del "c:\winnt\temp\hjgruitllweoufpe.tmp"
mRunOnce: [SpybotDeletingC9325] cmd /c del "c:\winnt\temp\hjgruitllweoufpe.tmp"
mRunOnce: [SpybotDeletingA5380] command /c del "c:\winnt\system32\hjgruinklqxwyo.dat"
mRunOnce: [SpybotDeletingC2776] cmd /c del "c:\winnt\system32\hjgruinklqxwyo.dat"
mRunOnce: [SpybotDeletingA749] command /c del "c:\winnt\system32\hjgruivjwmhcpn.dat"
mRunOnce: [SpybotDeletingC9255] cmd /c del "c:\winnt\system32\hjgruivjwmhcpn.dat"
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\boincm~1.lnk - c:\program files\boinc\boincmgr.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\handspring\HOTSYNC.EXE
StartupFolder: c:\documents and settings\owner\start menu\programs\startup\PowerReg Scheduler V3.exe
StartupFolder: c:\documents and settings\owner\start menu\programs\startup\PowerReg Scheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\zoneal~1.lnk - c:\program files\zone labs\zonealarm\zonealarm.exe
IE: &Search - ?p=ZJxdm086YYUS
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\winnt\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: taxslayer.com\www
DPF: Microsoft XML Parser for Java - file://c:\winnt\java\classes\xmldso.cab
DPF: {0000000A-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmsp9dmo.cab
DPF: {00000075-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/voxmsdec.CAB
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - hxxp://jcs.chat.dcn.yahoo.com/v45/yacscom.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {4129EA54-F04E-11D3-BF96-00C04F0E7BE2} - hxxp://www112.coolsavings.com/LTC/download/cscmv4X.cab
DPF: {41F17733-B041-4099-A042-B518BB6A408C} - hxxp://a1540.g.akamai.net/7/1540/52/20020323/qtinstall.info.apple.com/qt505/us/win/QuickTimeInstaller.exe
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229602947828
DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} - hcp://system/RunExeActiveX.CAB
DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} - hxxp://chat.yahoo.com/cab/yacsui.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - hxxp://toolbar.google.com/data/GoogleActivate.cab
DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} - hcp://system/StartFirstControl.CAB
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37425.2758333333
DPF: {B9F3009B-976B-41C4-A992-229DCCF3367C} - hxxp://cdn.digitalcity.com/_media/dalaillama/ampx.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio4029.cab
DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} - hxxp://www.konicaminoltaonline.com/activex/PCAXSetup.cab?
DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} - hxxp://cvs.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: hgGyyxYo - hgGyyxYo.dll
AppInit_DLLs: avgrsstx.dll skofpi.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\ryzeoko5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.runescape.com/
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npietab.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwinamp.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\winnt\system32\drivers\avgldx86.sys [2009-1-28 335752]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\winnt\system32\drivers\avgmfx86.sys [2007-3-5 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\winnt\system32\drivers\avgtdix.sys [2009-1-28 108552]
R1 KLIF;KLIF;c:\winnt\system32\drivers\klif.sys [2008-4-23 127768]
R1 vsdatant;vsdatant;c:\winnt\system32\vsdatant.sys [2004-4-26 394952]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-6-24 907032]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-6 298776]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-7-5 24652]
R2 vsmon;TrueVector Internet Monitor;c:\winnt\system32\zonelabs\vsmon.exe -service --> c:\winnt\system32\zonelabs\vsmon.exe -service [?]
RUnknown kfcwp;kfcwp; [x]
S3 Gcr432;Gcr432;c:\winnt\system32\drivers\gcr432.sys [2001-10-4 53701]
S3 PacketNTx;Packet helper driver;c:\winnt\system32\drivers\PacketNTx.sys [2002-11-27 24544]
S3 PCDRDRV;Pcdr Helper Driver;\??\c:\atf\qctest\pcdoc\pcdrdrv.sys --> c:\atf\qctest\pcdoc\PCDRDRV.sys [?]
S3 VisorUsb;Handspring USB;c:\winnt\system32\drivers\visorusb.sys --> c:\winnt\system32\drivers\VisorUsb.sys [?]

=============== Created Last 30 ================

2009-07-14 15:20 410,984 a------- c:\winnt\system32\deploytk.dll

==================== Find3M ====================

2009-07-23 15:56 34 a------- c:\documents and settings\owner\jagex_runescape_preferences.dat
2009-07-18 08:45 335,752 a------- c:\winnt\system32\drivers\avgldx86.sys
2009-07-13 13:36 38,160 a------- c:\winnt\system32\drivers\mbamswissarmy.sys
2009-07-13 13:36 19,096 a------- c:\winnt\system32\drivers\mbam.sys
2009-06-24 09:38 1,393,936,416 a--sh--- c:\winnt\system32\drivers\fidbox.dat
2009-06-24 09:38 16,314,380 a--sh--- c:\winnt\system32\drivers\fidbox.idx
2009-06-24 09:33 11,952 a------- c:\winnt\system32\avgrsstx.dll
2008-05-20 15:25 0 a------- c:\program files\temp01
2007-11-23 13:26 22,328 a------- c:\docume~1\owner\applic~1\PnkBstrK.sys
2007-02-21 21:55 105,904 a------- c:\docume~1\owner\applic~1\GDIPFONTCACHEV1.DAT
2003-08-27 15:19 36,963 a----r-- c:\program files\common files\SM1updtr.dll
2001-10-04 15:18 53,701 a------- c:\winnt\inf\gemplus\gcr432.sys
2000-10-19 11:07 28,800 a------- c:\winnt\inf\gemplus\GCR412.sys

============= FINISH: 13:06:19.29 ===============

 

[Bio-Hazard]

Download and Run ComboFix

• ComboFix SHOULD NOT be used unless requested by a forum helper.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. A guide to do this can be found HERE
• Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.
  
  Link 1
  Link 2
  
  
  
  
  
  
  
  
• Double click on Combo-Fix.exe and follow the prompts.
• When finished, it will produce a report for you (C:\ComboFix.txt )
• Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
• Combofix should never take more that 20 minutes including the reboot if malware is detected.
  
  IMPORTANT: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.This tool is not a toy and not for everyday use.
  
  Next Reply
  
  Please reply with:
• ComboFix log (found at C:\Combofix.txt)
• New HijackThis log

 

[fdpatches]

OK,
this may sound dumb, but I cannot figure out how to disable the AVG 8.5??

 

[fdpatches]

Ok so far so good, It had to install windows restore said it wasn't found.

Also I noticed that my firewall and some other things in the taskbar aren't there??


ComboFix 09-07-26.03 - Owner 07/27/2009 15:17.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.656 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-3723271197-2911765694-2800509490-1003
c:\winnt\COUPON~1.OCX
c:\winnt\CouponPrinter.ocx
c:\winnt\Downloaded Program Files\popcaploader.inf
c:\winnt\Readme.txt
c:\winnt\system32\Ati2evxx.dll
c:\winnt\system32\BSTIEPrintCtl1.dll
c:\winnt\system32\drivers\hjgruialmlxqtq.sys
c:\winnt\system32\FTPx.dll
c:\winnt\system32\hjgruiapltqiah.dll
c:\winnt\system32\hjgruiflqnawvc.dll
c:\winnt\system32\hjgruinklqxwyo.dat
c:\winnt\system32\hjgruivjwmhcpn.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_hjgruilmeylkil


((((((((((((((((((((((((( Files Created from 2009-06-27 to 2009-07-27 )))))))))))))))))))))))))))))))
.

2009-07-27 12:45 . 2009-07-27 12:45 -------- d-----w- c:\program files\ERUNT
2009-07-14 19:20 . 2009-07-14 19:20 410984 ----a-w- c:\winnt\system32\deploytk.dll
2009-07-14 19:19 . 2009-07-14 19:19 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_14\lzma.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-27 19:43 . 2005-12-15 13:21 -------- d-----w- c:\program files\BOINC
2009-07-27 19:34 . 2008-04-23 17:06 16314380 --sha-w- c:\winnt\system32\drivers\fidbox.idx
2009-07-27 19:34 . 2008-04-23 17:06 1393936416 --sha-w- c:\winnt\system32\drivers\fidbox.dat
2009-07-23 19:56 . 2008-07-01 12:32 34 ----a-w- c:\documents and settings\Owner\jagex_runescape_preferences.dat
2009-07-22 15:33 . 2004-12-24 02:47 -------- d-----w- c:\documents and settings\Owner\Application Data\WeatherBug
2009-07-18 12:45 . 2009-01-28 21:14 335752 ----a-w- c:\winnt\system32\drivers\avgldx86.sys
2009-07-15 17:39 . 2004-04-03 22:51 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-14 19:20 . 2005-01-30 19:17 -------- d-----w- c:\program files\Java
2009-07-14 17:18 . 2002-03-28 18:39 -------- d-----w- c:\program files\Return to Castle Wolfenstein
2009-07-14 17:17 . 2004-11-11 13:16 -------- d-----w- c:\program files\AvantGo
2009-07-14 17:17 . 2002-03-15 00:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-14 17:15 . 2002-11-22 19:29 -------- d-----w- c:\program files\EA GAMES
2009-07-14 17:14 . 2006-07-20 20:08 -------- d-----w- c:\program files\America's Army
2009-07-14 17:14 . 2006-07-20 20:10 -------- d-----w- c:\program files\America's Army Server Manager
2009-07-14 17:09 . 2002-05-25 18:21 -------- d-----w- c:\program files\Nancy Drew
2009-07-14 13:41 . 2009-01-29 22:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-14 13:40 . 2009-03-23 18:45 3775176 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-13 17:36 . 2009-01-29 22:19 38160 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys
2009-07-13 17:36 . 2009-01-29 22:19 19096 ----a-w- c:\winnt\system32\drivers\mbam.sys
2009-06-24 13:33 . 2009-01-28 21:14 11952 ----a-w- c:\winnt\system32\avgrsstx.dll
2009-06-24 13:33 . 2007-03-06 00:13 27784 ----a-w- c:\winnt\system32\drivers\avgmfx86.sys
2009-06-23 23:18 . 2002-03-20 19:47 -------- d-----w- c:\program files\Hasbro Interactive
2009-06-23 20:54 . 2009-06-23 14:49 -------- d-----w- c:\documents and settings\Owner\Application Data\LimeWire
2009-06-18 12:26 . 2009-06-18 12:26 29696 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{312255E7-E2C2-4F3E-BBCB-02C5B8696CCB}\IconF0CEFCC9.exe
2009-06-18 12:21 . 2009-05-21 17:21 -------- d-----w- c:\program files\Verizon
2009-05-08 12:42 . 2009-01-28 21:14 108552 ----a-w- c:\winnt\system32\drivers\avgtdix.sys
2008-05-20 19:25 . 2008-05-20 19:25 0 ----a-w- c:\program files\temp01
2003-08-27 19:19 . 2003-10-30 11:31 36963 ----a-r- c:\program files\Common Files\SM1updtr.dll
2009-07-18 13:01 . 2009-02-03 21:13 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2004-09-09 1597440]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-04-21 94208]
"ATI Remote Control"="c:\program files\ATI Multimedia\RemCtrl\ATIRW.exe" [2004-04-16 196608]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-30 39408]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-11-12 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AtiPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-07-11 339968]
"GWMDMpi"="c:\winnt\GWMDMpi.exe" [2001-11-27 40960]
"UpdReg"="c:\winnt\Updreg.exe" [1999-11-12 86016]
"AdaptecDirectCD"="c:\program files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-04 684032]
"CapFax"="c:\program files\PhoneTools\CapFax.EXE" [2001-11-07 20480]
"KAZAA"="c:\program files\Kazaa\kazaa.exe" [2003-05-27 2234368]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-25 282624]
"Pure Networks Port Magic"="c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-05-07 99480]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"SM1BG"="c:\winnt\SM1BG.EXE" [2003-08-27 94208]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-06 50688]
"PSPVideo9"="c:\program files\pspvideo9\pspVideo9.exe" [2005-05-25 643072]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-12-21 180269]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-06-21 35328]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"ATI DeviceDetect"="c:\program files\ATI Multimedia\main\ATIDtct.EXE" [2004-06-16 69705]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-10-30 256576]
"HostManager"="c:\program files\Common Files\AOL\1180989014\ee\AOLSoftware.exe" [2006-09-26 50736]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-14 919016]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-24 1948440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-14 148888]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2009-03-10 1553920]
"Hot Key Kbd 9910 Daemon"="SK9910DM.EXE" - c:\winnt\system32\SK9910DM.EXE [2001-01-03 66048]
"GWMDMMSG"="GWMDMMSG.exe" - c:\winnt\GWMDMMSG.exe [2001-11-27 101615]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\winnt\system32\narrator.exe [2004-08-04 53760]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
BOINC Manager.lnk - c:\program files\BOINC\boincmgr.exe [2006-5-5 1966080]
HotSync Manager.lnk - c:\program files\Handspring\HOTSYNC.EXE [2003-3-17 299008]
PowerReg Scheduler V3.exe [2005-3-29 225280]
PowerReg Scheduler.exe [2008-7-18 256000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
ZoneAlarm.lnk - c:\program files\Zone Labs\ZoneAlarm\zonealarm.exe [2003-6-5 50664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-24 13:33 11952 ----a-w- c:\winnt\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\winnt\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1180989014\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Nexon\\KartRider\\NMService.exe"=
"c:\\WINNT\\system32\\PnkBstrA.exe"=
"c:\\WINNT\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\winnt\system32\drivers\avgldx86.sys [1/28/2009 5:14 PM 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\winnt\system32\drivers\avgtdix.sys [1/28/2009 5:14 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [6/24/2009 9:33 AM 907032]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2/6/2009 10:53 AM 298776]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [7/5/2007 6:42 PM 24652]
S3 Gcr432;Gcr432;c:\winnt\system32\drivers\gcr432.sys [10/4/2001 3:18 PM 53701]
S3 PacketNTx;Packet helper driver;c:\winnt\system32\drivers\PacketNTx.sys [11/27/2002 12:30 PM 24544]
S3 PCDRDRV;Pcdr Helper Driver;\??\c:\atf\Qctest\PCDoc\PCDRDRV.sys --> c:\atf\Qctest\PCDoc\PCDRDRV.sys [?]
S3 VisorUsb;Handspring USB;c:\winnt\system32\DRIVERS\VisorUsb.sys --> c:\winnt\system32\DRIVERS\VisorUsb.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-07-24 c:\winnt\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:57]

