Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Very slow computer, Help Needed! [RESOLVED]

Started by Desperate1 , Feb 12 2008 07:17 PM

This topic is locked

#1
Desperate1

Posted 12 February 2008 - 07:17 PM

Member

Member
29 posts

My computer is extreamly slow. I am afraid that it could crash. I will try to give you as much information as I can.
My computer is a Medion with Windows XP 2.66 GHz Intel Pentium 4 processor, and 512 MB DDR SDRAM, 120 GB 7,200 RPM seagate hard drive. I usually run AVG Virus protection, Spybot Search & Destroy, and Adaware SE. I don't have windows service pack 2, but I will download it as soon as I know my computer is free of any malware.

I downloaded the AVG Anti-Spyware program, and did the scan, it said that my computer had 52,471 infections, when I clicked on "Apply all actions" it said (error deleting). I went to Reports, and it said no reports saved. I followed all the steps when I set up the program, and I even double checked to see if maybe I had made a mistake. I'm not sure what went wrong.

I also downloaded SuperAntiSpyware Home Edition This is the log that I saved from that scan.
Generated 02/12/2008 at 06:43 PM

Application Version : 3.6.1000

Core Rules Database Version : 3400
Trace Rules Database Version: 1392

Scan type : Complete Scan
Total Scan Time : 01:46:29

Memory items scanned : 511
Memory threats detected : 0
Registry items scanned : 4968
Registry threats detected : 24
File items scanned : 72882
File threats detected : 171

Adware.Tracking Cookie
C:\Documents and Settings\Marsha Sherbert\Cookies\marsha [email protected][2].txt

Adware.Apropos Media
HKU\S-1-5-21-3599462620-2520187666-827961912-1006\Software\Aprps
HKLM\Software\Aprps
HKLM\Software\Aprps\Client
HKLM\Software\Aprps\Client#InstallationId
HKLM\Software\Aprps\Client#ProxyStub
HKLM\Software\Aprps\Client#Plugin
HKLM\Software\Aprps\Client#ClientName
HKLM\Software\Aprps\Client#LegalNote
HKLM\Software\Aprps\Client#PartnerId
HKLM\Software\Aprps\Client#ServerAddress

Spyware.WebSearch (WinTools/Huntbar)
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#DeviceDesc

Registry Cleaner Trial
HKLM\Software\Registry Cleaner
HKLM\Software\Registry Cleaner\Uninstall
HKLM\Software\Registry Cleaner\Uninstall#UnwisePath
HKLM\Software\Registry Cleaner\Uninstall#InstallLog
HKLM\Software\Registry Cleaner\Uninstall#RCUninstallPath
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs#C:\WINDOWS\Downloaded Program Files\Install.dll [ ]

Adware.Zango Toolbar/Hb
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\IESkins
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3442551.sdf
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\domains.txt
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\13562
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\44293
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\44458
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\53933
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\54473
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\6873
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\ustat\3486.dat
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\ustat
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\btntrans.idx
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\btntrans1.dat
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\buttondir.txt
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\components.cdf
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\default.cdf
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_511745-514279.mnu
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_bidzC_ZT_IE-ca.mnu
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_bidzC_ZT_IE-us.mnu
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_categorize.mnu
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_comparison.mnu
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_explorer-Mails.mnu
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_explorer-people.mnu
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_favorites.mnu
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_Games.mnu
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_Hide.mnu
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_hotbarcom.mnu
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_Hotmail.mnu
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_hsskin.mnu
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_jemster.mnu
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_jemsterie.mnu
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_jemsteruk.mnu
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_jobsearch.mnu
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_Mails.mnu
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_MobileSidewalk.mnu
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_new.mnu
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_premium.mnu
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_reun.mnu
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_ringtones.mnu
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_SearchBoxTrapper.mnu
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_searchfor.mnu
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_searchgo.mnu
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_weather.mnu
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_yellowpages.mnu
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\d_icons_buttons_1000.res
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\d_icons_buttons_2000.res
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\d_icons_buttons_3000.res
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\d_icons_buttons_bar.res
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\d_icons_buttons_bbar1.res
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\d_icons_buttons_logos.res
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\d_icons_buttons_other.res
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\email-def-511724-548964.mnu
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\email-def-511724-9595.mnu
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\email-t1-bg.res
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\icons2.res
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\keywords.idx
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\keywords1.dat
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\layout.cdf
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\linkpathlegal.txt
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\progress.res
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\sales_buttons.res
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\s_icons_buttons.res
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\t2_bg.res
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\theweb.mnu
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\top7.cdf
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Top7_theweb.mnu
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\tsd_bg.res
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\zango.res
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\btntrans.idx
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\btntrans1.dat
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\buttondir.txt
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\components.cdf
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\default.cdf
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_511745-514279.mnu
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_bidzC_ZT_IE-ca.mnu
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_bidzC_ZT_IE-us.mnu
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_categorize.mnu
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_comparison.mnu
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_explorer-Mails.mnu
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_explorer-people.mnu
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_favorites.mnu
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_Games.mnu
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_Hide.mnu
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_hotbarcom.mnu
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_Hotmail.mnu
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_hsskin.mnu
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_jemster.mnu
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_jemsterie.mnu
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_jemsteruk.mnu
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_jobsearch.mnu
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_Mails.mnu
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_MobileSidewalk.mnu
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_new.mnu
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_premium.mnu
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_reun.mnu
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_ringtones.mnu
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_SearchBoxTrapper.mnu
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_searchfor.mnu
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_searchgo.mnu
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_weather.mnu
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_yellowpages.mnu
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\d_icons_buttons_1000.res
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\d_icons_buttons_2000.res
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\d_icons_buttons_3000.res
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\d_icons_buttons_bar.res
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\d_icons_buttons_bbar1.res
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\d_icons_buttons_logos.res
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\d_icons_buttons_other.res
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\email-def-511724-548964.mnu
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\email-def-511724-9595.mnu
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\email-t1-bg.res
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\icons2.res
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\keywords.idx
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\keywords1.dat
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\layout.cdf
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\linkpathlegal.txt
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\progress.res
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\sales_buttons.res
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\s_icons_buttons.res
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\t2_bg.res
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\theweb.mnu
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\top7.cdf
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Top7_theweb.mnu
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\tsd_bg.res
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\zango.res
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\BtnTrans.xip
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\BtnTrans1.xip
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\buttondir.xip
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\default.xip
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\d_icons_buttons_1000.xip
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\d_icons_buttons_2000.xip
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\d_icons_buttons_3000.xip
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\d_icons_buttons_bar.xip
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\d_icons_buttons_bbar1.xip
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\d_icons_buttons_logos.xip
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\d_icons_buttons_other.xip
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\email-t1-bg.xip
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\icons2.xip
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\keywords.xip
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\keywords1.xip
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\layout.xip
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\linkpathlegal.xip
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\progress.xip
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\sales_buttons.xip
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\samplegroups2.txt
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\samplegroups2.xip
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\s_icons_buttons.xip
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\t2_bg.xip
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\top7.xip
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\tsd_bg.xip
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\zango.xip
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0\ZangoToolbar
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\v3.0
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar\zbar.log
C:\Documents and Settings\Marsha Sherbert\Application Data\ZangoToolbar

Adware.180solutions/ZangoSearch
C:\DOCUMENTS AND SETTINGS\ROBERT SHERBERT\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\U19GXYDX\CHARLOTTE_ENGELHARDT_PHOTO_SHOOT_ENCRYPTED[1].WMV
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F091800C-3654-4122-8C7E-BA0B6A15115D}\RP1081\A0176984.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F091800C-3654-4122-8C7E-BA0B6A15115D}\RP1081\A0176985.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F091800C-3654-4122-8C7E-BA0B6A15115D}\RP1081\A0176986.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F091800C-3654-4122-8C7E-BA0B6A15115D}\RP1081\A0176987.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F091800C-3654-4122-8C7E-BA0B6A15115D}\RP1081\A0176988.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F091800C-3654-4122-8C7E-BA0B6A15115D}\RP1081\A0176989.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F091800C-3654-4122-8C7E-BA0B6A15115D}\RP1081\A0176990.EXE

Unclassified.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F091800C-3654-4122-8C7E-BA0B6A15115D}\RP1081\A0176991.DLL

This is my Hijack This Log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:34:19 PM, on 2/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\PROGRA~1\eSnips\ClientGW.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\WINDOWS\system32\lexpps.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Lexmark\Connect\Lexmark Connect.exe
C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\SlimBrowser\sbrowser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.bellsouth.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: eSnips - {ED1184DA-E57E-4480-99D0-A16809037F54} - C:\PROGRA~1\eSnips\SnipBar.dll
O4 - HKLM\..\Run: [RCScheduleCheck] C:\Program Files\VCOM\Recovery Commander\RCSCHED.EXE -CHECK
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Error Nuker] C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [eSnips] "C:\PROGRA~1\eSnips\ClientGW.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Lpxyzz] C:\WINDOWS\System32\r?gsvr32.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Lpxyzz] C:\WINDOWS\System32\r?gsvr32.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Lexmark Connect.lnk = C:\Program Files\Lexmark\Connect\Lexmark Connect.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &Search - ?p=ZU
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Snip to my eSnips account - C:\Program Files\eSnips\res\SnipIt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: TREND MICRO HouseCall - {2B5EA4F8-620A-4A8B-B003-4C8C5EBEA826} - http://uk.trendmicro...usecall_pre.php (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: PD - {CD7CF288-D72E-4176-9E92-67188C5CCE5B} - C:\Program Files\Popup Defender\pd.exe (file missing)
O9 - Extra button: Messenger - {DECDBEEF-D3AD-B3EF-DE4D-B3EFDEADB3EF} - C:\Program Files\BellSouth\Communications Suite\BstMessenger.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ChatSpace Full Java Client 3.1.0.235 - http://irc.chatway.c...va/cfs31235.cab
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct2_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.game...ts/y/dot8_x.cab
O16 - DPF: Yahoo! Fleet - http://download.game...s/y/fltt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.fasta...oad/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1A4DA620-6217-11CF-BE62-0080C72EDD2D} (MarqueeCtl Object) - http://activex.micro...x86/marquee.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.co...UC/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1122075270763
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1122075778884
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} - http://de.trendmicro...eCallButton.CAB
O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} - file://F:\Content\include\msSecUcd.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} - http://games-dl.real...ArcadeRdxIE.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} - https://www.stopzill...ller/dwnldr.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 13761 bytes

Uninstall List

ABBYY FineReader 5.0 Sprint
Ad-Aware 2007
Adobe Acrobat 4.0
Adobe Acrobat 5.0
Adobe Flash Player 9 ActiveX
Adobe Flash Player Plugin
Adobe Reader 7.0.9
Adobe® Photoshop® Album Starter Edition 3.0
Adobe® Photoshop® Album Starter Edition 3.0.1
America Online (Choose which version to remove)
AOL Coach Version 1.0(Build:20020929.1)
APC PowerChute Personal Edition
Apple Mobile Device Support
Apple Software Update
AVG Anti-Spyware 7.5
AVG Free Edition
BellSouth DSL Connection Manager Lite
BellSouth FastAccess DSL Help Center
BellSouth® Communications Suite
BellSouth® FastAccess® Connection Manager
BroadJump CorrectConnect Engine
BurnPlugin for Audible
CCHelp
CCScore
Checkers
CleanUp!
ClueFinders 3rd Grade Adventures
eSnips
ESSAdpt
ESSANUP
ESSBrwr
ESSCAM
ESSCDBK
ESScore
ESSCT
ESSEMAIL
ESSgui
ESShelp
ESSini
ESSPCD
ESSSONIC
ESSvpaht
ESSvpot
ewido security suite
Eyetide Viewer
FinePixViewer Ver.4.3
FPSpellCheck (remove only)
FUJIFILM USB Driver
Google Toolbar for Internet Explorer
Google Video Player
HijackThis 2.0.2
HLPCCTR
HLPIndex
HLPSFO
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Format SDK (KB910998)
ieSpell
Informations about your PC
Internet Explorer Q903235
iTunes
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_05
Java 2 Runtime Environment, SE v1.4.2_08
Java™ 6 Update 3
Kodak EasyShare software
KSU
Lexmark Connect
Lexmark X5100 Series
Macromedia Shockwave Player
Medion Flash XL
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft Data Access Components KB870669
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
Microsoft Windows XP Video Decoder Checkup Utility
Microsoft Works 7.0
Mozilla Firefox (2.0.0.11)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
Musicmatch® Jukebox
Natural Color
Nero - Burning Rom
Notifier
OfotoXMI
OTtBP
OTtBPSDK
PCDLNCH
Pop-Up Stopper
Pop-Up Stopper Free Edition
Power Cinema
PowerDesk 5.0
PowerDVD
PowerProducer
QuickTime
RealArcade
RealPlayer
Realtek AC'97 Audio
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926247)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
SFR
SFR2
SiS 900 PCI Fast Ethernet Adapter Driver
SlimBrowser (remove only)
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
SpywareBlaster v3.4
SpywareGuard v2.2
SUPERAntiSpyware Free Edition
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
VCAMCEN
Viewpoint Manager (Remove Only)
Viewpoint Media Player
VPRINTOL
Windows Backup Utility
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
Yahoo! Anti-Spy
Yahoo! extras
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Music Jukebox
Yahoo! Photos Easy Upload Tool 1v7
Yahoo! Toolbar

I don't understand any of these logs, so I hope I have given you enough information to help me. Thanks in advance for any help you can give!!! It will be greatly appreciated!

#2
kahdah

Posted 12 February 2008 - 08:02 PM

GeekU Teacher

Retired Staff
15,822 posts

Hello Desperate1

Welcome to G2Go.

=================
Please download Deckard's System Scanner (DSS) and save it to your Desktop.

Close all other windows before proceeding.
Double-click on dss.exe and follow the prompts.
When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

#3
Desperate1

Posted 12 February 2008 - 09:17 PM

Member

Topic Starter
Member
29 posts

Thanks for your help!

main.txt-Notepad

Deckard's System Scanner v20071014.68
Run by Marsha Sherbert on 2008-02-12 22:03:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
14: 2008-02-13 03:03:21 UTC - RP1085 - Deckard's System Scanner Restore Point
13: 2008-02-13 00:19:53 UTC - RP1084 - Software Distribution Service 3.0
12: 2008-02-13 00:14:33 UTC - RP1083 - Software Distribution Service 3.0
11: 2008-02-12 21:50:17 UTC - RP1082 - Installed SUPERAntiSpyware Free Edition
10: 2008-02-12 14:33:13 UTC - RP1081 - Restore point Febuary08

-- First Restore Point --
1: 2008-02-03 05:36:26 UTC - RP1072 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 480 MiB (512 MiB recommended).

-- HijackThis (run as Marsha Sherbert.exe) -------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:05:58 PM, on 2/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\PROGRA~1\eSnips\ClientGW.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\WINDOWS\system32\lexpps.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Lexmark\Connect\Lexmark Connect.exe
C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Documents and Settings\Marsha Sherbert\Desktop\dss.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Marsha Sherbert.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.bellsouth.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: eSnips - {ED1184DA-E57E-4480-99D0-A16809037F54} - C:\PROGRA~1\eSnips\SnipBar.dll
O4 - HKLM\..\Run: [RCScheduleCheck] C:\Program Files\VCOM\Recovery Commander\RCSCHED.EXE -CHECK
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Error Nuker] C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [eSnips] "C:\PROGRA~1\eSnips\ClientGW.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Lpxyzz] C:\WINDOWS\System32\r?gsvr32.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Lpxyzz] C:\WINDOWS\System32\r?gsvr32.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Lexmark Connect.lnk = C:\Program Files\Lexmark\Connect\Lexmark Connect.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &Search - ?p=ZU
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Snip to my eSnips account - C:\Program Files\eSnips\res\SnipIt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: TREND MICRO HouseCall - {2B5EA4F8-620A-4A8B-B003-4C8C5EBEA826} - http://uk.trendmicro...usecall_pre.php (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: PD - {CD7CF288-D72E-4176-9E92-67188C5CCE5B} - C:\Program Files\Popup Defender\pd.exe (file missing)
O9 - Extra button: Messenger - {DECDBEEF-D3AD-B3EF-DE4D-B3EFDEADB3EF} - C:\Program Files\BellSouth\Communications Suite\BstMessenger.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ChatSpace Full Java Client 3.1.0.235 - http://irc.chatway.c...va/cfs31235.cab
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct2_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.game...ts/y/dot8_x.cab
O16 - DPF: Yahoo! Fleet - http://download.game...s/y/fltt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.fasta...oad/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1A4DA620-6217-11CF-BE62-0080C72EDD2D} (MarqueeCtl Object) - http://activex.micro...x86/marquee.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.co...UC/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1122075270763
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1122075778884
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} - http://de.trendmicro...eCallButton.CAB
O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} - file://F:\Content\include\msSecUcd.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} - http://games-dl.real...ArcadeRdxIE.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} - https://www.stopzill...ller/dwnldr.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 13751 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 ewido security suite driver - c:\program files\ewido\security suite\guard.sys
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S3 mxDisk - c:\progra~1\vcom\fix-it\mxdisk.sys (file missing)
S3 VisorUsb (Handspring USB) - c:\windows\system32\drivers\visorusb.sys <Not Verified; Handspring, Inc; Visor®>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>

S4 ewido security suite guard - c:\program files\ewido\security suite\ewidoguard.exe <Not Verified; ewido networks; guard>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-02-12 21:23:44 620 --a----c- C:\WINDOWS\Tasks\Scheduled Checkpoint.job
2008-02-12 19:00:00 284 --a----c- C:\WINDOWS\Tasks\Internet Explorer.job
2008-02-12 18:13:00 320 --a------ C:\WINDOWS\Tasks\Connection Manager.job
2008-02-12 15:58:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-02-11 03:00:00 280 --a----c- C:\WINDOWS\Tasks\Backup.job
2006-06-09 16:10:55 126 --a------ C:\WINDOWS\Tasks\UPS System Shutdown Program.job

-- Files created between 2008-01-12 and 2008-02-12 -----------------------------

2008-02-12 16:50:43 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-12 16:50:18 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-02-12 16:50:18 0 d-------- C:\Documents and Settings\Marsha Sherbert\Application Data\SUPERAntiSpyware.com
2008-02-12 10:11:17 0 d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-02-12 09:59:39 0 d-------- C:\Documents and Settings\Marsha Sherbert\Application Data\Grisoft
2008-02-05 15:45:21 0 d-------- C:\Documents and Settings\Haley Sherbert\Application Data\Apple Computer

-- Find3M Report ---------------------------------------------------------------

2008-02-12 22:05:25 0 d-------- C:\Documents and Settings\Marsha Sherbert\Application Data\SlimBrowser
2008-02-12 19:33:29 0 d-------- C:\Program Files\Trend Micro
2008-02-12 16:49:19 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-06 16:28:18 0 d-------- C:\Documents and Settings\Marsha Sherbert\Application Data\Adobe
2008-02-03 12:10:08 0 d-------- C:\Program Files\QuickTime

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RCScheduleCheck"="C:\Program Files\VCOM\Recovery Commander\RCSCHED.exe" [06/09/2003 05:45 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [02/02/2008 08:38 PM]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [02/04/2002 09:32 PM]
"tgcmd"="C:\Program Files\Support.com\BellSouth\hcenter.exe" [08/31/2005 02:14 PM]
"SoundMan"="SOUNDMAN.EXE" [01/20/2003 10:48 AM C:\WINDOWS\soundman.exe]
"Error Nuker"="C:\Program Files\Error Nuker\bin\ErrorNuker.exe" []
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/06/2005 10:46 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [11/05/2006 11:39 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [10/30/2006 09:36 AM]
"NapsterShell"="C:\Program Files\Napster\napster.exe" []
"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [07/28/2004 11:27 PM]
"ClientGW"="" []
"eSnips"="C:\PROGRA~1\eSnips\ClientGW.exe" [12/10/2007 02:07 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [01/10/2008 03:27 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 04:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [11/30/2006 09:49 PM]
"Magentic"="C:\PROGRA~1\Magentic\bin\Magentic.exe" []
"IncrediMail"="C:\PROGRA~1\INCRED~1\bin\IncMail.exe" []
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 03:45 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=
"tscuninstall"=

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Lpxyzz"=C:\WINDOWS\System32\r?gsvr32.exe

C:\Documents and Settings\Marsha Sherbert\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [8/29/2003 6:05:35 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 9:05:26 PM]
APC UPS Status.lnk - C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe [2/28/2004 10:05:15 PM]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [8/11/2004 2:22:40 AM]
Lexmark Connect.lnk - C:\Program Files\Lexmark\Connect\Lexmark Connect.exe [9/24/2004 3:00:24 AM]
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe [10/3/2007 1:56:10 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= :\WINDOWS\system32\srrstr.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

7902 more entries in hosts file.

