[tracei]

I am at work out of town until Friday but I will do these things then. Thank you so much. Tracei

[Advertisements]

OK

[heir]

OK

[tracei]

I came home a day early so here are the logs......the internet explorer is still popping.

OTListIt logfile created on: 5/7/2009 7:07:43 PM - Run 2
OTListIt2 by OldTimer - Version 2.0.15.3 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.48 Mb Total Physical Memory | 138.92 Mb Available Physical Memory | 31.11% Memory free
1.03 Gb Paging File | 0.76 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.06 Gb Total Space | 118.28 Gb Free Space | 81.54% Space Free | Partition Type: NTFS
Drive D: | 3.98 Gb Total Space | 2.16 Gb Free Space | 54.33% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 1.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive K: | 17.59 Mb Total Space | 17.30 Mb Free Space | 98.34% Space Free | Partition Type: FAT

Computer Name: YOUR-7C60552B9E
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe (The Nielsen Company)
PRC - C:\Program Files\ACNielsen\Homescan Internet Transporter\HSTrans.exe (ACNielsen)
PRC - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
PRC - C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe (The Nielsen Company)
PRC - C:\Documents and Settings\Owner\Application Data\mjusbsp\magicJack.exe (magicJack L.P.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Owner\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AOL ACS [Disabled | Stopped]) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (America Online)
SRV - (AOL TopSpeedMonitor [Disabled | Stopped]) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe (America Online, Inc)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (dvpapi [Disabled | Stopped]) -- C:\Program Files\Common Files\Command Software\dvpapi.exe (Command Software Systems, Inc.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (MDM [Disabled | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (ose [Disabled | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [Disabled | Stopped]) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (PrismXL [Disabled | Stopped]) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)
SRV - (SupportSoft RemoteAssist [Disabled | Stopped]) -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe (SupportSoft, Inc.)
SRV - (usnsvc [On_Demand | Stopped]) -- C:\Program Files\MSN Messenger\usnsvc.dll (Microsoft Corporation)
SRV - (WinDefend [Disabled | Stopped]) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [Disabled | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (YahooAUService [Disabled | Stopped]) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

========== Driver Services (SafeList) ==========

DRV - (AFS2K [System | Running]) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (ALCXSENS [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura)
DRV - (ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (AliIde [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (asc [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AvgLdx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (catchme [Disabled | Running]) -- File not found
DRV - (CmdIde [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (CSS DVP [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\css-dvp.sys (Command Software Systems, Inc.)
DRV - (dac2w2k [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (DCamUSBSQTECH [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SQcaptur.sys (Service & Quality Technology.)
DRV - (FTDIBUS [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (FTSER2K [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ftser2k.sys (FTDI Ltd.)
DRV - (HPZid412 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP)
DRV - (HSFHWBS2 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (HSF_DP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (km_filter [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\km_filter.sys (The Nielsen Company)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (motccgp [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\motccgp.sys (Motorola)
DRV - (motccgpfl [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\motccgpfl.sys (Motorola)
DRV - (motmodem [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\motmodem.sys (Motorola)
DRV - (motport [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\motport.sys (Motorola)
DRV - (mraid35x [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (mxnic [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mxnic.sys (Macronix International Co., Ltd. )
DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (ql1080 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (RTL8023 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys (Realtek Semiconductor Corporation )
DRV - (rtl8139 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Running]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (Sparrow [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (SunkFilt [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\sunkfilt.sys (Alcor Micro Corp.)
DRV - (symc810 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_hi [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (tmcomm [Auto | Running]) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (ultra [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (usbaudio [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (viagfx [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\vtmini.sys (Copyright © VIA/S3 Graphics Co, Ltd.)
DRV - (wanatw [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\wanatw4.sys (America Online, Inc.)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/03/16 08:18:16 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/01/07 23:27:08 | 00,000,000 | ---D | M]


O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll File not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Viewpoint Toolbar BHO) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - Reg Error: Value error. File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (Me.dium IE Statusbar BHO) - {F28D74EC-B064-4402-926D-E00687233421} - C:\Program Files\Me.dium\Browser Add-ons\MediumIEStatusbar.dll (Me.dium, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9516EB1C-AC77-492D-8FD6-A05AFAC9EA6E} - C:\Program Files\Me.dium\Browser Add-ons\MediumIEToolbar.dll (Me.dium, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C7768536-96F8-4001-B1A2-90EE21279187} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [MegaPanel] C:\Program Files\ACNielsen\Homescan Internet Transporter\HSTrans.exe (ACNielsen)
O4 - HKLM..\Run: [NielsenOnline] C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe (The Nielsen Company)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.)
O4 - HKCU..\Run: [cdloader] "C:\Documents and Settings\Owner\Application Data\mjusbsp\cdloader2.exe" MAGICJACK (magicJack L.P.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_13.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - Reg Error: Key error. File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: pogo.com ([game1] http in Trusted sites)
O15 - HKCU\..Trusted Domains: pogo.com ([game3] http in Trusted sites)
O15 - HKCU\..Trusted Domains: pogo.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: surveyrouter.com ([ups] http in Trusted sites)
O15 - HKCU\..Trusted Domains: 60 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://supportcenter...oad/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.t...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6662.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1196872036468 (WUWebControl Class)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.h...ctDetection.cab (HpProductDetection Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1229806325734 (MUWebControl Class)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} http://www.worldwinn...v57/wof/wof.cab (WoF Control)
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} http://cdn.digitalci....1.11_en_dl.cab (IWinAmpActiveX Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} http://www.worldwinn.../familyfeud.cab (FamilyFeud Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} https://signin3.valu...018/flashax.cab (FlashXControl Object)
O16 - DPF: Aces Up! by pogo http://game3.pogo.co.../aces-en_US.cab (Reg Error: Key error.)
O16 - DPF: Backgammon by pogo http://game1.pogo.co...n-ob-assets.cab (Reg Error: Key error.)
O16 - DPF: Bingo Luau by pogo http://game3.pogo.co...bingo-en_US.cab (Reg Error: Key error.)
O16 - DPF: Blackjack by pogo http://game3.pogo.co...kjack-en_US.cab (Reg Error: Key error.)
O16 - DPF: Blooop by pogo http://game3.pogo.co...scade-en_US.cab (Reg Error: Key error.)
O16 - DPF: Bowling by pogo http://game1.pogo.co...wling-en_US.cab (Reg Error: Key error.)
O16 - DPF: Canasta by pogo http://game1.pogo.co...nasta-en_US.cab (Reg Error: Key error.)
O16 - DPF: Checkers by pogo http://game1.pogo.co...ckers-en_US.cab (Reg Error: Key error.)
O16 - DPF: Chess by pogo http://game1.pogo.co...hess2-en_US.cab (Reg Error: Key error.)
O16 - DPF: Cribbage by pogo http://game3.pogo.co...bbage-en_US.cab (Reg Error: Key error.)
O16 - DPF: Dice City Roller by pogo http://game1.pogo.co...z/ytz-en_US.cab (Reg Error: Key error.)
O16 - DPF: Dominoes by pogo http://game1.pogo.co...omino-en_US.cab (Reg Error: Key error.)
O16 - DPF: Euchre by pogo http://game1.pogo.co...uchre-en_US.cab (Reg Error: Key error.)
O16 - DPF: First Class Solitaire by pogo http://game3.pogo.co...lass2-en_US.cab (Reg Error: Key error.)
O16 - DPF: Fortune Bingo by pogo http://game1.pogo.co...bingo-en_US.cab (Reg Error: Key error.)
O16 - DPF: Greenback Bayou by pogo http://game3.pogo.co...nback-en_US.cab (Reg Error: Key error.)
O16 - DPF: Harvest Mania by pogo http://game1.pogo.co...rvest-en_US.cab (Reg Error: Key error.)
O16 - DPF: High Stakes Pool by pogo http://game1.pogo.co.../pool-en_US.cab (Reg Error: Key error.)
O16 - DPF: Jungle Gin by pogo http://game1.pogo.co...n/gin-en_US.cab (Reg Error: Key error.)
O16 - DPF: KenoPop! by pogo http://game3.pogo.co...dkeno-en_US.cab (Reg Error: Key error.)
O16 - DPF: Lost Temple Poker by pogo http://game1.pogo.co...poker-en_US.cab (Reg Error: Key error.)
O16 - DPF: Lottso by pogo http://game1.pogo.co...ottso-en_US.cab (Reg Error: Key error.)
O16 - DPF: Mah Jong Garden by pogo http://game3.pogo.co...jong2-en_US.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: Monopoly by pogo http://game3.pogo.co...opoly-en_US.cab (Reg Error: Key error.)
O16 - DPF: Payday FreeCell by pogo http://game1.pogo.co...ecell-en_US.cab (Reg Error: Key error.)
O16 - DPF: Payday Freecell Solitaire by pogo http://game3.pogo.co...cell2-en_US.cab (Reg Error: Key error.)
O16 - DPF: Penguin Blocks by pogo http://game1.pogo.co...guins-en_US.cab (Reg Error: Key error.)
O16 - DPF: Phlinx by pogo http://game3.pogo.co...inger-en_US.cab (Reg Error: Key error.)
O16 - DPF: Poppit by pogo http://game1.pogo.co...ppit2-en_US.cab (Reg Error: Key error.)
O16 - DPF: Quick Quack by pogo http://game1.pogo.co...k-ob-assets.cab (Reg Error: Key error.)
O16 - DPF: QWERTY by pogo http://game1.pogo.co...uares-en_US.cab (Reg Error: Key error.)
O16 - DPF: Ride The Tide by pogo http://game1.pogo.co.../ride-en_US.cab (Reg Error: Key error.)
O16 - DPF: Scrabble by pogo http://game3.pogo.co...abble-en_US.cab (Reg Error: Key error.)
O16 - DPF: Spooky Slots http://game3.pogo.co...pooky-en_US.cab (Reg Error: Key error.)
O16 - DPF: Stax by pogo http://game1.pogo.co.../stax-en_US.cab (Reg Error: Key error.)
O16 - DPF: Stellar Sweeper by pogo http://game1.pogo.co...eeper-en_US.cab (Reg Error: Key error.)
O16 - DPF: Sweet Tooth 2 by Pogo http://game3.pogo.co...ooth2-en_US.cab (Reg Error: Key error.)
O16 - DPF: Team Bingo by Pogo http://game3.pogo.co...bingo-en_US.cab (Reg Error: Key error.)
O16 - DPF: Texas Hold'em Poker by pogo http://game1.pogo.co...oldem-en_US.cab (Reg Error: Key error.)
O16 - DPF: Thousand Island Solitaire by pogo http://game1.pogo.co...lbrae-en_US.cab (Reg Error: Key error.)
O16 - DPF: Tri-Peaks by pogo http://game1.pogo.co...peaks-en_US.cab (Reg Error: Key error.)
O16 - DPF: Trivial Pursuit by pogo http://game3.pogo.co...ivial-en_US.cab (Reg Error: Key error.)
O16 - DPF: Tumble Bees by pogo http://game1.pogo.co...umbee-en_US.cab (Reg Error: Key error.)
O16 - DPF: Turbo 21 v2 by pogo http://game1.pogo.co...rbo22-en_US.cab (Reg Error: Key error.)
O16 - DPF: Vaults of Atlantis Slots by pogo http://game1.pogo.co...slots-en_US.cab (Reg Error: Key error.)
O16 - DPF: Wonderland Memories by pogo http://game1.pogo.co...ories-en_US.cab (Reg Error: Key error.)
O16 - DPF: Word Search Daily by pogo http://game1.pogo.co...earch-en_US.cab (Reg Error: Key error.)
O16 - DPF: Word Whomp by pogo http://game1.pogo.co...homp2-en_US.cab (Reg Error: Key error.)
O16 - DPF: Word Whomp Whackdown by pogo http://game1.pogo.co...kdown-en_US.cab (Reg Error: Key error.)
O16 - DPF: World Class Solitaire by pogo http://game1.pogo.co...class-en_US.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Literati http://download2.gam...nts/y/tt5_x.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Pool 2 http://download.game...ts/y/pote_x.cab (Reg Error: Key error.)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.0.0792.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.0.0792.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/26 14:04:39 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - File not found - D:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2008/07/21 09:20:07 | 00,027,992 | R--- | M] (magicJack L.P.) - J:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/07/21 09:20:07 | 00,016,158 | R--- | M] () - J:\autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2008/07/21 09:20:07 | 00,000,308 | R--- | M] () - J:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2008/07/21 09:20:07 | 00,706,144 | R--- | M] (magicJack L.P.) - J:\autorunu.exe -- [ CDFS ]
O32 - AutoRun File - [2008/06/10 15:12:12 | 00,000,270 | ---- | M] () - K:\autorun.inf -- [ FAT ]
O33 - MountPoints2\{cceaf331-5a68-11dd-85d8-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{cceaf331-5a68-11dd-85d8-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cceaf331-5a68-11dd-85d8-00038a000015}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[3 C:\WINDOWS\*.tmp files]
[2009/05/07 19:06:00 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTListIt2.exe
[2009/05/07 18:50:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\temp
[2009/05/07 18:41:55 | 03,019,296 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2009/05/07 13:56:05 | 00,000,000 | -HSD | C] -- C:\found.000
[2009/05/07 13:47:06 | 00,044,032 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Your Company Name.doc
[2009/05/03 19:20:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Program Files
[2009/05/02 11:05:17 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/05/02 11:05:16 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/05/02 11:05:01 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/05/02 11:03:00 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/05/02 11:03:00 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/05/02 11:03:00 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/05/02 11:03:00 | 00,117,248 | ---- | C] () -- C:\WINDOWS\vFind.exe
[2009/05/02 11:03:00 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/05/02 11:03:00 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/05/02 11:03:00 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/05/02 11:03:00 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/05/02 09:51:17 | 00,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2009/05/02 09:51:17 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar3.dll
[2009/05/02 09:51:17 | 00,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2009/05/02 09:51:17 | 00,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2009/05/02 09:51:17 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ztvcabinet.dll
[2009/05/02 09:51:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Simply Super Software
[2009/05/02 09:51:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2009/05/01 19:32:13 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/05/01 18:26:40 | 00,000,000 | ---D | C] -- C:\Lop SD
[2009/04/30 19:00:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/04/30 19:00:26 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/04/30 19:00:20 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/04/30 19:00:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[2009/04/30 18:49:51 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/30 18:24:35 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/04/30 18:18:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2009/04/30 18:18:13 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/30 18:18:12 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/30 18:18:09 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/30 18:18:08 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/30 18:18:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/30 18:17:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/04/30 18:16:50 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/04/30 18:16:44 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[2009/04/30 18:16:43 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2009/04/30 18:16:39 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/04/30 18:05:44 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/04/30 17:57:38 | 00,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2009/04/30 17:50:32 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2009/04/15 02:26:31 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/15 02:26:30 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/15 02:26:29 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/15 02:26:29 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/15 02:26:28 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/15 02:26:28 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/15 02:26:27 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/15 02:26:27 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/15 02:26:26 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/15 02:20:42 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/04/15 02:20:41 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/04/15 02:20:41 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/04/10 09:03:55 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009/04/09 17:28:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Mozilla
[2009/04/09 13:57:04 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2009/03/28 17:34:26 | 00,000,110 | ---- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini
[2009/02/12 14:47:54 | 00,000,241 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/10/30 19:13:07 | 00,565,248 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2006/06/09 03:19:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/07/29 08:28:58 | 00,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2005/07/29 08:28:55 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/07/29 08:22:06 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/08/27 06:50:59 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/26 12:12:43 | 00,001,420 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/26 12:12:43 | 00,000,485 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2004/08/26 12:12:21 | 00,000,968 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/26 12:12:17 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/01/07 18:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/05/07 19:15:00 | 00,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{01B6BCA4-E5A7-4413-BB3F-A288379595F8}.job
[2009/05/07 19:06:17 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTListIt2.exe
[2009/05/07 18:56:11 | 00,000,984 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\magicJack.lnk
[2009/05/07 18:54:25 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/05/07 18:53:30 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/07 18:53:10 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/05/07 18:52:50 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/07 18:52:46 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\desktop.ini
[2009/05/07 18:52:44 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/07 18:42:14 | 03,019,296 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2009/05/07 16:41:13 | 00,044,032 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Your Company Name.doc
[2009/05/07 09:00:00 | 00,000,306 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2009/05/07 08:41:23 | 35,879,638 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/05/07 02:03:25 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/05/06 17:26:45 | 00,051,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/05/03 16:13:12 | 00,001,728 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2009/05/02 11:05:18 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/05/01 15:36:46 | 00,117,248 | ---- | M] () -- C:\WINDOWS\vFind.exe
[2009/04/30 21:57:47 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/04/30 19:00:26 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/04/30 18:18:13 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/30 18:16:50 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/04/30 18:16:44 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[2009/04/30 18:16:43 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2009/04/30 17:50:32 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2009/04/22 07:08:57 | 00,000,211 | ---- | M] () -- C:\Boot.bak
[2009/04/22 07:08:56 | 00,000,968 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/20 22:04:50 | 00,509,708 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/20 22:04:50 | 00,092,004 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/20 22:04:49 | 00,612,882 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/20 12:56:28 | 00,031,232 | ---- | M] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/04/20 03:04:15 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/18 08:06:54 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/04/18 08:06:53 | 00,325,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/04/18 08:06:39 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/04/17 18:59:37 | 00,434,673 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg

========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38AE9DA3
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >


ComboFix 09-05-07.06 - Owner 05/07/2009 18:46.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.78 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

FILE ::
c:\windows\System32\uwamolak.ini
c:\windows\system32\zahuzihi.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\ALLUSE~1\APPLIC~1\Viewpoint
c:\docume~1\Owner\APPLIC~1\FrostWire
c:\docume~1\Owner\APPLIC~1\FrostWire\.NetworkShare\LimeWireWin4.16.6.exe
c:\docume~1\Owner\APPLIC~1\FrostWire\checkandupdate.txt
c:\docume~1\Owner\APPLIC~1\FrostWire\createtimes.cache
c:\docume~1\Owner\APPLIC~1\FrostWire\downloads.dat
c:\docume~1\Owner\APPLIC~1\FrostWire\fileurns.bak
c:\docume~1\Owner\APPLIC~1\FrostWire\fileurns.cache
c:\docume~1\Owner\APPLIC~1\FrostWire\filters.props
c:\docume~1\Owner\APPLIC~1\FrostWire\frostwire.props
c:\docume~1\Owner\APPLIC~1\FrostWire\gnutella.net
c:\docume~1\Owner\APPLIC~1\FrostWire\installation.props
c:\docume~1\Owner\APPLIC~1\FrostWire\intent.props
c:\docume~1\Owner\APPLIC~1\FrostWire\library.dat
c:\docume~1\Owner\APPLIC~1\FrostWire\mojito.props
c:\docume~1\Owner\APPLIC~1\FrostWire\questions.props
c:\docume~1\Owner\APPLIC~1\FrostWire\responses.cache
c:\docume~1\Owner\APPLIC~1\FrostWire\simpp.xml
c:\docume~1\Owner\APPLIC~1\FrostWire\spam.dat
c:\docume~1\Owner\APPLIC~1\FrostWire\tables.props
c:\docume~1\Owner\APPLIC~1\FrostWire\themes\frostwirePro_theme.fwtp
c:\docume~1\Owner\APPLIC~1\FrostWire\themes\frostwirePro_theme\theme.txt
c:\docume~1\Owner\APPLIC~1\FrostWire\themes\frostwirePro_theme\version.txt
c:\docume~1\Owner\APPLIC~1\FrostWire\ttrees.cache
c:\docume~1\Owner\APPLIC~1\FrostWire\ttroot.cache
c:\docume~1\Owner\APPLIC~1\FrostWire\version.xml
c:\docume~1\Owner\APPLIC~1\FrostWire\xml\data\audio.sxml2
c:\docume~1\Owner\APPLIC~1\FrostWire\xml\data\image.sxml2
c:\docume~1\Owner\APPLIC~1\FrostWire\xml\data\video.sxml2
c:\docume~1\Owner\APPLIC~1\LimeWire
c:\docume~1\Owner\APPLIC~1\LimeWire\414splashfree.png
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xul-v2.0b2.4-do-not-remove
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\AccessibleMarshal.dll
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\chrome\branding.jar
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\chrome\branding.manifest
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\chrome\classic.jar
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\chrome\classic.manifest
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\chrome\comm.jar
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\chrome\comm.manifest
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\chrome\en-US.jar
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\chrome\en-US.manifest
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\chrome\limewire.jar
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\chrome\limewire.manifest
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\chrome\pippki.jar
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\chrome\pippki.manifest
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\chrome\toolkit.jar
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\chrome\toolkit.manifest
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\accessibility-msaa.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\accessibility.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\alerts.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\appshell.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\appshell_modal.dll
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\appshell_modal.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\appstartup.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\auth.dll
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\autocomplete.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\autoconfig.dll
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\autoconfig.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\caps.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\chardet.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\chrome.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\commandhandler.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\commandlines.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\composer.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\content_base.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\content_html.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\content_htmldoc.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\content_xmldoc.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\content_xslt.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\content_xtf.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\contentprefs.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\cookie.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\directory.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\docshell_base.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\dom.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\dom_base.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\dom_canvas.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\dom_core.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\dom_css.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\dom_events.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\dom_html.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\dom_json.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\dom_loadsave.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\dom_offline.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\dom_range.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\dom_sidebar.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\dom_storage.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\dom_stylesheets.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\dom_svg.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\dom_traversal.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\dom_views.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\dom_xbl.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\dom_xpath.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\dom_xul.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\downloads.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\editor.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\embed_base.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\extensions.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\exthandler.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\exthelper.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\fastfind.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\FeedProcessor.js
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\feeds.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\find.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\gfx.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\htmlparser.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\imgicon.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\imglib2.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\inspector.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\intl.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\jar.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\jsconsole-clhandler.js
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\jsdservice.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\layout_base.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\layout_printing.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\layout_xul.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\layout_xul_tree.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\locale.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\loginmgr.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\lwbrk.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\mimetype.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\mozbrwsr.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\mozfind.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\necko.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\necko_about.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\necko_cache.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\necko_cookie.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\necko_dns.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\necko_file.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\necko_ftp.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\necko_http.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\necko_res.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\necko_socket.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\necko_strconv.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\necko_viewsource.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\nsAddonRepository.js
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\nsBadCertHandler.js
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\nsBlocklistService.js
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\nsContentDispatchChooser.js
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\nsContentPrefService.js
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\nsDefaultCLH.js
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\nsDictionary.js
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\nsDownloadManagerUI.js
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\nsExtensionManager.js
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\nsHandlerService.js
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\nsHelperAppDlg.js
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\nsLivemarkService.js
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\nsLoginInfo.js
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\nsLoginManager.js
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\nsLoginManagerPrompter.js
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\nsPostUpdateWin.js
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\nsProgressDialog.js
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\nsProxyAutoConfig.js
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\nsResetPref.js
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\nsTaggingService.js
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\nsTryToClose.js
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\nsUpdateService.js
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\nsURLFormatter.js
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\nsWebHandlerApp.js
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\nsXmlRpcClient.js
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\nsXULAppInstall.js
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\oji.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\parentalcontrols.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\pipboot.dll
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\pipboot.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\pipnss.dll
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\pipnss.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\pippki.dll
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\pippki.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\places.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\plugin.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\pluginGlue.js
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\pref.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\prefetch.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\profile.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\proxyObject.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\rdf.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\satchel.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\saxparser.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\shistory.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\spellchecker.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\storage-Legacy.js
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\storage.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\toolkitprofile.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\transformiix.dll
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\txEXSLTRegExFunctions.js
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\txmgr.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\txtsvc.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\uconv.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\unicharutil.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\universalchardet.dll
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\update.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\uriloader.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\urlformatter.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\webBrowser_core.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\webbrowserpersist.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\webshell_idls.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\websrvcs.dll
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\widget.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\windowds.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\windowwatcher.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\xml-rpc.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\xmlextras.dll
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\xpcom_base.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\xpcom_components.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\xpcom_ds.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\xpcom_io.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\xpcom_system.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\xpcom_thread.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\xpcom_xpti.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\xpconnect.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\xpinstall.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\xulapp.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\xulapp_setup.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\xuldoc.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\xultmpl.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\xulutil.dll
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\zipwriter.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\crashreporter.exe
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\crashreporter.ini
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\defaults\autoconfig\platform.js
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\defaults\autoconfig\prefcalls.js
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\defaults\pref\xulrunner.js
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\defaults\profile\chrome\userChrome-example.css
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\defaults\profile\chrome\userContent-example.css
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\defaults\profile\localstore.rdf
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userChrome-example.css
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userContent-example.css
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\defaults\profile\US\localstore.rdf
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\dependentlibs.list
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\dictionaries\en-US.aff
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\dictionaries\en-US.dic
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\freebl3.chk
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\freebl3.dll
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\greprefs\all.js
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\greprefs\security-prefs.js
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\greprefs\xpinstall.js
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\IA2Marshal.dll
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\javaxpcom.jar
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\javaxpcomglue.dll
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\js3250.dll
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\LICENSE
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\modules\debug.js
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\modules\DownloadUtils.jsm
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\modules\ISO8601DateUtils.jsm
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\modules\JSON.jsm
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\modules\Microformats.js
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\modules\PluralForm.jsm
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\modules\utils.js
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\modules\XPCOMUtils.jsm
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\mozctl.dll
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\mozctlx.dll
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\MSVCP71.DLL
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\msvcr71.dll
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\nspr4.dll
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\nss3.dll
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\nssckbi.dll
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\nssdbm3.dll
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\nssutil3.dll
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\platform.ini
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\plc4.dll
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\plds4.dll
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\plugins\npnul32.dll
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\README.txt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\arrow.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\arrowd.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\broken-image.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\charsetalias.properties
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\charsetData.properties
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\contenteditable.css
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\designmode.css
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\dtd\mathml.dtd
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\dtd\xhtml11.dtd
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\EditorOverride.css
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\entityTables\html40Latin1.properties
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\entityTables\html40Special.properties
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\entityTables\html40Symbols.properties
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\entityTables\htmlEntityVersions.properties
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\entityTables\mathml20.properties
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\entityTables\transliterate.properties
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\fonts\mathfont.properties
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\fonts\mathfontStandardSymbolsL.properties
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXNonUnicode.properties
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXSize1.properties
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\fonts\mathfontSymbol.properties
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\fonts\mathfontUnicode.properties
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\forms.css
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\grabber.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\hiddenWindow.html
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\html.css
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\html\folder.png
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\langGroups.properties
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\language.properties
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\loading-image.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\mathml.css
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\quirk.css
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\svg.css
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\table-add-column-after-active.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\table-add-column-after-hover.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\table-add-column-after.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\table-add-column-before-active.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\table-add-column-before-hover.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\table-add-column-before.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\table-add-row-after-active.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\table-add-row-after-hover.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\table-add-row-after.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\table-add-row-before-active.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\table-add-row-before-hover.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\table-add-row-before.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\table-remove-column-active.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\table-remove-column-hover.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\table-remove-column.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\table-remove-row-active.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\table-remove-row-hover.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\table-remove-row.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\ua.css
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\viewsource.css
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\wincharset.properties
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\smime3.dll
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\softokn3.chk
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\softokn3.dll
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\sqlite3.dll
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\ssl3.dll
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\updater.exe
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\version.properties
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\xpcom.dll
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\xpcshell.exe
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\xpicleanup.exe
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\xpidl.exe
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\xpt_dump.exe
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\xpt_link.exe
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\xul.dll
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\xulrunner-stub.exe
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\xulrunner.exe
c:\docume~1\Owner\APPLIC~1\LimeWire\certificate\limewire.keystore
c:\docume~1\Owner\APPLIC~1\LimeWire\createtimes.cache
c:\docume~1\Owner\APPLIC~1\LimeWire\downloads.dat
c:\docume~1\Owner\APPLIC~1\LimeWire\fileurns.bak
c:\docume~1\Owner\APPLIC~1\LimeWire\fileurns.cache
c:\docume~1\Owner\APPLIC~1\LimeWire\filters.props
c:\docume~1\Owner\APPLIC~1\LimeWire\gnutella.net
c:\docume~1\Owner\APPLIC~1\LimeWire\installation.props
c:\docume~1\Owner\APPLIC~1\LimeWire\library.dat
c:\docume~1\Owner\APPLIC~1\LimeWire\library5.dat
c:\docume~1\Owner\APPLIC~1\LimeWire\limewire.props
c:\docume~1\Owner\APPLIC~1\LimeWire\mojito.props
c:\docume~1\Owner\APPLIC~1\LimeWire\mozilla-profile\.autoreg
c:\docume~1\Owner\APPLIC~1\LimeWire\mozilla-profile\Cache\_CACHE_001_
c:\docume~1\Owner\APPLIC~1\LimeWire\mozilla-profile\Cache\_CACHE_002_
c:\docume~1\Owner\APPLIC~1\LimeWire\mozilla-profile\Cache\_CACHE_003_
c:\docume~1\Owner\APPLIC~1\LimeWire\mozilla-profile\Cache\_CACHE_MAP_
c:\docume~1\Owner\APPLIC~1\LimeWire\mozilla-profile\Cache\261BEFC7d01
c:\docume~1\Owner\APPLIC~1\LimeWire\mozilla-profile\Cache\51CFDFBBd01
c:\docume~1\Owner\APPLIC~1\LimeWire\mozilla-profile\Cache\7BD6A121d01
c:\docume~1\Owner\APPLIC~1\LimeWire\mozilla-profile\Cache\98E79480d01
c:\docume~1\Owner\APPLIC~1\LimeWire\mozilla-profile\Cache\AE98BDF8d01
c:\docume~1\Owner\APPLIC~1\LimeWire\mozilla-profile\Cache\BAFF9A99d01
c:\docume~1\Owner\APPLIC~1\LimeWire\mozilla-profile\cert8.db
c:\docume~1\Owner\APPLIC~1\LimeWire\mozilla-profile\compreg.dat
c:\docume~1\Owner\APPLIC~1\LimeWire\mozilla-profile\cookies.sqlite
c:\docume~1\Owner\APPLIC~1\LimeWire\mozilla-profile\downloads.sqlite
c:\docume~1\Owner\APPLIC~1\LimeWire\mozilla-profile\extensions.cache
c:\docume~1\Owner\APPLIC~1\LimeWire\mozilla-profile\extensions.ini
c:\docume~1\Owner\APPLIC~1\LimeWire\mozilla-profile\history.dat
c:\docume~1\Owner\APPLIC~1\LimeWire\mozilla-profile\key3.db
c:\docume~1\Owner\APPLIC~1\LimeWire\mozilla-profile\permissions.sqlite
c:\docume~1\Owner\APPLIC~1\LimeWire\mozilla-profile\places.sqlite-journal
c:\docume~1\Owner\APPLIC~1\LimeWire\mozilla-profile\places.sqlite
c:\docume~1\Owner\APPLIC~1\LimeWire\mozilla-profile\pluginreg.dat
c:\docume~1\Owner\APPLIC~1\LimeWire\mozilla-profile\prefs.js
c:\docume~1\Owner\APPLIC~1\LimeWire\mozilla-profile\secmod.db
c:\docume~1\Owner\APPLIC~1\LimeWire\mozilla-profile\XPC.mfl
c:\docume~1\Owner\APPLIC~1\LimeWire\mozilla-profile\xpti.dat
c:\docume~1\Owner\APPLIC~1\LimeWire\promotion\promodb.backup
c:\docume~1\Owner\APPLIC~1\LimeWire\promotion\promodb.data
c:\docume~1\Owner\APPLIC~1\LimeWire\promotion\promodb.properties
c:\docume~1\Owner\APPLIC~1\LimeWire\promotion\promodb.script
c:\docume~1\Owner\APPLIC~1\LimeWire\questions.props
c:\docume~1\Owner\APPLIC~1\LimeWire\responses.cache
c:\docume~1\Owner\APPLIC~1\LimeWire\simpp.xml
c:\docume~1\Owner\APPLIC~1\LimeWire\spam.dat
c:\docume~1\Owner\APPLIC~1\LimeWire\tables.props
c:\docume~1\Owner\APPLIC~1\LimeWire\themes\windows_theme.lwtp
c:\docume~1\Owner\APPLIC~1\LimeWire\themes\windows_theme\01_star.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\themes\windows_theme\02_star.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\themes\windows_theme\03_star.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\themes\windows_theme\04_star.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\themes\windows_theme\05_star.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\themes\windows_theme\chat.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\themes\windows_theme\forward_dn.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\themes\windows_theme\forward_up.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\themes\windows_theme\kill.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\themes\windows_theme\kill_on.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\themes\windows_theme\logo.png
c:\docume~1\Owner\APPLIC~1\LimeWire\themes\windows_theme\notsearching.png
c:\docume~1\Owner\APPLIC~1\LimeWire\themes\windows_theme\pause_dn.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\themes\windows_theme\pause_up.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\themes\windows_theme\play_dn.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\themes\windows_theme\play_up.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\themes\windows_theme\question.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\themes\windows_theme\rewind_dn.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\themes\windows_theme\rewind_up.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\themes\windows_theme\searching.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\themes\windows_theme\splash.png
c:\docume~1\Owner\APPLIC~1\LimeWire\themes\windows_theme\splashpro.png
c:\docume~1\Owner\APPLIC~1\LimeWire\themes\windows_theme\stop_dn.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\themes\windows_theme\stop_up.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\themes\windows_theme\theme.txt
c:\docume~1\Owner\APPLIC~1\LimeWire\themes\windows_theme\version.txt
c:\docume~1\Owner\APPLIC~1\LimeWire\themes\windows_theme\warning.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\ttdata.cache
c:\docume~1\Owner\APPLIC~1\LimeWire\ttree.cache
c:\docume~1\Owner\APPLIC~1\LimeWire\ttroot.cache
c:\docume~1\Owner\APPLIC~1\LimeWire\version.xml
c:\docume~1\Owner\APPLIC~1\LimeWire\versions.props
c:\docume~1\Owner\APPLIC~1\LimeWire\xml\data\audio.sxml2
c:\docume~1\Owner\APPLIC~1\LimeWire\xml\data\audio.sxml3
c:\docume~1\Owner\APPLIC~1\LimeWire\xml\data\delete_me
c:\docume~1\Owner\APPLIC~1\LimeWire\xml\data\video.sxml3
c:\docume~1\Owner\APPLIC~1\LimeWire\xml\misc\application.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\xml\misc\audio.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\xml\misc\document.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\xml\misc\image.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\xml\misc\video.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\xml\schemas\application.xsd
c:\docume~1\Owner\APPLIC~1\LimeWire\xml\schemas\audio.xsd
c:\docume~1\Owner\APPLIC~1\LimeWire\xml\schemas\document.xsd
c:\docume~1\Owner\APPLIC~1\LimeWire\xml\schemas\image.xsd
c:\docume~1\Owner\APPLIC~1\LimeWire\xml\schemas\video.xsd
c:\program files\BitComet
c:\program files\BitComet\BitComet.xml
c:\program files\BitComet\Downloads.xml
c:\program files\BitComet\Favourite.xml
c:\program files\BitComet\rules\dhtnodes.dat
c:\program files\Common Files\Viewpoint
c:\windows\system32\zahuzihi.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ADSFILTER
-------\Legacy_NNRNSTDI
-------\Service_ADSFilter
-------\Service_nnrnstdi