2005-04-13 c:\winnt\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2002-03-15 22:26]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-ATI Launchpad - (no file)
HKLM-Run-Keyboard Preload Check - c:\oemdrvrs\KEYB\Preload.exe
HKLM-Run-AceGain LiveUpdate - c:\program files\AceGain\LiveUpdate\LiveUpdate.exe
Notify-hgGyyxYo - hgGyyxYo.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.runevillage.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.gateway.net
mSearch Bar =
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: &Search - ?p=ZJxdm086YYUS
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
Trusted Zone: taxslayer.com\www
DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
DPF: {B9F3009B-976B-41C4-A992-229DCCF3367C} - hxxp://cdn.digitalcity.com/_media/dalaillama/ampx.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\ryzeoko5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.runescape.com/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npietab.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwinamp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

creating catchme.sys error: The process cannot access the file because it is being used by another process.
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PSSdk21]
"ImagePath"="\??\c:\winnt\System32\Drivers\HNPsSdk.drv"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\ó™õw$µ
*]
"DisplayName"="\09"
"DeviceDesc"="\09"
"ProviderName"=""
"MFG"="?"
"ReinstallString"="2002, 6.13.10.6118"
"DeviceInstanceIds"=multi:"\00"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(536)
c:\winnt\System32\iac25_32.ax

- - - - - - - > 'explorer.exe'(4048)
c:\program files\Common Files\AOL\ACS\WLHook.dll
c:\program files\Logitech\iTouch\iTchHk.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\winnt\System32\iac25_32.ax
.
------------------------ Other Running Processes ------------------------
.
c:\winnt\system32\ati2evxx.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\winnt\system32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\winnt\system32\PnkBstrA.exe
c:\winnt\system32\wdfmgr.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\winnt\wanmpsvc.exe
c:\winnt\system32\rundll32.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\iPod\bin\iPodService.exe
c:\winnt\system32\wscntfy.exe
c:\winnt\system32\ZoneLabs\vsmon.exe
c:\program files\BOINC\boinc.exe
c:\program files\BOINC\projects\setiathome.berkeley.edu\setiathome_6.03_windows_intelx86.exe
.
**************************************************************************
.
Completion time: 2009-07-27 15:46 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-27 19:46

Pre-Run: 43,244,285,952 bytes free
Post-Run: 43,894,849,536 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINNT
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

303 --- E O F --- 2009-02-09 14:06


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:50:50 PM, on 7/27/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINNT\System32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINNT\system32\PnkBstrA.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINNT\system32\SK9910DM.EXE
C:\WINNT\GWMDMMSG.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\PhoneTools\CapFax.EXE
C:\WINNT\SM1BG.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1180989014\ee\AOLSoftware.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINNT\wanmpsvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\Handspring\HOTSYNC.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\Program Files\BOINC\boinc.exe
C:\Program Files\BOINC\projects\setiathome.berkeley.edu\setiathome_6.03_windows_intelx86.exe
C:\WINNT\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.runevillage.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [AtiPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [CapFax] C:\Program Files\PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINNT\SM1BG.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [PSPVideo9] C:\Program Files\pspvideo9\pspVideo9.exe -t
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1180989014\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe"
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Handspring\HOTSYNC.EXE
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: &Search - ?p=ZJxdm086YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon FiOS Installer.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://jcs.chat.dcn.yahoo.com/v45/yacscom.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...apple.com/qt505/us/win/QuickTimeInstaller.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229602947828
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {B9F3009B-976B-41C4-A992-229DCCF3367C} (CoAxTrack Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (&Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio4029.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} (PCUploader Class) - http://www.konicaminoltaonline.com/activex/PCAXSetup.cab?
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\WINNT\system32\avgrsstx.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINNT\SYSTEM32\avgrsstx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINNT\SYSTEM32\GEARSEC.EXE
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINNT\system32\PnkBstrA.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

--
End of file - 12561 bytes

 

[fdpatches]

Hello,
I just wanted to let you know that I forgot that AVG does the scan overnight, it quarantined 7 virus. I hope this doesn't mess up anything.

Sorry,
Tom

 

[Bio-Hazard]

Remove programs

• Click Start
• Go to Control Panel
• Go to Add/Remove Programs
• Find and click Remove for the following (if present):
  
  LiveReg (Symantec Corporation)
  LiveUpdate 2.5 (Symantec Corporation)
  Spybot - Search & Destroy
  Spybot - Search & Destroy 1.3
  Kazaa Media Desktop 2.1.1
  KazStamp

NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.




Run CFScript

• Close any open browsers.
• Open Notepad by click start
• Click Run
• Type notepad into the box and click enter
• Notepad will open
• Copy and Paste everything from the Code box into Notepad:

File::
c:\winnt\Tasks\Symantec NetDetect.job
c:\documents and settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
c:\documents and settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler.exe

Folder::
c:\program files\Symantec
c:\program files\Kazaa
c:\documents and settings\Owner\Application Data\LimeWire

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KAZAA"=-

RegNull::
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\ó™õw$µ
*]

DDS::
mSearch Bar =
IE: &Search - ?p=ZJxdm086YYUS
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

• Save this as CFScript.txt, in the same location as ComboFix.exe (on your desktop)
  
  
  
• Refering to the picture below, drag CFScript into ComboFix.exe
  
  
  
• When finished, it shall produce a log for you at C:\ComboFix.txt

NOTE: Do not mouseclick combofix's window whilst it's running. That may cause it to stall it.

Next Reply

Please reply with:

• ComboFix log (found at C:\Combofix.txt)
• New HijackThis log

 

[fdpatches]

Hello,
I am unable to uninstall kazaa using the remove program, is there another way to get rid of it?

Thanks,
Tom

 

[fdpatches]

Hello,
Some of the programs said to restart to finish the uninstall, should I reboot before I run combofix? Also I still cannot delete Kazaa do you still want me to run combofix?

Thanks,
Tom

 

[Bio-Hazard]

Hello!

Forget the Kazaa for now and run Combofix.

 

[fdpatches]

So far so good...


ComboFix 09-07-29.04 - Owner 07/30/2009 12:42.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.387 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Created a new restore point

