Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Browsers not working, network is fine

(In Progress)
(!)

Cookiegal's Avatar
Administrator & Malware Removal Specialist with 97,660 posts.
 
Join Date: Aug 2003
13-Jul-2010, 11:52 AM #16
That's fine.
dandennison84's Avatar
dandennison84 dandennison84 is offline
Junior Member with 19 posts.
THREAD STARTER
 
Join Date: Jul 2010
13-Jul-2010, 10:59 PM #17
Ok, here are the results of DDS.txt.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Dad and Mom at 21:56:37.29 on Tue 07/13/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.5.0_12
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.252 [GMT -5:00]

FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\AVG\AVG9\avgchsvx.exe
svchost.exe
svchost.exe
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\IMESHA~1\MediaBar\DataMngr\DataMngrUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Dad and Mom\Desktop\tools\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.imesh.com/
uSearch Page = hxxp://www.google.com/hws/sb/dell-inc/en/side.html?channel=us
uSearch Bar = hxxp://www.google.com/hws/sb/dell-inc/en/side.html?channel=us
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: UrlHelper Class: {474597c5-ab09-49d6-a4d5-2e8d7341384e} - c:\program files\imesh applications\mediabar\datamngr\IEBHO.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_12\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: MediaBar: {abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f} - c:\program files\imesh applications\mediabar\toolbar\iMeshMediaBarDx.dll
BHO: SweetIM Toolbar Helper: {eee6c35c-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: SweetIM Toolbar for Internet Explorer: {eee6c35b-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: MediaBar: {abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f} - c:\program files\imesh applications\mediabar\toolbar\iMeshMediaBarDx.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [@OnlineArmor GUI] "c:\program files\tall emu\online armor\oaui.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [DataMngr] c:\progra~1\imesha~1\mediabar\\datamngr\DataMngrUI.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {25365FF3-2746-4230-9DA7-163CCA318309} - hxxp://inst.c-wss.com/vwhpro/EN/install/gtdownlr.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-150-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-150-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\imesha~1\mediabar\\datamngr\datamngr.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\progra~1\tallem~1\online~1\oaevent.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dadand~1\applic~1\mozilla\firefox\profiles\kq8x0kpw.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\dad and mom\application data\mozilla\firefox\profiles\kq8x0kpw.default\extensions\{28d35620-51d9-11de-9d13-2db156d89593}\components\dtTransparency.dll
FF - plugin: c:\documents and settings\dad and mom\application data\mozilla\plugins\np-mswmp.dll
FF - plugin: c:\program files\java\jre1.5.0_12\bin\NPJPI150_12.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-2-12 28424]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-2-12 360584]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2010-2-12 223312]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2010-2-12 24656]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2010-2-12 29776]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-7-24 54752]
R2 OAcat;Online Armor Helper Service;c:\program files\tall emu\online armor\oacat.exe [2010-2-12 1282248]
R2 WUSB54GSv2SVC;WUSB54GSv2SVC;c:\program files\linksys wireless-g usb wireless network monitor\WLService.exe [2008-1-13 41025]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-2-12 333192]
S2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-2-12 285392]
S2 SvcOnlineArmor;Online Armor;c:\program files\tall emu\online armor\oasrv.exe [2010-2-12 3291336]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 XIRLINK;Veo Mobile/Advanced Web Camera;c:\windows\system32\drivers\ucdnt.sys [2004-1-26 728083]