-- End of Deckard's System Scanner: finished at 2008-02-12 22:07:25 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.66GHz
Percentage of Memory in Use: 70%
Physical Memory (total/avail): 479.48 MiB / 140.88 MiB
Pagefile Memory (total/avail): 1125.28 MiB / 742.06 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1940.11 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 106.81 GiB total, 72.22 GiB free.
D: is Fixed (FAT32) - 4.97 GiB total, 0.97 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ST3120022A - 111.79 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 106.81 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 4.98 GiB - D:

\\.\PHYSICALDRIVE3 - Medion Flash XL MMC/SD USB Device

\\.\PHYSICALDRIVE1 - Medion Flash XL CF USB Device

\\.\PHYSICALDRIVE2 - Medion Flash XL MS USB Device

\\.\PHYSICALDRIVE4 - Medion Flash XL SM USB Device

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: AVG 7.5.516 v7.5.516 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\WINDOWS\\system32\\LEXPPS.EXE"="C:\\WINDOWS\\system32\\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Palm\\hotsync.exe"="C:\\Program Files\\Palm\\hotsync.exe:*:Enabled:HotSync® Manager Application"
"C:\\Program Files\\Support.com\\bin\\tgcmd.exe"="C:\\Program Files\\Support.com\\bin\\tgcmd.exe:*:Disabled:BellSouth Bulletin and Job processor"
"C:\\WINDOWS\\system32\\mmc.exe"="C:\\WINDOWS\\system32\\mmc.exe:*:Enabled:Microsoft Management Console"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"="C:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Engine"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\SlimBrowser\\sbrowser.exe"="C:\\Program Files\\SlimBrowser\\sbrowser.exe:*:Disabled:FlashPeak SlimBrowser"
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"="C:\\Program Files\\IncrediMail\\bin\\ImApp.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\Magentic\\bin\\MgImp.exe"="C:\\Program Files\\Magentic\\bin\\MgImp.exe:*:Enabled:Magentic"
"C:\\Program Files\\Magentic\\bin\\Magentic.exe"="C:\\Program Files\\Magentic\\bin\\Magentic.exe:*:Enabled:Magentic"
"C:\\Program Files\\Magentic\\bin\\MgApp.exe"="C:\\Program Files\\Magentic\\bin\\MgApp.exe:*:Enabled:Magentic"
"C:\\Documents and Settings\\Timmy Sherbert\\Local Settings\\Temp\\~os2F6C.tmp\\ossproxy.exe"="C:\\Documents and Settings\\Timmy Sherbert\\Local Settings\\Temp\\~os2F6C.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Marsha Sherbert\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YOUR-DZ6JBWLGNP
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Marsha Sherbert
LOGONSERVER=\\YOUR-DZ6JBWLGNP
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0207
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\MARSHA~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\MARSHA~1\LOCALS~1\Temp
USERDOMAIN=YOUR-DZ6JBWLGNP
USERNAME=Marsha Sherbert
USERPROFILE=C:\Documents and Settings\Marsha Sherbert
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

Robert Sherbert (admin)
Marsha Sherbert (admin)
Timmy Sherbert (admin)
Haley Sherbert (admin)
Administrator (admin)
Guest (guest)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\Yahoo!\Yahoo! Music Engine\oggcodecs\uninst.exe
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 5.0 Sprint --> MsiExec.exe /X{4468EF97-A253-4699-9E1C-88CAE2C6832D}
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 4.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.dll"
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Adobe® Photoshop® Album Starter Edition 3.0.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9618743-1A5C-461E-91C4-E013A3D70F3C}\Setup.exe" -l0x9
America Online (Choose which version to remove) --> C:\Program Files\Common Files\aolshare\Aolunins_us.exe
AOL Coach Version 1.0(Build:20020929.1) --> C:\WINDOWS\AolCInUn.exe
APC PowerChute Personal Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5A0C892E-FD1C-4203-941E-0956AED20A6A}\Setup.exe" -l0x9
Apple Mobile Device Support --> MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217}
Apple Software Update --> MsiExec.exe /I{5B433733-BB31-4B40-BCBA-DDED37626641}
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
AVG Free Edition --> C:\Program Files\Grisoft\AVG Free\setup.exe /UNINSTALL
BellSouth DSL Connection Manager Lite --> "C:\Program Files\Support.com\bin\tgfix.exe" /rm /nq
BellSouth FastAccess DSL Help Center --> "C:\Program Files\Support.com\BellSouth\Uninstall.exe" /c "Remove BellSouth® FastAccess® DSL Help Center?"
BellSouth® Communications Suite --> C:\Program Files\BellSouth\Application Center\BsnAppCenter.exe /UninstallStub /Script="BellSouthCommunicationsSuite.sc"
BellSouth® FastAccess® Connection Manager --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\BellSouth\Connection Manager\Uninst.isu" -c"C:\Program Files\BellSouth\Connection Manager\SCUninstall.dll" -b"SmartConnect" -h"SmartConnect"
BroadJump CorrectConnect Engine --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\BroadJump\CorrectConnect Engine\Uninst.isu" -c"C:\Program Files\BroadJump\CorrectConnect Engine\CCDUninstall.dll" -b"CCD" -h"CCD"
BurnPlugin for Audible --> MsiExec.exe /I{301120E0-45A9-498C-8627-19E7E20EFA3A}
CCHelp --> MsiExec.exe /I{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Checkers --> MsiExec.exe /X{31B88744-BAB3-4A8D-A24D-4DA21E43E5D5}
CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe
ClueFinders 3rd Grade Adventures --> C:\WINDOWS\TLCUninstall.exe -f "c:\program files\ClueFinders 3rd Grade Adventures\Uninstall.xml"
eSnips --> MsiExec.exe /X{3D4504EF-5B46-483E-BE1E-CC17C4A0BFFA}
ESSAdpt --> MsiExec.exe /I{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}
ESSANUP --> MsiExec.exe /I{A6F18A67-B771-4191-8A33-36D2E742D6D9}
ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCAM --> MsiExec.exe /I{469730CC-78DF-4CD3-B286-562D459EA619}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSCT --> MsiExec.exe /I{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}
ESSEMAIL --> MsiExec.exe /I{FEDE2483-87B7-44C1-A5BB-D75AEB8B6340}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp --> MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSSONIC --> MsiExec.exe /I{4F677FC7-7AA8-412B-A957-F13CBE1C7331}
ESSvpaht --> MsiExec.exe /I{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}
ESSvpot --> MsiExec.exe /I{48C82F7A-F100-4DAB-A310-8E18BF2159E1}
ewido security suite --> C:\Program Files\ewido\security suite\Uninstall.exe
Eyetide Viewer --> C:\PROGRA~1\EYETID~1\EYETID~1\UNWISE.EXE C:\PROGRA~1\EYETID~1\EYETID~1\INSTALL.LOG
FinePixViewer Ver.4.3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24ED4D80-8294-11D5-96CD-0040266301AD}\SETUP.EXE"
FPSpellCheck (remove only) --> "C:\Program Files\FPSpellCheck\uninst.exe"
FUJIFILM USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar5.dll"
Google Video Player --> "C:\Program Files\Google\Google Video Player\Uninstall.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HLPCCTR --> MsiExec.exe /I{F2D0C1B1-80FF-46F9-BA61-33B01A07FAFC}
HLPIndex --> MsiExec.exe /I{38441BE7-79B0-42B8-8297-833704F949FE}
HLPSFO --> MsiExec.exe /I{8DD94CA3-BCD2-49C0-B537-F3B5D95FF0C8}
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB910998) --> "C:\WINDOWS\$NtUninstallKB910998$\spuninst\spuninst.exe"
ieSpell --> "C:\Program Files\ieSpell\uninst.exe"
Informations about your PC --> MsiExec.exe /I{0AB149EB-2AE0-466C-9BA4-3A718CF06432}
Internet Explorer Q903235 --> C:\WINDOWS\ieuninst.exe C:\WINDOWS\INF\Q903235.inf
iTunes --> MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4}
J2SE Runtime Environment 5.0 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java 2 Runtime Environment, SE v1.4.2_05 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142050}
Java 2 Runtime Environment, SE v1.4.2_08 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142080}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_10009_478d1e\Setup.exe /APR-REMOVE
KSU --> MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
Lexmark Connect --> C:\Program Files\Lexmark\Connect\Uninstaller.exe
Lexmark X5100 Series --> C:\WINDOWS\System32\spool\drivers\w32x86\3\LXBAUN5C.EXE -dLexmark X5100 Series
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Medion Flash XL --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA1CB7AC-E221-4822-A789-0ADB051DC498}\Setup.exe" -l0x9
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Musicmatch® Jukebox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}\setup.exe" -l0x9 -uninst
Natural Color --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F51D9393-BB14-4566-99BF-D6ED63AEFCD7}\setup.exe"
Nero - Burning Rom --> MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
OfotoXMI --> MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
OTtBP --> MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
OTtBPSDK --> MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}
PCDLNCH --> MsiExec.exe /I{69BD6399-3D8F-45B7-81D9-819361F5101D}
Pop-Up Stopper --> C:\PROGRA~1\PANICW~1\POP-UP~2\UNWISE.EXE C:\PROGRA~1\PANICW~1\POP-UP~2\INSTALL.LOG
Pop-Up Stopper Free Edition --> C:\PROGRA~1\PANICW~1\POP-UP~1\UNWISE.EXE C:\PROGRA~1\PANICW~1\POP-UP~1\INSTALL.LOG
Power Cinema --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6B103F43-069C-11D6-9EA2-0050BAE317E1}\Setup.exe" -uninst
PowerDesk 5.0 --> C:\Program Files\VCOM\PowerDesk\uninstal.exe C:\Program Files\VCOM\PowerDesk
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerProducer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}
RealArcade --> C:\Program Files\Real\RealArcade\Update\rnuninst.exe RealNetworks|RealArcade|1.2
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
SFR --> MsiExec.exe /I{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}
SFR2 --> MsiExec.exe /I{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}
SiS 900 PCI Fast Ethernet Adapter Driver --> C:\Progra~1\SiSLan\Uninst.exe
SlimBrowser (remove only) --> "C:\Program Files\SlimBrowser\uninst.exe"
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
SpywareBlaster v3.4 --> "C:\Program Files\SpywareBlaster\unins000.exe"
SpywareGuard v2.2 --> "C:\Program Files\SpywareGuard\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
VCAMCEN --> MsiExec.exe /I{10E98E14-832C-4AF7-A4D1-6A9EF83B282E}
Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\\mtsAxInstaller.exe /u
VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Windows Backup Utility --> MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Yahoo! Anti-Spy --> C:\PROGRA~1\Yahoo!\Common\unypsr.exe
Yahoo! extras --> C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI~1.DLL
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Music Jukebox --> MsiExec.exe /X{EC3B8CA2-49B8-4D38-BE9C-ABD0F6029168}
Yahoo! Photos Easy Upload Tool 1v7 --> C:\WINDOWS\system32\regsvr32 /u /s "C:\WINDOWS\cache\YDropper.dll"
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe

-- Application Event Log -------------------------------------------------------

Event Record #/Type60 / Error
Event Submitted/Written: 02/11/2008 06:45:06 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application YahooMessenger.exe, version 8.1.0.209, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type58 / Error
Event Submitted/Written: 02/11/2008 05:52:47 PM
Event ID/Source: 1511 / Userenv
Event Description:
Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

Event Record #/Type57 / Error
Event Submitted/Written: 02/11/2008 05:52:20 PM
Event ID/Source: 1515 / Userenv
Event Description:
Windows has backed up this user's profile. Windows will automatically try to use the backed up profile the next time this user logs on.

Event Record #/Type56 / Error
Event Submitted/Written: 02/11/2008 05:52:20 PM
Event ID/Source: 1502 / Userenv
Event Description:
Windows cannot load the locally stored profile. Possible causes of this error include insufficient security rights or a corrupt local profile. If this problem persists, contact your network administrator.

DETAIL - The process cannot access the file because it is being used by another process.

Event Record #/Type55 / Error
Event Submitted/Written: 02/11/2008 05:51:49 PM
Event ID/Source: 1508 / Userenv
Event Description:
Windows was unable to load the registry. This is often caused by insufficient memory or insufficient security rights.

DETAIL - The process cannot access the file because it is being used by another process. for C:\Documents and Settings\Timmy Sherbert\ntuser.dat

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type107573 / Error
Event Submitted/Written: 02/12/2008 10:06:41 PM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk0\D, has a bad block.

Event Record #/Type107572 / Error
Event Submitted/Written: 02/12/2008 10:06:34 PM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk0\D, has a bad block.

Event Record #/Type107571 / Error
Event Submitted/Written: 02/12/2008 10:06:06 PM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk0\D, has a bad block.

Event Record #/Type107570 / Error
Event Submitted/Written: 02/12/2008 10:05:38 PM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk0\D, has a bad block.

Event Record #/Type107569 / Error
Event Submitted/Written: 02/12/2008 10:03:12 PM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk0\D, has a bad block.

-- End of Deckard's System Scanner: finished at 2008-02-12 22:07:25 ------------

extra.txt-Notepad

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.66GHz
Percentage of Memory in Use: 70%
Physical Memory (total/avail): 479.48 MiB / 140.88 MiB
Pagefile Memory (total/avail): 1125.28 MiB / 742.06 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1940.11 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 106.81 GiB total, 72.22 GiB free.
D: is Fixed (FAT32) - 4.97 GiB total, 0.97 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ST3120022A - 111.79 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 106.81 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 4.98 GiB - D:

\\.\PHYSICALDRIVE3 - Medion Flash XL MMC/SD USB Device

\\.\PHYSICALDRIVE1 - Medion Flash XL CF USB Device

\\.\PHYSICALDRIVE2 - Medion Flash XL MS USB Device

\\.\PHYSICALDRIVE4 - Medion Flash XL SM USB Device

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: AVG 7.5.516 v7.5.516 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\WINDOWS\\system32\\LEXPPS.EXE"="C:\\WINDOWS\\system32\\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Palm\\hotsync.exe"="C:\\Program Files\\Palm\\hotsync.exe:*:Enabled:HotSync® Manager Application"
"C:\\Program Files\\Support.com\\bin\\tgcmd.exe"="C:\\Program Files\\Support.com\\bin\\tgcmd.exe:*:Disabled:BellSouth Bulletin and Job processor"
"C:\\WINDOWS\\system32\\mmc.exe"="C:\\WINDOWS\\system32\\mmc.exe:*:Enabled:Microsoft Management Console"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"="C:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Engine"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program File

#4
kahdah

Posted 12 February 2008 - 09:20 PM

GeekU Teacher

Retired Staff
15,822 posts

You are welcome

Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

#5
Desperate1

Posted 12 February 2008 - 10:22 PM

Member

Topic Starter
Member
29 posts

After downloading Combofix I noticed that I had several Mozilla Browser icons on my desktop. I use Mozilla ocassionaly, but I have no idea why or how I got so many icons. They are numbered, 15 total. Any Idea? Should I delete them?

Also while running the Combofix it said please wait for Log, then it popped up, (terminate batch Y/N?) I put "N", because I didn't know what it was asking, or what I should do. Should I have said, "Y"?

Thank You again for all of your help!

ComboFix 08-02-13.2 - Marsha Sherbert 2008-02-12 22:28:46.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.173 [GMT -5:00]
Running from: C:\Documents and Settings\Marsha Sherbert\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Starware316
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\FindIt.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\FindItHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\findithotxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\finditxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Highlight.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\HighlightHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\highlighthotxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\highlightxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Reference.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\ReferenceHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\referencehotxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\referencexp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\screensaver.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Screensavers0.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\starware_toolbar_icon.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Weather.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\weatherhotxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\weatherxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\contexts\error.xml
C:\Documents and Settings\All Users\Application Data\Starware316\contexts\related.xml
C:\Documents and Settings\All Users\Application Data\Starware316\contexts\Travel.xml
C:\Documents and Settings\All Users\Application Data\Starware316\images\walertXP.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\ProductMessagingConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\ProductMessagingConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\SimpleUpdateConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\SimpleUpdateConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\TimerManagerConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\TimerManagerConfig.xml.backup
C:\Documents and Settings\Timmy Sherbert\Application Data\Starware316
C:\Documents and Settings\Timmy Sherbert\Application Data\Starware316\BrowserSearch\BrowserSearch.xml
C:\Documents and Settings\Timmy Sherbert\Application Data\Starware316\BrowserSearch\BrowserSearch.xml.backup
C:\Documents and Settings\Timmy Sherbert\Application Data\Starware316\Configurator\Configurator.xml
C:\Documents and Settings\Timmy Sherbert\Application Data\Starware316\Configurator\Configurator.xml.backup
C:\Documents and Settings\Timmy Sherbert\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xml
C:\Documents and Settings\Timmy Sherbert\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xml.backup
C:\Documents and Settings\Timmy Sherbert\Application Data\Starware316\Games\GamesOptions.xml
C:\Documents and Settings\Timmy Sherbert\Application Data\Starware316\Games\GamesOptions.xml.backup
C:\Documents and Settings\Timmy Sherbert\Application Data\Starware316\Games\images\active\Games0.bmp
C:\Documents and Settings\Timmy Sherbert\Application Data\Starware316\Layouts\ToolbarLayout.xml
C:\Documents and Settings\Timmy Sherbert\Application Data\Starware316\Layouts\ToolbarLayout.xml.backup
C:\Documents and Settings\Timmy Sherbert\Application Data\Starware316\Manager\ManagerOptions.xml
C:\Documents and Settings\Timmy Sherbert\Application Data\Starware316\Manager\ManagerOptions.xml.backup
C:\Documents and Settings\Timmy Sherbert\Application Data\Starware316\Movies\images\active\Movies0.bmp
C:\Documents and Settings\Timmy Sherbert\Application Data\Starware316\Movies\MoviesOptions.xml
C:\Documents and Settings\Timmy Sherbert\Application Data\Starware316\Movies\MoviesOptions.xml.backup
C:\Documents and Settings\Timmy Sherbert\Application Data\Starware316\Reference\ReferenceOptions.xml
C:\Documents and Settings\Timmy Sherbert\Application Data\Starware316\Reference\ReferenceOptions.xml.backup
C:\Documents and Settings\Timmy Sherbert\Application Data\Starware316\RelatedSearch\RelatedSearchOptions.xml
C:\Documents and Settings\Timmy Sherbert\Application Data\Starware316\RelatedSearch\RelatedSearchOptions.xml.backup
C:\Documents and Settings\Timmy Sherbert\Application Data\Starware316\Screensavers\ScreensaversOptions.xml
C:\Documents and Settings\Timmy Sherbert\Application Data\Starware316\Screensavers\ScreensaversOptions.xml.backup
C:\Documents and Settings\Timmy Sherbert\Application Data\Starware316\ScreensaversMarketingSitePager\images\active\ScreensaversMarketingSitePager0.bmp
C:\Documents and Settings\Timmy Sherbert\Application Data\Starware316\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
C:\Documents and Settings\Timmy Sherbert\Application Data\Starware316\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
C:\Documents and Settings\Timmy Sherbert\Application Data\Starware316\Toolbar\TBProductsOptions.xml
C:\Documents and Settings\Timmy Sherbert\Application Data\Starware316\Toolbar\TBProductsOptions.xml.backup
C:\Documents and Settings\Timmy Sherbert\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xml
C:\Documents and Settings\Timmy Sherbert\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\Documents and Settings\Timmy Sherbert\Application Data\Starware316\ToolbarSearch\ToolbarSearchOptions.xml
C:\Documents and Settings\Timmy Sherbert\Application Data\Starware316\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\Documents and Settings\Timmy Sherbert\Application Data\Starware316\TravelSearch\TravelSearchOptions.xml
C:\Documents and Settings\Timmy Sherbert\Application Data\Starware316\TravelSearch\TravelSearchOptions.xml.backup
C:\Documents and Settings\Timmy Sherbert\Application Data\Starware316\Weather\AlertArchive.xml
C:\Documents and Settings\Timmy Sherbert\Application Data\Starware316\Weather\WeatherOptions.xml
C:\Documents and Settings\Timmy Sherbert\Application Data\Starware316\Weather\WeatherOptions.xml.backup
C:\Program Files\myglobalsearch
C:\RECYCLER\desktop.ini
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\Cache\chart 1.bmp
C:\WINDOWS\system32\Cache\ding.bmp
C:\WINDOWS\system32\Cache\disk 1.bmp
C:\WINDOWS\system32\Cache\document.bmp
C:\WINDOWS\system32\Cache\mail unreaded.bmp
C:\WINDOWS\system32\Cache\msg.bin
C:\WINDOWS\system32\Cache\search find 2.bmp
C:\WINDOWS\system32\Cache\web app.bmp
C:\WINDOWS\system32\ldpackage.dll
C:\WINDOWS\system32\model.dat
C:\WINDOWS\system32\silc_dll.dll