FILE ::
"c:\documents and settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe"
"c:\documents and settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler.exe"
"c:\winnt\Tasks\Symantec NetDetect.job"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Owner\LOCALS~1\Temp\catchme.dll
c:\documents and settings\Owner\Application Data\LimeWire
c:\documents and settings\Owner\Local Settings\temp\catchme.dll
c:\documents and settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
c:\documents and settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler.exe
c:\program files\Kazaa
c:\program files\Kazaa\bdcore.dll
c:\program files\Kazaa\bdcore.dll.updpnd
c:\program files\Kazaa\bdupd.dll
c:\program files\Kazaa\bdupd.dll.updpnd
c:\program files\Kazaa\broadband.gif
c:\program files\Kazaa\Db\bb.db
c:\program files\Kazaa\Db\data1024.dbb
c:\program files\Kazaa\Db\data256.dbb
c:\program files\Kazaa\Db\gr_Owner.current
c:\program files\Kazaa\Db\gr_Owner.previous
c:\program files\Kazaa\Db\np.tmp
c:\program files\Kazaa\Help\arrow.gif
c:\program files\Kazaa\Help\arrow_sml.gif
c:\program files\Kazaa\Help\background.gif
c:\program files\Kazaa\Help\h_mykazaa.gif
c:\program files\Kazaa\Help\h_myMedia.gif
c:\program files\Kazaa\Help\h_myplaylists.gif
c:\program files\Kazaa\Help\mykazaa.css
c:\program files\Kazaa\Help\mykazaa.htm
c:\program files\Kazaa\Help\mymedia.htm
c:\program files\Kazaa\Help\myplaylists.htm
c:\program files\Kazaa\Help\spacer.gif
c:\program files\Kazaa\Help\Thumbs.db
c:\program files\Kazaa\kazaa.exe
c:\program files\Kazaa\Kazaa.url
c:\program files\Kazaa\kzscan.dll
c:\program files\Kazaa\libfn.dll
c:\program files\Kazaa\linksfolder.ico
c:\program files\Kazaa\My Shared Folder\(NEW) Torrie Wilson Playboy pics 12.jpeg
c:\program files\Kazaa\My Shared Folder\(NEW) Torrie Wilson Playboy pics 13.jpeg
c:\program files\Kazaa\My Shared Folder\007.jpg
c:\program files\Kazaa\My Shared Folder\008 (2).jpg
c:\program files\Kazaa\My Shared Folder\anim\cuts.dir
c:\program files\Kazaa\My Shared Folder\anim\gta3.ini
c:\program files\Kazaa\My Shared Folder\anim\ped.ifp
c:\program files\Kazaa\My Shared Folder\audio\BET.mp3
c:\program files\Kazaa\My Shared Folder\audio\c1_tex.mp3
c:\program files\Kazaa\My Shared Folder\audio\cat1.wav
c:\program files\Kazaa\My Shared Folder\audio\CHAT.wav
c:\program files\Kazaa\My Shared Folder\audio\City.wav
c:\program files\Kazaa\My Shared Folder\audio\CLASS.wav
c:\program files\Kazaa\My Shared Folder\audio\copybyte.exe
c:\program files\Kazaa\My Shared Folder\audio\d1_stog.mp3
c:\program files\Kazaa\My Shared Folder\audio\d2_kk.mp3
c:\program files\Kazaa\My Shared Folder\audio\d3_ado.mp3
c:\program files\Kazaa\My Shared Folder\audio\d4_gta.mp3
c:\program files\Kazaa\My Shared Folder\audio\d4_gta2.mp3
c:\program files\Kazaa\My Shared Folder\audio\d5_es.mp3
c:\program files\Kazaa\My Shared Folder\audio\d6_sts.mp3
c:\program files\Kazaa\My Shared Folder\audio\d7_mld.mp3
c:\program files\Kazaa\My Shared Folder\audio\door_3.wav
c:\program files\Kazaa\My Shared Folder\audio\door_4.wav
c:\program files\Kazaa\My Shared Folder\audio\door_5.wav
c:\program files\Kazaa\My Shared Folder\audio\door_6.wav
c:\program files\Kazaa\My Shared Folder\audio\el_ph1.mp3
c:\program files\Kazaa\My Shared Folder\audio\el_ph2.mp3
c:\program files\Kazaa\My Shared Folder\audio\el_ph3.mp3
c:\program files\Kazaa\My Shared Folder\audio\el_ph4.mp3
c:\program files\Kazaa\My Shared Folder\audio\END.mp3
c:\program files\Kazaa\My Shared Folder\audio\FLASH.wav
c:\program files\Kazaa\My Shared Folder\audio\GAME.wav
c:\program files\Kazaa\My Shared Folder\audio\hd_ph1.mp3
c:\program files\Kazaa\My Shared Folder\audio\hd_ph2.mp3
c:\program files\Kazaa\My Shared Folder\audio\hd_ph3.mp3
c:\program files\Kazaa\My Shared Folder\audio\hd_ph4.mp3
c:\program files\Kazaa\My Shared Folder\audio\hd_ph5.mp3
c:\program files\Kazaa\My Shared Folder\audio\HEAD.wav
c:\program files\Kazaa\My Shared Folder\audio\j0_dm2.mp3
c:\program files\Kazaa\My Shared Folder\audio\j1_lfl.mp3
c:\program files\Kazaa\My Shared Folder\audio\j2_kcl.mp3
c:\program files\Kazaa\My Shared Folder\audio\j3_vh.mp3
c:\program files\Kazaa\My Shared Folder\audio\j4_eth.mp3
c:\program files\Kazaa\My Shared Folder\audio\j5_dst.mp3
c:\program files\Kazaa\My Shared Folder\audio\j6_tbj.mp3
c:\program files\Kazaa\My Shared Folder\audio\JB.mp3
c:\program files\Kazaa\My Shared Folder\audio\k1_kbo.mp3
c:\program files\Kazaa\My Shared Folder\audio\k2_gis.mp3
c:\program files\Kazaa\My Shared Folder\audio\k3_ds.mp3
c:\program files\Kazaa\My Shared Folder\audio\k4_shi.mp3
c:\program files\Kazaa\My Shared Folder\audio\k4_shi2.mp3
c:\program files\Kazaa\My Shared Folder\audio\k5_sd.mp3
c:\program files\Kazaa\My Shared Folder\audio\KJAH.wav
c:\program files\Kazaa\My Shared Folder\audio\l1_lg.mp3
c:\program files\Kazaa\My Shared Folder\audio\l2_dsb.mp3
c:\program files\Kazaa\My Shared Folder\audio\l3_dm.mp3
c:\program files\Kazaa\My Shared Folder\audio\l4_pap.mp3
c:\program files\Kazaa\My Shared Folder\audio\l5_tfb.mp3
c:\program files\Kazaa\My Shared Folder\audio\LIPS.wav
c:\program files\Kazaa\My Shared Folder\audio\mf4_a.wav
c:\program files\Kazaa\My Shared Folder\audio\mf4_b.wav
c:\program files\Kazaa\My Shared Folder\audio\mf4_c.wav
c:\program files\Kazaa\My Shared Folder\audio\MSX.wav
c:\program files\Kazaa\My Shared Folder\audio\mt_ph1.mp3
c:\program files\Kazaa\My Shared Folder\audio\mt_ph2.mp3
c:\program files\Kazaa\My Shared Folder\audio\mt_ph3.mp3
c:\program files\Kazaa\My Shared Folder\audio\mt_ph4.mp3
c:\program files\Kazaa\My Shared Folder\audio\police.wav
c:\program files\Kazaa\My Shared Folder\audio\r0_pdr2.mp3
c:\program files\Kazaa\My Shared Folder\audio\r1_sw.mp3
c:\program files\Kazaa\My Shared Folder\audio\r2_ap.mp3
c:\program files\Kazaa\My Shared Folder\audio\r3_ed.mp3
c:\program files\Kazaa\My Shared Folder\audio\r4_gf.mp3
c:\program files\Kazaa\My Shared Folder\audio\r5_pb.mp3
c:\program files\Kazaa\My Shared Folder\audio\r6_mm.mp3
c:\program files\Kazaa\My Shared Folder\audio\RISE.wav
c:\program files\Kazaa\My Shared Folder\audio\s0_mas.mp3
c:\program files\Kazaa\My Shared Folder\audio\s1_pf.mp3
c:\program files\Kazaa\My Shared Folder\audio\s2_ctg.mp3
c:\program files\Kazaa\My Shared Folder\audio\s2_ctg2.mp3
c:\program files\Kazaa\My Shared Folder\audio\s3_rtc.mp3
c:\program files\Kazaa\My Shared Folder\audio\s4_bdba.mp3
c:\program files\Kazaa\My Shared Folder\audio\s4_bdbb.mp3
c:\program files\Kazaa\My Shared Folder\audio\s4_bdbd.mp3
c:\program files\Kazaa\My Shared Folder\audio\s5_lrq.mp3
c:\program files\Kazaa\My Shared Folder\audio\s5_lrqb.mp3
c:\program files\Kazaa\My Shared Folder\audio\s5_lrqc.mp3
c:\program files\Kazaa\My Shared Folder\audio\sfx.SDT
c:\program files\Kazaa\My Shared Folder\audio\t1_tol.mp3
c:\program files\Kazaa\My Shared Folder\audio\t2_tpu.mp3
c:\program files\Kazaa\My Shared Folder\audio\t3_mas.mp3
c:\program files\Kazaa\My Shared Folder\audio\t4_tat.mp3
c:\program files\Kazaa\My Shared Folder\audio\t5_bf.mp3
c:\program files\Kazaa\My Shared Folder\audio\Water.wav
c:\program files\Kazaa\My Shared Folder\audio\yd_ph1.mp3
c:\program files\Kazaa\My Shared Folder\audio\yd_ph2.mp3
c:\program files\Kazaa\My Shared Folder\audio\yd_ph3.mp3
c:\program files\Kazaa\My Shared Folder\audio\yd_ph4.mp3
c:\program files\Kazaa\My Shared Folder\Battlegrounds.exe
c:\program files\Kazaa\My Shared Folder\bkrnd12.jpg
c:\program files\Kazaa\My Shared Folder\Bleem 1.5 full.exe
c:\program files\Kazaa\My Shared Folder\Bleem! (1.5b)&CdKey.exe
c:\program files\Kazaa\My Shared Folder\Britney_Spears_Crossroads02 (1).jpg
c:\program files\Kazaa\My Shared Folder\C&C Generals - NO CD KEY - PLUS REG KEY.exe
c:\program files\Kazaa\My Shared Folder\CONNECTIX VGS.EXE
c:\program files\Kazaa\My Shared Folder\data\animviewer.dat
c:\program files\Kazaa\My Shared Folder\data\carcols.dat
c:\program files\Kazaa\My Shared Folder\data\CULLZONE.DAT
c:\program files\Kazaa\My Shared Folder\data\default.dat
c:\program files\Kazaa\My Shared Folder\data\default.ide
c:\program files\Kazaa\My Shared Folder\data\fistfite.dat
c:\program files\Kazaa\My Shared Folder\data\gta3.dat
c:\program files\Kazaa\My Shared Folder\data\gta3.zon
c:\program files\Kazaa\My Shared Folder\data\handling.cfg
c:\program files\Kazaa\My Shared Folder\data\main.scm
c:\program files\Kazaa\My Shared Folder\data\map.zon
c:\program files\Kazaa\My Shared Folder\data\maps\comNbtm.ipl
c:\program files\Kazaa\My Shared Folder\data\maps\comnbtm\comNbtm.col
c:\program files\Kazaa\My Shared Folder\data\maps\comnbtm\comnbtm.ide
c:\program files\Kazaa\My Shared Folder\data\maps\comnbtm\comNbtm.ipl
c:\program files\Kazaa\My Shared Folder\data\maps\comNtop.ipl
c:\program files\Kazaa\My Shared Folder\data\maps\comntop\comNtop.col
c:\program files\Kazaa\My Shared Folder\data\maps\comntop\comntop.ide
c:\program files\Kazaa\My Shared Folder\data\maps\comntop\comNtop.ipl
c:\program files\Kazaa\My Shared Folder\data\maps\comroad\comroad.col
c:\program files\Kazaa\My Shared Folder\data\maps\comroad\comroad.ide
c:\program files\Kazaa\My Shared Folder\data\maps\comroad\comroad.ipl
c:\program files\Kazaa\My Shared Folder\data\maps\comSE.ipl
c:\program files\Kazaa\My Shared Folder\data\maps\comse\comSE.col
c:\program files\Kazaa\My Shared Folder\data\maps\comse\comse.ide
c:\program files\Kazaa\My Shared Folder\data\maps\comse\comSE.ipl
c:\program files\Kazaa\My Shared Folder\data\maps\comSW.ipl
c:\program files\Kazaa\My Shared Folder\data\maps\comsw\comSW.col
c:\program files\Kazaa\My Shared Folder\data\maps\comsw\comsw.ide
c:\program files\Kazaa\My Shared Folder\data\maps\comsw\comSW.ipl
c:\program files\Kazaa\My Shared Folder\data\maps\cull.ipl
c:\program files\Kazaa\My Shared Folder\data\maps\generic.ide
c:\program files\Kazaa\My Shared Folder\data\maps\gta3.IDE
c:\program files\Kazaa\My Shared Folder\data\maps\indroads\indroads.col
c:\program files\Kazaa\My Shared Folder\data\maps\indroads\indroads.ide
c:\program files\Kazaa\My Shared Folder\data\maps\indroads\indroads.ipl
c:\program files\Kazaa\My Shared Folder\data\maps\industNE.ipl
c:\program files\Kazaa\My Shared Folder\data\maps\industne\industNE.col
c:\program files\Kazaa\My Shared Folder\data\maps\industne\industne.ide
c:\program files\Kazaa\My Shared Folder\data\maps\industne\industNE.ipl
c:\program files\Kazaa\My Shared Folder\data\maps\industNW.ipl
c:\program files\Kazaa\My Shared Folder\data\maps\industnw\industNW.col
c:\program files\Kazaa\My Shared Folder\data\maps\industnw\industnw.ide
c:\program files\Kazaa\My Shared Folder\data\maps\industnw\industNW.ipl
c:\program files\Kazaa\My Shared Folder\data\maps\industSE.ipl
c:\program files\Kazaa\My Shared Folder\data\maps\industse\industSE.col
c:\program files\Kazaa\My Shared Folder\data\maps\industse\industse.ide
c:\program files\Kazaa\My Shared Folder\data\maps\industse\industSE.ipl
c:\program files\Kazaa\My Shared Folder\data\maps\industSW.ipl
c:\program files\Kazaa\My Shared Folder\data\maps\industsw\industSW.col
c:\program files\Kazaa\My Shared Folder\data\maps\industsw\industsw.ide
c:\program files\Kazaa\My Shared Folder\data\maps\industsw\industSW.ipl
c:\program files\Kazaa\My Shared Folder\data\maps\landne\landne.col
c:\program files\Kazaa\My Shared Folder\data\maps\landne\landne.ide
c:\program files\Kazaa\My Shared Folder\data\maps\landne\landne.ipl
c:\program files\Kazaa\My Shared Folder\data\maps\landsw\landsw.col
c:\program files\Kazaa\My Shared Folder\data\maps\landsw\landsw.ide
c:\program files\Kazaa\My Shared Folder\data\maps\landsw\landsw.ipl
c:\program files\Kazaa\My Shared Folder\data\maps\making\making.col
c:\program files\Kazaa\My Shared Folder\data\maps\making\making.ide
c:\program files\Kazaa\My Shared Folder\data\maps\making\making.ipl
c:\program files\Kazaa\My Shared Folder\data\maps\overview.ipl
c:\program files\Kazaa\My Shared Folder\data\maps\props.IPL
c:\program files\Kazaa\My Shared Folder\data\maps\subroads\subroads.col
c:\program files\Kazaa\My Shared Folder\data\maps\subroads\subroads.ide
c:\program files\Kazaa\My Shared Folder\data\maps\subroads\subroads.ipl
c:\program files\Kazaa\My Shared Folder\data\maps\suburbne.ipl
c:\program files\Kazaa\My Shared Folder\data\maps\suburbsw.ipl
c:\program files\Kazaa\My Shared Folder\data\maps\temppart\temppart.col
c:\program files\Kazaa\My Shared Folder\data\maps\temppart\temppart.ide
c:\program files\Kazaa\My Shared Folder\data\maps\temppart\temppart.ipl
c:\program files\Kazaa\My Shared Folder\data\object.dat
c:\program files\Kazaa\My Shared Folder\data\particle.cfg
c:\program files\Kazaa\My Shared Folder\data\paths\CHASE0.DAT
c:\program files\Kazaa\My Shared Folder\data\paths\CHASE1.DAT
c:\program files\Kazaa\My Shared Folder\data\paths\CHASE10.DAT
c:\program files\Kazaa\My Shared Folder\data\paths\CHASE11.DAT
c:\program files\Kazaa\My Shared Folder\data\paths\CHASE14.DAT
c:\program files\Kazaa\My Shared Folder\data\paths\CHASE16.DAT
c:\program files\Kazaa\My Shared Folder\data\paths\CHASE18.DAT
c:\program files\Kazaa\My Shared Folder\data\paths\CHASE19.DAT
c:\program files\Kazaa\My Shared Folder\data\paths\CHASE2.DAT
c:\program files\Kazaa\My Shared Folder\data\paths\CHASE3.DAT
c:\program files\Kazaa\My Shared Folder\data\paths\CHASE4.DAT
c:\program files\Kazaa\My Shared Folder\data\paths\CHASE5.DAT
c:\program files\Kazaa\My Shared Folder\data\paths\CHASE6.DAT
c:\program files\Kazaa\My Shared Folder\data\paths\CHASE7.DAT
c:\program files\Kazaa\My Shared Folder\data\paths\flight.dat
c:\program files\Kazaa\My Shared Folder\data\paths\flight2.dat
c:\program files\Kazaa\My Shared Folder\data\paths\flight3.dat
c:\program files\Kazaa\My Shared Folder\data\paths\flight4.dat
c:\program files\Kazaa\My Shared Folder\data\paths\tracks.dat
c:\program files\Kazaa\My Shared Folder\data\paths\tracks2.dat
c:\program files\Kazaa\My Shared Folder\data\ped.dat
c:\program files\Kazaa\My Shared Folder\data\pedgrp.dat
c:\program files\Kazaa\My Shared Folder\data\pedstats.dat
c:\program files\Kazaa\My Shared Folder\data\surface.dat
c:\program files\Kazaa\My Shared Folder\data\timecyc.dat
c:\program files\Kazaa\My Shared Folder\data\train.dat
c:\program files\Kazaa\My Shared Folder\data\train2.dat
c:\program files\Kazaa\My Shared Folder\data\water.dat
c:\program files\Kazaa\My Shared Folder\data\waterpro.dat
c:\program files\Kazaa\My Shared Folder\data\weapon.dat
c:\program files\Kazaa\My Shared Folder\deviance.nfo
c:\program files\Kazaa\My Shared Folder\Dixie Chicks - Goodbye Earl.mp3
c:\program files\Kazaa\My Shared Folder\download1043422381155035359.dat
c:\program files\Kazaa\My Shared Folder\download104541047084502765.dat