=============== Created Last 30 ================

2010-07-12 03:47:07 711168 ----a-w- c:\windows\is-4A60K.exe
2010-07-12 03:47:07 363 ----a-w- c:\windows\is-4A60K.lst
2010-07-12 03:47:07 10562 ----a-w- c:\windows\is-4A60K.msg
2010-07-12 02:45:18 0 d-----w- c:\windows\system32\wbem\Repository
2010-07-12 02:44:34 0 dc----w- c:\program files\Sonic
2010-07-12 02:44:33 0 dc----w- c:\program files\SweetIM
2010-07-12 02:44:33 0 dc----w- c:\docume~1\alluse~1\applic~1\SweetIM
2010-07-12 02:37:58 0 dc----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2010-07-12 02:37:55 0 d-----w- c:\windows\system32\drivers\Avg
2010-07-12 02:34:15 0 d-----w- c:\windows\system32\CatRoot_bak
2010-07-12 02:31:19 0 dc----w- c:\docume~1\dadand~1\applic~1\OnlineArmor
2010-07-12 02:31:19 0 dc----w- c:\docume~1\alluse~1\applic~1\OnlineArmor
2010-07-12 02:31:18 0 dc----w- c:\program files\Tall Emu
2010-07-11 18:30:02 910 -c--a-w- c:\documents and settings\dad and mom\all
2010-07-11 17:51:05 83748 ----a-w- c:\windows\system32\dllcache\prcp.nls
2010-07-11 17:51:04 83748 ----a-w- c:\windows\system32\dllcache\prc.nls
2010-07-11 17:45:02 47066 ----a-w- c:\windows\system32\dllcache\ksc.nls
2010-07-11 17:34:59 195618 ----a-w- c:\windows\system32\dllcache\c_10002.nls
2010-07-11 17:34:59 177698 ----a-w- c:\windows\system32\dllcache\c_10003.nls
2010-07-11 17:34:58 162850 ----a-w- c:\windows\system32\dllcache\c_10001.nls
2010-07-11 17:34:41 82172 ----a-w- c:\windows\system32\dllcache\bopomofo.nls
2010-07-11 17:34:39 66728 ----a-w- c:\windows\system32\dllcache\big5.nls
2010-07-11 16:05:13 0 dcsh--w- c:\documents and settings\dad and mom\IECompatCache
2010-07-11 16:04:08 0 d-----w- c:\windows\system32\scripting
2010-07-11 16:04:07 0 d-----w- c:\windows\l2schemas

==================== Find3M ====================

2010-04-20 05:51:20 285696 ----a-w- c:\windows\system32\atmfd(3).dll
2010-03-14 20:42:15 152 --sh--r- c:\windows\system32\0026B8D2F4.sys
2010-03-14 20:42:22 6686 --sha-w- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 21:57:20.17 ===============
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 97,660 posts.
 
Join Date: Aug 2003
14-Jul-2010, 10:55 AM #18
Please go to Start - Run - type in eventvwr.msc to open the event viewer. Look under both "Application" and "System" for recent (the last 48 hours or so) errors (shown in red) and if found, do this for each one.

Double-click the error to open it up and then click on the icon that looks like two pieces of paper. This will copy the full error. Then "paste" the error into Notepad. Do this for each one until you have them all listed in Notepad and then copy and paste the list in a reply here please.
__________________
Microsoft MVP - Consumer Security
dandennison84's Avatar
dandennison84 dandennison84 is offline
Junior Member with 19 posts.
THREAD STARTER
 
Join Date: Jul 2010
15-Jul-2010, 07:31 AM #19
Hi. There were quite a few events, so I didn't copy the duplicates. Here is a sampling.

Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date: 7/11/2010
Time: 10:39:20 PM
User: N/A
Computer: DHY2CQ91
Description:
Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 69 65 78 70 6c 6f iexplo
0018: 72 65 2e 65 78 65 20 38 re.exe 8
0020: 2e 30 2e 36 30 30 31 2e .0.6001.
0028: 31 38 37 30 32 20 69 6e 18702 in
0030: 20 68 75 6e 67 61 70 70 hungapp
0038: 20 30 2e 30 2e 30 2e 30 0.0.0.0
0040: 20 61 74 20 6f 66 66 73 at offs
0048: 65 74 20 30 30 30 30 30 et 00000
0050: 30 30 30 000