((((((((((((((((((((((((( Files Created from 2009-04-07 to 2009-05-07 )))))))))))))))))))))))))))))))
.

2009-05-07 17:56 . 2009-05-07 17:56 -------- d-sh--w C:\found.000
2009-05-03 23:20 . 2009-05-03 23:20 -------- d-----w c:\windows\Downloaded Program Files
2009-05-02 13:51 . 2005-08-26 05:50 77312 ----a-w c:\windows\system32\ztvunace26.dll
2009-05-02 13:51 . 2006-05-25 19:52 162304 ----a-w c:\windows\system32\ztvunrar36.dll
2009-05-02 13:51 . 2006-06-19 17:01 69632 ----a-w c:\windows\system32\ztvcabinet.dll
2009-05-02 13:51 . 2002-03-06 05:00 75264 ----a-w c:\windows\system32\unacev2.dll
2009-05-02 13:51 . 2003-02-03 00:06 153088 ----a-w c:\windows\system32\unrar3.dll
2009-05-02 13:51 . 2009-05-02 13:51 -------- d-----w c:\documents and settings\Owner\Application Data\Simply Super Software
2009-05-02 13:51 . 2009-05-02 13:51 -------- d-----w c:\documents and settings\All Users\Application Data\Simply Super Software
2009-05-01 23:32 . 2009-05-01 23:32 -------- d-----w C:\_OTListIt
2009-05-01 22:26 . 2009-05-01 22:31 -------- d-----w C:\Lop SD
2009-04-30 23:00 . 2009-04-30 23:00 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-30 23:00 . 2009-04-30 23:00 -------- d-----w c:\program files\SUPERAntiSpyware
2009-04-30 23:00 . 2009-04-30 23:00 -------- d-----w c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2009-04-30 22:49 . 2009-05-01 00:57 -------- d-----w C:\Rooter$
2009-04-30 22:24 . 2009-04-30 22:24 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-30 22:18 . 2009-04-30 22:18 -------- d-----w c:\documents and settings\Owner\Application Data\Malwarebytes
2009-04-30 22:18 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-30 22:18 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-30 22:18 . 2009-04-30 22:18 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-30 22:18 . 2009-04-30 22:18 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-30 22:16 . 2009-04-30 22:16 -------- d-----w c:\program files\ERUNT
2009-04-15 06:26 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-15 06:26 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 06:26 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-15 06:26 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 06:26 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 06:26 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 06:26 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 06:26 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 06:26 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 06:20 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-15 06:20 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-10 13:03 . 2009-04-10 23:22 -------- d-----w c:\program files\Spyware Doctor
2009-04-09 17:57 . 2009-04-09 17:57 -------- d-----w c:\program files\Microsoft Silverlight

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-03 20:13 . 2008-05-14 00:56 1728 ----a-w c:\documents and settings\Owner\Application Data\wklnhst.dat
2009-05-03 20:10 . 2006-02-18 17:48 -------- d-----w c:\program files\Yahoo!
2009-05-02 01:17 . 2005-07-29 12:26 -------- d-----w c:\program files\Pure Networks
2009-05-02 01:10 . 2005-07-29 12:15 -------- d-----w c:\program files\BigFix
2009-05-02 01:09 . 2009-03-15 22:14 -------- d-----w c:\program files\eBay
2009-05-02 01:07 . 2007-11-20 14:52 -------- d-----w c:\program files\Coupons
2009-05-01 23:28 . 2007-12-05 17:20 -------- d-----w c:\program files\Java
2009-05-01 01:57 . 2009-01-02 01:57 664 ----a-w c:\windows\system32\d3d9caps.dat
2009-04-30 22:43 . 2008-12-16 08:30 -------- d-----w c:\program files\Free Window Registry Repair
2009-04-30 22:41 . 2006-01-13 06:00 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-30 17:59 . 2009-02-12 17:28 -------- d-----w c:\program files\SpywareBlaster
2009-04-18 12:06 . 2009-02-28 03:39 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-18 12:06 . 2009-02-28 03:39 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-18 12:06 . 2009-02-28 03:39 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-03-28 21:34 . 2009-03-10 20:38 -------- d-----w c:\program files\ACNielsen
2009-03-28 15:54 . 2006-01-08 22:21 66360 ----a-w c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-15 22:31 . 2005-07-29 12:12 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-11 15:15 . 2007-12-09 14:00 -------- d-----w c:\program files\Common Files\Adobe
2009-03-09 09:19 . 2009-01-08 03:27 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-08 08:34 . 2004-08-26 16:12 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 08:34 . 2004-08-26 16:11 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 08:33 . 2004-08-26 16:11 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 08:33 . 2004-08-26 16:12 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 08:32 . 2004-08-26 16:11 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 08:32 . 2004-08-26 16:11 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 08:31 . 2004-08-26 16:11 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 08:31 . 2004-08-26 16:12 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 08:31 . 2004-08-26 16:12 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 08:22 . 2004-08-26 16:12 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2004-08-26 16:12 284160 ----a-w c:\windows\system32\pdh.dll
2009-02-09 12:10 . 2008-08-26 00:23 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2008-08-26 00:23 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2008-08-26 00:23 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-08-26 16:12 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 11:13 . 2008-08-26 00:23 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-07 23:02 . 2008-08-26 00:23 2066048 ----a-w c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-05-02_15.14.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-07 22:56 . 2009-05-07 22:56 16384 c:\windows\Temp\Perflib_Perfdata_fe4.dat
+ 2009-05-07 22:53 . 2009-05-07 22:53 16384 c:\windows\Temp\Perflib_Perfdata_6a4.dat
+ 2009-05-07 17:58 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\5-7-2009\ERDNT.EXE
+ 2009-05-06 22:03 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\5-6-2009\ERDNT.EXE
+ 2009-05-03 22:44 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\5-3-2009\ERDNT.EXE
+ 2009-05-07 17:58 . 2009-05-07 17:58 3362816 c:\windows\ERDNT\AutoBackup\5-7-2009\Users\00000002\UsrClass.dat
+ 2009-05-07 17:58 . 2009-05-07 17:58 9404416 c:\windows\ERDNT\AutoBackup\5-7-2009\Users\00000001\ntuser.dat
+ 2009-05-06 22:03 . 2009-05-06 22:03 3362816 c:\windows\ERDNT\AutoBackup\5-6-2009\Users\00000002\UsrClass.dat
+ 2009-05-06 22:03 . 2009-05-06 22:03 9396224 c:\windows\ERDNT\AutoBackup\5-6-2009\Users\00000001\ntuser.dat
+ 2009-05-03 22:44 . 2009-05-03 22:44 3362816 c:\windows\ERDNT\AutoBackup\5-3-2009\Users\00000002\UsrClass.dat
+ 2009-05-03 22:44 . 2009-05-03 22:44 9392128 c:\windows\ERDNT\AutoBackup\5-3-2009\Users\00000001\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F28D74EC-B064-4402-926D-E00687233421}]
2008-10-23 09:55 61728 ----a-w c:\program files\Me.dium\Browser Add-ons\MediumIEStatusbar.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{9516EB1C-AC77-492D-8FD6-A05AFAC9EA6E}"= "c:\program files\Me.dium\Browser Add-ons\MediumIEToolbar.dll" [2008-10-23 66336]

[HKEY_CLASSES_ROOT\clsid\{9516eb1c-ac77-492d-8fd6-a05afac9ea6e}]
[HKEY_CLASSES_ROOT\TypeLib\{A7A86710-D3B4-42A1-8350-217072343052}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"cdloader"="c:\documents and settings\Owner\Application Data\mjusbsp\cdloader2.exe" [2008-12-17 50520]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-04-28 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-18 1932568]
"NielsenOnline"="c:\program files\NetRatingsNetSight\NetSight\NielsenOnline.exe" [2008-10-31 45056]
"MegaPanel"="c:\program files\ACNielsen\Homescan Internet Transporter\HSTrans.exe" [2006-05-11 2064384]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-07-29 98304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-18 12:06 10520 ----a-w c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
backup=c:\windows\pss\BigFix.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SupportSoft RemoteAssist"=3 (0x3)
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)
"PrismXL"=2 (0x2)
"ose"=3 (0x3)
"AOL TopSpeedMonitor"=2 (0x2)
"AOL ACS"=2 (0x2)
"YahooAUService"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"WinDefend"=2 (0x2)
"MDM"=2 (0x2)
"idsvc"=3 (0x3)
"dvpapi"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1122639952\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\msncall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\mjusbsp\\magicJack.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/27/2009 11:39 PM 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/27/2009 11:39 PM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [4/28/2009 11:33 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [4/28/2009 11:33 AM 72944]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2/27/2009 11:39 PM 298264]
R3 km_filter;km_filter;c:\windows\system32\drivers\km_filter.sys [3/19/2009 5:44 PM 8832]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [4/28/2009 11:33 AM 7408]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [8/22/2008 12:49 AM 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [8/22/2008 12:49 AM 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [6/18/2007 9:18 PM 23680]
S4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592]
S4 YahooAUService;Yahoo! Updater;c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe [11/9/2008 4:48 PM 602392]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cceaf331-5a68-11dd-85d8-00038a000015}]
\Shell\AutoRun\command - J:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2009-05-07 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]

2009-05-07 c:\windows\Tasks\User_Feed_Synchronization-{01B6BCA4-E5A7-4413-BB3F-A288379595F8}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
Trusted Zone: pogo.com\game1
Trusted Zone: pogo.com\game3
Trusted Zone: pogo.com\www
Trusted Zone: surveyrouter.com\ups
DPF: Aces Up! by pogo - hxxp://game3.pogo.com/v/9.1.3.19/applet/aces/aces-en_US.cab
DPF: Backgammon by pogo - hxxp://game1.pogo.com/applet-6.5.0.45/backgammon/backgammon-ob-assets.cab
DPF: Bingo Luau by pogo - hxxp://game3.pogo.com/v/9.1.5.8/applet/freebingo/freebingo-en_US.cab
DPF: Blackjack by pogo - hxxp://game3.pogo.com/v/9.1.3.19/applet/blackjack/blackjack-en_US.cab
DPF: Blooop by pogo - hxxp://game3.pogo.com/v/9.1.3.19/applet/cascade/cascade-en_US.cab
DPF: Bowling by pogo - hxxp://game1.pogo.com/v/8.1.4.14/applet/bowling/bowling-en_US.cab
DPF: Canasta by pogo - hxxp://game1.pogo.com/applet-6.5.4.34/canasta/canasta-en_US.cab
DPF: Checkers by pogo - hxxp://game1.pogo.com/applet-6.5.1.24/checkers2/checkers-en_US.cab
DPF: Chess by pogo - hxxp://game1.pogo.com/applet-6.5.1.24/chess2/chess2-en_US.cab
DPF: Cribbage by pogo - hxxp://game3.pogo.com/v/9.1.3.19/applet/cribbage/cribbage-en_US.cab
DPF: Dice City Roller by pogo - hxxp://game1.pogo.com/v/8.1.4.1/applet/ytz/ytz-en_US.cab
DPF: Dominoes by pogo - hxxp://game1.pogo.com/applet-6.5.5.29/domino/domino-en_US.cab
DPF: Euchre by pogo - hxxp://game1.pogo.com/applet-6.5.5.36/euchre/euchre-en_US.cab
DPF: First Class Solitaire by pogo - hxxp://game3.pogo.com/v/9.1.3.19/applet/firstclass2/firstclass2-en_US.cab
DPF: Fortune Bingo by pogo - hxxp://game1.pogo.com/applet-6.5.1.31/superbingo/superbingo-en_US.cab
DPF: Greenback Bayou by pogo - hxxp://game3.pogo.com/v/9.1.6.34/applet/greenback/greenback-en_US.cab
DPF: Harvest Mania by pogo - hxxp://game1.pogo.com/applet-6.5.4.34/harvest/harvest-en_US.cab
DPF: High Stakes Pool by pogo - hxxp://game1.pogo.com/applet-6.5.5.29/pool2/pool-en_US.cab
DPF: Jungle Gin by pogo - hxxp://game1.pogo.com/applet-6.5.5.36/gin/gin-en_US.cab
DPF: KenoPop! by pogo - hxxp://game3.pogo.com/v/9.1.3.19/applet/speedkeno/speedkeno-en_US.cab
DPF: Lost Temple Poker by pogo - hxxp://game1.pogo.com/applet-6.5.5.36/mhpoker/mhpoker-en_US.cab
DPF: Lottso by pogo - hxxp://game1.pogo.com/v/8.1.4.1/applet/lottso/lottso-en_US.cab
DPF: Mah Jong Garden by pogo - hxxp://game3.pogo.com/v/9.1.4.5/applet/mahjong2/mahjong2-en_US.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: Monopoly by pogo - hxxp://game3.pogo.com/v/9.1.5.23/applet/monopoly/monopoly-en_US.cab
DPF: Payday FreeCell by pogo - hxxp://game1.pogo.com/applet-6.5.1.31/freecell/freecell-en_US.cab
DPF: Payday Freecell Solitaire by pogo - hxxp://game3.pogo.com/v/9.1.6.34/applet/freecell2/freecell2-en_US.cab
DPF: Penguin Blocks by pogo - hxxp://game1.pogo.com/applet-6.5.5.29/penguins/penguins-en_US.cab
DPF: Phlinx by pogo - hxxp://game3.pogo.com/v/9.1.3.19/applet/flinger/flinger-en_US.cab
DPF: Poppit by pogo - hxxp://game1.pogo.com/v/8.1.2.12/applet/poppit2/poppit2-en_US.cab
DPF: Quick Quack by pogo - hxxp://game1.pogo.com/applet-6.5.0.45/hotstreak/hotstreak-ob-assets.cab
DPF: QWERTY by pogo - hxxp://game1.pogo.com/v/8.1.4.1/applet/squares/squares-en_US.cab
DPF: Ride The Tide by pogo - hxxp://game1.pogo.com/applet-6.5.3.44/ride/ride-en_US.cab
DPF: Scrabble by pogo - hxxp://game3.pogo.com/v/9.1.3.19/applet/scrabble/scrabble-en_US.cab
DPF: Spooky Slots - hxxp://game3.pogo.com/v/9.1.5.14/applet/spooky/spooky-en_US.cab
DPF: Stax by pogo - hxxp://game1.pogo.com/applet-6.5.2.33/stax/stax-en_US.cab
DPF: Stellar Sweeper by pogo - hxxp://game1.pogo.com/applet-6.5.1.31/sweeper/sweeper-en_US.cab
DPF: Sweet Tooth 2 by Pogo - hxxp://game3.pogo.com/v/9.1.6.34/applet/sweettooth2/sweettooth2-en_US.cab
DPF: Team Bingo by Pogo - hxxp://game3.pogo.com/v/9.1.3.19/applet/teambingo/teambingo-en_US.cab
DPF: Texas Hold'em Poker by pogo - hxxp://game1.pogo.com/applet-6.5.1.24/holdem/holdem-en_US.cab
DPF: Thousand Island Solitaire by pogo - hxxp://game1.pogo.com/v/8.1.4.2/applet/millbrae/millbrae-en_US.cab
DPF: Tri-Peaks by pogo - hxxp://game1.pogo.com/v/8.1.4.1/applet/peaks/peaks-en_US.cab
DPF: Trivial Pursuit by pogo - hxxp://game3.pogo.com/v/9.1.6.35/applet/trivial/trivial-en_US.cab
DPF: Tumble Bees by pogo - hxxp://game1.pogo.com/applet-6.5.3.44/jumbee/jumbee-en_US.cab
DPF: Turbo 21 v2 by pogo - hxxp://game1.pogo.com/v/8.1.4.1/applet/turbo22/turbo22-en_US.cab
DPF: Vaults of Atlantis Slots by pogo - hxxp://game1.pogo.com/v/8.1.1.1/applet/mlslots/mlslots-en_US.cab
DPF: Wonderland Memories by pogo - hxxp://game1.pogo.com/applet-6.5.3.37/memories/memories-en_US.cab
DPF: Word Search Daily by pogo - hxxp://game1.pogo.com/v/8.1.4.24/applet/wordsearch/wordsearch-en_US.cab
DPF: Word Whomp by pogo - hxxp://game1.pogo.com/v/8.1.4.1/applet/wordwhomp2/whomp2-en_US.cab
DPF: Word Whomp Whackdown by pogo - hxxp://game1.pogo.com/applet-6.5.1.31/whackdown/whackdown-en_US.cab
DPF: World Class Solitaire by pogo - hxxp://game1.pogo.com/applet-6.7.1.33/worldclass/worldclass-en_US.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-07 18:53
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(524)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(712)
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Common Files\aolshare\aolshcpy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\program files\SUPERAntiSpyware\SASSEH.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\documents and settings\Owner\Application Data\mjusbsp\magicJack.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2009-05-07 19:02 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-07 23:01
ComboFix2.txt 2009-05-02 15:21