c:\program files\Kazaa\My Shared Folder\download104542138095413109.dat
c:\program files\Kazaa\My Shared Folder\download1045499121173154187.dat
c:\program files\Kazaa\My Shared Folder\download1049463382430273359.dat
c:\program files\Kazaa\My Shared Folder\download1051647867112095312.dat
c:\program files\Kazaa\My Shared Folder\download1056130511589734.dat
c:\program files\Kazaa\My Shared Folder\download1056130561640046.dat
c:\program files\Kazaa\My Shared Folder\download10561312811360093.dat
c:\program files\Kazaa\My Shared Folder\DVD Copy Plus 4.0 - Includes Crack for 4.0.exe
c:\program files\Kazaa\My Shared Folder\DVD X Copy Crack.exe
c:\program files\Kazaa\My Shared Folder\DVDCopyPlus Crack (2).zip
c:\program files\Kazaa\My Shared Folder\DVDXCopy v1.0.625.exe
c:\program files\Kazaa\My Shared Folder\dvdxcopy_v10_b625.exe
c:\program files\Kazaa\My Shared Folder\Electronica - Emerging Artists.kpl
c:\program files\Kazaa\My Shared Folder\FIXED_Pokemon Ruby (1).exe
c:\program files\Kazaa\My Shared Folder\Funk - Emerging Artists.kpl
c:\program files\Kazaa\My Shared Folder\game.dat
c:\program files\Kazaa\My Shared Folder\gta3-therealdeal-nobullshittin_unpacked517MB.exe
c:\program files\Kazaa\My Shared Folder\gta3.exe
c:\program files\Kazaa\My Shared Folder\gta3.ini
c:\program files\Kazaa\My Shared Folder\gty.jpg
c:\program files\Kazaa\My Shared Folder\Hip-Hop - Emerging Artists.kpl
c:\program files\Kazaa\My Shared Folder\Icons\gta3.ico
c:\program files\Kazaa\My Shared Folder\Icons\gtaPcWaste.ico
c:\program files\Kazaa\My Shared Folder\Icons\rockstar.ico
c:\program files\Kazaa\My Shared Folder\img.uha
c:\program files\Kazaa\My Shared Folder\janine on black couch-red dildo in pussy.jpg
c:\program files\Kazaa\My Shared Folder\Jenna Jamison Nude #1 (1).jpg
c:\program files\Kazaa\My Shared Folder\Jenna Jameson - Blowjobs 16.jpg
c:\program files\Kazaa\My Shared Folder\Jenna Jameson Fucking on boat.jpg
c:\program files\Kazaa\My Shared Folder\kmd200_en.exe
c:\program files\Kazaa\My Shared Folder\kmd202_en.exe
c:\program files\Kazaa\My Shared Folder\kmd202gu_en.exe
c:\program files\Kazaa\My Shared Folder\kmd211_en.exe
c:\program files\Kazaa\My Shared Folder\maura_tierney-001-lagrange-5.jpg
c:\program files\Kazaa\My Shared Folder\midtown\Midtown Madness.exe
c:\program files\Kazaa\My Shared Folder\models\Coll\commer.col
c:\program files\Kazaa\My Shared Folder\models\Coll\generic.col
c:\program files\Kazaa\My Shared Folder\models\Coll\indust.col
c:\program files\Kazaa\My Shared Folder\models\Coll\peds.col
c:\program files\Kazaa\My Shared Folder\models\Coll\suburb.col
c:\program files\Kazaa\My Shared Folder\models\Coll\vehicles.col
c:\program files\Kazaa\My Shared Folder\models\Coll\weapons.col
c:\program files\Kazaa\My Shared Folder\models\Generic\air_vlo.DFF
c:\program files\Kazaa\My Shared Folder\models\Generic\arrow.DFF
c:\program files\Kazaa\My Shared Folder\models\Generic\loplyguy.dff
c:\program files\Kazaa\My Shared Folder\models\Generic\peds.dff
c:\program files\Kazaa\My Shared Folder\models\Generic\player.bmp
c:\program files\Kazaa\My Shared Folder\models\Generic\qsphere.DFF
c:\program files\Kazaa\My Shared Folder\models\Generic\sphere.DFF
c:\program files\Kazaa\My Shared Folder\models\Generic\weapons.dff
c:\program files\Kazaa\My Shared Folder\models\Generic\wheels.DFF
c:\program files\Kazaa\My Shared Folder\models\Generic\zonecyla.DFF
c:\program files\Kazaa\My Shared Folder\models\Generic\zonecylb.DFF
c:\program files\Kazaa\My Shared Folder\models\Generic\zonesphr.DFF
c:\program files\Kazaa\My Shared Folder\models\gta3.dir
c:\program files\Kazaa\My Shared Folder\movies\GTAtitles.mpg
c:\program files\Kazaa\My Shared Folder\movies\GTAtitlesGER.mpg
c:\program files\Kazaa\My Shared Folder\movies\Logo.mpg
c:\program files\Kazaa\My Shared Folder\movies\Thumbs.db
c:\program files\Kazaa\My Shared Folder\mss\Mp3dec.asi
c:\program files\Kazaa\My Shared Folder\mss\Mssa3d.m3d
c:\program files\Kazaa\My Shared Folder\mss\Mssa3d2.m3d
c:\program files\Kazaa\My Shared Folder\mss\Mssds3dh.m3d
c:\program files\Kazaa\My Shared Folder\mss\Mssds3ds.m3d
c:\program files\Kazaa\My Shared Folder\mss\Msseax.m3d
c:\program files\Kazaa\My Shared Folder\mss\msseax3.m3d
c:\program files\Kazaa\My Shared Folder\mss\Mssfast.m3d
c:\program files\Kazaa\My Shared Folder\mss\Mssrsx.m3d
c:\program files\Kazaa\My Shared Folder\mss\Reverb3.flt
c:\program files\Kazaa\My Shared Folder\Mss32.dll
c:\program files\Kazaa\My Shared Folder\myth.acm
c:\program files\Kazaa\My Shared Folder\myth.nfo
c:\program files\Kazaa\My Shared Folder\myth.pak
c:\program files\Kazaa\My Shared Folder\myth2.pak
c:\program files\Kazaa\My Shared Folder\mythXuha.exe
c:\program files\Kazaa\My Shared Folder\Norton AntiVirus 2002 serial.doc
c:\program files\Kazaa\My Shared Folder\Paint Shop Pro 7 Crack.exe
c:\program files\Kazaa\My Shared Folder\Paint Shop Pro 7.04 Crack.exe
c:\program files\Kazaa\My Shared Folder\paint shop pro 7.04 with crack.exe
c:\program files\Kazaa\My Shared Folder\PATCH 4 WinXP_US&FR\Q306676_WXP_SP1_x86_ENU.exe
c:\program files\Kazaa\My Shared Folder\PATCH 4 WinXP_US&FR\Q306676_WXP_SP1_x86_FRA.exe
c:\program files\Kazaa\My Shared Folder\Pokemon Sapphire (1) (1).exe
c:\program files\Kazaa\My Shared Folder\Pop Rock - Emerging Artists.kpl
c:\program files\Kazaa\My Shared Folder\PS2 Emulator.exe
c:\program files\Kazaa\My Shared Folder\R&B - Emerging Artists.kpl
c:\program files\Kazaa\My Shared Folder\ReadMe\ReadMe.txt
c:\program files\Kazaa\My Shared Folder\ReadMe\ReadMe_FRENCH.txt
c:\program files\Kazaa\My Shared Folder\ReadMe\ReadMe_GERMAN.txt
c:\program files\Kazaa\My Shared Folder\ReadMe\Readme_ITALIAN.txt
c:\program files\Kazaa\My Shared Folder\ReadMe\ReadMe_SPANISH.txt
c:\program files\Kazaa\My Shared Folder\setup.bat
c:\program files\Kazaa\My Shared Folder\Shania Twain Playboy Picture (1).jpg
c:\program files\Kazaa\My Shared Folder\shania_twain_(nipple_slip)(1).jpg
c:\program files\Kazaa\My Shared Folder\skins\playa2.bmp
c:\program files\Kazaa\My Shared Folder\skins\player.bmp
c:\program files\Kazaa\My Shared Folder\TEXT\american.gxt
c:\program files\Kazaa\My Shared Folder\TEXT\english.gxt
c:\program files\Kazaa\My Shared Folder\TEXT\french.gxt
c:\program files\Kazaa\My Shared Folder\TEXT\german.gxt
c:\program files\Kazaa\My Shared Folder\TEXT\italian.gxt
c:\program files\Kazaa\My Shared Folder\TEXT\spanish.gxt
c:\program files\Kazaa\My Shared Folder\TONKA Search & Rescue 2.lnk
c:\program files\Kazaa\My Shared Folder\Torrie Wilson 01.jpg
c:\program files\Kazaa\My Shared Folder\Torrie Wilson Playboy 05.jpg
c:\program files\Kazaa\My Shared Folder\Torrie Wilson Playboy Cover.jpg
c:\program files\Kazaa\My Shared Folder\Torrie Wilson Playboy Pic 1 -Madrox-.jpg
c:\program files\Kazaa\My Shared Folder\Torrie Wilson Playboy Pic 2 -Madrox-.jpg
c:\program files\Kazaa\My Shared Folder\Torrie Wilson Playboy Pic 3- Real Thing.jpg
c:\program files\Kazaa\My Shared Folder\Torrie Wilson Playboy Pic 3 -Madrox-.jpg
c:\program files\Kazaa\My Shared Folder\Torrie Wilson Playboy Pic 4 -Madrox-.jpg
c:\program files\Kazaa\My Shared Folder\Torrie Wilson playboy pic 6 (1) (1).jpg
c:\program files\Kazaa\My Shared Folder\Torrie Wilson playboy pic 6 (1).jpg
c:\program files\Kazaa\My Shared Folder\Torrie Wilson Playboy Picture (1).jpg
c:\program files\Kazaa\My Shared Folder\Torrie Wilson Playboy Picture.jpg
c:\program files\Kazaa\My Shared Folder\Torrie_Wilson_PB_Squidscans2.jpg
c:\program files\Kazaa\My Shared Folder\tracy_dali_856758.jpg
c:\program files\Kazaa\My Shared Folder\txd.uha
c:\program files\Kazaa\My Shared Folder\WCW Stacy Keibler wet top 2 (1) (1) (1).jpg
c:\program files\Kazaa\My Shared Folder\Website\website.url
c:\program files\Kazaa\My Shared Folder\WWF-WWE.Torrie Wilson 0011 (1).jpg
c:\program files\Kazaa\plugins.htm
c:\program files\Kazaa\plugins\ace.xmd
c:\program files\Kazaa\plugins\arc.xmd
c:\program files\Kazaa\plugins\arj.xmd
c:\program files\Kazaa\plugins\bach.xmd
c:\program files\Kazaa\plugins\bzip2.xmd
c:\program files\Kazaa\plugins\cab.xmd
c:\program files\Kazaa\plugins\cevakrnl.cvd
c:\program files\Kazaa\plugins\cevakrnl.ivd
c:\program files\Kazaa\plugins\cevakrnl.rvd
c:\program files\Kazaa\plugins\cevakrnl.xmd
c:\program files\Kazaa\plugins\chm.xmd
c:\program files\Kazaa\plugins\cpio.xmd
c:\program files\Kazaa\plugins\dbx.xmd
c:\program files\Kazaa\plugins\docfile.xmd
c:\program files\Kazaa\plugins\emalware.cvd
c:\program files\Kazaa\plugins\emalware.ivd
c:\program files\Kazaa\plugins\emalware.xmd
c:\program files\Kazaa\plugins\gzip.xmd
c:\program files\Kazaa\plugins\ha.xmd
c:\program files\Kazaa\plugins\hlp.xmd
c:\program files\Kazaa\plugins\hpe.cvd
c:\program files\Kazaa\plugins\hpe.xmd
c:\program files\Kazaa\plugins\hqx.xmd
c:\program files\Kazaa\plugins\imp.xmd
c:\program files\Kazaa\plugins\inno.xmd
c:\program files\Kazaa\plugins\instyler.xmd
c:\program files\Kazaa\plugins\iso.xmd
c:\program files\Kazaa\plugins\java.xmd
c:\program files\Kazaa\plugins\lha.xmd
c:\program files\Kazaa\plugins\lnk.xmd
c:\program files\Kazaa\plugins\mbox.xmd
c:\program files\Kazaa\plugins\mbx.xmd
c:\program files\Kazaa\plugins\mdx.xmd
c:\program files\Kazaa\plugins\mdx_97.cvd
c:\program files\Kazaa\plugins\mdx_97.ivd
c:\program files\Kazaa\plugins\mdx_w95.cvd
c:\program files\Kazaa\plugins\mdx_x95.cvd
c:\program files\Kazaa\plugins\mdx_xf.cvd
c:\program files\Kazaa\plugins\mime.xmd
c:\program files\Kazaa\plugins\mso.xmd
c:\program files\Kazaa\plugins\nelf.cvd
c:\program files\Kazaa\plugins\nelf.xmd
c:\program files\Kazaa\plugins\objd.xmd
c:\program files\Kazaa\plugins\pdf.xmd
c:\program files\Kazaa\plugins\pst.xmd
c:\program files\Kazaa\plugins\rar.xmd
c:\program files\Kazaa\plugins\rpm.xmd
c:\program files\Kazaa\plugins\rtf.xmd
c:\program files\Kazaa\plugins\rup.cvd
c:\program files\Kazaa\plugins\rup.xmd
c:\program files\Kazaa\plugins\sdx.cvd
c:\program files\Kazaa\plugins\sdx.ivd
c:\program files\Kazaa\plugins\sdx.xmd
c:\program files\Kazaa\plugins\sfx.xmd
c:\program files\Kazaa\plugins\swf.xmd
c:\program files\Kazaa\plugins\tar.xmd
c:\program files\Kazaa\plugins\td0.xmd
c:\program files\Kazaa\plugins\thebat.xmd
c:\program files\Kazaa\plugins\tnef.xmd
c:\program files\Kazaa\plugins\unpack.cvd
c:\program files\Kazaa\plugins\unpack.xmd
c:\program files\Kazaa\plugins\uudecode.xmd
c:\program files\Kazaa\plugins\ve.cvd
c:\program files\Kazaa\plugins\ve.ivd
c:\program files\Kazaa\plugins\ve.xmd
c:\program files\Kazaa\plugins\vedata.cvd
c:\program files\Kazaa\plugins\viza.xmd
c:\program files\Kazaa\plugins\xishield.xmd
c:\program files\Kazaa\plugins\z.xmd
c:\program files\Kazaa\plugins\zip.xmd
c:\program files\Kazaa\plugins\zoo.xmd
c:\program files\Kazaa\Promotions\Earn Money.url
c:\program files\Kazaa\Promotions\Get Access with Tiscali.url
c:\program files\Kazaa\Promotions\Love and Dating.url
c:\program files\Kazaa\Promotions\Netflix.url
c:\program files\Kazaa\Promotions\readme.lnk
c:\program files\Kazaa\Search\kazaa.css
c:\program files\Kazaa\Search\KazaaAd.htm
c:\program files\Kazaa\Search\spacer.gif
c:\program files\Kazaa\Search\WebSearch.htm
c:\program files\Kazaa\Skins\Ceramic Biscuit\mainbar_mykazaa.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mainbar_mykazaa_dis.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mainbar_mykazaa_over.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mainbar_mykazaa_sel.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mainbar_search.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mainbar_search_dis.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mainbar_search_over.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mainbar_search_sel.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mainbar_shop.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mainbar_shop_dis.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mainbar_shop_over.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mainbar_shop_sel.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mainbar_start.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mainbar_start_dis.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mainbar_start_over.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mainbar_start_sel.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mainbar_tell.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mainbar_tell_dis.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mainbar_tell_over.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mainbar_tell_sel.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mainbar_theatre.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mainbar_theatre_dis.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mainbar_theatre_over.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mainbar_theatre_sel.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mainbar_traffic.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mainbar_traffic_dis.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mainbar_traffic_over.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mainbar_traffic_sel.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mediabar_addtoplay.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mediabar_addtoplay_dis.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mediabar_addtoplay_over.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mediabar_addtoplay_sel.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mediabar_next.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mediabar_next_dis.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mediabar_next_over.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mediabar_next_sel.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mediabar_pause.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mediabar_pause_dis.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mediabar_pause_over.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mediabar_pause_sel.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mediabar_play.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mediabar_play_dis.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mediabar_play_over.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mediabar_play_sel.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mediabar_prev.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mediabar_prev_dis.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mediabar_prev_over.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mediabar_prev_sel.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mediabar_slider.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mediabar_sliderThumb.