Event Type: Error
Event Source: crypt32
Event Category: None
Event ID: 8
Date: 7/11/2010
Time: 10:15:23 PM
User: N/A
Computer: DHY2CQ91
Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: crypt32
Event Category: None
Event ID: 11
Date: 7/11/2010
Time: 10:15:23 PM
User: N/A
Computer: DHY2CQ91
Description:
Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Warning
Event Source: crypt32
Event Category: None
Event ID: 6
Date: 7/11/2010
Time: 9:53:39 PM
User: N/A
Computer: DHY2CQ91
Description:
Reached crypt32 threshold of 50 events and will suspend logging for 60 minutes

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1517
Date: 7/11/2010
Time: 1:30:28 PM
User: NT AUTHORITY\SYSTEM
Computer: BOYS
Description:
Windows saved user BOYS\Dad and Mom registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Warning
Event Source: WinMgmt
Event Category: None
Event ID: 63
Date: 7/11/2010
Time: 11:06:12 AM
User: S-1-5-21-2696969475-2308742595-2740345709-1008
Computer: DHY2CQ91
Description:
A provider, HiPerfCooker_v1, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Warning
Event Source: System.ServiceModel.Install 3.0.0.0
Event Category: None
Event ID: 0
Date: 7/11/2010
Time: 10:09:01 AM
User: N/A
Computer: DHY2CQ91
Description:
Configuration section system.serviceModel.activation already exists in c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Warning
Event Source: ASP.NET 2.0.50727.0
Event Category: Setup
Event ID: 1020
Date: 7/11/2010
Time: 10:07:46 AM
User: N/A
Computer: DHY2CQ91
Description:
Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1524
Date: 7/10/2010
Time: 12:55:47 PM
User: S-1-5-21-2696969475-2308742595-2740345709-1008
Computer: DHY2CQ91
Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Failure Audit
Event Source: Security
Event Category: Account Logon
Event ID: 680
Date: 7/15/2010
Time: 6:23:49 AM
User: NT AUTHORITY\SYSTEM
Computer: DHY2CQ91
Description:
Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon account: Dad and Mom
Source Workstation: DHY2CQ91
Error Code: 0xC000006A


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 529
Date: 7/15/2010
Time: 6:23:49 AM
User: NT AUTHORITY\SYSTEM
Computer: DHY2CQ91
Description:
Logon Failure:
Reason: Unknown user name or bad password
User Name: Dad and Mom
Domain: DHY2CQ91
Logon Type: 2
Logon Process: Advapi
Authentication Package: Negotiate
Workstation Name: DHY2CQ91

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Failure Audit
Event Source: Security
Event Category: Account Logon
Event ID: 680
Date: 7/14/2010
Time: 6:52:19 PM
User: NT AUTHORITY\SYSTEM
Computer: DHY2CQ91
Description:
Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon account: Dad and Mom
Source Workstation: DHY2CQ91
Error Code: 0xC000006A


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Failure Audit
Event Source: Security
Event Category: Policy Change
Event ID: 615
Date: 7/11/2010
Time: 10:56:58 PM
User: NT AUTHORITY\NETWORK SERVICE
Computer: DHY2CQ91
Description:
IPSec Services: IPSec Services failed to get the complete list of network interfaces on the machine. This can be a potential security hazard to the machine since some of the network interfaces may not get the protection as desired by the applied IPSec filters. Please run IPSec monitor snap-in to further diagnose the problem.



For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 529
Date: 7/11/2010
Time: 11:33:56 PM
User: NT AUTHORITY\SYSTEM
Computer: DHY2CQ91
Description:
Logon Failure:
Reason: Unknown user name or bad password
User Name: Dad and Mom
Domain: DHY2CQ91
Logon Type: 2
Logon Process: Advapi
Authentication Package: Negotiate
Workstation Name: DHY2CQ91

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 97,660 posts.
 