.
((((((((((((((((((((((((( Files Created from 2008-01-13 to 2008-02-13 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-13 03:26 --------- d-----w C:\Documents and Settings\Marsha Sherbert\Application Data\SlimBrowser
2008-02-13 00:33 --------- d-----w C:\Program Files\Trend Micro
2008-02-12 23:58 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-02-12 21:50 --------- d-----w C:\Documents and Settings\Marsha Sherbert\Application Data\SUPERAntiSpyware.com
2008-02-12 21:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-12 21:49 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-12 15:11 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-02-12 14:59 --------- d-----w C:\Documents and Settings\Marsha Sherbert\Application Data\Grisoft
2008-02-12 14:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-12 13:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-10 17:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-08 23:36 --------- d-----w C:\Documents and Settings\Robert Sherbert\Application Data\AVG7
2008-02-08 21:13 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-07 15:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-06 20:56 --------- d-----w C:\Documents and Settings\Haley Sherbert\Application Data\SlimBrowser
2008-02-05 20:45 --------- d-----w C:\Documents and Settings\Haley Sherbert\Application Data\Apple Computer
2008-02-05 20:44 --------- d-----w C:\Documents and Settings\Haley Sherbert\Application Data\Yahoo!
2008-02-04 01:07 --------- d-----w C:\Documents and Settings\Robert Sherbert\Application Data\MSN6
2008-02-03 17:10 --------- d-----w C:\Program Files\QuickTime
2008-02-03 16:04 --------- d-----w C:\Documents and Settings\Robert Sherbert\Application Data\SlimBrowser
2008-02-03 01:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2007-10-05 20:23 2,103,064 ----a-w C:\Documents and Settings\Marsha Sherbert\Application Data\PerformanceoptimizerFreeSetup[1].exe
2007-10-05 20:22 75,016 ----a-w C:\Documents and Settings\Marsha Sherbert\Application Data\PerfomanceOptimizerPre_Installer[1].exe
2006-10-22 02:06 482 ----a-w C:\Program Files\Shortcut (3) to SlimBrowser.lnk
2006-10-22 01:27 502 ----a-w C:\Program Files\Shortcut to Mozilla Firefox.lnk
2006-08-29 15:09 528 ----a-w C:\Program Files\Shortcut to Internet Explorer.lnk
2004-12-12 05:57 498 ----a-w C:\Program Files\Shortcut to SlimBrowser.lnk
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2006-11-30 21:49 4662776]
"Magentic"="C:\PROGRA~1\Magentic\bin\Magentic.exe" [ ]
"IncrediMail"="C:\PROGRA~1\INCRED~1\bin\IncMail.exe" [ ]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45 313472]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RCScheduleCheck"="C:\Program Files\VCOM\Recovery Commander\RCSCHED.exe" [2003-06-09 17:45 151552]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-02-02 20:38 579072]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 21:32 53248]
"tgcmd"="C:\Program Files\Support.com\BellSouth\hcenter.exe" [2005-08-31 14:14 1277952]
"SoundMan"="SOUNDMAN.EXE" [2003-01-20 10:48 47104 C:\WINDOWS\soundman.exe]
"Error Nuker"="C:\Program Files\Error Nuker\bin\ErrorNuker.exe" [ ]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 22:46 57344]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-11-05 11:39 185896]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36 256576]
"NapsterShell"="C:\Program Files\Napster\napster.exe" [ ]
"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2004-07-28 23:27 53248]
"ClientGW"="" []
"eSnips"="C:\PROGRA~1\eSnips\ClientGW.exe" [2007-12-10 14:07 872448]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Lpxyzz"="C:\WINDOWS\System32\r?gsvr32.exe" [2004-08-04 02:56 11776]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-25 08:06 219136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="" []
"tscuninstall"="" []

C:\Documents and Settings\Robert Sherbert\Start Menu\Programs\Startup\
Eyetide Launcher.lnk - C:\Program Files\Eyetide Media\Eyetide Viewer\EyetideController.exe [2004-07-18 17:46:15 831488]

C:\Documents and Settings\Marsha Sherbert\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 18:05:35 360448]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
APC UPS Status.lnk - C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe [2004-02-28 22:05:15 209016]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2004-08-11 02:22:40 757760]
Lexmark Connect.lnk - C:\Program Files\Lexmark\Connect\Lexmark Connect.exe [2004-09-24 03:00:24 344064]
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe [2007-10-03 13:56:10 54512]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ :\WINDOWS\system32\srrstr.dll