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mediabar_sliderThumb_over.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mediabar_stop.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mediabar_stop_dis.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mediabar_stop_over.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mediabar_stop_sel.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mediabar_volume.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mediabar_volume_dis.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mediabar_volume_over.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mediabar_volume_sel.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_delete.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_delete_dis.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_delete_over.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_delete_sel.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_folders.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_folders_dis.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_folders_over.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_folders_sel.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_importfold.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_importfold_dis.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_importfold_over.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_importfold_sel.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_moreinfo.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_moreinfo_dis.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_moreinfo_over.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_moreinfo_sel.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_share.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_share_dis.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_share_over.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_share_sel.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\searchbar_download.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\searchbar_download_dis.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\searchbar_download_over.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\searchbar_download_sel.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\searchbar_messageuser.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\searchbar_messageuser_dis.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\searchbar_messageuser_over.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\searchbar_messageuser_sel.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\searchbar_newsearch.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\searchbar_newsearch_dis.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\searchbar_newsearch_over.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\searchbar_newsearch_sel.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\searchbar_searchuser.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\searchbar_searchuser_dis.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\searchbar_searchuser_over.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\searchbar_searchuser_sel.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\searchbar_showsearch.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\searchbar_showsearch_dis.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\searchbar_showsearch_over.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\searchbar_showsearch_sel.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\skin.xml
c:\program files\Kazaa\Skins\Ceramic Biscuit\startbar_back.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\startbar_back_dis.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\startbar_back_over.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\startbar_back_sel.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\startbar_fwd.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\startbar_fwd_dis.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\startbar_fwd_over.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\startbar_fwd_sel.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\startbar_home.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\startbar_home_dis.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\startbar_home_over.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\startbar_home_sel.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\startbar_refresh.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\startbar_refresh_dis.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\startbar_refresh_over.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\startbar_refresh_sel.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\startbar_stop.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\startbar_stop_dis.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\startbar_stop_over.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\startbar_stop_sel.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\theatrebar_fullscreen.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\theatrebar_fullscreen_dis.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\theatrebar_fullscreen_over.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\theatrebar_fullscreen_sel.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\trafficbar_cancel.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\trafficbar_cancel_dis.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\trafficbar_cancel_over.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\trafficbar_cancel_sel.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\trafficbar_pause.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\trafficbar_pause_dis.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\trafficbar_pause_over.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\trafficbar_pause_sel.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\trafficbar_resume.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\trafficbar_resume_dis.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\trafficbar_resume_over.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\trafficbar_resume_sel.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\window_btm.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\window_btmLeft.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\window_btmright.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\window_left.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\window_right.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\window_top.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\window_topleft.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\window_topright.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\windowbar_close.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\windowbar_close_dis.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\windowbar_close_over.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\windowbar_close_sel.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\windowbar_maximise.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\windowbar_maximise_dis.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\windowbar_maximise_over.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\windowbar_maximise_sel.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\windowbar_minimise.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\windowbar_minimise_dis.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\windowbar_minimise_over.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\windowbar_minimise_sel.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\windowbar_restore.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\windowbar_restore_dis.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\windowbar_restore_over.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\windowbar_restore_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_mykazaa.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_mykazaa_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_mykazaa_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_mykazaa_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_search.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_search_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_search_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_search_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_shop.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_shop_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_shop_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_shop_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_start.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_start_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_start_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_start_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_tell.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_tell_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_tell_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_tell_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_theatre.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_theatre_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_theatre_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_theatre_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_traffic.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_traffic_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_traffic_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_traffic_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_addtoplay.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_addtoplay_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_addtoplay_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_addtoplay_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_next.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_next_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_next_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_next_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_pause.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_pause_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_pause_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_pause_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_play.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_play_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_play_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_play_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_prev.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_prev_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_prev_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_prev_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_slider.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_sliderThumb.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_sliderThumb_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_stop.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_stop_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_stop_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_stop_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_volume.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_volume_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_volume_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_volume_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mykazaabar_delete.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mykazaabar_delete_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mykazaabar_delete_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mykazaabar_delete_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mykazaabar_folders.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mykazaabar_folders_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mykazaabar_folders_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mykazaabar_folders_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mykazaabar_importfold.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mykazaabar_importfold_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mykazaabar_importfold_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mykazaabar_importfold_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mykazaabar_moreinfo.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mykazaabar_moreinfo_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mykazaabar_moreinfo_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mykazaabar_moreinfo_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mykazaabar_share.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mykazaabar_share_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mykazaabar_share_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mykazaabar_share_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\searchbar_download.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\searchbar_download_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\searchbar_download_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\searchbar_download_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\searchbar_messageuser.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\searchbar_messageuser_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\searchbar_messageuser_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\searchbar_messageuser_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\searchbar_newsearch.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\searchbar_newsearch_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\searchbar_newsearch_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\searchbar_newsearch_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\searchbar_searchuser.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\searchbar_searchuser_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\searchbar_searchuser_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\searchbar_searchuser_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\searchbar_showsearch.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\searchbar_showsearch_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\searchbar_showsearch_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\searchbar_showsearch_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\skin.xml