Join Date: Aug 2003
15-Jul-2010, 01:23 PM #20
Please visit Combofix Guide & Instructions for instructions for installing the recovery console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

Post the log from ComboFix when you've accomplished that along with a new HijackThis log.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read HERE for an article written by dvk01 on why we disable autoruns.
dandennison84's Avatar
dandennison84 dandennison84 is offline
Junior Member with 19 posts.
THREAD STARTER
 
Join Date: Jul 2010
15-Jul-2010, 06:08 PM #21
Hi, couple of things. When I ran ComboFix, it could not install Windows Recovery Console but it kept going anyway. Do I need to run it again? I've downloaded the manual install for it, but I haven't done it yet. Also, my online armor keeps starting up but I can't uninstall it. Do you want me to try to stop it from starting up using MSConfig?

When I ran HiJackThis it popped up an error but kept going. I can't replicate the error, it runs fine now.

ComboFix 10-07-15.01 - Dad and Mom 07/15/2010 16:42:58.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.245 [GMT -5:00]
Running from: c:\documents and settings\Dad and Mom\Desktop\tools\puppy.exe
FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\f3initialsetup1.0.0.15-3.inf

.
((((((((((((((((((((((((( Files Created from 2010-06-15 to 2010-07-15 )))))))))))))))))))))))))))))))
.

2010-07-12 03:47 . 2010-07-12 03:47 711168 ----a-w- c:\windows\is-4A60K.exe
2010-07-12 02:45 . 2010-07-12 02:45 -------- d-----w- c:\windows\system32\wbem\Repository
2010-07-12 02:44 . 2010-07-12 02:44 -------- dc----w- c:\program files\Sonic
2010-07-12 02:44 . 2010-07-12 02:44 -------- dc----w- c:\program files\SweetIM
2010-07-12 02:44 . 2010-07-12 02:44 -------- dc----w- c:\documents and settings\All Users\Application Data\SweetIM
2010-07-12 02:37 . 2010-07-12 03:25 -------- dc----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-07-12 02:37 . 2010-07-12 02:37 -------- dc----w- c:\documents and settings\Dad and Mom\Local Settings\Application Data\AVG Security Toolbar
2010-07-12 02:37 . 2010-07-12 02:38 -------- d-----w- c:\windows\system32\drivers\Avg
2010-07-12 02:34 . 2010-07-12 03:38 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-07-12 02:31 . 2010-07-12 03:23 -------- dc----w- c:\documents and settings\All Users\Application Data\OnlineArmor
2010-07-12 02:31 . 2010-07-12 02:49 -------- dc----w- c:\documents and settings\Dad and Mom\Application Data\OnlineArmor
2010-07-12 02:31 . 2010-07-12 02:31 -------- dc----w- c:\program files\Tall Emu
2010-07-12 02:31 . 2010-07-12 02:31 -------- dc----w- c:\documents and settings\Dad and Mom\Local Settings\Application Data\iMesh
2010-07-12 02:31 . 2010-07-12 02:40 -------- dc----w- c:\program files\Microsoft Silverlight
2010-07-11 16:05 . 2010-07-11 16:05 -------- dcsh--w- c:\documents and settings\Dad and Mom\IECompatCache
2010-07-11 16:04 . 2010-07-11 16:04 -------- d-----w- c:\windows\system32\scripting
2010-07-11 16:04 . 2010-07-11 16:04 -------- d-----w- c:\windows\l2schemas