R1 ewido security suite driver;ewido security suite driver;C:\Program Files\ewido\security suite\guard.sys [2004-11-22 09:15]
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2002-08-28 22:59]
R3 Intels51;Creatix V.9X DSP Data Fax Modem;C:\WINDOWS\system32\DRIVERS\ctxs51.sys [2002-07-01 06:10]
S3 mxDisk;mxDisk;C:\PROGRA~1\VCOM\Fix-It\mxDisk.sys []
S3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-04 01:04]
S3 VisorUsb;Handspring USB;C:\WINDOWS\system32\DRIVERS\VisorUsb.sys [2000-03-17 14:11]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-12 20:58:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-11 08:00:00 C:\WINDOWS\Tasks\Backup.job"
- C:\WINDOWS\system32\ntbackup.exe
"2008-02-12 23:13:00 C:\WINDOWS\Tasks\Connection Manager.job"
- C:\Program Files\Outlook Express\msimn.exe
"2008-02-13 00:00:00 C:\WINDOWS\Tasks\Internet Explorer.job"
- C:\PROGRA~1\INTERN~1\iexplore.exe
"2008-02-13 02:23:44 C:\WINDOWS\Tasks\Scheduled Checkpoint.job"
- C:\Program Files\VCOM\Recovery Commander\RCSCHED.EXE
"2006-06-09 21:10:55 C:\WINDOWS\Tasks\UPS System Shutdown Program.job"
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-12 22:56:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\msdfmap.ini 1405 bytes
C:\WINDOWS\MSDraw.ini 0 bytes
C:\WINDOWS\msgsocm.log 97818 bytes
C:\WINDOWS\msnavpklog.txt 4496 bytes
C:\WINDOWS\msnsetuplog.txt 3370 bytes
C:\WINDOWS\msoffice.ini 2 bytes
C:\WINDOWS\msxml4-KB936181-enu.LOG 290070 bytes
C:\WINDOWS\msxml6-KB933579-enu-x86.LOG 510162 bytes
C:\WINDOWS\mui
C:\WINDOWS\muninst.exe 33280 bytes executable
C:\WINDOWS\NeroDigital.ini 47 bytes
C:\WINDOWS\netscape.ico 2494 bytes
C:\WINDOWS\Nircmd.exe 51200 bytes executable
C:\WINDOWS\notepad.exe 69120 bytes executable
C:\WINDOWS\nsreg.dat 0 bytes
C:\WINDOWS\nsw.log 329 bytes
C:\WINDOWS\ntbtlog.txt 1554252 bytes
C:\WINDOWS\ntdtcsetup.log 397911 bytes
C:\WINDOWS\ocgen.log 1213230 bytes
C:\WINDOWS\ocmsn.log 93584 bytes
C:\WINDOWS\ODBCINST.INI 4161 bytes
C:\WINDOWS\oeuninst.exe 33792 bytes executable
C:\WINDOWS\OEWABLog.txt 4693 bytes
C:\WINDOWS\Offline Web Pages
C:\WINDOWS\orun32.ini 802 bytes
C:\WINDOWS\streamhlp.dll 59392 bytes executable
C:\WINDOWS\Sun
C:\WINDOWS\svcpack.log 1240997 bytes
C:\WINDOWS\system.ini 256 bytes
C:\WINDOWS\System.ipe 231 bytes
C:\WINDOWS\SYSTEM.UNV 231 bytes
C:\WINDOWS\system32
C:\WINDOWS\taskman.exe 15360 bytes executable
C:\WINDOWS\Tasks
C:\WINDOWS\Temp
C:\WINDOWS\test 0 bytes
C:\WINDOWS\TLCAPPS.INI 166 bytes
C:\WINDOWS\TLCUninstall.exe 274432 bytes executable
C:\WINDOWS\TMFilter.log 360 bytes
C:\WINDOWS\TMUPDATE.DLL 507904 bytes executable
C:\WINDOWS\tmupdate.ini 269 bytes
C:\WINDOWS\tsc.exe 561316 bytes executable
C:\WINDOWS\TSC.ini 823 bytes
C:\WINDOWS\tsc.ptn 896894 bytes
C:\WINDOWS\DtcInstall.log 577 bytes
C:\WINDOWS\EHome
C:\WINDOWS\ERDNT
C:\WINDOWS\explorer.exe 1033216 bytes executable
C:\WINDOWS\explorer.scf 80 bytes
C:\WINDOWS\FaxSetup.log 1856347 bytes
C:\WINDOWS\Firefox Wallpaper.bmp 76854 bytes
C:\WINDOWS\fiz0 18839 bytes
C:\WINDOWS\fiz10 30108 bytes
C:\WINDOWS\fiz2 30172 bytes
C:\WINDOWS\fiz3 30098 bytes
C:\WINDOWS\fiz4 30123 bytes
C:\WINDOWS\fiz5 30003 bytes
C:\WINDOWS\fiz6 30070 bytes
C:\WINDOWS\fiz7 30077 bytes
C:\WINDOWS\fiz8 30047 bytes
C:\WINDOWS\fiz9 30131 bytes
C:\WINDOWS\Fonts
C:\WINDOWS\FP1_03_0_485.EXE 2242584 bytes executable
C:\WINDOWS\RtlRack.ini 169 bytes
C:\WINDOWS\runtsckl.exe 99328 bytes executable
C:\WINDOWS\SchedLgU.Txt 32568 bytes
C:\WINDOWS\security
C:\WINDOWS\ServicePackFiles
C:\WINDOWS\sessmgr.setup.log 7586 bytes
C:\WINDOWS\Config
C:\WINDOWS\Connection Wizard
C:\WINDOWS\control.ini 0 bytes
C:\WINDOWS\Cursors
C:\WINDOWS\dahotfix.log 19666 bytes
C:\WINDOWS\Debug
C:\WINDOWS\DeleteDll.bat 126 bytes
C:\WINDOWS\desktop.ini 2 bytes
C:\WINDOWS\DirectX.log 122240 bytes
C:\WINDOWS\Dit.DLL 65536 bytes executable
C:\WINDOWS\Dit.exe 73728 bytes executable
C:\WINDOWS\Dit.INI 208 bytes
C:\WINDOWS\DitExp.exe 65536 bytes executable
C:\WINDOWS\Downloaded Installations
C:\WINDOWS\Downloaded Program Files
C:\WINDOWS\Driver Cache
C:\WINDOWS\$NtUninstallKB910998$
C:\WINDOWS\$NtUninstallKB917344$
C:\WINDOWS\$NtUninstallKB922616$
C:\WINDOWS\$NtUninstallKB926247$
C:\WINDOWS\$NtUninstallKB931784$
C:\WINDOWS\$NtUninstallQ328310$
C:\WINDOWS\0.log 0 bytes
C:\WINDOWS\addins
C:\WINDOWS\alcrmv.exe 131072 bytes executable
C:\WINDOWS\alcupd.exe 208896 bytes executable
C:\WINDOWS\AolCInUn.exe 53248 bytes executable
C:\WINDOWS\AppPatch
C:\WINDOWS\APW_DATA
C:\WINDOWS\assembly
C:\WINDOWS\aucfg.ini 256 bytes
C:\WINDOWS\AuHCcup1.dll 129536 bytes executable
C:\WINDOWS\AuHCcup1.ini 116 bytes
C:\WINDOWS\auth.msm 36864 bytes executable
C:\WINDOWS\AU_Backup
C:\WINDOWS\Q329048.log 24196 bytes
C:\WINDOWS\Q329115.log 10504 bytes
C:\WINDOWS\Q329170.log 31297 bytes
C:\WINDOWS\Q329390.log 10142 bytes
C:\WINDOWS\Q329441.log 8271 bytes
C:\WINDOWS\Q329834.log 10150 bytes
C:\WINDOWS\Q330994.exe 33792 bytes executable
C:\WINDOWS\Q331953.log 34016 bytes
C:\WINDOWS\Q810243.log 1453 bytes
C:\WINDOWS\Q810565.log 22574 bytes
C:\WINDOWS\Q810577.log 24347 bytes
C:\WINDOWS\Q810833.log 21854 bytes
C:\WINDOWS\Q811493.log 6684 bytes
C:\WINDOWS\Q811630.log 28539 bytes
C:\WINDOWS\Q814033.log 10968 bytes
C:\WINDOWS\Q814995.log 39741 bytes
C:\WINDOWS\Q815021.log 7856 bytes
C:\WINDOWS\Q817287.log 3859 bytes
C:\WINDOWS\Q817606.log 17619 bytes
C:\WINDOWS\Q828026.log 9889 bytes
C:\WINDOWS\RCUninstall.EXE 45056 bytes executable
C:\WINDOWS\regedit.exe 146432 bytes executable
C:\WINDOWS\RegisteredPackages
C:\WINDOWS\Registration
C:\WINDOWS\REGLOCS.OLD 8192 bytes
C:\WINDOWS\regopt.log 3272 bytes
C:\WINDOWS\repair
C:\WINDOWS\report
C:\WINDOWS\wiaservc.log 49 bytes
C:\WINDOWS\win.ini 617 bytes
C:\WINDOWS\Win.ipe 591 bytes
C:\WINDOWS\Windows Update.log 216788 bytes
C:\WINDOWS\WindowsShell.Manifest 749 bytes
C:\WINDOWS\WindowsUpdate.log 1627363 bytes
C:\WINDOWS\winhelp.exe 256192 bytes
C:\WINDOWS\winhlp32.exe 283648 bytes executable
C:\WINDOWS\wininit.ini 82 bytes
C:\WINDOWS\winnt.bmp 48680 bytes
C:\WINDOWS\winnt256.bmp 48680 bytes
C:\WINDOWS\WinSxS
C:\WINDOWS\WMFDist11.log 30734 bytes
C:\WINDOWS\wmp11.log 24894 bytes
C:\WINDOWS\wmsetup.log 70127 bytes
C:\WINDOWS\wmsetup10.log 4433 bytes
C:\WINDOWS\WMSysPr9.prx 316640 bytes
C:\WINDOWS\WMSysPrx.prx 299552 bytes
C:\WINDOWS\WORDPAD.INI 754 bytes
C:\WINDOWS\xpsp1hfm.log 19777 bytes
C:\WINDOWS\yacs.log 17490 bytes
C:\WINDOWS\_default.pif 707 bytes
C:\WINDOWS\_detmp.1 638890 bytes
C:\WINDOWS\_detmp.2 151669 bytes executable
C:\WINDOWS\imsins.BAK 1355 bytes
C:\WINDOWS\imsins.log 4507 bytes
C:\WINDOWS\inf
C:\WINDOWS\Installer
C:\WINDOWS\Internet Logs
C:\WINDOWS\IsUninst.exe 306688 bytes executable
C:\WINDOWS\iun6002.exe 724992 bytes executable
C:\WINDOWS\jautoexp.dat 6550 bytes
C:\WINDOWS\java
C:\WINDOWS\KB817778.log 42533 bytes
C:\WINDOWS\KB820291.log 39152 bytes
C:\WINDOWS\KB821253.log 39603 bytes
C:\WINDOWS\KB821557.log 16682 bytes
C:\WINDOWS\KB822603.log 51796 bytes
C:\WINDOWS\KB823182.log 12359 bytes
C:\WINDOWS\KB823559.log 17317 bytes
C:\WINDOWS\KB824105.log 11643 bytes
C:\WINDOWS\KB824141.log 12374 bytes
C:\WINDOWS\KB824146.log 15525 bytes
C:\WINDOWS\KB825119.log 10941 bytes
C:\WINDOWS\KB826939.log 3369 bytes
C:\WINDOWS\KB826942.log 7848 bytes
C:\WINDOWS\KB828028.log 7750 bytes
C:\WINDOWS\$NtUninstallQ329048$
C:\WINDOWS\$NtUninstallQ329115$
C:\WINDOWS\$NtUninstallQ329170$
C:\WINDOWS\$NtUninstallQ329390$
C:\WINDOWS\$NtUninstallQ329441$
C:\WINDOWS\$NtUninstallQ329834$
C:\WINDOWS\$NtUninstallQ331953$
C:\WINDOWS\$NtUninstallQ810565$
C:\WINDOWS\$NtUninstallQ810577$
C:\WINDOWS\$NtUninstallQ810833$
C:\WINDOWS\$NtUninstallQ811493$
C:\WINDOWS\$NtUninstallQ814033$
C:\WINDOWS\$NtUninstallQ814995$
C:\WINDOWS\$NtUninstallQ815021$
C:\WINDOWS\$NtUninstallQ817287$
C:\WINDOWS\$NtUninstallQ817606$
C:\WINDOWS\$NtUninstallQ828026$
C:\WINDOWS\$NtUninstallWMFDist11$
C:\WINDOWS\$NtUninstallwmp11$
C:\WINDOWS\twain.dll 94784 bytes
C:\WINDOWS\twain_16.dll 24975 bytes
C:\WINDOWS\twain_32
C:\WINDOWS\twain_32.dll 50688 bytes executable
C:\WINDOWS\twunk_16.exe 49680 bytes
C:\WINDOWS\twunk_32.exe 25600 bytes executable
C:\WINDOWS\uccspecb.sys 4 bytes
C:\WINDOWS\uneng.exe 57344 bytes executable
C:\WINDOWS\unezfw.exe 53248 bytes executable
C:\WINDOWS\unins000.dat 3462 bytes
C:\WINDOWS\unins000.exe 691545 bytes executable
C:\WINDOWS\uninst.exe 299520 bytes executable
C:\WINDOWS\UninstallFirefox.exe 107134 bytes executable
C:\WINDOWS\uninstoc.exe 284160 bytes executable
C:\WINDOWS\UNZIP.DLL 69689 bytes executable
C:\WINDOWS\updspapi.log 67402 bytes
C:\WINDOWS\vb.ini 36 bytes
C:\WINDOWS\vbaddin.ini 37 bytes
C:\WINDOWS\vminst.log 2072 bytes
C:\WINDOWS\vmmreg32.dll 18944 bytes executable
C:\WINDOWS\VPTNFILE.972 9769496 bytes
C:\WINDOWS\vsapi32.dll 1036800 bytes executable
C:\WINDOWS\wanmpsvc.exe 65536 bytes executable
C:\WINDOWS\Web
C:\WINDOWS\KB828741.log 45096 bytes
C:\WINDOWS\KB828741Uninst.log 333 bytes
C:\WINDOWS\KB834707-IE6SP1-20040929.091901.log 6995 bytes
C:\WINDOWS\KB834707.log 11219 bytes
C:\WINDOWS\KB835732.log 42399 bytes
C:\WINDOWS\KB837001.log 5582 bytes
C:\WINDOWS\KB837272.log 7434 bytes
C:\WINDOWS\KB839643-DirectX9.log 3276 bytes
C:\WINDOWS\KB839645.log 9036 bytes
C:\WINDOWS\KB840315.log 5676 bytes
C:\WINDOWS\KB840374.log 17819 bytes
C:\WINDOWS\KB840987.log 14875 bytes
C:\WINDOWS\KB841873.log 7242 bytes
C:\WINDOWS\KB842773.log 18090 bytes
C:\WINDOWS\KB873333.log 213238 bytes
C:\WINDOWS\KB873339.log 227883 bytes
C:\WINDOWS\KB883939-IE6SP1-20050428.125228.log 24581 bytes
C:\WINDOWS\KB883939.log 14430 bytes
C:\WINDOWS\KB885250.log 12458 bytes
C:\WINDOWS\KB885835.log 225397 bytes
C:\WINDOWS\KB885836.log 220864 bytes
C:\WINDOWS\KB886185.log 5766 bytes
C:\WINDOWS\KB887472.log 12036 bytes
C:\WINDOWS\KB887742.log 12503 bytes
C:\WINDOWS\override.msm 20480 bytes executable
C:\WINDOWS\PANIC32.dll 45056 bytes executable
C:\WINDOWS\PANICNT.dll 40960 bytes executable
C:\WINDOWS\PATCH.EXE 286720 bytes executable
C:\WINDOWS\patchw32.dll 164864 bytes executable
C:\WINDOWS\pavsig.txt 32 bytes
C:\WINDOWS\pcconfig.dat 61 bytes
C:\WINDOWS\pcdoc.GID 8628 bytes
C:\WINDOWS\PCHealth
C:\WINDOWS\PeerNet
C:\WINDOWS\PowerReg.dat 0 bytes
C:\WINDOWS\Prefetch
C:\WINDOWS\Profiles
C:\WINDOWS\provisioning
C:\WINDOWS\pss
C:\WINDOWS\Q322011.log 41159 bytes
C:\WINDOWS\Q323255.log 23910 bytes
C:\WINDOWS\Q327979.log 43995 bytes
C:\WINDOWS\AU_Log
C:\WINDOWS\AU_Temp
C:\WINDOWS\avrack.ini 164 bytes
C:\WINDOWS\b2_t_LINKIN%20PARK+LYRICS629.xml 5696 bytes
C:\WINDOWS\b2_t_LINKIN%20PARK+LYRICS686.xml 5696 bytes
C:\WINDOWS\b2_t_RUPTURED%20EARDRUM&1.xml 5261 bytes
C:\WINDOWS\b2_t_RUPTURED%20EARDRUM&327.xml 5121 bytes
C:\WINDOWS\b2_t_RUPTURED%20EARDRUM&551.xml 5121 bytes
C:\WINDOWS\b2_t_RUPTURED%20EARDRUM&580.xml 4923 bytes
C:\WINDOWS\b2_t_RUPTURED%20EARDRUM&782.xml 4923 bytes
C:\WINDOWS\b2_t_RUPTURED%20EARDRUM&845.xml 5261 bytes
C:\WINDOWS\b2_t_WWW.MYPIGEONFORGE.COM%2FWINTRIP&783.xml 5572 bytes
C:\WINDOWS\backup
C:\WINDOWS\BellSouthLogs
C:\WINDOWS\BJCFDins.log 0 bytes
C:\WINDOWS\bootstat.dat 2048 bytes
C:\WINDOWS\BPMNT.dll 43008 bytes executable
C:\WINDOWS\cache
C:\WINDOWS\cdplayer.ini 25 bytes
C:\WINDOWS\cfgmgr52
C:\WINDOWS\cfgmgr52.ini 9028 bytes
C:\WINDOWS\clock.avi 82944 bytes
C:\WINDOWS\cmsetacl.log 818 bytes
C:\WINDOWS\COM+.log 7180 bytes
C:\WINDOWS\comsetup.log 609026 bytes
C:\WINDOWS\freecell.exe
C:\WINDOWS\GEARInstall.log 522 bytes
C:\WINDOWS\GetServer.ini 170 bytes
C:\WINDOWS\HCExtOutput.dll 71749 bytes executable
C:\WINDOWS\Help
C:\WINDOWS\hh.exe 10752 bytes executable
C:\WINDOWS\http.ssm 24576 bytes executable
C:\WINDOWS\I386
C:\WINDOWS\ICCLR.INF 138 bytes
C:\WINDOWS\IEPatchUninstall.log 125 bytes
C:\WINDOWS\ieuninst.exe 33792 bytes executable
C:\WINDOWS\iis6.log 271152 bytes
C:\WINDOWS\IKHGELLJ.ini 45 bytes
C:\WINDOWS\LogFiles
C:\WINDOWS\lookup.msm 20480 bytes executable
C:\WINDOWS\LPT$VPN.972 9769496 bytes
C:\WINDOWS\Matrix Code.exe 2285222 bytes executable
C:\WINDOWS\Matrix Code.scr 232784 bytes executable
C:\WINDOWS\Media
C:\WINDOWS\MEMORY.DMP 502874112 bytes
C:\WINDOWS\MF_C420.lfa 3120 bytes
C:\WINDOWS\MF_C421.lfa 3120 bytes
C:\WINDOWS\MF_C425.lfa 3120 bytes
C:\WINDOWS\mickey32.dll 29696 bytes executable
C:\WINDOWS\Microsoft.NET
C:\WINDOWS\Minidump
C:\WINDOWS\ModemLog_Creatix V.9X DSP Data Fax Modem #2.txt 10078 bytes
C:\WINDOWS\ModemLog_Creatix V.9X DSP Data Fax Modem.txt 3998 bytes
C:\WINDOWS\mozregistry.dat 335 bytes
C:\WINDOWS\mozver.dat 19308 bytes
C:\WINDOWS\msagent
C:\WINDOWS\setdebug.exe 46352 bytes executable
C:\WINDOWS\Setup.log 90 bytes
C:\WINDOWS\setupact.log 321379 bytes
C:\WINDOWS\setupapi.log 278445 bytes
C:\WINDOWS\setupapi.log.0.old 1030287 bytes
C:\WINDOWS\setuperr.log 0 bytes
C:\WINDOWS\setuplog 183 bytes
C:\WINDOWS\setuplog.txt 9796 bytes
C:\WINDOWS\SiteHelp.log 259401 bytes
C:\WINDOWS\slrundll.exe 32866 bytes executable
C:\WINDOWS\smscfg.ini 61 bytes
C:\WINDOWS\SoftwareDistribution
C:\WINDOWS\soundman.exe 47104 bytes executable
C:\WINDOWS\spuninst.log 293374 bytes
C:\WINDOWS\spupdsvc.log 122664 bytes
C:\WINDOWS\srchasst
C:\WINDOWS\KB888302.log 206291 bytes
C:\WINDOWS\KB890046.log 216312 bytes
C:\WINDOWS\KB890175.log 215792 bytes
C:\WINDOWS\KB890859.log 211088 bytes
C:\WINDOWS\KB891781.log 213546 bytes
C:\WINDOWS\KB893066.log 214641 bytes
C:\WINDOWS\KB893086.log 209296 bytes
C:\WINDOWS\KB893756.log 34089 bytes
C:\WINDOWS\KB893803v2.log 22619 bytes
C:\WINDOWS\KB894391.log 28574 bytes
C:\WINDOWS\KB896358.log 216532 bytes
C:\WINDOWS\KB896422.log 232273 bytes
C:\WINDOWS\KB896423.log 33429 bytes
C:\WINDOWS\KB896424.log 33640 bytes
C:\WINDOWS\KB896426.log 22026 bytes
C:\WINDOWS\KB896428.log 203492 bytes
C:\WINDOWS\KB896688.log 13929 bytes
C:\WINDOWS\KB897715-OE6SP1-20050503.210336.log 5374 bytes
C:\WINDOWS\KB898458.log 15252 bytes
C:\WINDOWS\KB898461.log 13238 bytes
C:\WINDOWS\KB899587.log 34485 bytes
C:\WINDOWS\KB899588.log 28753 bytes
C:\WINDOWS\KB899591.log 33984 bytes
C:\WINDOWS\KB900485.log 11064 bytes
C:\WINDOWS\KB900725.log 13257 bytes
C:\WINDOWS\KB901017.log 20871 bytes
C:\WINDOWS\KB901190.log 9795 bytes
C:\WINDOWS\KB901214.log 210703 bytes
C:\WINDOWS\KB902344.log 6850 bytes
C:\WINDOWS\KB902400.log 23109 bytes
C:\WINDOWS\KB904706.log 11108 bytes
C:\WINDOWS\KB905414.log 13461 bytes
C:\WINDOWS\KB905749.log 11750 bytes
C:\WINDOWS\$NtUninstallKB902400$
C:\WINDOWS\$NtUninstallKB904706$
C:\WINDOWS\$NtUninstallKB905414$
C:\WINDOWS\$NtUninstallKB905749$
C:\WINDOWS\$NtUninstallKB905915$
C:\WINDOWS\$NtUninstallKB908519$
C:\WINDOWS\$NtUninstallKB908531$
C:\WINDOWS\$NtUninstallKB910437$
C:\WINDOWS\KB908519.log 10046 bytes
C:\WINDOWS\KB908531.log 14925 bytes
C:\WINDOWS\KB910437.log 11296 bytes
C:\WINDOWS\KB910998.log 7200 bytes
C:\WINDOWS\KB911280.log 14254 bytes
C:\WINDOWS\KB911562.log 14174 bytes
C:\WINDOWS\KB911564.log 6907 bytes
C:\WINDOWS\KB911565.log 13968 bytes
C:\WINDOWS\KB911567.log 10533 bytes
C:\WINDOWS\KB911927.log 10655 bytes
C:\WINDOWS\KB912812.log 16083 bytes
C:\WINDOWS\KB912919.log 10963 bytes
C:\WINDOWS\KB913446.log 6691 bytes
C:\WINDOWS\KB913580.log 13446 bytes
C:\WINDOWS\KB914388.log 12246 bytes
C:\WINDOWS\KB914389.log 11373 bytes
C:\WINDOWS\KB916281.log 17375 bytes
C:\WINDOWS\$NtUninstallKB911280$
C:\WINDOWS\$NtUninstallKB911562$
C:\WINDOWS\$NtUninstallKB911564$
C:\WINDOWS\$NtUninstallKB911565$
C:\WINDOWS\$NtUninstallKB911567$
C:\WINDOWS\$NtUninstallKB911927$
C:\WINDOWS\$NtUninstallKB912812$
C:\WINDOWS\$NtUninstallKB912919$
C:\WINDOWS\$NtUninstallKB913446$
C:\WINDOWS\$NtUninstallKB913580$
C:\WINDOWS\$NtUninstallKB914388$
C:\WINDOWS\$NtUninstallKB914389$
C:\WINDOWS\$NtUninstallKB916281$
C:\WINDOWS\$NtUninstallKB916595$
C:\WINDOWS\$NtUninstallKB917159$
C:\WINDOWS\KB917159.log 11766 bytes
C:\WINDOWS\KB917344.log 14516 bytes
C:\WINDOWS\KB917422.log 11927 bytes
C:\WINDOWS\KB917734.log 11090 bytes
C:\WINDOWS\KB917953.log 14280 bytes
C:\WINDOWS\KB918118.log 13765 bytes
C:\WINDOWS\KB918439.log 14139 bytes
C:\WINDOWS\KB918899.log 18963 bytes
C:\WINDOWS\KB919007.log 11399 bytes
C:\WINDOWS\KB920213.log 15047 bytes
C:\WINDOWS\KB920214.log 15445 bytes
C:\WINDOWS\KB920670.log 11770 bytes
C:\WINDOWS\KB920683.log 12176 bytes
C:\WINDOWS\KB920685.log 11240 bytes
C:\WINDOWS\KB920872.log 12866 bytes
C:\WINDOWS\KB921398.log 15822 bytes
C:\WINDOWS\KB921503.log 14403 bytes
C:\WINDOWS\KB921883.log 22123 bytes
C:\WINDOWS\KB922582.log 7699 bytes
C:\WINDOWS\$NtUninstallKB917422$
C:\WINDOWS\$NtUninstallKB917734_WMP10$
C:\WINDOWS\$NtUninstallKB917953$
C:\WINDOWS\$NtUninstallKB918118$
C:\WINDOWS\$NtUninstallKB918439$
C:\WINDOWS\$NtUninstallKB918899$
C:\WINDOWS\$NtUninstallKB919007$
C:\WINDOWS\$NtUninstallKB920213$
C:\WINDOWS\$NtUninstallKB920214$
C:\WINDOWS\$NtUninstallKB920670$
C:\WINDOWS\$NtUninstallKB920683$
C:\WINDOWS\$NtUninstallKB920685$
C:\WINDOWS\$NtUninstallKB920872$
C:\WINDOWS\$NtUninstallKB921398$
C:\WINDOWS\$NtUninstallKB921503$
C:\WINDOWS\$NtUninstallKB921883$
C:\WINDOWS\$NtUninstallKB922582$
C:\WINDOWS\ime
C:\WINDOWS\KB828035.log 9235 bytes
C:\WINDOWS\KB888113.log 213541 bytes
C:\WINDOWS\KB896727.log 33841 bytes
C:\WINDOWS\KB905915.log 19318 bytes
C:\WINDOWS\KB916595.log 10242 bytes
C:\WINDOWS\KB922616.log 15442 bytes
C:\WINDOWS\KB926436.log 13562 bytes
C:\WINDOWS\KB933566.log 18003 bytes
C:\WINDOWS\loadhttp.dll 77824 bytes executable
C:\WINDOWS\msapps
C:\WINDOWS\orun32.isu 203083 bytes
C:\WINDOWS\Q328310.log 16121 bytes
C:\WINDOWS\Resources
C:\WINDOWS\Sti_Trace.log 0 bytes
C:\WINDOWS\tsoc.log 792583 bytes
C:\WINDOWS\wiadebug.log 157 bytes
C:\WINDOWS\$NtUninstallKB922760$
C:\WINDOWS\$NtUninstallKB922819$
C:\WINDOWS\$NtUninstallKB923191$
C:\WINDOWS\$NtUninstallKB923414$
C:\WINDOWS\$NtUninstallKB923694$
C:\WINDOWS\$NtUninstallKB923723$
C:\WINDOWS\$NtUninstallKB923980$
C:\WINDOWS\$NtUninstallKB924191$
C:\WINDOWS\$NtUninstallKB924270$
C:\WINDOWS\$NtUninstallKB924496$
C:\WINDOWS\$NtUninstallKB924667$
C:\WINDOWS\$NtUninstallKB925398_WMP64$
C:\WINDOWS\$NtUninstallKB925454$
C:\WINDOWS\$NtUninstallKB925486$
C:\WINDOWS\$NtUninstallKB925902$
C:\WINDOWS\KB922760.log 17045 bytes
C:\WINDOWS\KB922819.log 12139 bytes
C:\WINDOWS\KB923191.log 8669 bytes
C:\WINDOWS\KB923414.log 11326 bytes
C:\WINDOWS\KB923694.log 10943 bytes
C:\WINDOWS\KB923723.log 7308 bytes
C:\WINDOWS\KB923980.log 16163 bytes
C:\WINDOWS\KB924191.log 12338 bytes
C:\WINDOWS\KB924270.log 16165 bytes
C:\WINDOWS\KB924496.log 11314 bytes
C:\WINDOWS\KB924667.log 11601 bytes
C:\WINDOWS\KB925398.log 8892 bytes
C:\WINDOWS\KB925454.log 17783 bytes
C:\WINDOWS\KB925486.log 10504 bytes
C:\WINDOWS\KB925902.log 17318 bytes
C:\WINDOWS\KB926247.log 10619 bytes
C:\WINDOWS\KB926255.log 11204 bytes
C:\WINDOWS\$NtUninstallKB926255$
C:\WINDOWS\$NtUninstallKB926436$
C:\WINDOWS\$NtUninstallKB927779$
C:\WINDOWS\$NtUninstallKB927802$
C:\WINDOWS\$NtUninstallKB927891$
C:\WINDOWS\$NtUninstallKB928090$
C:\WINDOWS\$NtUninstallKB928255$
C:\WINDOWS\$NtUninstallKB928843$
C:\WINDOWS\$NtUninstallKB929123$
C:\WINDOWS\$NtUninstallKB929338$
C:\WINDOWS\$NtUninstallKB929969$
C:\WINDOWS\$NtUninstallKB930178$
C:\WINDOWS\$NtUninstallKB930916$
C:\WINDOWS\$NtUninstallKB931261$
C:\WINDOWS\$NtUninstallKB931768$
C:\WINDOWS\KB927779.log 18342 bytes
C:\WINDOWS\KB927802.log 15435 bytes
C:\WINDOWS\KB927891.log 7579 bytes
C:\WINDOWS\KB928090.log 17891 bytes
C:\WINDOWS\KB928255.log 15134 bytes
C:\WINDOWS\KB928843.log 10510 bytes
C:\WINDOWS\KB929123.log 11652 bytes
C:\WINDOWS\KB929338.log 16576 bytes
C:\WINDOWS\KB929969.log 10514 bytes
C:\WINDOWS\KB930178.log 12526 bytes
C:\WINDOWS\KB930916.log 10528 bytes
C:\WINDOWS\KB931261.log 12223 bytes
C:\WINDOWS\KB931768.log 15472 bytes
C:\WINDOWS\KB931784.log 14071 bytes
C:\WINDOWS\KB931836.log 24090 bytes
C:\WINDOWS\KB932168.log 12328 bytes
C:\WINDOWS\KB933360.log 21443 bytes
C:\WINDOWS\$NtUninstallKB931836$
C:\WINDOWS\$NtUninstallKB932168$
C:\WINDOWS\$NtUninstallKB933360$
C:\WINDOWS\$NtUninstallKB933566$
C:\WINDOWS\$NtUninstallKB933729$
C:\WINDOWS\$NtUninstallKB935839$
C:\WINDOWS\$NtUninstallKB935840$
C:\WINDOWS\$NtUninstallKB936021$
C:\WINDOWS\$NtUninstallKB936357$
C:\WINDOWS\$NtUninstallKB937143$
C:\WINDOWS\$NtUninstallKB938127$
C:\WINDOWS\$NtUninstallKB938828$
C:\WINDOWS\$NtUninstallKB938829$
C:\WINDOWS\$NtUninstallKB939653$
C:\WINDOWS\$NtUninstallKB941202$
C:\WINDOWS\$NtUninstallKB941568$
C:\WINDOWS\$NtUninstallKB941644$
C:\WINDOWS\$NtUninstallKB942615$
C:\WINDOWS\$NtUninstallKB942763$
C:\WINDOWS\$NtUninstallKB942840$
C:\WINDOWS\$NtUninstallKB943460$
C:\WINDOWS\$NtUninstallKB943485$
C:\WINDOWS\$NtUninstallKB944653$
C:\WINDOWS\$NtUninstallKB946627$
C:\WINDOWS\$NtUninstallQ322011$
C:\WINDOWS\$NtUninstallQ327979$
C:\WINDOWS\KB933729.log 10192 bytes
C:\WINDOWS\KB935839.log 10978 bytes
C:\WINDOWS\KB935840.log 10983 bytes
C:\WINDOWS\KB936021.log 15140 bytes
C:\WINDOWS\KB936357.log 11374 bytes
C:\WINDOWS\KB937143.log 17754 bytes
C:\WINDOWS\KB938127.log 13973 bytes
C:\WINDOWS\KB938828.log 14324 bytes
C:\WINDOWS\KB938829.log 14200 bytes
C:\WINDOWS\KB939653.log 17400 bytes
C:\WINDOWS\KB941202.log 10036 bytes
C:\WINDOWS\KB941568.log 19579 bytes
C:\WINDOWS\KB941644.log 19918 bytes
C:\WINDOWS\KB942615.log 22787 bytes
C:\WINDOWS\KB942763.log 31823 bytes
C:\WINDOWS\KB942840.log 20693 bytes
C:\WINDOWS\KB943055.log 3352 bytes
C:\WINDOWS\KB943460.log 7772 bytes
C:\WINDOWS\KB943485.log 19812 bytes
C:\WINDOWS\KB944533.log 3812 bytes
C:\WINDOWS\KB944653.log 15274 bytes
C:\WINDOWS\KB946026.log 3499 bytes
C:\WINDOWS\KB946627.log 5915 bytes
C:\WINDOWS\LastGood
C:\WINDOWS\LEXSTAT.INI 999 bytes