Pre-Run: 127,026,044,928 bytes free
Post-Run: 126,984,880,128 bytes free

739 --- E O F --- 2009-04-30 18:05

[tracei]

I came home a day early so here are the logs......the internet explorer is still popping.

OTListIt logfile created on: 5/7/2009 7:07:43 PM - Run 2
OTListIt2 by OldTimer - Version 2.0.15.3 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.48 Mb Total Physical Memory | 138.92 Mb Available Physical Memory | 31.11% Memory free
1.03 Gb Paging File | 0.76 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.06 Gb Total Space | 118.28 Gb Free Space | 81.54% Space Free | Partition Type: NTFS
Drive D: | 3.98 Gb Total Space | 2.16 Gb Free Space | 54.33% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 1.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive K: | 17.59 Mb Total Space | 17.30 Mb Free Space | 98.34% Space Free | Partition Type: FAT

Computer Name: YOUR-7C60552B9E
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe (The Nielsen Company)
PRC - C:\Program Files\ACNielsen\Homescan Internet Transporter\HSTrans.exe (ACNielsen)
PRC - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
PRC - C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe (The Nielsen Company)
PRC - C:\Documents and Settings\Owner\Application Data\mjusbsp\magicJack.exe (magicJack L.P.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Owner\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AOL ACS [Disabled | Stopped]) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (America Online)
SRV - (AOL TopSpeedMonitor [Disabled | Stopped]) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe (America Online, Inc)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (dvpapi [Disabled | Stopped]) -- C:\Program Files\Common Files\Command Software\dvpapi.exe (Command Software Systems, Inc.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (MDM [Disabled | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (ose [Disabled | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [Disabled | Stopped]) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (PrismXL [Disabled | Stopped]) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)
SRV - (SupportSoft RemoteAssist [Disabled | Stopped]) -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe (SupportSoft, Inc.)
SRV - (usnsvc [On_Demand | Stopped]) -- C:\Program Files\MSN Messenger\usnsvc.dll (Microsoft Corporation)
SRV - (WinDefend [Disabled | Stopped]) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [Disabled | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (YahooAUService [Disabled | Stopped]) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

========== Driver Services (SafeList) ==========

DRV - (AFS2K [System | Running]) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (ALCXSENS [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura)
DRV - (ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (AliIde [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (asc [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AvgLdx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (catchme [Disabled | Running]) -- File not found
DRV - (CmdIde [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (CSS DVP [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\css-dvp.sys (Command Software Systems, Inc.)
DRV - (dac2w2k [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (DCamUSBSQTECH [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SQcaptur.sys (Service & Quality Technology.)
DRV - (FTDIBUS [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (FTSER2K [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ftser2k.sys (FTDI Ltd.)
DRV - (HPZid412 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP)
DRV - (HSFHWBS2 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (HSF_DP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (km_filter [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\km_filter.sys (The Nielsen Company)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (motccgp [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\motccgp.sys (Motorola)
DRV - (motccgpfl [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\motccgpfl.sys (Motorola)
DRV - (motmodem [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\motmodem.sys (Motorola)
DRV - (motport [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\motport.sys (Motorola)
DRV - (mraid35x [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (mxnic [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mxnic.sys (Macronix International Co., Ltd. )
DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (ql1080 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (RTL8023 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys (Realtek Semiconductor Corporation )
DRV - (rtl8139 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Running]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (Sparrow [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (SunkFilt [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\sunkfilt.sys (Alcor Micro Corp.)
DRV - (symc810 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_hi [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (tmcomm [Auto | Running]) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (ultra [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (usbaudio [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (viagfx [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\vtmini.sys (Copyright © VIA/S3 Graphics Co, Ltd.)
DRV - (wanatw [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\wanatw4.sys (America Online, Inc.)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/03/16 08:18:16 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/01/07 23:27:08 | 00,000,000 | ---D | M]


O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll File not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Viewpoint Toolbar BHO) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - Reg Error: Value error. File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (Me.dium IE Statusbar BHO) - {F28D74EC-B064-4402-926D-E00687233421} - C:\Program Files\Me.dium\Browser Add-ons\MediumIEStatusbar.dll (Me.dium, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9516EB1C-AC77-492D-8FD6-A05AFAC9EA6E} - C:\Program Files\Me.dium\Browser Add-ons\MediumIEToolbar.dll (Me.dium, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C7768536-96F8-4001-B1A2-90EE21279187} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [MegaPanel] C:\Program Files\ACNielsen\Homescan Internet Transporter\HSTrans.exe (ACNielsen)
O4 - HKLM..\Run: [NielsenOnline] C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe (The Nielsen Company)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.)
O4 - HKCU..\Run: [cdloader] "C:\Documents and Settings\Owner\Application Data\mjusbsp\cdloader2.exe" MAGICJACK (magicJack L.P.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_13.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - Reg Error: Key error. File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: pogo.com ([game1] http in Trusted sites)
O15 - HKCU\..Trusted Domains: pogo.com ([game3] http in Trusted sites)
O15 - HKCU\..Trusted Domains: pogo.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: surveyrouter.com ([ups] http in Trusted sites)
O15 - HKCU\..Trusted Domains: 60 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://supportcenter...oad/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.t...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6662.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1196872036468 (WUWebControl Class)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.h...ctDetection.cab (HpProductDetection Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1229806325734 (MUWebControl Class)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} http://www.worldwinn...v57/wof/wof.cab (WoF Control)
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} http://cdn.digitalci....1.11_en_dl.cab (IWinAmpActiveX Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} http://www.worldwinn.../familyfeud.cab (FamilyFeud Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} https://signin3.valu...018/flashax.cab (FlashXControl Object)
O16 - DPF: Aces Up! by pogo http://game3.pogo.co.../aces-en_US.cab (Reg Error: Key error.)
O16 - DPF: Backgammon by pogo http://game1.pogo.co...n-ob-assets.cab (Reg Error: Key error.)
O16 - DPF: Bingo Luau by pogo http://game3.pogo.co...bingo-en_US.cab (Reg Error: Key error.)
O16 - DPF: Blackjack by pogo http://game3.pogo.co...kjack-en_US.cab (Reg Error: Key error.)
O16 - DPF: Blooop by pogo http://game3.pogo.co...scade-en_US.cab (Reg Error: Key error.)
O16 - DPF: Bowling by pogo http://game1.pogo.co...wling-en_US.cab (Reg Error: Key error.)
O16 - DPF: Canasta by pogo http://game1.pogo.co...nasta-en_US.cab (Reg Error: Key error.)
O16 - DPF: Checkers by pogo http://game1.pogo.co...ckers-en_US.cab (Reg Error: Key error.)
O16 - DPF: Chess by pogo http://game1.pogo.co...hess2-en_US.cab (Reg Error: Key error.)
O16 - DPF: Cribbage by pogo http://game3.pogo.co...bbage-en_US.cab (Reg Error: Key error.)
O16 - DPF: Dice City Roller by pogo http://game1.pogo.co...z/ytz-en_US.cab (Reg Error: Key error.)
O16 - DPF: Dominoes by pogo http://game1.pogo.co...omino-en_US.cab (Reg Error: Key error.)
O16 - DPF: Euchre by pogo http://game1.pogo.co...uchre-en_US.cab (Reg Error: Key error.)
O16 - DPF: First Class Solitaire by pogo http://game3.pogo.co...lass2-en_US.cab (Reg Error: Key error.)
O16 - DPF: Fortune Bingo by pogo http://game1.pogo.co...bingo-en_US.cab (Reg Error: Key error.)
O16 - DPF: Greenback Bayou by pogo http://game3.pogo.co...nback-en_US.cab (Reg Error: Key error.)
O16 - DPF: Harvest Mania by pogo http://game1.pogo.co...rvest-en_US.cab (Reg Error: Key error.)
O16 - DPF: High Stakes Pool by pogo http://game1.pogo.co.../pool-en_US.cab (Reg Error: Key error.)
O16 - DPF: Jungle Gin by pogo http://game1.pogo.co...n/gin-en_US.cab (Reg Error: Key error.)
O16 - DPF: KenoPop! by pogo http://game3.pogo.co...dkeno-en_US.cab (Reg Error: Key error.)
O16 - DPF: Lost Temple Poker by pogo http://game1.pogo.co...poker-en_US.cab (Reg Error: Key error.)
O16 - DPF: Lottso by pogo http://game1.pogo.co...ottso-en_US.cab (Reg Error: Key error.)
O16 - DPF: Mah Jong Garden by pogo http://game3.pogo.co...jong2-en_US.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: Monopoly by pogo http://game3.pogo.co...opoly-en_US.cab (Reg Error: Key error.)
O16 - DPF: Payday FreeCell by pogo http://game1.pogo.co...ecell-en_US.cab (Reg Error: Key error.)
O16 - DPF: Payday Freecell Solitaire by pogo http://game3.pogo.co...cell2-en_US.cab (Reg Error: Key error.)
O16 - DPF: Penguin Blocks by pogo http://game1.pogo.co...guins-en_US.cab (Reg Error: Key error.)
O16 - DPF: Phlinx by pogo http://game3.pogo.co...inger-en_US.cab (Reg Error: Key error.)
O16 - DPF: Poppit by pogo http://game1.pogo.co...ppit2-en_US.cab (Reg Error: Key error.)
O16 - DPF: Quick Quack by pogo http://game1.pogo.co...k-ob-assets.cab (Reg Error: Key error.)
O16 - DPF: QWERTY by pogo http://game1.pogo.co...uares-en_US.cab (Reg Error: Key error.)
O16 - DPF: Ride The Tide by pogo http://game1.pogo.co.../ride-en_US.cab (Reg Error: Key error.)
O16 - DPF: Scrabble by pogo http://game3.pogo.co...abble-en_US.cab (Reg Error: Key error.)
O16 - DPF: Spooky Slots http://game3.pogo.co...pooky-en_US.cab (Reg Error: Key error.)
O16 - DPF: Stax by pogo http://game1.pogo.co.../stax-en_US.cab (Reg Error: Key error.)
O16 - DPF: Stellar Sweeper by pogo http://game1.pogo.co...eeper-en_US.cab (Reg Error: Key error.)
O16 - DPF: Sweet Tooth 2 by Pogo http://game3.pogo.co...ooth2-en_US.cab (Reg Error: Key error.)
O16 - DPF: Team Bingo by Pogo http://game3.pogo.co...bingo-en_US.cab (Reg Error: Key error.)
O16 - DPF: Texas Hold'em Poker by pogo http://game1.pogo.co...oldem-en_US.cab (Reg Error: Key error.)
O16 - DPF: Thousand Island Solitaire by pogo http://game1.pogo.co...lbrae-en_US.cab (Reg Error: Key error.)
O16 - DPF: Tri-Peaks by pogo http://game1.pogo.co...peaks-en_US.cab (Reg Error: Key error.)
O16 - DPF: Trivial Pursuit by pogo http://game3.pogo.co...ivial-en_US.cab (Reg Error: Key error.)
O16 - DPF: Tumble Bees by pogo http://game1.pogo.co...umbee-en_US.cab (Reg Error: Key error.)
O16 - DPF: Turbo 21 v2 by pogo http://game1.pogo.co...rbo22-en_US.cab (Reg Error: Key error.)
O16 - DPF: Vaults of Atlantis Slots by pogo http://game1.pogo.co...slots-en_US.cab (Reg Error: Key error.)
O16 - DPF: Wonderland Memories by pogo http://game1.pogo.co...ories-en_US.cab (Reg Error: Key error.)
O16 - DPF: Word Search Daily by pogo http://game1.pogo.co...earch-en_US.cab (Reg Error: Key error.)
O16 - DPF: Word Whomp by pogo http://game1.pogo.co...homp2-en_US.cab (Reg Error: Key error.)
O16 - DPF: Word Whomp Whackdown by pogo http://game1.pogo.co...kdown-en_US.cab (Reg Error: Key error.)
O16 - DPF: World Class Solitaire by pogo http://game1.pogo.co...class-en_US.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Literati http://download2.gam...nts/y/tt5_x.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Pool 2 http://download.game...ts/y/pote_x.cab (Reg Error: Key error.)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.0.0792.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.0.0792.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/26 14:04:39 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - File not found - D:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2008/07/21 09:20:07 | 00,027,992 | R--- | M] (magicJack L.P.) - J:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/07/21 09:20:07 | 00,016,158 | R--- | M] () - J:\autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2008/07/21 09:20:07 | 00,000,308 | R--- | M] () - J:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2008/07/21 09:20:07 | 00,706,144 | R--- | M] (magicJack L.P.) - J:\autorunu.exe -- [ CDFS ]
O32 - AutoRun File - [2008/06/10 15:12:12 | 00,000,270 | ---- | M] () - K:\autorun.inf -- [ FAT ]
O33 - MountPoints2\{cceaf331-5a68-11dd-85d8-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{cceaf331-5a68-11dd-85d8-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cceaf331-5a68-11dd-85d8-00038a000015}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[3 C:\WINDOWS\*.tmp files]
[2009/05/07 19:06:00 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTListIt2.exe
[2009/05/07 18:50:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\temp
[2009/05/07 18:41:55 | 03,019,296 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2009/05/07 13:56:05 | 00,000,000 | -HSD | C] -- C:\found.000
[2009/05/07 13:47:06 | 00,044,032 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Your Company Name.doc
[2009/05/03 19:20:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Program Files
[2009/05/02 11:05:17 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/05/02 11:05:16 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/05/02 11:05:01 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/05/02 11:03:00 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/05/02 11:03:00 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/05/02 11:03:00 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/05/02 11:03:00 | 00,117,248 | ---- | C] () -- C:\WINDOWS\vFind.exe
[2009/05/02 11:03:00 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/05/02 11:03:00 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/05/02 11:03:00 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/05/02 11:03:00 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/05/02 09:51:17 | 00,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2009/05/02 09:51:17 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar3.dll
[2009/05/02 09:51:17 | 00,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2009/05/02 09:51:17 | 00,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2009/05/02 09:51:17 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ztvcabinet.dll
[2009/05/02 09:51:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Simply Super Software
[2009/05/02 09:51:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2009/05/01 19:32:13 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/05/01 18:26:40 | 00,000,000 | ---D | C] -- C:\Lop SD
[2009/04/30 19:00:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/04/30 19:00:26 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/04/30 19:00:20 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/04/30 19:00:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[2009/04/30 18:49:51 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/30 18:24:35 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/04/30 18:18:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2009/04/30 18:18:13 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/30 18:18:12 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/30 18:18:09 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/30 18:18:08 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/30 18:18:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/30 18:17:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/04/30 18:16:50 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/04/30 18:16:44 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[2009/04/30 18:16:43 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2009/04/30 18:16:39 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/04/30 18:05:44 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/04/30 17:57:38 | 00,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2009/04/30 17:50:32 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2009/04/15 02:26:31 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/15 02:26:30 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/15 02:26:29 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/15 02:26:29 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/15 02:26:28 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/15 02:26:28 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/15 02:26:27 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/15 02:26:27 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/15 02:26:26 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/15 02:20:42 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/04/15 02:20:41 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/04/15 02:20:41 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/04/10 09:03:55 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009/04/09 17:28:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Mozilla
[2009/04/09 13:57:04 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2009/03/28 17:34:26 | 00,000,110 | ---- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini
[2009/02/12 14:47:54 | 00,000,241 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/10/30 19:13:07 | 00,565,248 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2006/06/09 03:19:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/07/29 08:28:58 | 00,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2005/07/29 08:28:55 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/07/29 08:22:06 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/08/27 06:50:59 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/26 12:12:43 | 00,001,420 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/26 12:12:43 | 00,000,485 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2004/08/26 12:12:21 | 00,000,968 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/26 12:12:17 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/01/07 18:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/05/07 19:15:00 | 00,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{01B6BCA4-E5A7-4413-BB3F-A288379595F8}.job
[2009/05/07 19:06:17 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTListIt2.exe
[2009/05/07 18:56:11 | 00,000,984 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\magicJack.lnk
[2009/05/07 18:54:25 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/05/07 18:53:30 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/07 18:53:10 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/05/07 18:52:50 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/07 18:52:46 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\desktop.ini
[2009/05/07 18:52:44 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/07 18:42:14 | 03,019,296 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2009/05/07 16:41:13 | 00,044,032 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Your Company Name.doc
[2009/05/07 09:00:00 | 00,000,306 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2009/05/07 08:41:23 | 35,879,638 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/05/07 02:03:25 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/05/06 17:26:45 | 00,051,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/05/03 16:13:12 | 00,001,728 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2009/05/02 11:05:18 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/05/01 15:36:46 | 00,117,248 | ---- | M] () -- C:\WINDOWS\vFind.exe
[2009/04/30 21:57:47 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/04/30 19:00:26 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/04/30 18:18:13 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/30 18:16:50 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/04/30 18:16:44 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[2009/04/30 18:16:43 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2009/04/30 17:50:32 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2009/04/22 07:08:57 | 00,000,211 | ---- | M] () -- C:\Boot.bak
[2009/04/22 07:08:56 | 00,000,968 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/20 22:04:50 | 00,509,708 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/20 22:04:50 | 00,092,004 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/20 22:04:49 | 00,612,882 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/20 12:56:28 | 00,031,232 | ---- | M] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/04/20 03:04:15 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/18 08:06:54 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/04/18 08:06:53 | 00,325,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/04/18 08:06:39 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/04/17 18:59:37 | 00,434,673 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg

========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38AE9DA3
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >


ComboFix 09-05-07.06 - Owner 05/07/2009 18:46.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.78 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

FILE ::
c:\windows\System32\uwamolak.ini
c:\windows\system32\zahuzihi.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\ALLUSE~1\APPLIC~1\Viewpoint
c:\docume~1\Owner\APPLIC~1\FrostWire
c:\docume~1\Owner\APPLIC~1\FrostWire\.NetworkShare\LimeWireWin4.16.6.exe
c:\docume~1\Owner\APPLIC~1\FrostWire\checkandupdate.txt
c:\docume~1\Owner\APPLIC~1\FrostWire\createtimes.cache
c:\docume~1\Owner\APPLIC~1\FrostWire\downloads.dat
c:\docume~1\Owner\APPLIC~1\FrostWire\fileurns.bak
c:\docume~1\Owner\APPLIC~1\FrostWire\fileurns.cache
c:\docume~1\Owner\APPLIC~1\FrostWire\filters.props
c:\docume~1\Owner\APPLIC~1\FrostWire\frostwire.props
c:\docume~1\Owner\APPLIC~1\FrostWire\gnutella.net
c:\docume~1\Owner\APPLIC~1\FrostWire\installation.props
c:\docume~1\Owner\APPLIC~1\FrostWire\intent.props
c:\docume~1\Owner\APPLIC~1\FrostWire\library.dat
c:\docume~1\Owner\APPLIC~1\FrostWire\mojito.props
c:\docume~1\Owner\APPLIC~1\FrostWire\questions.props
c:\docume~1\Owner\APPLIC~1\FrostWire\responses.cache
c:\docume~1\Owner\APPLIC~1\FrostWire\simpp.xml
c:\docume~1\Owner\APPLIC~1\FrostWire\spam.dat
c:\docume~1\Owner\APPLIC~1\FrostWire\tables.props
c:\docume~1\Owner\APPLIC~1\FrostWire\themes\frostwirePro_theme.fwtp
c:\docume~1\Owner\APPLIC~1\FrostWire\themes\frostwirePro_theme\theme.txt
c:\docume~1\Owner\APPLIC~1\FrostWire\themes\frostwirePro_theme\version.txt
c:\docume~1\Owner\APPLIC~1\FrostWire\ttrees.cache
c:\docume~1\Owner\APPLIC~1\FrostWire\ttroot.cache
c:\docume~1\Owner\APPLIC~1\FrostWire\version.xml
c:\docume~1\Owner\APPLIC~1\FrostWire\xml\data\audio.sxml2
c:\docume~1\Owner\APPLIC~1\FrostWire\xml\data\image.sxml2
c:\docume~1\Owner\APPLIC~1\FrostWire\xml\data\video.sxml2
c:\docume~1\Owner\APPLIC~1\LimeWire
c:\docume~1\Owner\APPLIC~1\LimeWire\414splashfree.png
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xul-v2.0b2.4-do-not-remove
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\AccessibleMarshal.dll
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\chrome\branding.jar
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\chrome\branding.manifest
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\chrome\classic.jar
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\chrome\classic.manifest
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\chrome\comm.jar
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\chrome\comm.manifest
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\chrome\en-US.jar
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\chrome\en-US.manifest
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\chrome\limewire.jar
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\chrome\limewire.manifest
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\chrome\pippki.jar
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\chrome\pippki.manifest
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\chrome\toolkit.jar
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\chrome\toolkit.manifest
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\accessibility-msaa.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\accessibility.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\alerts.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\appshell.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\appshell_modal.dll
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\appshell_modal.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\appstartup.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\auth.dll
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\autocomplete.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\autoconfig.dll
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\autoconfig.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\caps.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\chardet.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\chrome.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\commandhandler.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\commandlines.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\composer.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\content_base.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\content_html.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\content_htmldoc.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\content_xmldoc.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\content_xslt.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\content_xtf.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\contentprefs.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\cookie.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\directory.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\docshell_base.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\dom.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\dom_base.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\dom_canvas.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\dom_core.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\dom_css.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\dom_events.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\dom_html.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\dom_json.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\dom_loadsave.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\dom_offline.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\dom_range.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\dom_sidebar.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\dom_storage.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\dom_stylesheets.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\dom_svg.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\dom_traversal.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\dom_views.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\dom_xbl.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\dom_xpath.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\dom_xul.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\downloads.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\editor.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\embed_base.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\extensions.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\exthandler.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\exthelper.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\fastfind.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\FeedProcessor.js
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\feeds.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\find.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\gfx.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\htmlparser.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\imgicon.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\imglib2.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\inspector.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\intl.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\jar.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\jsconsole-clhandler.js
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\jsdservice.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\layout_base.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\layout_printing.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\layout_xul.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\layout_xul_tree.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\locale.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\loginmgr.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\lwbrk.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\mimetype.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\mozbrwsr.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\mozfind.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\necko.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\necko_about.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\necko_cache.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\necko_cookie.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\necko_dns.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\necko_file.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\necko_ftp.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\necko_http.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\necko_res.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\necko_socket.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\necko_strconv.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\necko_viewsource.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\nsAddonRepository.js
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\nsBadCertHandler.js
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\nsBlocklistService.js
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\nsContentDispatchChooser.js
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\nsContentPrefService.js
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\nsDefaultCLH.js
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\nsDictionary.js
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\nsDownloadManagerUI.js
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\nsExtensionManager.js
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\nsHandlerService.js
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\nsHelperAppDlg.js
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\nsLivemarkService.js
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\nsLoginInfo.js
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\nsLoginManager.js
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\nsLoginManagerPrompter.js
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\nsPostUpdateWin.js
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\nsProgressDialog.js
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\nsProxyAutoConfig.js
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\nsResetPref.js
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\nsTaggingService.js
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\nsTryToClose.js
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\nsUpdateService.js
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\nsURLFormatter.js
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\nsWebHandlerApp.js
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\nsXmlRpcClient.js
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\nsXULAppInstall.js
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\oji.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\parentalcontrols.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\pipboot.dll
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\pipboot.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\pipnss.dll
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\pipnss.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\pippki.dll
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\pippki.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\places.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\plugin.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\pluginGlue.js
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\pref.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\prefetch.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\profile.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\proxyObject.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\rdf.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\satchel.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\saxparser.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\shistory.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\spellchecker.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\storage-Legacy.js
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\storage.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\toolkitprofile.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\transformiix.dll
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\txEXSLTRegExFunctions.js
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\txmgr.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\txtsvc.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\uconv.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\unicharutil.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\universalchardet.dll
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\update.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\uriloader.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\urlformatter.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\webBrowser_core.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\webbrowserpersist.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\webshell_idls.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\websrvcs.dll
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\widget.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\windowds.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\windowwatcher.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\xml-rpc.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\xmlextras.dll
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\xpcom_base.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\xpcom_components.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\xpcom_ds.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\xpcom_io.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\xpcom_system.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\xpcom_thread.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\xpcom_xpti.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\xpconnect.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\xpinstall.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\xulapp.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\xulapp_setup.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\xuldoc.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\xultmpl.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\xulutil.dll
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\components\zipwriter.xpt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\crashreporter.exe
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\crashreporter.ini
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\defaults\autoconfig\platform.js
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\defaults\autoconfig\prefcalls.js
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\defaults\pref\xulrunner.js
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\defaults\profile\chrome\userChrome-example.css
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\defaults\profile\chrome\userContent-example.css
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\defaults\profile\localstore.rdf
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userChrome-example.css
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userContent-example.css
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\defaults\profile\US\localstore.rdf
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\dependentlibs.list
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\dictionaries\en-US.aff
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\dictionaries\en-US.dic
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\freebl3.chk
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\freebl3.dll
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\greprefs\all.js
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\greprefs\security-prefs.js
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\greprefs\xpinstall.js
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\IA2Marshal.dll
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\javaxpcom.jar
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\javaxpcomglue.dll
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\js3250.dll
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\LICENSE
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\modules\debug.js
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\modules\DownloadUtils.jsm
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\modules\ISO8601DateUtils.jsm
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\modules\JSON.jsm
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\modules\Microformats.js
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\modules\PluralForm.jsm
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\modules\utils.js
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\modules\XPCOMUtils.jsm
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\mozctl.dll
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\mozctlx.dll
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\MSVCP71.DLL
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\msvcr71.dll
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\nspr4.dll
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\nss3.dll
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\nssckbi.dll
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\nssdbm3.dll
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\nssutil3.dll
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\platform.ini
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\plc4.dll
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\plds4.dll
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\plugins\npnul32.dll
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\README.txt
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\arrow.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\arrowd.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\broken-image.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\charsetalias.properties
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\charsetData.properties
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\contenteditable.css
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\designmode.css
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\dtd\mathml.dtd
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\dtd\xhtml11.dtd
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\EditorOverride.css
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\entityTables\html40Latin1.properties
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\entityTables\html40Special.properties
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\entityTables\html40Symbols.properties
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\entityTables\htmlEntityVersions.properties
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\entityTables\mathml20.properties
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\entityTables\transliterate.properties
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\fonts\mathfont.properties
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\fonts\mathfontStandardSymbolsL.properties
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXNonUnicode.properties
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXSize1.properties
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\fonts\mathfontSymbol.properties
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\fonts\mathfontUnicode.properties
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\forms.css
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\grabber.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\hiddenWindow.html
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\html.css
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\html\folder.png
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\langGroups.properties
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\language.properties
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\loading-image.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\mathml.css
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\quirk.css
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\svg.css
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\table-add-column-after-active.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\table-add-column-after-hover.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\table-add-column-after.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\table-add-column-before-active.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\table-add-column-before-hover.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\table-add-column-before.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\table-add-row-after-active.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\table-add-row-after-hover.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\table-add-row-after.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\table-add-row-before-active.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\table-add-row-before-hover.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\table-add-row-before.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\table-remove-column-active.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\table-remove-column-hover.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\table-remove-column.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\table-remove-row-active.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\table-remove-row-hover.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\table-remove-row.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\ua.css
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\viewsource.css
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\res\wincharset.properties
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\smime3.dll
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\softokn3.chk
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\softokn3.dll
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\sqlite3.dll
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\ssl3.dll
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\updater.exe
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\version.properties
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\xpcom.dll
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\xpcshell.exe
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\xpicleanup.exe
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\xpidl.exe
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\xpt_dump.exe
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\xpt_link.exe
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\xul.dll
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\xulrunner-stub.exe
c:\docume~1\Owner\APPLIC~1\LimeWire\browser\xulrunner\xulrunner.exe
c:\docume~1\Owner\APPLIC~1\LimeWire\certificate\limewire.keystore
c:\docume~1\Owner\APPLIC~1\LimeWire\createtimes.cache
c:\docume~1\Owner\APPLIC~1\LimeWire\downloads.dat
c:\docume~1\Owner\APPLIC~1\LimeWire\fileurns.bak
c:\docume~1\Owner\APPLIC~1\LimeWire\fileurns.cache
c:\docume~1\Owner\APPLIC~1\LimeWire\filters.props
c:\docume~1\Owner\APPLIC~1\LimeWire\gnutella.net
c:\docume~1\Owner\APPLIC~1\LimeWire\installation.props
c:\docume~1\Owner\APPLIC~1\LimeWire\library.dat
c:\docume~1\Owner\APPLIC~1\LimeWire\library5.dat
c:\docume~1\Owner\APPLIC~1\LimeWire\limewire.props
c:\docume~1\Owner\APPLIC~1\LimeWire\mojito.props
c:\docume~1\Owner\APPLIC~1\LimeWire\mozilla-profile\.autoreg
c:\docume~1\Owner\APPLIC~1\LimeWire\mozilla-profile\Cache\_CACHE_001_
c:\docume~1\Owner\APPLIC~1\LimeWire\mozilla-profile\Cache\_CACHE_002_
c:\docume~1\Owner\APPLIC~1\LimeWire\mozilla-profile\Cache\_CACHE_003_
c:\docume~1\Owner\APPLIC~1\LimeWire\mozilla-profile\Cache\_CACHE_MAP_
c:\docume~1\Owner\APPLIC~1\LimeWire\mozilla-profile\Cache\261BEFC7d01
c:\docume~1\Owner\APPLIC~1\LimeWire\mozilla-profile\Cache\51CFDFBBd01
c:\docume~1\Owner\APPLIC~1\LimeWire\mozilla-profile\Cache\7BD6A121d01
c:\docume~1\Owner\APPLIC~1\LimeWire\mozilla-profile\Cache\98E79480d01
c:\docume~1\Owner\APPLIC~1\LimeWire\mozilla-profile\Cache\AE98BDF8d01
c:\docume~1\Owner\APPLIC~1\LimeWire\mozilla-profile\Cache\BAFF9A99d01
c:\docume~1\Owner\APPLIC~1\LimeWire\mozilla-profile\cert8.db
c:\docume~1\Owner\APPLIC~1\LimeWire\mozilla-profile\compreg.dat
c:\docume~1\Owner\APPLIC~1\LimeWire\mozilla-profile\cookies.sqlite
c:\docume~1\Owner\APPLIC~1\LimeWire\mozilla-profile\downloads.sqlite
c:\docume~1\Owner\APPLIC~1\LimeWire\mozilla-profile\extensions.cache
c:\docume~1\Owner\APPLIC~1\LimeWire\mozilla-profile\extensions.ini
c:\docume~1\Owner\APPLIC~1\LimeWire\mozilla-profile\history.dat
c:\docume~1\Owner\APPLIC~1\LimeWire\mozilla-profile\key3.db
c:\docume~1\Owner\APPLIC~1\LimeWire\mozilla-profile\permissions.sqlite
c:\docume~1\Owner\APPLIC~1\LimeWire\mozilla-profile\places.sqlite-journal
c:\docume~1\Owner\APPLIC~1\LimeWire\mozilla-profile\places.sqlite
c:\docume~1\Owner\APPLIC~1\LimeWire\mozilla-profile\pluginreg.dat
c:\docume~1\Owner\APPLIC~1\LimeWire\mozilla-profile\prefs.js
c:\docume~1\Owner\APPLIC~1\LimeWire\mozilla-profile\secmod.db
c:\docume~1\Owner\APPLIC~1\LimeWire\mozilla-profile\XPC.mfl
c:\docume~1\Owner\APPLIC~1\LimeWire\mozilla-profile\xpti.dat
c:\docume~1\Owner\APPLIC~1\LimeWire\promotion\promodb.backup
c:\docume~1\Owner\APPLIC~1\LimeWire\promotion\promodb.data
c:\docume~1\Owner\APPLIC~1\LimeWire\promotion\promodb.properties
c:\docume~1\Owner\APPLIC~1\LimeWire\promotion\promodb.script
c:\docume~1\Owner\APPLIC~1\LimeWire\questions.props
c:\docume~1\Owner\APPLIC~1\LimeWire\responses.cache
c:\docume~1\Owner\APPLIC~1\LimeWire\simpp.xml
c:\docume~1\Owner\APPLIC~1\LimeWire\spam.dat
c:\docume~1\Owner\APPLIC~1\LimeWire\tables.props
c:\docume~1\Owner\APPLIC~1\LimeWire\themes\windows_theme.lwtp
c:\docume~1\Owner\APPLIC~1\LimeWire\themes\windows_theme\01_star.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\themes\windows_theme\02_star.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\themes\windows_theme\03_star.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\themes\windows_theme\04_star.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\themes\windows_theme\05_star.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\themes\windows_theme\chat.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\themes\windows_theme\forward_dn.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\themes\windows_theme\forward_up.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\themes\windows_theme\kill.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\themes\windows_theme\kill_on.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\themes\windows_theme\logo.png
c:\docume~1\Owner\APPLIC~1\LimeWire\themes\windows_theme\notsearching.png
c:\docume~1\Owner\APPLIC~1\LimeWire\themes\windows_theme\pause_dn.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\themes\windows_theme\pause_up.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\themes\windows_theme\play_dn.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\themes\windows_theme\play_up.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\themes\windows_theme\question.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\themes\windows_theme\rewind_dn.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\themes\windows_theme\rewind_up.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\themes\windows_theme\searching.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\themes\windows_theme\splash.png
c:\docume~1\Owner\APPLIC~1\LimeWire\themes\windows_theme\splashpro.png
c:\docume~1\Owner\APPLIC~1\LimeWire\themes\windows_theme\stop_dn.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\themes\windows_theme\stop_up.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\themes\windows_theme\theme.txt
c:\docume~1\Owner\APPLIC~1\LimeWire\themes\windows_theme\version.txt
c:\docume~1\Owner\APPLIC~1\LimeWire\themes\windows_theme\warning.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\ttdata.cache
c:\docume~1\Owner\APPLIC~1\LimeWire\ttree.cache
c:\docume~1\Owner\APPLIC~1\LimeWire\ttroot.cache
c:\docume~1\Owner\APPLIC~1\LimeWire\version.xml
c:\docume~1\Owner\APPLIC~1\LimeWire\versions.props
c:\docume~1\Owner\APPLIC~1\LimeWire\xml\data\audio.sxml2
c:\docume~1\Owner\APPLIC~1\LimeWire\xml\data\audio.sxml3
c:\docume~1\Owner\APPLIC~1\LimeWire\xml\data\delete_me
c:\docume~1\Owner\APPLIC~1\LimeWire\xml\data\video.sxml3
c:\docume~1\Owner\APPLIC~1\LimeWire\xml\misc\application.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\xml\misc\audio.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\xml\misc\document.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\xml\misc\image.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\xml\misc\video.gif
c:\docume~1\Owner\APPLIC~1\LimeWire\xml\schemas\application.xsd
c:\docume~1\Owner\APPLIC~1\LimeWire\xml\schemas\audio.xsd
c:\docume~1\Owner\APPLIC~1\LimeWire\xml\schemas\document.xsd
c:\docume~1\Owner\APPLIC~1\LimeWire\xml\schemas\image.xsd
c:\docume~1\Owner\APPLIC~1\LimeWire\xml\schemas\video.xsd
c:\program files\BitComet
c:\program files\BitComet\BitComet.xml
c:\program files\BitComet\Downloads.xml
c:\program files\BitComet\Favourite.xml
c:\program files\BitComet\rules\dhtnodes.dat
c:\program files\Common Files\Viewpoint
c:\windows\system32\zahuzihi.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ADSFILTER
-------\Legacy_NNRNSTDI
-------\Service_ADSFilter
-------\Service_nnrnstdi