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\startbar_back.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\startbar_back_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\startbar_back_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\startbar_back_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\startbar_fwd.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\startbar_fwd_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\startbar_fwd_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\startbar_fwd_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\startbar_home.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\startbar_home_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\startbar_home_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\startbar_home_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\startbar_refresh.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\startbar_refresh_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\startbar_refresh_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\startbar_refresh_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\startbar_stop.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\startbar_stop_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\startbar_stop_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\startbar_stop_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\theatrebar_fullscreen.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\theatrebar_fullscreen_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\theatrebar_fullscreen_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\theatrebar_fullscreen_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\trafficbar_cancel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\trafficbar_cancel_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\trafficbar_cancel_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\trafficbar_cancel_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\trafficbar_pause.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\trafficbar_pause_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\trafficbar_pause_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\trafficbar_pause_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\trafficbar_resume.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\trafficbar_resume_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\trafficbar_resume_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\trafficbar_resume_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\window_btm.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\window_btmLeft.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\window_btmright.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\window_left.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\window_right.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\window_top.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\window_topleft.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\window_topright.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\windowbar_close.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\windowbar_close_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\windowbar_close_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\windowbar_close_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\windowbar_maximise.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\windowbar_maximise_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\windowbar_maximise_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\windowbar_maximise_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\windowbar_minimise.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\windowbar_minimise_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\windowbar_minimise_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\windowbar_minimise_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\windowbar_restore.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\windowbar_restore_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\windowbar_restore_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\windowbar_restore_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mainbar_mykazaa.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mainbar_mykazaa_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mainbar_mykazaa_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mainbar_mykazaa_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mainbar_search.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mainbar_search_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mainbar_search_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mainbar_search_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mainbar_shop.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mainbar_shop_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mainbar_shop_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mainbar_shop_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mainbar_start.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mainbar_start_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mainbar_start_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mainbar_start_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mainbar_theatre.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mainbar_theatre_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mainbar_theatre_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mainbar_theatre_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mainbar_traffic.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mainbar_traffic_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mainbar_traffic_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mainbar_traffic_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_addtoplay.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_addtoplay_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_addtoplay_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_addtoplay_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_next.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_next_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_next_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_next_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_pause.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_pause_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_pause_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_pause_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_play.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_play_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_play_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_play_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_prev.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_prev_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_prev_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_prev_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_slider.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_sliderThumb.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_sliderThumb_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_stop.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_stop_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_stop_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_stop_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_tell.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_tell_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_tell_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_tell_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_volume.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_volume_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_volume_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_volume_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mykazaabar_delete.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mykazaabar_delete_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mykazaabar_delete_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mykazaabar_delete_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mykazaabar_folders.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mykazaabar_folders_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mykazaabar_folders_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mykazaabar_folders_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mykazaabar_importfold.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mykazaabar_importfold_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mykazaabar_importfold_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mykazaabar_importfold_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mykazaabar_moreinfo.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mykazaabar_moreinfo_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mykazaabar_moreinfo_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mykazaabar_moreinfo_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mykazaabar_share.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mykazaabar_share_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mykazaabar_share_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mykazaabar_share_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\searchbar_closetabs.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\searchbar_closetabs_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\searchbar_closetabs_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\searchbar_closetabs_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\searchbar_download.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\searchbar_download_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\searchbar_download_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\searchbar_download_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\searchbar_messageuser.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\searchbar_messageuser_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\searchbar_messageuser_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\searchbar_messageuser_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\searchbar_newsearch.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\searchbar_newsearch_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\searchbar_newsearch_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\searchbar_newsearch_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\searchbar_searchuser.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\searchbar_searchuser_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\searchbar_searchuser_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\searchbar_searchuser_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\searchbar_showsearch.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\searchbar_showsearch_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\searchbar_showsearch_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\searchbar_showsearch_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\skin.xml
c:\program files\Kazaa\Skins\Toasted Sherbert\startbar_back.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\startbar_back_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\startbar_back_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\startbar_back_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\startbar_fwd.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\startbar_fwd_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\startbar_fwd_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\startbar_fwd_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\startbar_home.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\startbar_home_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\startbar_home_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\startbar_home_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\startbar_refresh.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\startbar_refresh_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\startbar_refresh_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\startbar_refresh_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\startbar_stop.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\startbar_stop_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\startbar_stop_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\startbar_stop_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\theatrebar_fullscreen.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\theatrebar_fullscreen_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\theatrebar_fullscreen_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\theatrebar_fullscreen_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\trafficbar_cancel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\trafficbar_cancel_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\trafficbar_cancel_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\trafficbar_cancel_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\trafficbar_pause.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\trafficbar_pause_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\trafficbar_pause_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\trafficbar_pause_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\trafficbar_resume.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\trafficbar_resume_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\trafficbar_resume_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\trafficbar_resume_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\vssver.scc
c:\program files\Kazaa\Skins\Toasted Sherbert\window_btm.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\window_btmLeft.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\window_btmright.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\window_left.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\window_right.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\window_top.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\window_topleft.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\window_topright.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\windowbar_close.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\windowbar_close_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\windowbar_close_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\windowbar_close_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\windowbar_maximise.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\windowbar_maximise_dis.bmp