scan completed successfully
hidden files: 577

**************************************************************************
.
Completion time: 2008-02-12 23:03:24
ComboFix-quarantined-files.txt 2008-02-13 04:03:22
.
2008-02-04 08:01:25 --- E O F ---

Hijackthis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:05:52 PM, on 2/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\PROGRA~1\eSnips\ClientGW.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\WINDOWS\system32\lexpps.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Lexmark\Connect\Lexmark Connect.exe
C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\kmd.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.bellsouth.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: eSnips - {ED1184DA-E57E-4480-99D0-A16809037F54} - C:\PROGRA~1\eSnips\SnipBar.dll
O4 - HKLM\..\Run: [RCScheduleCheck] C:\Program Files\VCOM\Recovery Commander\RCSCHED.EXE -CHECK
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Error Nuker] C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [eSnips] "C:\PROGRA~1\eSnips\ClientGW.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Lpxyzz] C:\WINDOWS\System32\r?gsvr32.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Lpxyzz] C:\WINDOWS\System32\r?gsvr32.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Lexmark Connect.lnk = C:\Program Files\Lexmark\Connect\Lexmark Connect.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &Search - ?p=ZU
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Snip to my eSnips account - C:\Program Files\eSnips\res\SnipIt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: TREND MICRO HouseCall - {2B5EA4F8-620A-4A8B-B003-4C8C5EBEA826} - http://uk.trendmicro...usecall_pre.php (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: PD - {CD7CF288-D72E-4176-9E92-67188C5CCE5B} - C:\Program Files\Popup Defender\pd.exe (file missing)
O9 - Extra button: Messenger - {DECDBEEF-D3AD-B3EF-DE4D-B3EFDEADB3EF} - C:\Program Files\BellSouth\Communications Suite\BstMessenger.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ChatSpace Full Java Client 3.1.0.235 - http://irc.chatway.c...va/cfs31235.cab
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: Yahoo! Ches

#6
kahdah

Posted 13 February 2008 - 03:40 AM

GeekU Teacher

Retired Staff
15,822 posts

After downloading Combofix I noticed that I had several Mozilla Browser icons on my desktop

You said that happened after running Combofix or after downloading it?

Yes go ahead and delete them.
========================
1. Please open Notepad

Click Start , then Run
type in notepad in the Run Box then hit ok.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\cfgmgr52.ini 
C:\WINDOWS\system32\srrstr.dll
Folder::
C:\WINDOWS\cfgmgr52
C:\WINDOWS\system32\Cache
Registry::
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Lpxyzz"=-
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
Dirlook::
C:\WINDOWS\fiz0 
C:\WINDOWS\fiz2

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt
A new HijackThis log.

#7
Desperate1

Posted 13 February 2008 - 06:07 AM

Member

Topic Starter
Member
29 posts

I noticed all the mozilla icons right after I downloaded ComboFix. I deleted them from my desktop.

Thanks Very Much For Your Help!

ComboFix.txt

ComboFix 08-02-13.2 - Marsha Sherbert 2008-02-13 6:20:18.2 - NTFSx86
Running from: C:\Documents and Settings\Marsha Sherbert\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Marsha Sherbert\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\WINDOWS\cfgmgr52.ini
C:\WINDOWS\system32\srrstr.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cfgmgr52
C:\WINDOWS\cfgmgr52.ini
C:\WINDOWS\cfgmgr52\ASI2.bsx
C:\WINDOWS\cfgmgr52\ASI3ABSPLAT.bsx
C:\WINDOWS\cfgmgr52\ASI3ACCUQ.bsx
C:\WINDOWS\cfgmgr52\ASI3AMERS.bsx
C:\WINDOWS\cfgmgr52\ASI3ASKNOW.bsx
C:\WINDOWS\cfgmgr52\ASI3ASKNOW2.bsx
C:\WINDOWS\cfgmgr52\ASI3CARQ.bsx
C:\WINDOWS\cfgmgr52\ASI3CARQ2.bsx
C:\WINDOWS\cfgmgr52\ASI3CCB.bsx
C:\WINDOWS\cfgmgr52\ASI3CHRISMORT.bsx
C:\WINDOWS\cfgmgr52\ASI3CREDITCARD.bsx
C:\WINDOWS\cfgmgr52\ASI3CVSP2.bsx
C:\WINDOWS\cfgmgr52\ASI3DIRTYH.bsx
C:\WINDOWS\cfgmgr52\ASI3DIRTYHRON.bsx
C:\WINDOWS\cfgmgr52\ASI3ENDOMET.bsx
C:\WINDOWS\cfgmgr52\ASI3FREECS.bsx
C:\WINDOWS\cfgmgr52\ASI3FREEIPOD.bsx
C:\WINDOWS\cfgmgr52\ASI3FREEIPOD2.bsx
C:\WINDOWS\cfgmgr52\ASI3FREEXBOX.bsx
C:\WINDOWS\cfgmgr52\ASI3GC2.bsx
C:\WINDOWS\cfgmgr52\ASI3HAIRLOSS.bsx
C:\WINDOWS\cfgmgr52\ASI3HYDRO.bsx
C:\WINDOWS\cfgmgr52\ASI3KAN1.bsx
C:\WINDOWS\cfgmgr52\ASI3KAN10.bsx
C:\WINDOWS\cfgmgr52\ASI3KAN11.bsx
C:\WINDOWS\cfgmgr52\ASI3KAN12.bsx
C:\WINDOWS\cfgmgr52\ASI3KAN13.bsx
C:\WINDOWS\cfgmgr52\ASI3KAN2.bsx
C:\WINDOWS\cfgmgr52\ASI3KAN3.bsx
C:\WINDOWS\cfgmgr52\ASI3KAN4.bsx
C:\WINDOWS\cfgmgr52\ASI3KAN5.bsx
C:\WINDOWS\cfgmgr52\ASI3KAN6.bsx
C:\WINDOWS\cfgmgr52\ASI3KAN7.bsx
C:\WINDOWS\cfgmgr52\ASI3KAN8.bsx
C:\WINDOWS\cfgmgr52\ASI3KAN9.bsx
C:\WINDOWS\cfgmgr52\ASI3LEXREPAIR.bsx
C:\WINDOWS\cfgmgr52\ASI3LMOB1.bsx
C:\WINDOWS\cfgmgr52\ASI3LMOB12.bsx
C:\WINDOWS\cfgmgr52\ASI3LMOB2.bsx
C:\WINDOWS\cfgmgr52\ASI3LMOB22.bsx
C:\WINDOWS\cfgmgr52\ASI3LMORON.bsx
C:\WINDOWS\cfgmgr52\ASI3LOWRATE.bsx
C:\WINDOWS\cfgmgr52\ASI3MYDISH.bsx
C:\WINDOWS\cfgmgr52\ASI3MYINKS.bsx
C:\WINDOWS\cfgmgr52\ASI3NETFLIX.bsx
C:\WINDOWS\cfgmgr52\ASI3PARTYPOKER.bsx
C:\WINDOWS\cfgmgr52\ASI3PCHRON.bsx
C:\WINDOWS\cfgmgr52\ASI3PCHSWEEPS.bsx
C:\WINDOWS\cfgmgr52\ASI3PCHWOMEN.bsx
C:\WINDOWS\cfgmgr52\ASI3SPORTSINT.bsx
C:\WINDOWS\cfgmgr52\ASI3SUPERIOR.bsx
C:\WINDOWS\cfgmgr52\ASI3USEFULRON.bsx
C:\WINDOWS\cfgmgr52\ASI3WEIGHTL.bsx
C:\WINDOWS\cfgmgr52\ASICLRE.bsx
C:\WINDOWS\cfgmgr52\ASIEPRE.bsx
C:\WINDOWS\cfgmgr52\ASIPP.bsx
C:\WINDOWS\cfgmgr52\ASIRCPRE.bsx
C:\WINDOWS\cfgmgr52\ASISS2RE.bsx
C:\WINDOWS\cfgmgr52\ASISSRE.bsx
C:\WINDOWS\cfgmgr52\bspace.html
C:\WINDOWS\cfgmgr52\TMPC.bsx
C:\WINDOWS\cfgmgr52\TMPD.bsx
C:\WINDOWS\cfgmgr52\TMPE.bsx
C:\WINDOWS\cfgmgr52\TMPF.bsx
C:\WINDOWS\cfgmgr52\TMPFAM.bsx
C:\WINDOWS\cfgmgr52\TMPFI.bsx
C:\WINDOWS\cfgmgr52\TMPFIN.bsx
C:\WINDOWS\cfgmgr52\TMPG.bsx
C:\WINDOWS\cfgmgr52\TMPH.bsx
C:\WINDOWS\cfgmgr52\TMPHL.bsx
C:\WINDOWS\cfgmgr52\TMPJ.bsx
C:\WINDOWS\cfgmgr52\TMPM.bsx
C:\WINDOWS\cfgmgr52\TMPMTV.bsx
C:\WINDOWS\cfgmgr52\TMPN.bsx
C:\WINDOWS\cfgmgr52\TMPR.bsx
C:\WINDOWS\cfgmgr52\TMPS.bsx
C:\WINDOWS\cfgmgr52\TMPSHOP.bsx
C:\WINDOWS\cfgmgr52\TMPSP.bsx
C:\WINDOWS\cfgmgr52\TMPW.bsx
C:\WINDOWS\system32\srrstr.dll

.
((((((((((((((((((((((((( Files Created from 2008-01-13 to 2008-02-13 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-13 11:17 --------- d-----w C:\Documents and Settings\Marsha Sherbert\Application Data\SlimBrowser
2008-02-13 10:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-02-13 00:33 --------- d-----w C:\Program Files\Trend Micro
2008-02-12 23:58 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-02-12 21:50 --------- d-----w C:\Documents and Settings\Marsha Sherbert\Application Data\SUPERAntiSpyware.com
2008-02-12 21:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-12 21:49 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-12 15:11 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-02-12 14:59 --------- d-----w C:\Documents and Settings\Marsha Sherbert\Application Data\Grisoft
2008-02-12 14:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-12 13:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-10 17:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-08 23:36 --------- d-----w C:\Documents and Settings\Robert Sherbert\Application Data\AVG7
2008-02-08 21:13 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-07 15:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-06 20:56 --------- d-----w C:\Documents and Settings\Haley Sherbert\Application Data\SlimBrowser
2008-02-05 20:45 --------- d-----w C:\Documents and Settings\Haley Sherbert\Application Data\Apple Computer
2008-02-05 20:44 --------- d-----w C:\Documents and Settings\Haley Sherbert\Application Data\Yahoo!
2008-02-04 01:07 --------- d-----w C:\Documents and Settings\Robert Sherbert\Application Data\MSN6
2008-02-03 17:10 --------- d-----w C:\Program Files\QuickTime
2008-02-03 16:04 --------- d-----w C:\Documents and Settings\Robert Sherbert\Application Data\SlimBrowser
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-10-05 20:23 2,103,064 ----a-w C:\Documents and Settings\Marsha Sherbert\Application Data\PerformanceoptimizerFreeSetup[1].exe
2007-10-05 20:22 75,016 ----a-w C:\Documents and Settings\Marsha Sherbert\Application Data\PerfomanceOptimizerPre_Installer[1].exe
2006-10-22 02:06 482 ----a-w C:\Program Files\Shortcut (3) to SlimBrowser.lnk
2006-10-22 01:27 502 ----a-w C:\Program Files\Shortcut to Mozilla Firefox.lnk
2006-08-29 15:09 528 ----a-w C:\Program Files\Shortcut to Internet Explorer.lnk
2004-12-12 05:57 498 ----a-w C:\Program Files\Shortcut to SlimBrowser.lnk
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\WINDOWS\fiz0 ----

C:\WINDOWS\fiz0\

---- Directory of C:\WINDOWS\fiz2 ----

C:\WINDOWS\fiz2\

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2006-11-30 21:49 4662776]
"Magentic"="C:\PROGRA~1\Magentic\bin\Magentic.exe" [ ]
"IncrediMail"="C:\PROGRA~1\INCRED~1\bin\IncMail.exe" [ ]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45 313472]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RCScheduleCheck"="C:\Program Files\VCOM\Recovery Commander\RCSCHED.exe" [2003-06-09 17:45 151552]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-02-02 20:38 579072]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 21:32 53248]
"tgcmd"="C:\Program Files\Support.com\BellSouth\hcenter.exe" [2005-08-31 14:14 1277952]
"SoundMan"="SOUNDMAN.EXE" [2003-01-20 10:48 47104 C:\WINDOWS\soundman.exe]
"Error Nuker"="C:\Program Files\Error Nuker\bin\ErrorNuker.exe" [ ]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 22:46 57344]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-11-05 11:39 185896]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36 256576]
"NapsterShell"="C:\Program Files\Napster\napster.exe" [ ]
"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2004-07-28 23:27 53248]
"ClientGW"="" []
"eSnips"="C:\PROGRA~1\eSnips\ClientGW.exe" [2007-12-10 14:07 872448]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-25 08:06 219136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="" []
"tscuninstall"="" []

C:\Documents and Settings\Robert Sherbert\Start Menu\Programs\Startup\
Eyetide Launcher.lnk - C:\Program Files\Eyetide Media\Eyetide Viewer\EyetideController.exe [2004-07-18 17:46:15 831488]

C:\Documents and Settings\Marsha Sherbert\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 18:05:35 360448]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
APC UPS Status.lnk - C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe [2004-02-28 22:05:15 209016]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2004-08-11 02:22:40 757760]
Lexmark Connect.lnk - C:\Program Files\Lexmark\Connect\Lexmark Connect.exe [2004-09-24 03:00:24 344064]
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe [2007-10-03 13:56:10 54512]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ :\WINDOWS\system32\srrstr.dll