((((((((((((((((((((((((( Files Created from 2009-04-07 to 2009-05-07 )))))))))))))))))))))))))))))))
.

2009-05-07 17:56 . 2009-05-07 17:56 -------- d-sh--w C:\found.000
2009-05-03 23:20 . 2009-05-03 23:20 -------- d-----w c:\windows\Downloaded Program Files
2009-05-02 13:51 . 2005-08-26 05:50 77312 ----a-w c:\windows\system32\ztvunace26.dll
2009-05-02 13:51 . 2006-05-25 19:52 162304 ----a-w c:\windows\system32\ztvunrar36.dll
2009-05-02 13:51 . 2006-06-19 17:01 69632 ----a-w c:\windows\system32\ztvcabinet.dll
2009-05-02 13:51 . 2002-03-06 05:00 75264 ----a-w c:\windows\system32\unacev2.dll
2009-05-02 13:51 . 2003-02-03 00:06 153088 ----a-w c:\windows\system32\unrar3.dll
2009-05-02 13:51 . 2009-05-02 13:51 -------- d-----w c:\documents and settings\Owner\Application Data\Simply Super Software
2009-05-02 13:51 . 2009-05-02 13:51 -------- d-----w c:\documents and settings\All Users\Application Data\Simply Super Software
2009-05-01 23:32 . 2009-05-01 23:32 -------- d-----w C:\_OTListIt
2009-05-01 22:26 . 2009-05-01 22:31 -------- d-----w C:\Lop SD
2009-04-30 23:00 . 2009-04-30 23:00 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-30 23:00 . 2009-04-30 23:00 -------- d-----w c:\program files\SUPERAntiSpyware
2009-04-30 23:00 . 2009-04-30 23:00 -------- d-----w c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2009-04-30 22:49 . 2009-05-01 00:57 -------- d-----w C:\Rooter$
2009-04-30 22:24 . 2009-04-30 22:24 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-30 22:18 . 2009-04-30 22:18 -------- d-----w c:\documents and settings\Owner\Application Data\Malwarebytes
2009-04-30 22:18 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-30 22:18 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-30 22:18 . 2009-04-30 22:18 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-30 22:18 . 2009-04-30 22:18 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-30 22:16 . 2009-04-30 22:16 -------- d-----w c:\program files\ERUNT
2009-04-15 06:26 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-15 06:26 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 06:26 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-15 06:26 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 06:26 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 06:26 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 06:26 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 06:26 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 06:26 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 06:20 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-15 06:20 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-10 13:03 . 2009-04-10 23:22 -------- d-----w c:\program files\Spyware Doctor
2009-04-09 17:57 . 2009-04-09 17:57 -------- d-----w c:\program files\Microsoft Silverlight

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-03 20:13 . 2008-05-14 00:56 1728 ----a-w c:\documents and settings\Owner\Application Data\wklnhst.dat
2009-05-03 20:10 . 2006-02-18 17:48 -------- d-----w c:\program files\Yahoo!
2009-05-02 01:17 . 2005-07-29 12:26 -------- d-----w c:\program files\Pure Networks
2009-05-02 01:10 . 2005-07-29 12:15 -------- d-----w c:\program files\BigFix
2009-05-02 01:09 . 2009-03-15 22:14 -------- d-----w c:\program files\eBay
2009-05-02 01:07 . 2007-11-20 14:52 -------- d-----w c:\program files\Coupons
2009-05-01 23:28 . 2007-12-05 17:20 -------- d-----w c:\program files\Java
2009-05-01 01:57 . 2009-01-02 01:57 664 ----a-w c:\windows\system32\d3d9caps.dat
2009-04-30 22:43 . 2008-12-16 08:30 -------- d-----w c:\program files\Free Window Registry Repair
2009-04-30 22:41 . 2006-01-13 06:00 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-30 17:59 . 2009-02-12 17:28 -------- d-----w c:\program files\SpywareBlaster
2009-04-18 12:06 . 2009-02-28 03:39 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-18 12:06 . 2009-02-28 03:39 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-18 12:06 . 2009-02-28 03:39 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-03-28 21:34 . 2009-03-10 20:38 -------- d-----w c:\program files\ACNielsen
2009-03-28 15:54 . 2006-01-08 22:21 66360 ----a-w c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-15 22:31 . 2005-07-29 12:12 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-11 15:15 . 2007-12-09 14:00 -------- d-----w c:\program files\Common Files\Adobe
2009-03-09 09:19 . 2009-01-08 03:27 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-08 08:34 . 2004-08-26 16:12 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 08:34 . 2004-08-26 16:11 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 08:33 . 2004-08-26 16:11 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 08:33 . 2004-08-26 16:12 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 08:32 . 2004-08-26 16:11 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 08:32 . 2004-08-26 16:11 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 08:31 . 2004-08-26 16:11 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 08:31 . 2004-08-26 16:12 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 08:31 . 2004-08-26 16:12 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 08:22 . 2004-08-26 16:12 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2004-08-26 16:12 284160 ----a-w c:\windows\system32\pdh.dll
2009-02-09 12:10 . 2008-08-26 00:23 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2008-08-26 00:23 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2008-08-26 00:23 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-08-26 16:12 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 11:13 . 2008-08-26 00:23 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-07 23:02 . 2008-08-26 00:23 2066048 ----a-w c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-05-02_15.14.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-07 22:56 . 2009-05-07 22:56 16384 c:\windows\Temp\Perflib_Perfdata_fe4.dat
+ 2009-05-07 22:53 . 2009-05-07 22:53 16384 c:\windows\Temp\Perflib_Perfdata_6a4.dat
+ 2009-05-07 17:58 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\5-7-2009\ERDNT.EXE
+ 2009-05-06 22:03 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\5-6-2009\ERDNT.EXE
+ 2009-05-03 22:44 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\5-3-2009\ERDNT.EXE
+ 2009-05-07 17:58 . 2009-05-07 17:58 3362816 c:\windows\ERDNT\AutoBackup\5-7-2009\Users\00000002\UsrClass.dat
+ 2009-05-07 17:58 . 2009-05-07 17:58 9404416 c:\windows\ERDNT\AutoBackup\5-7-2009\Users\00000001\ntuser.dat
+ 2009-05-06 22:03 . 2009-05-06 22:03 3362816 c:\windows\ERDNT\AutoBackup\5-6-2009\Users\00000002\UsrClass.dat
+ 2009-05-06 22:03 . 2009-05-06 22:03 9396224 c:\windows\ERDNT\AutoBackup\5-6-2009\Users\00000001\ntuser.dat
+ 2009-05-03 22:44 . 2009-05-03 22:44 3362816 c:\windows\ERDNT\AutoBackup\5-3-2009\Users\00000002\UsrClass.dat
+ 2009-05-03 22:44 . 2009-05-03 22:44 9392128 c:\windows\ERDNT\AutoBackup\5-3-2009\Users\00000001\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F28D74EC-B064-4402-926D-E00687233421}]
2008-10-23 09:55 61728 ----a-w c:\program files\Me.dium\Browser Add-ons\MediumIEStatusbar.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{9516EB1C-AC77-492D-8FD6-A05AFAC9EA6E}"= "c:\program files\Me.dium\Browser Add-ons\MediumIEToolbar.dll" [2008-10-23 66336]

[HKEY_CLASSES_ROOT\clsid\{9516eb1c-ac77-492d-8fd6-a05afac9ea6e}]
[HKEY_CLASSES_ROOT\TypeLib\{A7A86710-D3B4-42A1-8350-217072343052}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"cdloader"="c:\documents and settings\Owner\Application Data\mjusbsp\cdloader2.exe" [2008-12-17 50520]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-04-28 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-18 1932568]
"NielsenOnline"="c:\program files\NetRatingsNetSight\NetSight\NielsenOnline.exe" [2008-10-31 45056]
"MegaPanel"="c:\program files\ACNielsen\Homescan Internet Transporter\HSTrans.exe" [2006-05-11 2064384]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-07-29 98304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-18 12:06 10520 ----a-w c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
backup=c:\windows\pss\BigFix.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SupportSoft RemoteAssist"=3 (0x3)
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)
"PrismXL"=2 (0x2)
"ose"=3 (0x3)
"AOL TopSpeedMonitor"=2 (0x2)
"AOL ACS"=2 (0x2)
"YahooAUService"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"WinDefend"=2 (0x2)
"MDM"=2 (0x2)
"idsvc"=3 (0x3)
"dvpapi"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1122639952\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\msncall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\mjusbsp\\magicJack.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/27/2009 11:39 PM 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/27/2009 11:39 PM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [4/28/2009 11:33 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [4/28/2009 11:33 AM 72944]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2/27/2009 11:39 PM 298264]
R3 km_filter;km_filter;c:\windows\system32\drivers\km_filter.sys [3/19/2009 5:44 PM 8832]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [4/28/2009 11:33 AM 7408]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [8/22/2008 12:49 AM 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [8/22/2008 12:49 AM 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [6/18/2007 9:18 PM 23680]
S4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592]
S4 YahooAUService;Yahoo! Updater;c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe [11/9/2008 4:48 PM 602392]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cceaf331-5a68-11dd-85d8-00038a000015}]
\Shell\AutoRun\command - J:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2009-05-07 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]