 

[fdpatches]

had to split the combo fix log...

c:\program files\Kazaa\Skins\Toasted Sherbert\windowbar_maximise_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\windowbar_maximise_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\windowbar_minimise.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\windowbar_minimise_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\windowbar_minimise_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\windowbar_minimise_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\windowbar_restore.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\windowbar_restore_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\windowbar_restore_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\windowbar_restore_sel.bmp
c:\program files\Kazaa\tsi2.cab
c:\program files\Symantec
c:\program files\Symantec\SYMEVENT.CAT
c:\program files\Symantec\SYMEVENT.INF

.
((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-30 )))))))))))))))))))))))))))))))
.

2009-07-27 12:45 . 2009-07-27 12:45 -------- d-----w- c:\program files\ERUNT
2009-07-14 19:20 . 2009-07-14 19:20 410984 ----a-w- c:\winnt\system32\deploytk.dll
2009-07-14 19:19 . 2009-07-14 19:19 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_14\lzma.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-30 17:06 . 2005-12-15 13:21 -------- d-----w- c:\program files\BOINC
2009-07-30 16:39 . 2002-03-15 02:01 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-29 13:09 . 2002-12-16 15:52 -------- d-----w- c:\program files\KazStamp
2009-07-29 13:09 . 2004-04-03 22:51 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-29 13:09 . 2003-06-05 01:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-27 19:34 . 2008-04-23 17:06 16314380 --sha-w- c:\winnt\system32\drivers\fidbox.idx
2009-07-27 19:34 . 2008-04-23 17:06 1393936416 --sha-w- c:\winnt\system32\drivers\fidbox.dat
2009-07-23 19:56 . 2008-07-01 12:32 34 ----a-w- c:\documents and settings\Owner\jagex_runescape_preferences.dat
2009-07-22 15:33 . 2004-12-24 02:47 -------- d-----w- c:\documents and settings\Owner\Application Data\WeatherBug
2009-07-18 12:45 . 2009-01-28 21:14 335752 ----a-w- c:\winnt\system32\drivers\avgldx86.sys
2009-07-14 19:20 . 2005-01-30 19:17 -------- d-----w- c:\program files\Java
2009-07-14 17:18 . 2002-03-28 18:39 -------- d-----w- c:\program files\Return to Castle Wolfenstein
2009-07-14 17:17 . 2004-11-11 13:16 -------- d-----w- c:\program files\AvantGo
2009-07-14 17:17 . 2002-03-15 00:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-14 17:15 . 2002-11-22 19:29 -------- d-----w- c:\program files\EA GAMES
2009-07-14 17:14 . 2006-07-20 20:08 -------- d-----w- c:\program files\America's Army
2009-07-14 17:14 . 2006-07-20 20:10 -------- d-----w- c:\program files\America's Army Server Manager
2009-07-14 17:09 . 2002-05-25 18:21 -------- d-----w- c:\program files\Nancy Drew
2009-07-14 13:41 . 2009-01-29 22:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-14 13:40 . 2009-03-23 18:45 3775176 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-13 17:36 . 2009-01-29 22:19 38160 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys
2009-07-13 17:36 . 2009-01-29 22:19 19096 ----a-w- c:\winnt\system32\drivers\mbam.sys
2009-06-24 13:33 . 2009-01-28 21:14 11952 ----a-w- c:\winnt\system32\avgrsstx.dll
2009-06-24 13:33 . 2007-03-06 00:13 27784 ----a-w- c:\winnt\system32\drivers\avgmfx86.sys
2009-06-23 23:18 . 2002-03-20 19:47 -------- d-----w- c:\program files\Hasbro Interactive
2009-06-18 12:26 . 2009-06-18 12:26 29696 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{312255E7-E2C2-4F3E-BBCB-02C5B8696CCB}\IconF0CEFCC9.exe
2009-06-18 12:21 . 2009-05-21 17:21 -------- d-----w- c:\program files\Verizon
2009-05-08 12:42 . 2009-01-28 21:14 108552 ----a-w- c:\winnt\system32\drivers\avgtdix.sys
2008-05-20 19:25 . 2008-05-20 19:25 0 ----a-w- c:\program files\temp01
2003-08-27 19:19 . 2003-10-30 11:31 36963 ----a-r- c:\program files\Common Files\SM1updtr.dll
2009-07-18 13:01 . 2009-02-03 21:13 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2004-09-09 1597440]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-04-21 94208]
"ATI Remote Control"="c:\program files\ATI Multimedia\RemCtrl\ATIRW.exe" [2004-04-16 196608]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-30 39408]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-11-12 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AtiPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-07-11 339968]
"GWMDMpi"="c:\winnt\GWMDMpi.exe" [2001-11-27 40960]
"UpdReg"="c:\winnt\Updreg.exe" [1999-11-12 86016]
"AdaptecDirectCD"="c:\program files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-04 684032]
"CapFax"="c:\program files\PhoneTools\CapFax.EXE" [2001-11-07 20480]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-25 282624]
"Pure Networks Port Magic"="c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-05-07 99480]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"SM1BG"="c:\winnt\SM1BG.EXE" [2003-08-27 94208]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-06 50688]
"PSPVideo9"="c:\program files\pspvideo9\pspVideo9.exe" [2005-05-25 643072]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-12-21 180269]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-06-21 35328]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"ATI DeviceDetect"="c:\program files\ATI Multimedia\main\ATIDtct.EXE" [2004-06-16 69705]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-10-30 256576]
"HostManager"="c:\program files\Common Files\AOL\1180989014\ee\AOLSoftware.exe" [2006-09-26 50736]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-14 919016]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-24 1948440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-14 148888]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2009-03-10 1553920]
"Hot Key Kbd 9910 Daemon"="SK9910DM.EXE" - c:\winnt\system32\SK9910DM.EXE [2001-01-03 66048]
"GWMDMMSG"="GWMDMMSG.exe" - c:\winnt\GWMDMMSG.exe [2001-11-27 101615]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\winnt\system32\narrator.exe [2004-08-04 53760]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
BOINC Manager.lnk - c:\program files\BOINC\boincmgr.exe [2006-5-5 1966080]
HotSync Manager.lnk - c:\program files\Handspring\HOTSYNC.EXE [2003-3-17 299008]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
ZoneAlarm.lnk - c:\program files\Zone Labs\ZoneAlarm\zonealarm.exe [2003-6-5 50664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-24 13:33 11952 ----a-w- c:\winnt\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\winnt\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1180989014\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Nexon\\KartRider\\NMService.exe"=
"c:\\WINNT\\system32\\PnkBstrA.exe"=
"c:\\WINNT\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\winnt\system32\drivers\avgldx86.sys [1/28/2009 5:14 PM 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\winnt\system32\drivers\avgtdix.sys [1/28/2009 5:14 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [6/24/2009 9:33 AM 907032]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2/6/2009 10:53 AM 298776]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [7/5/2007 6:42 PM 24652]
S3 Gcr432;Gcr432;c:\winnt\system32\drivers\gcr432.sys [10/4/2001 3:18 PM 53701]
S3 PacketNTx;Packet helper driver;c:\winnt\system32\drivers\PacketNTx.sys [11/27/2002 12:30 PM 24544]
S3 PCDRDRV;Pcdr Helper Driver;\??\c:\atf\Qctest\PCDoc\PCDRDRV.sys --> c:\atf\Qctest\PCDoc\PCDRDRV.sys [?]
S3 VisorUsb;Handspring USB;c:\winnt\system32\DRIVERS\VisorUsb.sys --> c:\winnt\system32\DRIVERS\VisorUsb.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-07-24 c:\winnt\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.runevillage.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.gateway.net
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
Trusted Zone: taxslayer.com\www
DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
DPF: {B9F3009B-976B-41C4-A992-229DCCF3367C} - hxxp://cdn.digitalcity.com/_media/dalaillama/ampx.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\ryzeoko5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.runescape.com/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npietab.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwinamp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

disk not found C:\

please note that you need administrator rights to perform deep scan
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PSSdk21]
"ImagePath"="\??\c:\winnt\System32\Drivers\HNPsSdk.drv"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\ó™õw$µ
*]
"DisplayName"="\09"
"DeviceDesc"="\09"
"ProviderName"=""
"MFG"="?"
"ReinstallString"="2002, 6.13.10.6118"
"DeviceInstanceIds"=multi:"\00"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(536)
c:\winnt\System32\iac25_32.ax
.
Completion time: 2009-07-30 13:08
ComboFix-quarantined-files.txt 2009-07-30 17:08
ComboFix2.txt 2009-07-27 19:46

Pre-Run: 43,760,726,016 bytes free
Post-Run: 43,333,087,232 bytes free

1183 --- E O F --- 2009-02-09 14:06

 

[fdpatches]

And the hijack this log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:19:56 PM, on 7/30/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINNT\System32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINNT\system32\PnkBstrA.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINNT\system32\SK9910DM.EXE
C:\WINNT\GWMDMMSG.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\PhoneTools\CapFax.EXE
C:\WINNT\SM1BG.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1180989014\ee\AOLSoftware.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINNT\wanmpsvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\Handspring\HOTSYNC.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\Program Files\BOINC\boinc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\BOINC\projects\setiathome.berkeley.edu\setiathome_6.03_windows_intelx86.exe
C:\WINNT\explorer.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.runevillage.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [AtiPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [CapFax] C:\Program Files\PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINNT\SM1BG.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [PSPVideo9] C:\Program Files\pspvideo9\pspVideo9.exe -t
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1180989014\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe"
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Handspring\HOTSYNC.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINNT\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINNT\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon FiOS Installer.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://jcs.chat.dcn.yahoo.com/v45/yacscom.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...apple.com/qt505/us/win/QuickTimeInstaller.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229602947828
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {B9F3009B-976B-41C4-A992-229DCCF3367C} (CoAxTrack Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (&Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio4029.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} (PCUploader Class) - http://www.konicaminoltaonline.com/activex/PCAXSetup.cab?
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\WINNT\system32\avgrsstx.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINNT\SYSTEM32\avgrsstx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINNT\SYSTEM32\GEARSEC.EXE
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINNT\system32\PnkBstrA.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

--
End of file - 12228 bytes

 

[Bio-Hazard]

Remove programs

• Click Start
• Go to Control Panel
• Go to Add/Remove Programs
• Find and click Remove for the following (if present):
  
  Batch Assistant
  BMSE dbl
  Data Compiler
  IE Help
  IEC system
  Indexing Function
  SBM OS
  SE Assistant
  SE Help
  Search Assistant
  Search Function
  Search OS
  Sidebar Search
  URL.IE APP
  WinMX

NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.



ATF-Cleaner

Please download ATF Cleaner by Atribune.

• Save it to your desktop
• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.
  
  If you use Firefox browser
• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
  
  NOTE: If you would like to keep your saved passwords please click No at the prompt.
• Click Exit on the Main menu to close the program.

Kaspersky Online Scan

You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

• Please go to Kaspersky website and perform an online antivirus scan.
• Read through the requirements and privacy statement and click on Accept button.
• It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
• When the downloads have finished, click on Settings.
• Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  • Spyware, Adware, Dialers, and other potentially dangerous programs
  • Archives
• Click on My Computer under Scan.
• Once the scan is complete, it will display the results. Click on View Scan Report.
• You will see a list of infected items there. Click on Save Report As....
• Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
• Please post this log in your next reply along with a fresh HijackThis log.

Optional Fix

I see that Viewpoint is installed. Viewpoint, Viewpoint Manager, Viewpoint Media Player are Viewpoint components which are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player's components. You can disable this using the Viewpoint Manager Control Panel found in the Windows Control Panel menu. By selecting Disable auto-updating for the Viewpoint Manager -- the player will no longer attempt to check for updates. Anything that is installed without your consent is suspect. Read what Viewpoint says and make your own decision.

To provide a satisfying consumer experience and to operate effectively, the Viewpoint Media Player periodically sends information to servers at Viewpoint. Each installation of the Viewpoint Media Player is identifiable to Viewpoint via a Customer Unique Identifier (CUID), an alphanumeric identifier embedded in the Viewpoint Media Player. The Viewpoint Media Player randomly generates the CUID during installation and uses it to indicate a unique installation of the product. A CUID is never connected to a user's name, email address, or other personal contact information. CUIDs are used for the sole purpose of filtering redundant information. Each of these information exchanges occurs anonymously.