R1 ewido security suite driver;ewido security suite driver;C:\Program Files\ewido\security suite\guard.sys [2004-11-22 09:15]
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2002-08-28 22:59]
R3 Intels51;Creatix V.9X DSP Data Fax Modem;C:\WINDOWS\system32\DRIVERS\ctxs51.sys [2002-07-01 06:10]
S3 mxDisk;mxDisk;C:\PROGRA~1\VCOM\Fix-It\mxDisk.sys []
S3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-04 01:04]
S3 VisorUsb;Handspring USB;C:\WINDOWS\system32\DRIVERS\VisorUsb.sys [2000-03-17 14:11]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-12 20:58:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-11 08:00:00 C:\WINDOWS\Tasks\Backup.job"
- C:\WINDOWS\system32\ntbackup.exe
"2008-02-12 23:13:00 C:\WINDOWS\Tasks\Connection Manager.job"
- C:\Program Files\Outlook Express\msimn.exe
"2008-02-13 00:00:00 C:\WINDOWS\Tasks\Internet Explorer.job"
- C:\PROGRA~1\INTERN~1\iexplore.exe
"2008-02-13 10:41:19 C:\WINDOWS\Tasks\Scheduled Checkpoint.job"
- C:\Program Files\VCOM\Recovery Commander\RCSCHED.EXE
"2006-06-09 21:10:55 C:\WINDOWS\Tasks\UPS System Shutdown Program.job"
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-13 06:48:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\msdfmap.ini 1405 bytes
C:\WINDOWS\MSDraw.ini 0 bytes
C:\WINDOWS\msgsocm.log 98745 bytes
C:\WINDOWS\msnavpklog.txt 4496 bytes
C:\WINDOWS\msnsetuplog.txt 3370 bytes
C:\WINDOWS\msoffice.ini 2 bytes
C:\WINDOWS\msxml4-KB936181-enu.LOG 290070 bytes
C:\WINDOWS\msxml6-KB933579-enu-x86.LOG 510162 bytes
C:\WINDOWS\mui
C:\WINDOWS\muninst.exe 33280 bytes executable
C:\WINDOWS\NeroDigital.ini 47 bytes
C:\WINDOWS\netscape.ico 2494 bytes
C:\WINDOWS\Nircmd.exe 51200 bytes executable
C:\WINDOWS\notepad.exe 69120 bytes executable
C:\WINDOWS\nsreg.dat 0 bytes
C:\WINDOWS\nsw.log 329 bytes
C:\WINDOWS\ntbtlog.txt 1554252 bytes
C:\WINDOWS\ntdtcsetup.log 401598 bytes
C:\WINDOWS\ocgen.log 1221978 bytes
C:\WINDOWS\ocmsn.log 94610 bytes
C:\WINDOWS\ODBCINST.INI 4161 bytes
C:\WINDOWS\oeuninst.exe 33792 bytes executable
C:\WINDOWS\OEWABLog.txt 4693 bytes
C:\WINDOWS\Offline Web Pages
C:\WINDOWS\orun32.ini 802 bytes
C:\WINDOWS\streamhlp.dll 59392 bytes executable
C:\WINDOWS\Sun
C:\WINDOWS\svcpack.log 1240997 bytes
C:\WINDOWS\system.ini 256 bytes
C:\WINDOWS\System.ipe 231 bytes
C:\WINDOWS\SYSTEM.UNV 231 bytes
C:\WINDOWS\system32
C:\WINDOWS\taskman.exe 15360 bytes executable
C:\WINDOWS\Tasks
C:\WINDOWS\Temp
C:\WINDOWS\test 0 bytes
C:\WINDOWS\TLCAPPS.INI 166 bytes
C:\WINDOWS\TLCUninstall.exe 274432 bytes executable
C:\WINDOWS\TMFilter.log 360 bytes
C:\WINDOWS\TMUPDATE.DLL 507904 bytes executable
C:\WINDOWS\tmupdate.ini 269 bytes
C:\WINDOWS\tsc.exe 561316 bytes executable
C:\WINDOWS\TSC.ini 823 bytes
C:\WINDOWS\tsc.ptn 896894 bytes
C:\WINDOWS\DtcInstall.log 577 bytes
C:\WINDOWS\EHome
C:\WINDOWS\ERDNT
C:\WINDOWS\explorer.exe 1033216 bytes executable
C:\WINDOWS\explorer.scf 80 bytes
C:\WINDOWS\FaxSetup.log 1874895 bytes
C:\WINDOWS\Firefox Wallpaper.bmp 76854 bytes
C:\WINDOWS\fiz0 18839 bytes
C:\WINDOWS\fiz10 30108 bytes
C:\WINDOWS\fiz2 30172 bytes
C:\WINDOWS\fiz3 30098 bytes
C:\WINDOWS\fiz4 30123 bytes
C:\WINDOWS\fiz5 30003 bytes
C:\WINDOWS\fiz6 30070 bytes
C:\WINDOWS\fiz7 30077 bytes
C:\WINDOWS\fiz8 30047 bytes
C:\WINDOWS\fiz9 30131 bytes
C:\WINDOWS\Fonts
C:\WINDOWS\FP1_03_0_485.EXE 2242584 bytes executable
C:\WINDOWS\RtlRack.ini 169 bytes
C:\WINDOWS\runtsckl.exe 99328 bytes executable
C:\WINDOWS\SchedLgU.Txt 32568 bytes
C:\WINDOWS\security
C:\WINDOWS\ServicePackFiles
C:\WINDOWS\sessmgr.setup.log 7586 bytes
C:\WINDOWS\Config
C:\WINDOWS\Connection Wizard
C:\WINDOWS\control.ini 0 bytes
C:\WINDOWS\Cursors
C:\WINDOWS\dahotfix.log 19666 bytes
C:\WINDOWS\Debug
C:\WINDOWS\DeleteDll.bat 126 bytes
C:\WINDOWS\desktop.ini 2 bytes
C:\WINDOWS\DirectX.log 122240 bytes
C:\WINDOWS\Dit.DLL 65536 bytes executable
C:\WINDOWS\Dit.exe 73728 bytes executable
C:\WINDOWS\Dit.INI 208 bytes
C:\WINDOWS\DitExp.exe 65536 bytes executable
C:\WINDOWS\Downloaded Installations
C:\WINDOWS\Downloaded Program Files
C:\WINDOWS\Driver Cache
C:\WINDOWS\$NtUninstallKB910998$
C:\WINDOWS\$NtUninstallKB917344$
C:\WINDOWS\$NtUninstallKB922616$
C:\WINDOWS\$NtUninstallKB926247$
C:\WINDOWS\$NtUninstallKB931784$
C:\WINDOWS\$NtUninstallQ328310$
C:\WINDOWS\0.log 0 bytes
C:\WINDOWS\addins
C:\WINDOWS\alcrmv.exe 131072 bytes executable
C:\WINDOWS\alcupd.exe 208896 bytes executable
C:\WINDOWS\AolCInUn.exe 53248 bytes executable
C:\WINDOWS\AppPatch
C:\WINDOWS\APW_DATA
C:\WINDOWS\assembly
C:\WINDOWS\aucfg.ini 256 bytes
C:\WINDOWS\AuHCcup1.dll 129536 bytes executable
C:\WINDOWS\AuHCcup1.ini 116 bytes
C:\WINDOWS\auth.msm 36864 bytes executable
C:\WINDOWS\AU_Backup
C:\WINDOWS\Q329048.log 24196 bytes
C:\WINDOWS\Q329115.log 10504 bytes
C:\WINDOWS\Q329170.log 31297 bytes
C:\WINDOWS\Q329390.log 10142 bytes
C:\WINDOWS\Q329441.log 8271 bytes
C:\WINDOWS\Q329834.log 10150 bytes
C:\WINDOWS\Q330994.exe 33792 bytes executable
C:\WINDOWS\Q331953.log 34016 bytes
C:\WINDOWS\Q810243.log 1453 bytes
C:\WINDOWS\Q810565.log 22574 bytes
C:\WINDOWS\Q810577.log 24347 bytes
C:\WINDOWS\Q810833.log 21854 bytes
C:\WINDOWS\Q811493.log 6684 bytes
C:\WINDOWS\Q811630.log 28539 bytes
C:\WINDOWS\Q814033.log 10968 bytes
C:\WINDOWS\Q814995.log 39741 bytes
C:\WINDOWS\Q815021.log 7856 bytes
C:\WINDOWS\Q817287.log 3859 bytes
C:\WINDOWS\Q817606.log 17619 bytes
C:\WINDOWS\Q828026.log 9889 bytes
C:\WINDOWS\RCUninstall.EXE 45056 bytes executable
C:\WINDOWS\regedit.exe 146432 bytes executable
C:\WINDOWS\RegisteredPackages
C:\WINDOWS\Registration
C:\WINDOWS\REGLOCS.OLD 8192 bytes
C:\WINDOWS\regopt.log 3272 bytes
C:\WINDOWS\repair
C:\WINDOWS\report
C:\WINDOWS\wiaservc.log 49 bytes
C:\WINDOWS\win.ini 617 bytes
C:\WINDOWS\Win.ipe 591 bytes
C:\WINDOWS\Windows Update.log 216788 bytes
C:\WINDOWS\WindowsShell.Manifest 749 bytes
C:\WINDOWS\WindowsUpdate.log 1646149 bytes
C:\WINDOWS\winhelp.exe 256192 bytes
C:\WINDOWS\winhlp32.exe 283648 bytes executable
C:\WINDOWS\wininit.ini 82 bytes
C:\WINDOWS\winnt.bmp 48680 bytes
C:\WINDOWS\winnt256.bmp 48680 bytes
C:\WINDOWS\WinSxS
C:\WINDOWS\WMFDist11.log 30734 bytes
C:\WINDOWS\wmp11.log 24894 bytes
C:\WINDOWS\wmsetup.log 70127 bytes
C:\WINDOWS\wmsetup10.log 4433 bytes
C:\WINDOWS\WMSysPr9.prx 316640 bytes
C:\WINDOWS\WMSysPrx.prx 299552 bytes
C:\WINDOWS\WORDPAD.INI 754 bytes
C:\WINDOWS\xpsp1hfm.log 19777 bytes
C:\WINDOWS\yacs.log 17490 bytes
C:\WINDOWS\_default.pif 707 bytes
C:\WINDOWS\_detmp.1 638890 bytes
C:\WINDOWS\_detmp.2 151669 bytes executable
C:\WINDOWS\imsins.BAK 1374 bytes
C:\WINDOWS\imsins.log 1374 bytes
C:\WINDOWS\inf
C:\WINDOWS\Installer
C:\WINDOWS\Internet Logs
C:\WINDOWS\IsUninst.exe 306688 bytes executable
C:\WINDOWS\iun6002.exe 724992 bytes executable
C:\WINDOWS\jautoexp.dat 6550 bytes
C:\WINDOWS\java
C:\WINDOWS\KB817778.log 42533 bytes
C:\WINDOWS\KB820291.log 39152 bytes
C:\WINDOWS\KB821253.log 39603 bytes
C:\WINDOWS\KB821557.log 16682 bytes
C:\WINDOWS\KB822603.log 51796 bytes
C:\WINDOWS\KB823182.log 12359 bytes
C:\WINDOWS\KB823559.log 17317 bytes
C:\WINDOWS\KB824105.log 11643 bytes
C:\WINDOWS\KB824141.log 12374 bytes
C:\WINDOWS\KB824146.log 15525 bytes
C:\WINDOWS\KB825119.log 10941 bytes
C:\WINDOWS\KB826939.log 3369 bytes
C:\WINDOWS\KB826942.log 7848 bytes
C:\WINDOWS\KB828028.log 7750 bytes
C:\WINDOWS\$NtUninstallQ329048$
C:\WINDOWS\$NtUninstallQ329115$
C:\WINDOWS\$NtUninstallQ329170$
C:\WINDOWS\$NtUninstallQ329390$
C:\WINDOWS\$NtUninstallQ329441$
C:\WINDOWS\$NtUninstallQ329834$
C:\WINDOWS\$NtUninstallQ331953$
C:\WINDOWS\$NtUninstallQ810565$
C:\WINDOWS\$NtUninstallQ810577$
C:\WINDOWS\$NtUninstallQ810833$
C:\WINDOWS\$NtUninstallQ811493$
C:\WINDOWS\$NtUninstallQ814033$
C:\WINDOWS\$NtUninstallQ814995$
C:\WINDOWS\$NtUninstallQ815021$
C:\WINDOWS\$NtUninstallQ817287$
C:\WINDOWS\$NtUninstallQ817606$
C:\WINDOWS\$NtUninstallQ828026$
C:\WINDOWS\$NtUninstallWMFDist11$
C:\WINDOWS\$NtUninstallwmp11$
C:\WINDOWS\twain.dll 94784 bytes
C:\WINDOWS\twain_16.dll 24975 bytes
C:\WINDOWS\twain_32
C:\WINDOWS\twain_32.dll 50688 bytes executable
C:\WINDOWS\twunk_16.exe 49680 bytes
C:\WINDOWS\twunk_32.exe 25600 bytes executable
C:\WINDOWS\uccspecb.sys 4 bytes
C:\WINDOWS\uneng.exe 57344 bytes executable
C:\WINDOWS\unezfw.exe 53248 bytes executable
C:\WINDOWS\unins000.dat 3462 bytes
C:\WINDOWS\unins000.exe 691545 bytes executable
C:\WINDOWS\uninst.exe 299520 bytes executable
C:\WINDOWS\UninstallFirefox.exe 107134 bytes executable
C:\WINDOWS\uninstoc.exe 284160 bytes executable
C:\WINDOWS\UNZIP.DLL 69689 bytes executable
C:\WINDOWS\updspapi.log 69361 bytes
C:\WINDOWS\vb.ini 36 bytes
C:\WINDOWS\vbaddin.ini 37 bytes
C:\WINDOWS\vminst.log 2072 bytes
C:\WINDOWS\vmmreg32.dll 18944 bytes executable
C:\WINDOWS\VPTNFILE.972 9769496 bytes
C:\WINDOWS\vsapi32.dll 1036800 bytes executable
C:\WINDOWS\wanmpsvc.exe 65536 bytes executable
C:\WINDOWS\Web
C:\WINDOWS\KB828741.log 45096 bytes
C:\WINDOWS\KB828741Uninst.log 333 bytes
C:\WINDOWS\KB834707-IE6SP1-20040929.091901.log 6995 bytes
C:\WINDOWS\KB834707.log 11219 bytes
C:\WINDOWS\KB835732.log 42399 bytes
C:\WINDOWS\KB837001.log 5582 bytes
C:\WINDOWS\KB837272.log 7434 bytes
C:\WINDOWS\KB839643-DirectX9.log 3276 bytes
C:\WINDOWS\KB839645.log 9036 bytes
C:\WINDOWS\KB840315.log 5676 bytes
C:\WINDOWS\KB840374.log 17819 bytes
C:\WINDOWS\KB840987.log 14875 bytes
C:\WINDOWS\KB841873.log 7242 bytes
C:\WINDOWS\KB842773.log 18090 bytes
C:\WINDOWS\KB873333.log 213238 bytes
C:\WINDOWS\KB873339.log 227883 bytes
C:\WINDOWS\KB883939-IE6SP1-20050428.125228.log 24581 bytes
C:\WINDOWS\KB883939.log 14430 bytes
C:\WINDOWS\KB885250.log 12458 bytes
C:\WINDOWS\KB885835.log 225397 bytes
C:\WINDOWS\KB885836.log 220864 bytes
C:\WINDOWS\KB886185.log 5766 bytes
C:\WINDOWS\KB887472.log 12036 bytes
C:\WINDOWS\KB887742.log 12503 bytes
C:\WINDOWS\override.msm 20480 bytes executable
C:\WINDOWS\PANIC32.dll 45056 bytes executable
C:\WINDOWS\PANICNT.dll 40960 bytes executable
C:\WINDOWS\PATCH.EXE 286720 bytes executable
C:\WINDOWS\patchw32.dll 164864 bytes executable
C:\WINDOWS\pavsig.txt 32 bytes
C:\WINDOWS\pcconfig.dat 61 bytes
C:\WINDOWS\pcdoc.GID 8628 bytes
C:\WINDOWS\PCHealth
C:\WINDOWS\PeerNet
C:\WINDOWS\PowerReg.dat 0 bytes
C:\WINDOWS\Prefetch
C:\WINDOWS\Profiles
C:\WINDOWS\provisioning
C:\WINDOWS\pss
C:\WINDOWS\Q322011.log 41159 bytes
C:\WINDOWS\Q323255.log 23910 bytes
C:\WINDOWS\Q327979.log 43995 bytes
C:\WINDOWS\AU_Log
C:\WINDOWS\AU_Temp
C:\WINDOWS\avrack.ini 164 bytes
C:\WINDOWS\b2_t_LINKIN%20PARK+LYRICS629.xml 5696 bytes
C:\WINDOWS\b2_t_LINKIN%20PARK+LYRICS686.xml 5696 bytes
C:\WINDOWS\b2_t_RUPTURED%20EARDRUM&1.xml 5261 bytes
C:\WINDOWS\b2_t_RUPTURED%20EARDRUM&327.xml 5121 bytes
C:\WINDOWS\b2_t_RUPTURED%20EARDRUM&551.xml 5121 bytes
C:\WINDOWS\b2_t_RUPTURED%20EARDRUM&580.xml 4923 bytes
C:\WINDOWS\b2_t_RUPTURED%20EARDRUM&782.xml 4923 bytes
C:\WINDOWS\b2_t_RUPTURED%20EARDRUM&845.xml 5261 bytes
C:\WINDOWS\b2_t_WWW.MYPIGEONFORGE.COM%2FWINTRIP&783.xml 5572 bytes
C:\WINDOWS\backup
C:\WINDOWS\BellSouthLogs
C:\WINDOWS\BJCFDins.log 0 bytes
C:\WINDOWS\bootstat.dat 2048 bytes
C:\WINDOWS\BPMNT.dll 43008 bytes executable
C:\WINDOWS\cache
C:\WINDOWS\cdplayer.ini 25 bytes
C:\WINDOWS\clock.avi 82944 bytes
C:\WINDOWS\cmsetacl.log 818 bytes
C:\WINDOWS\COM+.log 7180 bytes
C:\WINDOWS\comsetup.log 615087 bytes
C:\WINDOWS\freecell.exe
C:\WINDOWS\GEARInstall.log 522 bytes
C:\WINDOWS\GetServer.ini 170 bytes
C:\WINDOWS\HCExtOutput.dll 71749 bytes executable
C:\WINDOWS\Help
C:\WINDOWS\hh.exe 10752 bytes executable
C:\WINDOWS\http.ssm 24576 bytes executable
C:\WINDOWS\I386
C:\WINDOWS\ICCLR.INF 138 bytes
C:\WINDOWS\IEPatchUninstall.log 125 bytes
C:\WINDOWS\ieuninst.exe 33792 bytes executable
C:\WINDOWS\iis6.log 274080 bytes
C:\WINDOWS\IKHGELLJ.ini 45 bytes
C:\WINDOWS\LogFiles
C:\WINDOWS\lookup.msm 20480 bytes executable
C:\WINDOWS\LPT$VPN.972 9769496 bytes
C:\WINDOWS\Matrix Code.exe 2285222 bytes executable
C:\WINDOWS\Matrix Code.scr 232784 bytes executable
C:\WINDOWS\Media
C:\WINDOWS\MEMORY.DMP 502874112 bytes
C:\WINDOWS\MF_C420.lfa 3120 bytes
C:\WINDOWS\MF_C421.lfa 3120 bytes
C:\WINDOWS\MF_C425.lfa 3120 bytes
C:\WINDOWS\mickey32.dll 29696 bytes executable
C:\WINDOWS\Microsoft.NET
C:\WINDOWS\Minidump
C:\WINDOWS\ModemLog_Creatix V.9X DSP Data Fax Modem #2.txt 10078 bytes
C:\WINDOWS\ModemLog_Creatix V.9X DSP Data Fax Modem.txt 3998 bytes
C:\WINDOWS\mozregistry.dat 335 bytes
C:\WINDOWS\mozver.dat 19308 bytes
C:\WINDOWS\msagent
C:\WINDOWS\setdebug.exe 46352 bytes executable
C:\WINDOWS\Setup.log 90 bytes
C:\WINDOWS\setupact.log 321379 bytes
C:\WINDOWS\setupapi.log 282428 bytes
C:\WINDOWS\setupapi.log.0.old 1030287 bytes
C:\WINDOWS\setuperr.log 0 bytes
C:\WINDOWS\setuplog 183 bytes
C:\WINDOWS\setuplog.txt 9796 bytes
C:\WINDOWS\SiteHelp.log 259401 bytes
C:\WINDOWS\slrundll.exe 32866 bytes executable
C:\WINDOWS\smscfg.ini 61 bytes
C:\WINDOWS\SoftwareDistribution
C:\WINDOWS\soundman.exe 47104 bytes executable
C:\WINDOWS\spuninst.log 293374 bytes
C:\WINDOWS\spupdsvc.log 122664 bytes
C:\WINDOWS\srchasst
C:\WINDOWS\KB888302.log 206291 bytes
C:\WINDOWS\KB890046.log 216312 bytes
C:\WINDOWS\KB890175.log 215792 bytes
C:\WINDOWS\KB890859.log 211088 bytes
C:\WINDOWS\KB891781.log 213546 bytes
C:\WINDOWS\KB893066.log 214641 bytes
C:\WINDOWS\KB893086.log 209296 bytes
C:\WINDOWS\KB893756.log 34089 bytes
C:\WINDOWS\KB893803v2.log 22619 bytes
C:\WINDOWS\KB894391.log 28574 bytes
C:\WINDOWS\KB896358.log 216532 bytes
C:\WINDOWS\KB896422.log 232273 bytes
C:\WINDOWS\KB896423.log 33429 bytes
C:\WINDOWS\KB896424.log 33640 bytes
C:\WINDOWS\KB896426.log 22026 bytes
C:\WINDOWS\KB896428.log 203492 bytes
C:\WINDOWS\KB896688.log 13929 bytes
C:\WINDOWS\KB897715-OE6SP1-20050503.210336.log 5374 bytes
C:\WINDOWS\KB898458.log 15252 bytes
C:\WINDOWS\KB898461.log 13238 bytes
C:\WINDOWS\KB899587.log 34485 bytes
C:\WINDOWS\KB899588.log 28753 bytes
C:\WINDOWS\KB899591.log 33984 bytes
C:\WINDOWS\KB900485.log 11064 bytes
C:\WINDOWS\KB900725.log 13257 bytes
C:\WINDOWS\KB901017.log 20871 bytes
C:\WINDOWS\KB901190.log 9795 bytes
C:\WINDOWS\KB901214.log 210703 bytes
C:\WINDOWS\KB902344.log 6850 bytes
C:\WINDOWS\KB902400.log 23109 bytes
C:\WINDOWS\KB904706.log 11108 bytes
C:\WINDOWS\KB905414.log 13461 bytes
C:\WINDOWS\KB905749.log 11750 bytes
C:\WINDOWS\$NtUninstallKB902400$
C:\WINDOWS\$NtUninstallKB904706$
C:\WINDOWS\$NtUninstallKB905414$
C:\WINDOWS\$NtUninstallKB905749$
C:\WINDOWS\$NtUninstallKB905915$
C:\WINDOWS\$NtUninstallKB908519$
C:\WINDOWS\$NtUninstallKB908531$
C:\WINDOWS\$NtUninstallKB910437$
C:\WINDOWS\KB908519.log 10046 bytes
C:\WINDOWS\KB908531.log 14925 bytes
C:\WINDOWS\KB910437.log 11296 bytes
C:\WINDOWS\KB910998.log 7200 bytes
C:\WINDOWS\KB911280.log 14254 bytes
C:\WINDOWS\KB911562.log 14174 bytes
C:\WINDOWS\KB911564.log 6907 bytes
C:\WINDOWS\KB911565.log 13968 bytes
C:\WINDOWS\KB911567.log 10533 bytes
C:\WINDOWS\KB911927.log 10655 bytes
C:\WINDOWS\KB912812.log 16083 bytes
C:\WINDOWS\KB912919.log 10963 bytes
C:\WINDOWS\KB913446.log 6691 bytes
C:\WINDOWS\KB913580.log 13446 bytes
C:\WINDOWS\KB914388.log 12246 bytes
C:\WINDOWS\KB914389.log 11373 bytes
C:\WINDOWS\KB916281.log 17375 bytes
C:\WINDOWS\$NtUninstallKB911280$
C:\WINDOWS\$NtUninstallKB911562$
C:\WINDOWS\$NtUninstallKB911564$
C:\WINDOWS\$NtUninstallKB911565$
C:\WINDOWS\$NtUninstallKB911567$
C:\WINDOWS\$NtUninstallKB911927$
C:\WINDOWS\$NtUninstallKB912812$
C:\WINDOWS\$NtUninstallKB912919$
C:\WINDOWS\$NtUninstallKB913446$
C:\WINDOWS\$NtUninstallKB913580$
C:\WINDOWS\$NtUninstallKB914388$
C:\WINDOWS\$NtUninstallKB914389$
C:\WINDOWS\$NtUninstallKB916281$
C:\WINDOWS\$NtUninstallKB916595$
C:\WINDOWS\$NtUninstallKB917159$
C:\WINDOWS\KB917159.log 11766 bytes
C:\WINDOWS\KB917344.log 14516 bytes
C:\WINDOWS\KB917422.log 11927 bytes
C:\WINDOWS\KB917734.log 11090 bytes
C:\WINDOWS\KB917953.log 14280 bytes
C:\WINDOWS\KB918118.log 13765 bytes
C:\WINDOWS\KB918439.log 14139 bytes
C:\WINDOWS\KB918899.log 18963 bytes
C:\WINDOWS\KB919007.log 11399 bytes
C:\WINDOWS\KB920213.log 15047 bytes
C:\WINDOWS\KB920214.log 15445 bytes
C:\WINDOWS\KB920670.log 11770 bytes
C:\WINDOWS\KB920683.log 12176 bytes
C:\WINDOWS\KB920685.log 11240 bytes
C:\WINDOWS\KB920872.log 12866 bytes
C:\WINDOWS\KB921398.log 15822 bytes
C:\WINDOWS\KB921503.log 14403 bytes
C:\WINDOWS\KB921883.log 22123 bytes
C:\WINDOWS\KB922582.log 7699 bytes
C:\WINDOWS\$NtUninstallKB917422$
C:\WINDOWS\$NtUninstallKB917734_WMP10$
C:\WINDOWS\$NtUninstallKB917953$
C:\WINDOWS\$NtUninstallKB918118$
C:\WINDOWS\$NtUninstallKB918439$
C:\WINDOWS\$NtUninstallKB918899$
C:\WINDOWS\$NtUninstallKB919007$
C:\WINDOWS\$NtUninstallKB920213$
C:\WINDOWS\$NtUninstallKB920214$
C:\WINDOWS\$NtUninstallKB920670$
C:\WINDOWS\$NtUninstallKB920683$
C:\WINDOWS\$NtUninstallKB920685$
C:\WINDOWS\$NtUninstallKB920872$
C:\WINDOWS\$NtUninstallKB921398$
C:\WINDOWS\$NtUninstallKB921503$
C:\WINDOWS\$NtUninstallKB921883$
C:\WINDOWS\$NtUninstallKB922582$
C:\WINDOWS\ime
C:\WINDOWS\KB828035.log 9235 bytes
C:\WINDOWS\KB888113.log 213541 bytes
C:\WINDOWS\KB896727.log 33841 bytes
C:\WINDOWS\KB905915.log 19318 bytes
C:\WINDOWS\KB916595.log 10242 bytes
C:\WINDOWS\KB922616.log 15442 bytes
C:\WINDOWS\KB926436.log 13562 bytes
C:\WINDOWS\KB933566.log 18003 bytes
C:\WINDOWS\loadhttp.dll 77824 bytes executable
C:\WINDOWS\msapps
C:\WINDOWS\orun32.isu 203083 bytes
C:\WINDOWS\Q328310.log 16121 bytes
C:\WINDOWS\Resources
C:\WINDOWS\Sti_Trace.log 0 bytes
C:\WINDOWS\tsoc.log 799660 bytes
C:\WINDOWS\wiadebug.log 159 bytes
C:\WINDOWS\$NtUninstallKB922760$
C:\WINDOWS\$NtUninstallKB922819$
C:\WINDOWS\$NtUninstallKB923191$
C:\WINDOWS\$NtUninstallKB923414$
C:\WINDOWS\$NtUninstallKB923694$
C:\WINDOWS\$NtUninstallKB923723$
C:\WINDOWS\$NtUninstallKB923980$
C:\WINDOWS\$NtUninstallKB924191$
C:\WINDOWS\$NtUninstallKB924270$
C:\WINDOWS\$NtUninstallKB924496$
C:\WINDOWS\$NtUninstallKB924667$
C:\WINDOWS\$NtUninstallKB925398_WMP64$
C:\WINDOWS\$NtUninstallKB925454$
C:\WINDOWS\$NtUninstallKB925486$
C:\WINDOWS\$NtUninstallKB925902$
C:\WINDOWS\KB922760.log 17045 bytes
C:\WINDOWS\KB922819.log 12139 bytes
C:\WINDOWS\KB923191.log 8669 bytes
C:\WINDOWS\KB923414.log 11326 bytes
C:\WINDOWS\KB923694.log 10943 bytes
C:\WINDOWS\KB923723.log 7308 bytes
C:\WINDOWS\KB923980.log 16163 bytes
C:\WINDOWS\KB924191.log 12338 bytes
C:\WINDOWS\KB924270.log 16165 bytes
C:\WINDOWS\KB924496.log 11314 bytes
C:\WINDOWS\KB924667.log 11601 bytes
C:\WINDOWS\KB925398.log 8892 bytes
C:\WINDOWS\KB925454.log 17783 bytes
C:\WINDOWS\KB925486.log 10504 bytes
C:\WINDOWS\KB925902.log 17318 bytes
C:\WINDOWS\KB926247.log 10619 bytes
C:\WINDOWS\KB926255.log 11204 bytes
C:\WINDOWS\$NtUninstallKB926255$
C:\WINDOWS\$NtUninstallKB926436$
C:\WINDOWS\$NtUninstallKB927779$
C:\WINDOWS\$NtUninstallKB927802$
C:\WINDOWS\$NtUninstallKB927891$
C:\WINDOWS\$NtUninstallKB928090$
C:\WINDOWS\$NtUninstallKB928255$
C:\WINDOWS\$NtUninstallKB928843$
C:\WINDOWS\$NtUninstallKB929123$
C:\WINDOWS\$NtUninstallKB929338$
C:\WINDOWS\$NtUninstallKB929969$
C:\WINDOWS\$NtUninstallKB930178$
C:\WINDOWS\$NtUninstallKB930916$
C:\WINDOWS\$NtUninstallKB931261$
C:\WINDOWS\$NtUninstallKB931768$
C:\WINDOWS\KB927779.log 18342 bytes
C:\WINDOWS\KB927802.log 15435 bytes
C:\WINDOWS\KB927891.log 7579 bytes
C:\WINDOWS\KB928090.log 17891 bytes
C:\WINDOWS\KB928255.log 15134 bytes
C:\WINDOWS\KB928843.log 10510 bytes
C:\WINDOWS\KB929123.log 11652 bytes
C:\WINDOWS\KB929338.log 16576 bytes
C:\WINDOWS\KB929969.log 10514 bytes
C:\WINDOWS\KB930178.log 12526 bytes
C:\WINDOWS\KB930916.log 10528 bytes
C:\WINDOWS\KB931261.log 12223 bytes
C:\WINDOWS\KB931768.log 15472 bytes
C:\WINDOWS\KB931784.log 14071 bytes
C:\WINDOWS\KB931836.log 24090 bytes
C:\WINDOWS\KB932168.log 12328 bytes
C:\WINDOWS\KB933360.log 21443 bytes
C:\WINDOWS\$NtUninstallKB931836$
C:\WINDOWS\$NtUninstallKB932168$
C:\WINDOWS\$NtUninstallKB933360$
C:\WINDOWS\$NtUninstallKB933566$
C:\WINDOWS\$NtUninstallKB933729$
C:\WINDOWS\$NtUninstallKB935839$
C:\WINDOWS\$NtUninstallKB935840$
C:\WINDOWS\$NtUninstallKB936021$
C:\WINDOWS\$NtUninstallKB936357$
C:\WINDOWS\$NtUninstallKB937143$
C:\WINDOWS\$NtUninstallKB938127$
C:\WINDOWS\$NtUninstallKB938828$
C:\WINDOWS\$NtUninstallKB938829$
C:\WINDOWS\$NtUninstallKB939653$
C:\WINDOWS\$NtUninstallKB941202$
C:\WINDOWS\$NtUninstallKB941568$
C:\WINDOWS\$NtUninstallKB941644$
C:\WINDOWS\$NtUninstallKB942615$
C:\WINDOWS\$NtUninstallKB942763$
C:\WINDOWS\$NtUninstallKB942840$
C:\WINDOWS\$NtUninstallKB943055$
C:\WINDOWS\$NtUninstallKB943460$
C:\WINDOWS\$NtUninstallKB943485$
C:\WINDOWS\$NtUninstallKB944533$
C:\WINDOWS\$NtUninstallKB944653$
C:\WINDOWS\$NtUninstallKB946026$
C:\WINDOWS\$NtUninstallKB946627$
C:\WINDOWS\$NtUninstallQ322011$
C:\WINDOWS\$NtUninstallQ327979$
C:\WINDOWS\KB933729.log 10192 bytes
C:\WINDOWS\KB935839.log 10978 bytes
C:\WINDOWS\KB935840.log 10983 bytes
C:\WINDOWS\KB936021.log 15140 bytes
C:\WINDOWS\KB936357.log 11374 bytes
C:\WINDOWS\KB937143.log 17754 bytes
C:\WINDOWS\KB938127.log 13973 bytes
C:\WINDOWS\KB938828.log 14324 bytes
C:\WINDOWS\KB938829.log 14200 bytes
C:\WINDOWS\KB939653.log 17400 bytes
C:\WINDOWS\KB941202.log 10036 bytes
C:\WINDOWS\KB941568.log 19579 bytes
C:\WINDOWS\KB941644.log 19918 bytes
C:\WINDOWS\KB942615.log 22787 bytes
C:\WINDOWS\KB942763.log 31823 bytes
C:\WINDOWS\KB942840.log 20693 bytes
C:\WINDOWS\KB943055.log 11638 bytes
C:\WINDOWS\KB943460.log 7772 bytes
C:\WINDOWS\KB943485.log 19812 bytes
C:\WINDOWS\KB944533.log 18252 bytes
C:\WINDOWS\KB944653.log 15274 bytes
C:\WINDOWS\KB946026.log 14593 bytes
C:\WINDOWS\KB946627.log 5915 bytes
C:\WINDOWS\LEXSTAT.INI 999 bytes