2009-05-07 c:\windows\Tasks\User_Feed_Synchronization-{01B6BCA4-E5A7-4413-BB3F-A288379595F8}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
Trusted Zone: pogo.com\game1
Trusted Zone: pogo.com\game3
Trusted Zone: pogo.com\www
Trusted Zone: surveyrouter.com\ups
DPF: Aces Up! by pogo - hxxp://game3.pogo.com/v/9.1.3.19/applet/aces/aces-en_US.cab
DPF: Backgammon by pogo - hxxp://game1.pogo.com/applet-6.5.0.45/backgammon/backgammon-ob-assets.cab
DPF: Bingo Luau by pogo - hxxp://game3.pogo.com/v/9.1.5.8/applet/freebingo/freebingo-en_US.cab
DPF: Blackjack by pogo - hxxp://game3.pogo.com/v/9.1.3.19/applet/blackjack/blackjack-en_US.cab
DPF: Blooop by pogo - hxxp://game3.pogo.com/v/9.1.3.19/applet/cascade/cascade-en_US.cab
DPF: Bowling by pogo - hxxp://game1.pogo.com/v/8.1.4.14/applet/bowling/bowling-en_US.cab
DPF: Canasta by pogo - hxxp://game1.pogo.com/applet-6.5.4.34/canasta/canasta-en_US.cab
DPF: Checkers by pogo - hxxp://game1.pogo.com/applet-6.5.1.24/checkers2/checkers-en_US.cab
DPF: Chess by pogo - hxxp://game1.pogo.com/applet-6.5.1.24/chess2/chess2-en_US.cab
DPF: Cribbage by pogo - hxxp://game3.pogo.com/v/9.1.3.19/applet/cribbage/cribbage-en_US.cab
DPF: Dice City Roller by pogo - hxxp://game1.pogo.com/v/8.1.4.1/applet/ytz/ytz-en_US.cab
DPF: Dominoes by pogo - hxxp://game1.pogo.com/applet-6.5.5.29/domino/domino-en_US.cab
DPF: Euchre by pogo - hxxp://game1.pogo.com/applet-6.5.5.36/euchre/euchre-en_US.cab
DPF: First Class Solitaire by pogo - hxxp://game3.pogo.com/v/9.1.3.19/applet/firstclass2/firstclass2-en_US.cab
DPF: Fortune Bingo by pogo - hxxp://game1.pogo.com/applet-6.5.1.31/superbingo/superbingo-en_US.cab
DPF: Greenback Bayou by pogo - hxxp://game3.pogo.com/v/9.1.6.34/applet/greenback/greenback-en_US.cab
DPF: Harvest Mania by pogo - hxxp://game1.pogo.com/applet-6.5.4.34/harvest/harvest-en_US.cab
DPF: High Stakes Pool by pogo - hxxp://game1.pogo.com/applet-6.5.5.29/pool2/pool-en_US.cab
DPF: Jungle Gin by pogo - hxxp://game1.pogo.com/applet-6.5.5.36/gin/gin-en_US.cab
DPF: KenoPop! by pogo - hxxp://game3.pogo.com/v/9.1.3.19/applet/speedkeno/speedkeno-en_US.cab
DPF: Lost Temple Poker by pogo - hxxp://game1.pogo.com/applet-6.5.5.36/mhpoker/mhpoker-en_US.cab
DPF: Lottso by pogo - hxxp://game1.pogo.com/v/8.1.4.1/applet/lottso/lottso-en_US.cab
DPF: Mah Jong Garden by pogo - hxxp://game3.pogo.com/v/9.1.4.5/applet/mahjong2/mahjong2-en_US.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: Monopoly by pogo - hxxp://game3.pogo.com/v/9.1.5.23/applet/monopoly/monopoly-en_US.cab
DPF: Payday FreeCell by pogo - hxxp://game1.pogo.com/applet-6.5.1.31/freecell/freecell-en_US.cab
DPF: Payday Freecell Solitaire by pogo - hxxp://game3.pogo.com/v/9.1.6.34/applet/freecell2/freecell2-en_US.cab
DPF: Penguin Blocks by pogo - hxxp://game1.pogo.com/applet-6.5.5.29/penguins/penguins-en_US.cab
DPF: Phlinx by pogo - hxxp://game3.pogo.com/v/9.1.3.19/applet/flinger/flinger-en_US.cab
DPF: Poppit by pogo - hxxp://game1.pogo.com/v/8.1.2.12/applet/poppit2/poppit2-en_US.cab
DPF: Quick Quack by pogo - hxxp://game1.pogo.com/applet-6.5.0.45/hotstreak/hotstreak-ob-assets.cab
DPF: QWERTY by pogo - hxxp://game1.pogo.com/v/8.1.4.1/applet/squares/squares-en_US.cab
DPF: Ride The Tide by pogo - hxxp://game1.pogo.com/applet-6.5.3.44/ride/ride-en_US.cab
DPF: Scrabble by pogo - hxxp://game3.pogo.com/v/9.1.3.19/applet/scrabble/scrabble-en_US.cab
DPF: Spooky Slots - hxxp://game3.pogo.com/v/9.1.5.14/applet/spooky/spooky-en_US.cab
DPF: Stax by pogo - hxxp://game1.pogo.com/applet-6.5.2.33/stax/stax-en_US.cab
DPF: Stellar Sweeper by pogo - hxxp://game1.pogo.com/applet-6.5.1.31/sweeper/sweeper-en_US.cab
DPF: Sweet Tooth 2 by Pogo - hxxp://game3.pogo.com/v/9.1.6.34/applet/sweettooth2/sweettooth2-en_US.cab
DPF: Team Bingo by Pogo - hxxp://game3.pogo.com/v/9.1.3.19/applet/teambingo/teambingo-en_US.cab
DPF: Texas Hold'em Poker by pogo - hxxp://game1.pogo.com/applet-6.5.1.24/holdem/holdem-en_US.cab
DPF: Thousand Island Solitaire by pogo - hxxp://game1.pogo.com/v/8.1.4.2/applet/millbrae/millbrae-en_US.cab
DPF: Tri-Peaks by pogo - hxxp://game1.pogo.com/v/8.1.4.1/applet/peaks/peaks-en_US.cab
DPF: Trivial Pursuit by pogo - hxxp://game3.pogo.com/v/9.1.6.35/applet/trivial/trivial-en_US.cab
DPF: Tumble Bees by pogo - hxxp://game1.pogo.com/applet-6.5.3.44/jumbee/jumbee-en_US.cab
DPF: Turbo 21 v2 by pogo - hxxp://game1.pogo.com/v/8.1.4.1/applet/turbo22/turbo22-en_US.cab
DPF: Vaults of Atlantis Slots by pogo - hxxp://game1.pogo.com/v/8.1.1.1/applet/mlslots/mlslots-en_US.cab
DPF: Wonderland Memories by pogo - hxxp://game1.pogo.com/applet-6.5.3.37/memories/memories-en_US.cab
DPF: Word Search Daily by pogo - hxxp://game1.pogo.com/v/8.1.4.24/applet/wordsearch/wordsearch-en_US.cab
DPF: Word Whomp by pogo - hxxp://game1.pogo.com/v/8.1.4.1/applet/wordwhomp2/whomp2-en_US.cab
DPF: Word Whomp Whackdown by pogo - hxxp://game1.pogo.com/applet-6.5.1.31/whackdown/whackdown-en_US.cab
DPF: World Class Solitaire by pogo - hxxp://game1.pogo.com/applet-6.7.1.33/worldclass/worldclass-en_US.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-07 18:53
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(524)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(712)
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Common Files\aolshare\aolshcpy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\program files\SUPERAntiSpyware\SASSEH.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\documents and settings\Owner\Application Data\mjusbsp\magicJack.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2009-05-07 19:02 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-07 23:01
ComboFix2.txt 2009-05-02 15:21

Pre-Run: 127,026,044,928 bytes free
Post-Run: 126,984,880,128 bytes free

739 --- E O F --- 2009-04-30 18:05

[heir]

This puzzles me a bit.

Have you installed this (Look in add/remove programs)

Homescan Online

Let's go for a OTL-fix again

Step 1.
OTL-fix:

Run OTListIt2.exe

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTLI
  PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
  O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll File not found
  O2 - BHO: (Viewpoint Toolbar BHO) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - Reg Error: Value error. File not found
  O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll File not found
  O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
  O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll File not found
  O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key error. File not found
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Key error. File not found
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - Reg Error: Key error. File not found
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C7768536-96F8-4001-B1A2-90EE21279187} - Reg Error: Key error. File not found
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll File not found
  O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
  O33 - MountPoints2\{cceaf331-5a68-11dd-85d8-00038a000015}\Shell - "" = AutoRun
  O33 - MountPoints2\{cceaf331-5a68-11dd-85d8-00038a000015}\Shell\AutoRun - "" = Auto&Play
  O33 - MountPoints2\{cceaf331-5a68-11dd-85d8-00038a000015}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done
• Then post the OTL2 fixlog

Step 2.
OTL-scan:

• Download OTListIt2 to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open a notepad window with OTListIt.Txt that's saved in the same location as OTListIt2.
• Please copy (Edit->Select All, Edit->Copy) the contents of that file and post it with your next reply.

Step 3.
Goored-can:

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

• Double-click GooredFix.exe to run it.
• Select 1. Find Goored (no fix) by typing 1 and pressing Enter.
• A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).

Note: Do not run Option #2 yet.

Step 4.
Things I would like to see in your reply:

• Answer to my question in the beginning of this post.
• The content of the fixlog from OTL2 in step 1.
• The content of OTListIt.txt from step 2.
• The content of GooredLog.txt from step 3.
• Information on how your computer is running now.

[heir]

This puzzles me a bit.

Have you installed this (Look in add/remove programs)

Homescan Online

Let's go for a OTL-fix again

Step 1.
OTL-fix:

Run OTListIt2.exe

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTLI
  PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
  O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll File not found
  O2 - BHO: (Viewpoint Toolbar BHO) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - Reg Error: Value error. File not found
  O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll File not found
  O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
  O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll File not found
  O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key error. File not found
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Key error. File not found
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - Reg Error: Key error. File not found
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C7768536-96F8-4001-B1A2-90EE21279187} - Reg Error: Key error. File not found
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll File not found
  O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
  O33 - MountPoints2\{cceaf331-5a68-11dd-85d8-00038a000015}\Shell - "" = AutoRun
  O33 - MountPoints2\{cceaf331-5a68-11dd-85d8-00038a000015}\Shell\AutoRun - "" = Auto&Play
  O33 - MountPoints2\{cceaf331-5a68-11dd-85d8-00038a000015}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done
• Then post the OTL2 fixlog

Step 2.
OTL-scan:

• Download OTListIt2 to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open a notepad window with OTListIt.Txt that's saved in the same location as OTListIt2.
• Please copy (Edit->Select All, Edit->Copy) the contents of that file and post it with your next reply.

Step 3.
Goored-can:

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

• Double-click GooredFix.exe to run it.
• Select 1. Find Goored (no fix) by typing 1 and pressing Enter.
• A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).

Note: Do not run Option #2 yet.

Step 4.
Things I would like to see in your reply:

• Answer to my question in the beginning of this post.
• The content of the fixlog from OTL2 in step 1.
• The content of OTListIt.txt from step 2.
• The content of GooredLog.txt from step 3.
• Information on how your computer is running now.

[heir]

This puzzles me a bit.

Have you installed this (Look in add/remove programs)

Homescan Online

Let's go for a OTL-fix again

Step 1.
OTL-fix:

Run OTListIt2.exe

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTLI
  PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
  O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll File not found
  O2 - BHO: (Viewpoint Toolbar BHO) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - Reg Error: Value error. File not found
  O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll File not found
  O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
  O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll File not found
  O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key error. File not found
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Key error. File not found
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - Reg Error: Key error. File not found
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C7768536-96F8-4001-B1A2-90EE21279187} - Reg Error: Key error. File not found
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll File not found
  O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
  O33 - MountPoints2\{cceaf331-5a68-11dd-85d8-00038a000015}\Shell - "" = AutoRun
  O33 - MountPoints2\{cceaf331-5a68-11dd-85d8-00038a000015}\Shell\AutoRun - "" = Auto&Play
  O33 - MountPoints2\{cceaf331-5a68-11dd-85d8-00038a000015}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done
• Then post the OTL2 fixlog

Step 2.
OTL-scan:

• Download OTListIt2 to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open a notepad window with OTListIt.Txt that's saved in the same location as OTListIt2.
• Please copy (Edit->Select All, Edit->Copy) the contents of that file and post it with your next reply.

Step 3.
Goored-can:

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

• Double-click GooredFix.exe to run it.
• Select 1. Find Goored (no fix) by typing 1 and pressing Enter.
• A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).

Note: Do not run Option #2 yet.

Step 4.
Things I would like to see in your reply:

• Answer to my question in the beginning of this post.
• The content of the fixlog from OTL2 in step 1.
• The content of OTListIt.txt from step 2.
• The content of GooredLog.txt from step 3.
• Information on how your computer is running now.

[tracei]

The internet is still popping like crazy do I need to just throw it off my balconey......lol

Yes I have Homescan on my computer because I am part of the computer panel.

GooredFix v1.92 by jpshortstuff
Log created at 09:01 on 08/05/2009 running Option #1 (Owner)
Firefox version [Unable to determine]

=====Suspect Goored Entries=====

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"[email protected]"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\"


========== OTLISTIT ==========
Process explorer.exe killed successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7327C09-B521-4EDB-8509-7D2660C9EC98}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7327C09-B521-4EDB-8509-7D2660C9EC98}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4982D40A-C53B-4615-B15B-B5B5E98D167C}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{61539ECD-CC67-4437-A03C-9AACCBD14326} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61539ECD-CC67-4437-A03C-9AACCBD14326}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C7768536-96F8-4001-B1A2-90EE21279187} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C7768536-96F8-4001-B1A2-90EE21279187}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cceaf331-5a68-11dd-85d8-00038a000015}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cceaf331-5a68-11dd-85d8-00038a000015}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cceaf331-5a68-11dd-85d8-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cceaf331-5a68-11dd-85d8-00038a000015}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cceaf331-5a68-11dd-85d8-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cceaf331-5a68-11dd-85d8-00038a000015}\ not found.
========== COMMANDS ==========
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_6d0.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTListIt2 by OldTimer - Version 2.0.15.3 log created on 05082009_071203

Files moved on Reboot...
File C:\WINDOWS\temp\Perflib_Perfdata_6d0.dat not found!

Registry entries deleted on Reboot...

========== OTLISTIT ==========
Process explorer.exe killed successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7327C09-B521-4EDB-8509-7D2660C9EC98}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7327C09-B521-4EDB-8509-7D2660C9EC98}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4982D40A-C53B-4615-B15B-B5B5E98D167C}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{61539ECD-CC67-4437-A03C-9AACCBD14326} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61539ECD-CC67-4437-A03C-9AACCBD14326}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C7768536-96F8-4001-B1A2-90EE21279187} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C7768536-96F8-4001-B1A2-90EE21279187}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cceaf331-5a68-11dd-85d8-00038a000015}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cceaf331-5a68-11dd-85d8-00038a000015}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cceaf331-5a68-11dd-85d8-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cceaf331-5a68-11dd-85d8-00038a000015}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cceaf331-5a68-11dd-85d8-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cceaf331-5a68-11dd-85d8-00038a000015}\ not found.
========== COMMANDS ==========
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_6d0.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTListIt2 by OldTimer - Version 2.0.15.3 log created on 05082009_071203

Files moved on Reboot...
File C:\WINDOWS\temp\Perflib_Perfdata_6d0.dat not found!

Registry entries deleted on Reboot...