Viewpoint Manager is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything bad. This may change,read Viewpoint to Plunge Into Adware.

I recommend that you remove the Viewpoint products; however, decide for yourself.

To uninstall the the Viewpoint components :

1. Click Start, point to Settings, and then click Control Panel.
2. In Control Panel, double-click Add or Remove Programs.
3. In Add or Remove Programs, highlight >>Viewpoint component<< , click Remove.
   
   
   How to prevent it from being recreated every time you run the AOL software:
   • Open AOL
   • Go to Help on the toolbar
   • Select About AOL
   • Hit Ctrl D and a secret panel can be accessed which will allow you to disable all desktop and IM features associated with Viewpoint.

Optional Fix

WeatherBug is a system tray icon that offers weather information and includes built-in ads. WeatherBug is controlled by AWS Convergence Technologies (weatherbugmedia.com). There is some controversy over whether WeatherBug should be targeted by anti-parasite software. AWS strongly deny their software is 'spyware', and by the definition used here, it is not, as it does not leak information back to its controlling servers. However, WeatherBug has in the past been silently installed by the FavoriteMan parasite and Freeze.com screensavers, and more recently has been bundled by software such as AIM and Blubster. This makes it 'unsolicited', and since it is installed to raise money for its creators through the built-in ads it is certainly 'commercial'. So it does meet the definition for 'parasite': unsolicited commercial software. It is nonetheless listed as a borderline case because it is not overtly harmful and many people do install it deliberately. WeatherBug bundles the MySearch parasite in its standalone distribution and has in the past, installed Gator and SVAPlayer.

I recommend that you uninstall WeatherBugand choose one of these alternatives:
Weather Pulse
Weather Watcher
or
Get mozilla Firefox and then get FORECASTFOX!!!
or check the weather at these websites:
Weather Street: US Weather
Intellicast
To uninstall WeatherBug:

1. Click Start, point to Settings, and then click Control Panel.
2. In Control Panel, double-click Add or Remove Programs.
3. In Add or Remove Programs, highlight WeatherBug, click Remove.
4. Close the Add or Remove Programs and the Control Panel windows.

Logs/Information to Post in Next Reply

Please post the following logs/Information in your reply:

• Let me know if you removed Viewpoint and Weatherbug
• Answer to My question
• Kaspersky Log
• A fresh HijackThis Log ( after all the above has been done)
• A description of how your computer is behaving

 

[fdpatches]

Please post the following logs/Information in your reply:

* Let me know if you removed Viewpoint and Weatherbug
* Answer to My question
* Kaspersky Log
* A fresh HijackThis Log ( after all the above has been done)
* A description of how your computer is behaving


Viewpoint and Weatherbug are gone.
not sure what question you asked
posting Kasperspy log and hijack this log
computer seems ok, havent been using it much because of the problems

the java expoits from Kaspersky should they be a worry? I use java alot for online games.

Thanks,
Tom
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Thursday, July 30, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Thursday, July 30, 2009 22:40:15
Records in database: 2564753
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: no

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Files scanned: 150429
Threat name: 12
Infected objects: 18
Suspicious objects: 0
Duration of the scan: 04:09:03


File name / Threat name / Threats count
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\22\10453ed6-54b58e74 Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-3ad601a5-4cf6b578.zip Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\Owner\My Documents\BS250.exe Infected: not-a-virus:AdWare.Win32.180Solutions.d 1
C:\Documents and Settings\Owner\My Documents\BS250.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1
C:\Documents and Settings\Owner\My Documents\BS250.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ag 2
C:\Documents and Settings\Owner\My Documents\hhousefree.exe Infected: not-a-virus:AdWare.Win32.SaveNow.c 1
C:\Documents and Settings\Owner\My Documents\hhousefree.exe Infected: not-a-virus:AdWare.Win32.SaveNow.af 1
C:\Documents and Settings\Owner\My Documents\hhousefree.exe Infected: not-a-virus:AdWare.Win32.SaveNow.v 2
C:\Documents and Settings\Owner\My Documents\hhousefree.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1
C:\Documents and Settings\Owner\My Documents\mirc617.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.617 1
C:\Documents and Settings\Owner\My Documents\My Received Files\BSINSTALL.exe Infected: not-a-virus:AdWare.Win32.CommonName.p 1
C:\Documents and Settings\Owner\My Documents\My Received Files\BSINSTALL.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ak 1
C:\Documents and Settings\Owner\My Documents\My Received Files\BSINSTALL.exe Infected: not-a-virus:AdWare.Win32.SaveNow.aw 1
C:\Documents and Settings\Owner\My Documents\My Received Files\BSINSTALL.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.617 1
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP969\A0224385.EXE Infected: not-a-virus:AdWare.Win32.MyWay.j 1

The selected area was scanned.




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:20:46 PM, on 7/30/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINNT\System32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINNT\system32\PnkBstrA.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINNT\system32\SK9910DM.EXE
C:\WINNT\GWMDMMSG.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\PhoneTools\CapFax.EXE
C:\WINNT\SM1BG.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1180989014\ee\AOLSoftware.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINNT\wanmpsvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\Handspring\HOTSYNC.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\Program Files\BOINC\boinc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINNT\explorer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\BOINC\projects\setiathome.berkeley.edu\setiathome_6.03_windows_intelx86.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.runevillage.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [AtiPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [CapFax] C:\Program Files\PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINNT\SM1BG.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [PSPVideo9] C:\Program Files\pspvideo9\pspVideo9.exe -t
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1180989014\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Handspring\HOTSYNC.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINNT\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINNT\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon FiOS Installer.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://jcs.chat.dcn.yahoo.com/v45/yacscom.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...apple.com/qt505/us/win/QuickTimeInstaller.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229602947828
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {B9F3009B-976B-41C4-A992-229DCCF3367C} (CoAxTrack Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (&Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio4029.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} (PCUploader Class) - http://www.konicaminoltaonline.com/activex/PCAXSetup.cab?
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\WINNT\system32\avgrsstx.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINNT\SYSTEM32\avgrsstx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINNT\SYSTEM32\GEARSEC.EXE
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINNT\system32\PnkBstrA.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

--
End of file - 11940 bytes

 

[Bio-Hazard]

Remove HijackThis entries

• Run HijackThis
• Click on the Scan button
• Put a check beside all of the items listed below (if present):
  
  O3 - Toolbar: (no name) - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - (no file)
  O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
  O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
• Close all open windows and browsers/email etc...
• Click on the Fix Checked button
• When completed close the application.

Download and run OTM

Download OTM by Old Timer and save it to your Desktop.

• Double-click OTM.exe to run it.
• Paste the following code under the
  
  area. Do not include the word Code.

:Files
C:\Documents and Settings\Owner\My Documents\BS250.exe
C:\Documents and Settings\Owner\My Documents\hhousefree.exe
C:\Documents and Settings\Owner\My Documents\My Received Files\BSINSTALL.exe
c:\program files\AWS
c:\program files\KazStamp
c:\documents and settings\Owner\Application Data\WeatherBug
c:\program files\temp01
c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

:Commands
[emptytemp]
[Reboot]

• Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
• Push the large
  
  button.
• OTM may ask to reboot the machine. Please do so if asked.
• Copy everything in the Results window (under the green bar), and paste it in your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Update Java Runtime and Run JavaRa

• Download Java Runtime
• Go to HERE to download Java Runtime Environment Version 6 Update 14
• Click on the link named Java Runtime Environment (JRE) 6 Update 14
• Click on the radio button to Accept License Agreement
• Click on Windows Offline Installation Multi-language and save the downloaded file to your desktop

• Run JavaRa
• Please download JavaRa and unzip it to your desktop.
• Double-click on JavaRa.exe to start the program.
• From the drop-down menu, choose English and click on Select.
• JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
• Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
• A logfile will pop up. Please save it to a convenient location.

• Install Java
• Install the new version of Java by running the newly-downloaded file ( jre-6u14-windows-i586-p.exe) with the java icon which will be at your desktop, and follow the on-screen instructions.
• Reboot your computer

Logs/Information to Post in Next Reply

Please post the following logs/Information in your reply:

• OTM log
• A fresh HijackThis Log ( after all the above has been done)
• A description of how your computer is behaving

 

[fdpatches]

Hi,
I was able to run the hijack this and remove what you said. I ran the OTM and posted the log. I was unable to access the JAVARA said error 403. Can I delete the old version with add/remove programs? Here are the logs.

All processes killed
========== FILES ==========
C:\Documents and Settings\Owner\My Documents\BS250.exe moved successfully.
C:\Documents and Settings\Owner\My Documents\hhousefree.exe moved successfully.
C:\Documents and Settings\Owner\My Documents\My Received Files\BSINSTALL.exe moved successfully.
c:\program files\AWS moved successfully.
c:\program files\KazStamp moved successfully.
c:\documents and settings\Owner\Application Data\WeatherBug moved successfully.
c:\program files\temp01 moved successfully.
File/Folder c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 1623240 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 65670 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32835 bytes

User: Owner
->Temp folder emptied: 77930811 bytes
->Temporary Internet Files folder emptied: 246471 bytes
->Java cache emptied: 727044689 bytes
->FireFox cache emptied: 78057498 bytes

%systemdrive% .tmp files removed: 0 bytes
C:\WINNT\msdownld.tmp folder deleted successfully.
%systemroot% .tmp files removed: 19528 bytes
%systemroot%\System32 .tmp files removed: 404039 bytes
File delete failed. C:\WINNT\temp\ZLT06004.TMP scheduled to be deleted on reboot.
File delete failed. C:\WINNT\temp\ZLT06032.TMP scheduled to be deleted on reboot.
Windows Temp folder emptied: 531863 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 844.95 mb


OTM by OldTimer - Version 3.0.0.5 log created on 08012009_084815

Files moved on Reboot...
File C:\WINNT\temp\ZLT06004.TMP not found!
File C:\WINNT\temp\ZLT06032.TMP not found!

Registry entries deleted on Reboot...



and hijack this

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:12:45 AM, on 8/1/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINNT\System32\CTsvcCDA.exe
C:\WINNT\SYSTEM32\GEARSEC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINNT\system32\PnkBstrA.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINNT\wanmpsvc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINNT\system32\SK9910DM.EXE
C:\WINNT\GWMDMMSG.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\PhoneTools\CapFax.EXE
C:\WINNT\SM1BG.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1180989014\ee\AOLSoftware.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\BOINC\boinc.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\BOINC\projects\boinc.bakerlab.org_rosetta\minirosetta_1.90_windows_intelx86.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.runevillage.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [AtiPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [CapFax] C:\Program Files\PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINNT\SM1BG.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [PSPVideo9] C:\Program Files\pspvideo9\pspVideo9.exe -t
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1180989014\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Handspring\HOTSYNC.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINNT\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINNT\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon FiOS Installer.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://jcs.chat.dcn.yahoo.com/v45/yacscom.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...apple.com/qt505/us/win/QuickTimeInstaller.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229602947828
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {B9F3009B-976B-41C4-A992-229DCCF3367C} (CoAxTrack Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (&Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio4029.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} (PCUploader Class) - http://www.konicaminoltaonline.com/activex/PCAXSetup.cab?
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\WINNT\system32\avgrsstx.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINNT\SYSTEM32\avgrsstx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINNT\SYSTEM32\GEARSEC.EXE
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINNT\system32\PnkBstrA.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

--
End of file - 11685 bytes