scan completed successfully
hidden files: 577

**************************************************************************
.
Completion time: 2008-02-13 6:57:40
ComboFix-quarantined-files.txt 2008-02-13 11:57:19
ComboFix2.txt 2008-02-13 04:03:25
.
2008-02-13 08:08:11 --- E O F ---

HijackThis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:04:28 AM, on 2/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\PROGRA~1\eSnips\ClientGW.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Lexmark\Connect\Lexmark Connect.exe
C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\SlimBrowser\sbrowser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.bellsouth.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: eSnips - {ED1184DA-E57E-4480-99D0-A16809037F54} - C:\PROGRA~1\eSnips\SnipBar.dll
O4 - HKLM\..\Run: [RCScheduleCheck] C:\Program Files\VCOM\Recovery Commander\RCSCHED.EXE -CHECK
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Error Nuker] C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [eSnips] "C:\PROGRA~1\eSnips\ClientGW.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Lexmark Connect.lnk = C:\Program Files\Lexmark\Connect\Lexmark Connect.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &Search - ?p=ZU
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Snip to my eSnips account - C:\Program Files\eSnips\res\SnipIt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: TREND MICRO HouseCall - {2B5EA4F8-620A-4A8B-B003-4C8C5EBEA826} - http://uk.trendmicro...usecall_pre.php (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: PD - {CD7CF288-D72E-4176-9E92-67188C5CCE5B} - C:\Program Files\Popup Defender\pd.exe (file missing)
O9 - Extra button: Messenger - {DECDBEEF-D3AD-B3EF-DE4D-B3EFDEADB3EF} - C:\Program Files\BellSouth\Communications Suite\BstMessenger.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ChatSpace Full Java Client 3.1.0.235 - http://irc.chatway.c...va/cfs31235.cab
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct2_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.game...ts/y/dot8_x.cab
O16 - DPF: Yahoo! Fleet - http://download.game...s/y/fltt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.fasta...oad/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1A4DA620-6217-11CF-BE62-0080C72EDD2D} (MarqueeCtl Object) - http://activex.micro...x86/marquee.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.co...UC/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1122075270763
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1122075778884
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} - http://de.trendmicro...eCallButton.CAB
O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} - file://F:\Content\include\msSecUcd.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} - http://games-dl.real...ArcadeRdxIE.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} - https://www.stopzill...ller/dwnldr.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Devi

#8
Desperate1

Posted 13 February 2008 - 06:12 AM

Member

Topic Starter
Member
29 posts

Here is another copy of my HijackThis Log. I don't think I pasted it all in the the previous reply.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:04:28 AM, on 2/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\PROGRA~1\eSnips\ClientGW.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Lexmark\Connect\Lexmark Connect.exe
C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\SlimBrowser\sbrowser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.bellsouth.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: eSnips - {ED1184DA-E57E-4480-99D0-A16809037F54} - C:\PROGRA~1\eSnips\SnipBar.dll
O4 - HKLM\..\Run: [RCScheduleCheck] C:\Program Files\VCOM\Recovery Commander\RCSCHED.EXE -CHECK
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Error Nuker] C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [eSnips] "C:\PROGRA~1\eSnips\ClientGW.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Lexmark Connect.lnk = C:\Program Files\Lexmark\Connect\Lexmark Connect.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &Search - ?p=ZU
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Snip to my eSnips account - C:\Program Files\eSnips\res\SnipIt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: TREND MICRO HouseCall - {2B5EA4F8-620A-4A8B-B003-4C8C5EBEA826} - http://uk.trendmicro...usecall_pre.php (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: PD - {CD7CF288-D72E-4176-9E92-67188C5CCE5B} - C:\Program Files\Popup Defender\pd.exe (file missing)
O9 - Extra button: Messenger - {DECDBEEF-D3AD-B3EF-DE4D-B3EFDEADB3EF} - C:\Program Files\BellSouth\Communications Suite\BstMessenger.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ChatSpace Full Java Client 3.1.0.235 - http://irc.chatway.c...va/cfs31235.cab
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct2_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.game...ts/y/dot8_x.cab
O16 - DPF: Yahoo! Fleet - http://download.game...s/y/fltt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.fasta...oad/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1A4DA620-6217-11CF-BE62-0080C72EDD2D} (MarqueeCtl Object) - http://activex.micro...x86/marquee.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.co...UC/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1122075270763
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1122075778884
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} - http://de.trendmicro...eCallButton.CAB
O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} - file://F:\Content\include\msSecUcd.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} - http://games-dl.real...ArcadeRdxIE.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} - https://www.stopzill...ller/dwnldr.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 13709 bytes

#9
kahdah

Posted 13 February 2008 - 06:57 PM

GeekU Teacher

Retired Staff
15,822 posts

You are welcome and that is strange.
===========================
Please open up Notepad and copy all of the items in the code box below.
Change the "Save As Type" to "All Files". Save it as fixthis.reg on your Desktop.

REGEDIT4

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00

Now double-click fixthis.reg.
A window will come up asking if you want to let it merge with the registry.
Click yes.
======================
After that please re-open Hijackthis and click on "Do a system scan only"
Then place a check mark next to these entries below:

O8 - Extra context menu item: &Search - ?p=ZU

Now click on Fix Checked and then close Hijackthis.
===================================
Please do an online scan with Kaspersky WebScanner
(This scanner is for use with internet explorer only)
Click on "Accept"

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
- Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.