OTListIt logfile created on: 5/8/2009 7:27:37 AM - Run 3
OTListIt2 by OldTimer - Version 2.0.15.3 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.48 Mb Total Physical Memory | 224.56 Mb Available Physical Memory | 50.30% Memory free
1.03 Gb Paging File | 0.67 Gb Available in Paging File | 64.80% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.06 Gb Total Space | 118.41 Gb Free Space | 81.63% Space Free | Partition Type: NTFS
Drive D: | 3.98 Gb Total Space | 2.16 Gb Free Space | 54.33% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 1.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive K: | 17.59 Mb Total Space | 17.30 Mb Free Space | 98.32% Space Free | Partition Type: FAT

Computer Name: YOUR-7C60552B9E
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe (The Nielsen Company)
PRC - C:\Program Files\ACNielsen\Homescan Internet Transporter\HSTrans.exe (ACNielsen)
PRC - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
PRC - C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe (The Nielsen Company)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Documents and Settings\Owner\Application Data\mjusbsp\magicJack.exe (magicJack L.P.)
PRC - C:\WINDOWS\system32\dumprep.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\dwwin.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Owner\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AOL ACS [Disabled | Stopped]) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (America Online)
SRV - (AOL TopSpeedMonitor [Disabled | Stopped]) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe (America Online, Inc)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (dvpapi [Disabled | Stopped]) -- C:\Program Files\Common Files\Command Software\dvpapi.exe (Command Software Systems, Inc.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (MDM [Disabled | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (ose [Disabled | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [Disabled | Stopped]) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (PrismXL [Disabled | Stopped]) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)
SRV - (SupportSoft RemoteAssist [Disabled | Stopped]) -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe (SupportSoft, Inc.)
SRV - (usnsvc [On_Demand | Stopped]) -- C:\Program Files\MSN Messenger\usnsvc.dll (Microsoft Corporation)
SRV - (WinDefend [Disabled | Stopped]) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [Disabled | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (YahooAUService [Disabled | Stopped]) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

========== Driver Services (SafeList) ==========

DRV - (AFS2K [System | Running]) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (ALCXSENS [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura)
DRV - (ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (AliIde [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (asc [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AvgLdx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (CmdIde [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (CSS DVP [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\css-dvp.sys (Command Software Systems, Inc.)
DRV - (dac2w2k [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (DCamUSBSQTECH [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SQcaptur.sys (Service & Quality Technology.)
DRV - (FTDIBUS [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (FTSER2K [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ftser2k.sys (FTDI Ltd.)
DRV - (HPZid412 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP)
DRV - (HSFHWBS2 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (HSF_DP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (km_filter [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\km_filter.sys (The Nielsen Company)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (motccgp [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\motccgp.sys (Motorola)
DRV - (motccgpfl [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\motccgpfl.sys (Motorola)
DRV - (motmodem [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\motmodem.sys (Motorola)
DRV - (motport [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\motport.sys (Motorola)
DRV - (mraid35x [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (mxnic [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mxnic.sys (Macronix International Co., Ltd. )
DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (ql1080 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (RTL8023 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys (Realtek Semiconductor Corporation )
DRV - (rtl8139 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Running]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (Sparrow [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (SunkFilt [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\sunkfilt.sys (Alcor Micro Corp.)
DRV - (symc810 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_hi [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (tmcomm [Auto | Running]) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (ultra [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (usbaudio [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (viagfx [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\vtmini.sys (Copyright © VIA/S3 Graphics Co, Ltd.)
DRV - (wanatw [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\wanatw4.sys (America Online, Inc.)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/03/16 08:18:16 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/01/07 23:27:08 | 00,000,000 | ---D | M]


O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (Me.dium IE Statusbar BHO) - {F28D74EC-B064-4402-926D-E00687233421} - C:\Program Files\Me.dium\Browser Add-ons\MediumIEStatusbar.dll (Me.dium, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9516EB1C-AC77-492D-8FD6-A05AFAC9EA6E} - C:\Program Files\Me.dium\Browser Add-ons\MediumIEToolbar.dll (Me.dium, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [MegaPanel] C:\Program Files\ACNielsen\Homescan Internet Transporter\HSTrans.exe (ACNielsen)
O4 - HKLM..\Run: [NielsenOnline] C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe (The Nielsen Company)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.)
O4 - HKCU..\Run: [cdloader] "C:\Documents and Settings\Owner\Application Data\mjusbsp\cdloader2.exe" MAGICJACK (magicJack L.P.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_13.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - Reg Error: Key error. File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: pogo.com ([game1] http in Trusted sites)
O15 - HKCU\..Trusted Domains: pogo.com ([game3] http in Trusted sites)
O15 - HKCU\..Trusted Domains: pogo.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: surveyrouter.com ([ups] http in Trusted sites)
O15 - HKCU\..Trusted Domains: 60 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://supportcenter...oad/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.t...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6662.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1196872036468 (WUWebControl Class)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.h...ctDetection.cab (HpProductDetection Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1229806325734 (MUWebControl Class)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} http://www.worldwinn...v57/wof/wof.cab (WoF Control)
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} http://cdn.digitalci....1.11_en_dl.cab (IWinAmpActiveX Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} http://www.worldwinn.../familyfeud.cab (FamilyFeud Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} https://signin3.valu...018/flashax.cab (FlashXControl Object)
O16 - DPF: Aces Up! by pogo http://game3.pogo.co.../aces-en_US.cab (Reg Error: Key error.)
O16 - DPF: Backgammon by pogo http://game1.pogo.co...n-ob-assets.cab (Reg Error: Key error.)
O16 - DPF: Bingo Luau by pogo http://game3.pogo.co...bingo-en_US.cab (Reg Error: Key error.)
O16 - DPF: Blackjack by pogo http://game3.pogo.co...kjack-en_US.cab (Reg Error: Key error.)
O16 - DPF: Blooop by pogo http://game3.pogo.co...scade-en_US.cab (Reg Error: Key error.)
O16 - DPF: Bowling by pogo http://game1.pogo.co...wling-en_US.cab (Reg Error: Key error.)
O16 - DPF: Canasta by pogo http://game1.pogo.co...nasta-en_US.cab (Reg Error: Key error.)
O16 - DPF: Checkers by pogo http://game1.pogo.co...ckers-en_US.cab (Reg Error: Key error.)
O16 - DPF: Chess by pogo http://game1.pogo.co...hess2-en_US.cab (Reg Error: Key error.)
O16 - DPF: Cribbage by pogo http://game3.pogo.co...bbage-en_US.cab (Reg Error: Key error.)
O16 - DPF: Dice City Roller by pogo http://game1.pogo.co...z/ytz-en_US.cab (Reg Error: Key error.)
O16 - DPF: Dominoes by pogo http://game1.pogo.co...omino-en_US.cab (Reg Error: Key error.)
O16 - DPF: Euchre by pogo http://game1.pogo.co...uchre-en_US.cab (Reg Error: Key error.)
O16 - DPF: First Class Solitaire by pogo http://game3.pogo.co...lass2-en_US.cab (Reg Error: Key error.)
O16 - DPF: Fortune Bingo by pogo http://game1.pogo.co...bingo-en_US.cab (Reg Error: Key error.)
O16 - DPF: Greenback Bayou by pogo http://game3.pogo.co...nback-en_US.cab (Reg Error: Key error.)
O16 - DPF: Harvest Mania by pogo http://game1.pogo.co...rvest-en_US.cab (Reg Error: Key error.)
O16 - DPF: High Stakes Pool by pogo http://game1.pogo.co.../pool-en_US.cab (Reg Error: Key error.)
O16 - DPF: Jungle Gin by pogo http://game1.pogo.co...n/gin-en_US.cab (Reg Error: Key error.)
O16 - DPF: KenoPop! by pogo http://game3.pogo.co...dkeno-en_US.cab (Reg Error: Key error.)
O16 - DPF: Lost Temple Poker by pogo http://game1.pogo.co...poker-en_US.cab (Reg Error: Key error.)
O16 - DPF: Lottso by pogo http://game1.pogo.co...ottso-en_US.cab (Reg Error: Key error.)
O16 - DPF: Mah Jong Garden by pogo http://game3.pogo.co...jong2-en_US.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: Monopoly by pogo http://game3.pogo.co...opoly-en_US.cab (Reg Error: Key error.)
O16 - DPF: Payday FreeCell by pogo http://game1.pogo.co...ecell-en_US.cab (Reg Error: Key error.)
O16 - DPF: Payday Freecell Solitaire by pogo http://game3.pogo.co...cell2-en_US.cab (Reg Error: Key error.)
O16 - DPF: Penguin Blocks by pogo http://game1.pogo.co...guins-en_US.cab (Reg Error: Key error.)
O16 - DPF: Phlinx by pogo http://game3.pogo.co...inger-en_US.cab (Reg Error: Key error.)
O16 - DPF: Poppit by pogo http://game1.pogo.co...ppit2-en_US.cab (Reg Error: Key error.)
O16 - DPF: Quick Quack by pogo http://game1.pogo.co...k-ob-assets.cab (Reg Error: Key error.)
O16 - DPF: QWERTY by pogo http://game1.pogo.co...uares-en_US.cab (Reg Error: Key error.)
O16 - DPF: Ride The Tide by pogo http://game1.pogo.co.../ride-en_US.cab (Reg Error: Key error.)
O16 - DPF: Scrabble by pogo http://game3.pogo.co...abble-en_US.cab (Reg Error: Key error.)
O16 - DPF: Spooky Slots http://game3.pogo.co...pooky-en_US.cab (Reg Error: Key error.)
O16 - DPF: Stax by pogo http://game1.pogo.co.../stax-en_US.cab (Reg Error: Key error.)
O16 - DPF: Stellar Sweeper by pogo http://game1.pogo.co...eeper-en_US.cab (Reg Error: Key error.)
O16 - DPF: Sweet Tooth 2 by Pogo http://game3.pogo.co...ooth2-en_US.cab (Reg Error: Key error.)
O16 - DPF: Team Bingo by Pogo http://game3.pogo.co...bingo-en_US.cab (Reg Error: Key error.)
O16 - DPF: Texas Hold'em Poker by pogo http://game1.pogo.co...oldem-en_US.cab (Reg Error: Key error.)
O16 - DPF: Thousand Island Solitaire by pogo http://game1.pogo.co...lbrae-en_US.cab (Reg Error: Key error.)
O16 - DPF: Tri-Peaks by pogo http://game1.pogo.co...peaks-en_US.cab (Reg Error: Key error.)
O16 - DPF: Trivial Pursuit by pogo http://game3.pogo.co...ivial-en_US.cab (Reg Error: Key error.)
O16 - DPF: Tumble Bees by pogo http://game1.pogo.co...umbee-en_US.cab (Reg Error: Key error.)
O16 - DPF: Turbo 21 v2 by pogo http://game1.pogo.co...rbo22-en_US.cab (Reg Error: Key error.)
O16 - DPF: Vaults of Atlantis Slots by pogo http://game1.pogo.co...slots-en_US.cab (Reg Error: Key error.)
O16 - DPF: Wonderland Memories by pogo http://game1.pogo.co...ories-en_US.cab (Reg Error: Key error.)
O16 - DPF: Word Search Daily by pogo http://game1.pogo.co...earch-en_US.cab (Reg Error: Key error.)
O16 - DPF: Word Whomp by pogo http://game1.pogo.co...homp2-en_US.cab (Reg Error: Key error.)
O16 - DPF: Word Whomp Whackdown by pogo http://game1.pogo.co...kdown-en_US.cab (Reg Error: Key error.)
O16 - DPF: World Class Solitaire by pogo http://game1.pogo.co...class-en_US.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Literati http://download2.gam...nts/y/tt5_x.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Pool 2 http://download.game...ts/y/pote_x.cab (Reg Error: Key error.)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.0.0792.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.0.0792.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/26 14:04:39 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - File not found - D:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2008/07/21 09:20:07 | 00,027,992 | R--- | M] (magicJack L.P.) - J:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/07/21 09:20:07 | 00,016,158 | R--- | M] () - J:\autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2008/07/21 09:20:07 | 00,000,308 | R--- | M] () - J:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2008/07/21 09:20:07 | 00,706,144 | R--- | M] (magicJack L.P.) - J:\autorunu.exe -- [ CDFS ]
O32 - AutoRun File - [2008/06/10 15:12:12 | 00,000,270 | ---- | M] () - K:\autorun.inf -- [ FAT ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[3 C:\WINDOWS\*.tmp files]
[2009/05/08 07:14:18 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/05/07 19:06:00 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTListIt2.exe
[2009/05/07 18:50:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\temp
[2009/05/07 18:41:55 | 03,019,296 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2009/05/07 13:56:05 | 00,000,000 | -HSD | C] -- C:\found.000
[2009/05/07 13:47:06 | 00,044,032 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Your Company Name.doc
[2009/05/03 19:20:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Program Files
[2009/05/02 11:05:17 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/05/02 11:05:16 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/05/02 11:05:01 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/05/02 11:03:00 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/05/02 11:03:00 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/05/02 11:03:00 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/05/02 11:03:00 | 00,117,248 | ---- | C] () -- C:\WINDOWS\vFind.exe
[2009/05/02 11:03:00 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/05/02 11:03:00 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/05/02 11:03:00 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/05/02 11:03:00 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/05/02 09:51:17 | 00,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2009/05/02 09:51:17 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar3.dll
[2009/05/02 09:51:17 | 00,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2009/05/02 09:51:17 | 00,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2009/05/02 09:51:17 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ztvcabinet.dll
[2009/05/02 09:51:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Simply Super Software
[2009/05/02 09:51:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2009/05/01 19:32:13 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/05/01 18:26:40 | 00,000,000 | ---D | C] -- C:\Lop SD
[2009/04/30 19:00:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/04/30 19:00:26 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/04/30 19:00:20 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/04/30 19:00:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[2009/04/30 18:49:51 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/30 18:24:35 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/04/30 18:18:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2009/04/30 18:18:13 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/30 18:18:12 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/30 18:18:09 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/30 18:18:08 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/30 18:18:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/30 18:17:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/04/30 18:16:50 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/04/30 18:16:44 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[2009/04/30 18:16:43 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2009/04/30 18:16:39 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/04/30 18:05:44 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/04/30 17:57:38 | 00,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2009/04/30 17:50:32 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2009/04/15 02:26:31 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/15 02:26:30 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/15 02:26:29 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/15 02:26:29 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/15 02:26:28 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/15 02:26:28 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/15 02:26:27 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/15 02:26:27 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/15 02:26:26 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/15 02:20:42 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/04/15 02:20:41 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/04/15 02:20:41 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/04/10 09:03:55 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009/04/09 17:28:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Mozilla
[2009/04/09 13:57:04 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2009/03/28 17:34:26 | 00,000,110 | ---- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini
[2009/02/12 14:47:54 | 00,000,241 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/10/30 19:13:07 | 00,565,248 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2006/06/09 03:19:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/07/29 08:28:58 | 00,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2005/07/29 08:28:55 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/07/29 08:22:06 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/08/27 06:50:59 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/26 12:12:43 | 00,001,420 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/26 12:12:43 | 00,000,485 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2004/08/26 12:12:21 | 00,000,968 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/26 12:12:17 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/01/07 18:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/05/08 07:35:00 | 00,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{01B6BCA4-E5A7-4413-BB3F-A288379595F8}.job
[2009/05/08 07:21:36 | 00,000,984 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\magicJack.lnk
[2009/05/08 07:19:35 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/08 07:19:10 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/08 07:18:56 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\desktop.ini
[2009/05/08 07:18:54 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/08 07:03:38 | 35,911,996 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/05/08 02:03:01 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/05/07 19:06:17 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTListIt2.exe
[2009/05/07 18:54:25 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/05/07 18:53:10 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/05/07 18:42:14 | 03,019,296 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2009/05/07 16:41:13 | 00,044,032 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Your Company Name.doc
[2009/05/07 09:00:00 | 00,000,306 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2009/05/06 17:26:45 | 00,051,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/05/03 16:13:12 | 00,001,728 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2009/05/02 11:05:18 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/05/01 15:36:46 | 00,117,248 | ---- | M] () -- C:\WINDOWS\vFind.exe
[2009/04/30 21:57:47 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/04/30 19:00:26 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/04/30 18:18:13 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/30 18:16:50 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/04/30 18:16:44 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[2009/04/30 18:16:43 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2009/04/30 17:50:32 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2009/04/22 07:08:57 | 00,000,211 | ---- | M] () -- C:\Boot.bak
[2009/04/22 07:08:56 | 00,000,968 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/20 22:04:50 | 00,509,708 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/20 22:04:50 | 00,092,004 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/20 22:04:49 | 00,612,882 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/20 12:56:28 | 00,031,232 | ---- | M] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/04/20 03:04:15 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/18 08:06:54 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/04/18 08:06:53 | 00,325,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/04/18 08:06:39 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/04/17 18:59:37 | 00,434,673 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg

========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38AE9DA3
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

[heir]

The internet is still popping like crazy do I need to just throw it off my balconey......lol

That would definitrly stop the popping, the side effect though that in also brings you a useless computer....

This puzzles me.
Let's run a couple of scanner and we'll see what those finds.

Step 1.
Clean temp locations:

Please download ATF Cleaner by Atribune.
Caution: This program is for Windows 2000, XP and Vista onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Step 2.
Scan with MBAM:

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Step 3.
Scan with Kaspersky Online Scanner:

Please do an online scan with Kaspersky Online Scanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion.

• Read through the requirements and privacy statement and click on Accept button.
• It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
• When the downloads have finished, click on Settings.
• Make sure the following is checked.
  
  • Spyware, Adware, Dialers, and other potentially dangerous programs
    Archives
    Mail databases
• Click on My Computer under Scan.
• Once the scan is complete, it will display the results. Click on View Scan Report.
• You will see a list of infected items there. Click on Save Report As....
• Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
• Please post this log in your next reply.

Upgrading Java:

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Upgrading Java:

• Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 13.
• Click the "Download" button to the right.
• Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
• Click on Continue.
• Click on the link to download Windows Offline Installation (jre-6u13-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java version.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u13-windows-i586-p.exe and select "Run as an Administrator.")

Step 4.
Things I would like to see in your reply:

• The content of the report from MBAM from Step 2.
• The content of the report from Kaspersky Online Scanner from Step 3.

[heir]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.