#10
Desperate1

Posted 13 February 2008 - 10:02 PM

Member

Topic Starter
Member
29 posts

KASPERSKY ONLINE SCANNER REPORT
Wednesday, February 13, 2008 10:54:52 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 14/02/2008
Kaspersky Anti-Virus database records: 564716
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
Scan Statistics
Total number of scanned objects 94688
Number of viruses found 7
Number of infected objects 14
Number of suspicious objects 2
Duration of the scan process 01:48:01

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\PerformanceOptimizer24.zip/PoChk.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\PerformanceOptimizer24.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Marsha Sherbert\Application Data\PerfomanceOptimizerPre_Installer[1].exe Infected: not-a-virus:FraudTool.Win32.PerfomanceOptimizer.a skipped
C:\Documents and Settings\Marsha Sherbert\Application Data\PerformanceoptimizerFreeSetup[1].exe/stream/data0013 Infected: not-a-virus:FraudTool.Win32.PerfomanceOptimizer.a skipped
C:\Documents and Settings\Marsha Sherbert\Application Data\PerformanceoptimizerFreeSetup[1].exe/stream/data0014 Infected: not-a-virus:FraudTool.Win32.PerfomanceOptimizer.a skipped
C:\Documents and Settings\Marsha Sherbert\Application Data\PerformanceoptimizerFreeSetup[1].exe/stream/data0038 Infected: not-a-virus:FraudTool.Win32.PerfomanceOptimizer.a skipped
C:\Documents and Settings\Marsha Sherbert\Application Data\PerformanceoptimizerFreeSetup[1].exe/stream/data0040 Infected: not-a-virus:FraudTool.Win32.PerfomanceOptimizer.a skipped
C:\Documents and Settings\Marsha Sherbert\Application Data\PerformanceoptimizerFreeSetup[1].exe/stream Infected: not-a-virus:FraudTool.Win32.PerfomanceOptimizer.a skipped
C:\Documents and Settings\Marsha Sherbert\Application Data\PerformanceoptimizerFreeSetup[1].exe NSIS: infected - 5 skipped
C:\Documents and Settings\Marsha Sherbert\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Marsha Sherbert\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Marsha Sherbert\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Marsha Sherbert\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Marsha Sherbert\Local Settings\Temp\~DF3C96.tmp Object is locked skipped
C:\Documents and Settings\Marsha Sherbert\Local Settings\Temp\~DFDE0D.tmp Object is locked skipped
C:\Documents and Settings\Marsha Sherbert\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Marsha Sherbert\ntuser.dat Object is locked skipped
C:\Documents and Settings\Marsha Sherbert\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Robert Sherbert\Desktop\Unused Desktop Shortcuts\EyetideInstallerF.exe/WISE0008.BIN/clientax.dll Infected: not-a-virus:AdWare.Win32.180Solutions.ao skipped
C:\Documents and Settings\Robert Sherbert\Desktop\Unused Desktop Shortcuts\EyetideInstallerF.exe/WISE0008.BIN Infected: not-a-virus:AdWare.Win32.180Solutions.ao skipped
C:\Documents and Settings\Robert Sherbert\Desktop\Unused Desktop Shortcuts\EyetideInstallerF.exe WiseSFX: infected - 2 skipped
C:\Program Files\Audible\Admin\atm.log Object is locked skipped
C:\Program Files\Audible\Bin\ADMDebug.log Object is locked skipped
C:\Program Files\Eyetide Media\Eyetide Viewer\s4Setp.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bu skipped
C:\Program Files\IncrediMail\bin\IncrediMail_Install.exe Infected: not-a-virus:Downloader.Win32.ImLoader.c skipped
C:\Program Files\Kodak\Kodak EasyShare software\Catalog\EasyShare.me Object is locked skipped
C:\Program Files\Kodak\Kodak EasyShare software\Catalog\EasyShare.mm Object is locked skipped
C:\Program Files\Mozilla Firefox\plugins\NPMyGlSh.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped
C:\Program Files\Palm\SherbeR\HotSync.Log Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\20050723000111.zip Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqCB.tmp\libexpat.dll Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqdb.dat Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqsdb.dat Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{F091800C-3654-4122-8C7E-BA0B6A15115D}\RP1081\A0176992.dll Infected: Trojan.Win32.Crypt.t skipped
C:\System Volume Information\_restore{F091800C-3654-4122-8C7E-BA0B6A15115D}\RP1088\change.log Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\dhcpcsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\ndis.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\ndisuio.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\netshell.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\wzcdlg.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\wzcsapi.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\wzcsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\dao360.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\expsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msexch40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjet40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjetol1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjint40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjter40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msltus40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mspbde40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrd2x40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrd3x40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrepl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mstext40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mswdat10.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mswstr10.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msxbde40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\vbajet32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\fldrclnr.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\shell32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\shlwapi.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\sxs.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\xpsp2res.dll Object is locked skipped
D:\System Volume Information\_restore{F091800C-3654-4122-8C7E-BA0B6A15115D}\RP1088\change.log Object is locked skipped
Scan process completed.

Attached Files

Kasperskyscan.html 46.3KB 7 downloads

#11
kahdah

Posted 14 February 2008 - 03:13 AM

GeekU Teacher

Retired Staff
15,822 posts

1. Please open Notepad

Click Start , then Run
type in notepad in the Run Box then hit ok.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\Documents and Settings\Marsha Sherbert\Application Data\PerfomanceOptimizerPre_Installer[1].exe 
C:\Documents and Settings\Robert Sherbert\Desktop\Unused Desktop Shortcuts\EyetideInstallerF.exe 
C:\Program Files\IncrediMail\bin\IncrediMail_Install.exe 
C:\Program Files\Mozilla Firefox\plugins\NPMyGlSh.dll 
Folder::
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\PerformanceOptimizer24.zip
C:\Program Files\Eyetide Media

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt
A new HijackThis log.

#12
Desperate1

Posted 14 February 2008 - 06:06 AM

Member

Topic Starter
Member
29 posts

ComboFix Log

ComboFix 08-02-13.2 - Marsha Sherbert 2008-02-14 5:50:53.3 - NTFSx86
Running from: C:\Documents and Settings\Marsha Sherbert\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Marsha Sherbert\Desktop\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\Documents and Settings\Marsha Sherbert\Application Data\PerfomanceOptimizerPre_Installer[1].exe
C:\Documents and Settings\Robert Sherbert\Desktop\Unused Desktop Shortcuts\EyetideInstallerF.exe
C:\Program Files\IncrediMail\bin\IncrediMail_Install.exe
C:\Program Files\Mozilla Firefox\plugins\NPMyGlSh.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026817.iaf
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\PerformanceOptimizer24.zip\
C:\Documents and Settings\Marsha Sherbert\Application Data\PerfomanceOptimizerPre_Installer[1].exe
C:\Documents and Settings\Robert Sherbert\Desktop\Unused Desktop Shortcuts\EyetideInstallerF.exe
C:\Program Files\Eyetide Media\Eyetide Viewer\_ISource.dll
C:\Program Files\Eyetide Media\Eyetide Viewer\AOD\aol.ini
C:\Program Files\Eyetide Media\Eyetide Viewer\AOD\aol\circle_f1.ico
C:\Program Files\Eyetide Media\Eyetide Viewer\AOD\AolOnDesktop.exe
C:\Program Files\Eyetide Media\Eyetide Viewer\AOD\soaf\Man_sign1.ico
C:\Program Files\Eyetide Media\Eyetide Viewer\BoxGreetingsNotify.png
C:\Program Files\Eyetide Media\Eyetide Viewer\CategoryList.elf
C:\Program Files\Eyetide Media\Eyetide Viewer\CenturyGothic10.eft
C:\Program Files\Eyetide Media\Eyetide Viewer\CenturyGothic12.eft
C:\Program Files\Eyetide Media\Eyetide Viewer\CenturyGothic14.eft
C:\Program Files\Eyetide Media\Eyetide Viewer\CloseController.exe
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\0\1026413.eye
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\0\1026413.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\0\1026527.eye
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\0\1026527.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\0\1026559.eye
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\0\1026559.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\0\1026587.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\0\1026703.eye
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\0\1026703.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\0\1026776.eye
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\0\1026776.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\0\1026778.eye
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\0\1026778.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\0\1026865.eye
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\0\1026865.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\0\1026884.eye
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\0\1026884.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\0\1026892.eye
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\0\1026892.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\0\1026902.eye
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\0\1026902.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\0\1027092.eye
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\0\1027092.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\0\1027102.eye
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\0\1027102.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\0\1027110.eye
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\0\1027110.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\0\1027112.eye
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\0\1027112.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\0\1027116.eye
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\0\1027116.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\0\1027118.eye
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\0\1027118.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\0\1380270.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\0\1380272.eye
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\0\1380272.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\0\1380283.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\0\1381395.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\0\1381398.eye
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\0\1381398.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\0\1381400.eye
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\0\1381400.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\0\1381401.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\0\1383894.eye
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\0\1383894.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\0\1388898.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\0\1388900.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\0\1404256.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\0\1404257.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\0\1410642.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\0\1415537.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\0\1419574.eye
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\0\1419574.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\0\1428944.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\0\1433185.eye
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\0\1433185.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\0\1450057.eye
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\0\1450057.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\0\1450059.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\0\1477025.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\0\1477026.eye
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\0\1477026.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\0\1486132.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\0\1501641.eye
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\0\1501641.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\0\1501643.eye
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\0\1501643.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\0\1501651.eye
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\0\1501651.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\0\1513077.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\0\1513079.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\0\1543014.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\0\1662269.eye
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\0\1662269.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\0\1662271.eye
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\0\1662271.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\0\1662273.eye
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\0\1662273.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\0\1662276.eye
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\0\1662276.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\0\939444.eye
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\0\939444.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\102274\1070940.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\102274\1113295.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\102274\1142481.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\102274\1255044.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\102274\1296220.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1378487.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1378488.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1378492.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1378493.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1378494.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1378495.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1378496.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1383882.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1383883.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1383884.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1383885.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1383890.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1383895.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1383896.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1383897.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1383898.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1388891.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1388897.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1388899.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1388901.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1388902.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1399399.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1399400.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1399401.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1399402.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1404254.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1404255.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1404258.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1404259.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1404264.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1404265.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1410633.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1410634.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1410635.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1410636.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1410637.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1410640.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1410641.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1410643.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1410644.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1410645.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1410646.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1410647.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1415527.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1415528.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1415529.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1415530.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1415531.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1415532.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1415533.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1415534.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1415536.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1415538.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1415539.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1415540.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1419573.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1419575.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1419576.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1419577.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1419578.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1419581.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1419582.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1419583.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1428939.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1428940.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1428941.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1428942.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1428943.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1428945.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1428946.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1428947.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1428948.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1428949.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1428950.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1428951.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1433183.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1433184.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1433186.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1433187.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1433188.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1433189.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1438284.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1438287.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1438289.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1438296.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1438297.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1445714.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1445715.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1445718.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1445719.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1445720.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1445721.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1445722.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1445723.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1445724.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1445725.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1450058.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1450060.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1450061.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1450062.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1450066.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1454995.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1461175.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1461176.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1461178.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1461179.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1461180.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1461181.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1461182.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1461184.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1461193.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1461197.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1461198.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1461199.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1461200.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1461201.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1466468.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1466469.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1466470.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1466471.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1466472.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1466473.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1466476.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1466479.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1466480.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1466481.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1470163.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1470164.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1470165.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1470166.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1470171.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1470172.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1477022.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1477023.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1477024.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1477027.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1477028.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1477029.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1477030.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1477031.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1477032.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1486133.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1486134.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1486135.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1486136.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1486137.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1486138.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1486139.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1486140.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1486141.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1488077.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1488078.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1488079.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1488080.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1488081.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1488085.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1488090.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1488093.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1488095.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1488097.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1492968.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1492970.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1492972.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1492973.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1492976.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1492978.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1492980.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1492983.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1492990.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1492993.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1501634.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1501635.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1501636.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1501637.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1501638.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1501639.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1501640.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1501642.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1501644.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1501645.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1501646.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1501647.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1501648.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1501649.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1501652.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1501653.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1501654.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1501655.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1501656.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1501657.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1501658.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1501659.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1506045.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1506046.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1506047.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1506048.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1506049.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1506050.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1506051.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1506055.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1506056.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1508145.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1508149.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1513073.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1513074.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1513075.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1513076.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1513078.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1515779.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1515780.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1515781.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1515782.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1516816.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1516817.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1516818.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1516819.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1516820.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1516821.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1516822.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1516823.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1516824.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1516825.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1516826.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1519123.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1519124.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1519125.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1519126.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1523269.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1523270.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1523271.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1523272.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1523273.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1523274.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1523275.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1523276.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1523277.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1531252.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1538269.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1538274.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1543009.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1543010.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1543011.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1543012.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1543013.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\123895\1543015.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\124133\1380267.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\124133\1380268.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\124133\1380269.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\124133\1380271.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\124133\1380273.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\124133\1380274.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\124133\1380275.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\124133\1380276.eye
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\124133\1380276.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\124133\1380277.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\124133\1380278.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\124133\1380279.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\124133\1380280.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\124133\1380281.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\124133\1380282.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\124271\1381391.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\124271\1381392.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\124271\1381393.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\124271\1381394.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\124271\1381396.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\124271\1381397.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\124271\1381399.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\124271\1381402.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\124271\1381403.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\124271\1381404.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\131438\1469666.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\131438\1469667.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\131438\1469668.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\131438\1469669.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\131438\1469670.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\131438\1469671.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\131438\1469673.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\131438\1469677.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\137995\1556698.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\137995\1556699.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\137995\1556700.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\137995\1556701.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\137995\1556702.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\137995\1556703.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\137995\1556704.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\137995\1556705.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\137995\1556706.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\137995\1556707.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\137995\1619425.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\137995\1619426.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\137995\1619427.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\140268\1662241.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\140268\1662242.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\140268\1662243.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\140268\1662253.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\140268\1662256.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\140268\1662272.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\140268\1662274.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\140268\1662275.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\14883\545536.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\14883\622701.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\14883\701585.eye
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\14883\701585.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\14883\735560.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\14883\798480.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\14883\820317.eye
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\14883\820317.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\14883\854709.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99773\1026347.eye
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99773\1026347.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99773\1026348.eye
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99773\1026348.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99773\1026359.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99773\1026411.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99773\1026412.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99773\1026414.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99773\1026463.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99773\1026468.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99773\1026470.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99773\1026477.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99773\1026479.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026518.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026519.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026521.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026522.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026523.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026524.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026525.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026526.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026528.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026529.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026530.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026531.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026532.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026533.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026534.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026535.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026536.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026538.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026539.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026540.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026541.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026542.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026543.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026544.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026545.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026546.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026560.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026561.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026585.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026588.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026589.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026590.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026591.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026608.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026609.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026610.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026611.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026612.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026613.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026614.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026615.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026616.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026617.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026618.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026619.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026620.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026621.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026622.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026623.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026624.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026625.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026629.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026630.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026631.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026632.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026633.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026634.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026635.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026636.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026637.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026638.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026639.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026640.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026652.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026653.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026654.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026655.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026656.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026657.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026658.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026659.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026660.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026661.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026662.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026663.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026664.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026665.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026666.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026667.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026668.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026669.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026684.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026698.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026700.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026701.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026702.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026704.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026705.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026706.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026707.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026708.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026709.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026710.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026711.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026712.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026713.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026735.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026736.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026737.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026738.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026774.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026775.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026777.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026779.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026780.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026781.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026782.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026783.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026784.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026816.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026817.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026818.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026819.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Images\99774\1026820.iaf
C:\Program Files\Eyetide Media\Eyetide Viewer\Content\Ima

#13
Desperate1

Posted 14 February 2008 - 06:09 AM

Member

Topic Starter
Member
29 posts

Hijackthis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:02:34 AM, on 2/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\PROGRA~1\eSnips\ClientGW.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.bellsouth.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: eSnips - {ED1184DA-E57E-4480-99D0-A16809037F54} - C:\PROGRA~1\eSnips\SnipBar.dll
O4 - HKLM\..\Run: [RCScheduleCheck] C:\Program Files\VCOM\Recovery Commander\RCSCHED.EXE -CHECK
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Error Nuker] C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [eSnips] "C:\PROGRA~1\eSnips\ClientGW.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Lexmark Connect.lnk = C:\Program Files\Lexmark\Connect\Lexmark Connect.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Snip to my eSnips account - C:\Program Files\eSnips\res\SnipIt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: TREND MICRO HouseCall - {2B5EA4F8-620A-4A8B-B003-4C8C5EBEA826} - http://uk.trendmicro...usecall_pre.php (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: PD - {CD7CF288-D72E-4176-9E92-67188C5CCE5B} - C:\Program Files\Popup Defender\pd.exe (file missing)
O9 - Extra button: Messenger - {DECDBEEF-D3AD-B3EF-DE4D-B3EFDEADB3EF} - C:\Program Files\BellSouth\Communications Suite\BstMessenger.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ChatSpace Full Java Client 3.1.0.235 - http://irc.chatway.c...va/cfs31235.cab
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct2_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.game...ts/y/dot8_x.cab
O16 - DPF: Yahoo! Fleet - http://download.game...s/y/fltt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.fasta...oad/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1A4DA620-6217-11CF-BE62-0080C72EDD2D} (MarqueeCtl Object) - http://activex.micro...x86/marquee.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.co...UC/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1122075270763
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1122075778884
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} - http://de.trendmicro...eCallButton.CAB
O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} - file://F:\Content\include\msSecUcd.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} - http://games-dl.real...ArcadeRdxIE.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} - https://www.stopzill...ller/dwnldr.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 13310 bytes

#14
kahdah

Posted 14 February 2008 - 11:54 AM

GeekU Teacher

Retired Staff
15,822 posts

Time for some housekeeping

Click START then RUN
Now type Combofix /u in the runbox and click OK
The above procedure will:
Delete the following:
- ComboFix and its associated files and folders.
- VundoFix backups, if present
- The C:\Deckard folder, if present
- The C:_OtMoveIt folder, if present
Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Clean System Restore points.

Also delete anything that we used that is left over.
=================================
After that Your log is clean.

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein ->Here

#15
Desperate1

Posted 14 February 2008 - 01:30 PM

Member

Topic Starter
Member
29 posts

Thank You Kahdah! You have been a life saver!

My computer is not turtle slow anymore. It still doesn't seem as fast as it use to be, but it's way better than before. If you have any recommendations that could help, I would be very appreciative.

If you don't mind would you take a look at a new Hijackthis. Log?

I just want to be 100% sure before I download Service pack 2.

Thanks a Bunch for your time and effort!

Hijackthis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:11:38 PM, on 2/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\PROGRA~1\eSnips\ClientGW.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\lexpps.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Lexmark\Connect\Lexmark Connect.exe
C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.bellsouth.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: eSnips - {ED1184DA-E57E-4480-99D0-A16809037F54} - C:\PROGRA~1\eSnips\SnipBar.dll
O4 - HKLM\..\Run: [RCScheduleCheck] C:\Program Files\VCOM\Recovery Commander\RCSCHED.EXE -CHECK
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Error Nuker] C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [eSnips] "C:\PROGRA~1\eSnips\ClientGW.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Lexmark Connect.lnk = C:\Program Files\Lexmark\Connect\Lexmark Connect.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Snip to my eSnips account - C:\Program Files\eSnips\res\SnipIt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: TREND MICRO HouseCall - {2B5EA4F8-620A-4A8B-B003-4C8C5EBEA826} - http://uk.trendmicro...usecall_pre.php (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: PD - {CD7CF288-D72E-4176-9E92-67188C5CCE5B} - C:\Program Files\Popup Defender\pd.exe (file missing)
O9 - Extra button: Messenger - {DECDBEEF-D3AD-B3EF-DE4D-B3EFDEADB3EF} - C:\Program Files\BellSouth\Communications Suite\BstMessenger.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ChatSpace Full Java Client 3.1.0.235 - http://irc.chatway.c...va/cfs31235.cab
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct2_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.game...ts/y/dot8_x.cab
O16 - DPF: Yahoo! Fleet - http://download.game...s/y/fltt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.fasta...oad/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1A4DA620-6217-11CF-BE62-0080C72EDD2D} (MarqueeCtl Object) - http://activex.micro...x86/marquee.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.co...UC/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1122075270763
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1122075778884
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} - http://de.trendmicro...eCallButton.CAB
O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} - file://F:\Content\include\msSecUcd.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} - http://games-dl.real...ArcadeRdxIE.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} - https://www.stopzill...ller/dwnldr.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 13763 bytes