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-12 03:48 . 2010-02-12 23:15 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-12 03:38 . 2009-07-24 18:08 67992 -c--a-w- c:\documents and settings\Dad and Mom\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-12 02:44 . 2008-02-25 22:05 -------- d-----w- c:\program files\Tropico
2010-07-12 02:44 . 2010-05-23 02:11 -------- dc----w- c:\program files\Maxis
2010-07-12 02:44 . 2006-03-27 12:09 -------- dc-h--w- c:\program files\InstallShield Installation Information
2010-07-12 02:43 . 2006-03-27 12:12 -------- dc----w- c:\program files\Common Files\Real
2010-07-12 02:38 . 2010-02-13 00:33 -------- dc----w- c:\documents and settings\All Users\Application Data\avg9
2010-07-12 02:31 . 2010-03-03 02:08 -------- dc----w- c:\program files\iMesh Applications
2010-07-11 16:08 . 2004-08-10 19:03 77939 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-07-11 15:11 . 2009-09-08 13:53 -------- dc----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-23 20:38 . 2008-02-24 16:02 1261 ----a-w- c:\windows\eReg.dat
2010-05-23 12:23 . 2010-05-23 12:23 281 ----a-w- c:\windows\EReg072.dat
2010-04-29 20:39 . 2010-02-12 23:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 20:39 . 2010-02-12 23:15 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 05:51 . 2004-08-10 18:50 285696 ----a-w- c:\windows\system32\atmfd(3).dll
2010-03-14 20:42 . 2008-02-28 20:42 152 --sh--r- c:\windows\system32\0026B8D2F4.sys
2010-03-14 20:42 . 2008-02-28 20:42 6686 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
2010-02-24 00:02 392624 -c--a-w- c:\program files\iMesh Applications\MediaBar\DataMngr\IEBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 19:01 1230080 -c--a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}]
2009-11-20 17:34 87472 -c--a-w- c:\program files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 18:22 1172792 -c--a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
"{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}"= "c:\program files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll" [2009-11-20 87472]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-06 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-06 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-06 114688]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2009-12-05 6622920]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-02-13 2033432]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-16 141608]
"DataMngr"="c:\progra~1\IMESHA~1\MediaBar\\DataMngr\DataMngrUI.exe" [2010-02-24 786352]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-3-27 24576]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\Shell ExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2009-12-05 923336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-02-13 00:34 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkvMon.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NkvMon.exe.lnk
backup=c:\windows\pss\NkvMon.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-10-05 09:12 94208 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 16:44 31072 -c--a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 16:44 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 16:44 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-02-16 00:07 141608 -c--a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
2005-07-13 01:05 1117184 -c--a-w- c:\program files\McAfee\SpamKiller\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 -c--a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 05:08 417792 -c--a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2006-03-27 12:12 26112 -c--a-w- c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-05-02 10:15 75520 ----a-w- c:\program files\Java\jre1.5.0_12\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/12/2010 7:34 PM 360584]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2/12/2010 6:43 PM 223312]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2/12/2010 6:43 PM 24656]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2/12/2010 6:43 PM 29776]
R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [2/12/2010 6:43 PM 1282248]
R2 WUSB54GSv2SVC;WUSB54GSv2SVC;c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe [1/13/2008 2:16 PM 41025]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/12/2010 7:34 PM 333192]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2/12/2010 7:34 PM 285392]
S2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [2/12/2010 6:43 PM 3291336]
S3 XIRLINK;Veo Mobile/Advanced Web Camera;c:\windows\system32\drivers\ucdnt.sys [1/26/2004 9:42 PM 728083]
.
Contents of the 'Scheduled Tasks' folder

2010-06-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:34]

2010-07-15 c:\windows\Tasks\User_Feed_Synchronization-{501EF81D-F5B8-451D-8008-9B432276D977}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.imesh.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Dad and Mom\Application Data\Mozilla\Firefox\Profiles\kq8x0kpw.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\Dad and Mom\Application Data\Mozilla\Firefox\Profiles\kq8x0kpw.default\extensions\{28D35620-51D9-11DE-9D13-2DB156D89593}\components\dtTransparency.dll
FF - plugin: c:\documents and settings\Dad and Mom\Application Data\Mozilla\plugins\np-mswmp.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJPI150_12.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-*{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
MSConfigStartUp-msnmsgr - ~c:\program files\Windows Live\Messenger\msnmsgr.exe
MSConfigStartUp-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
MSConfigStartUp-NeroFilterCheck - c:\windows\system32\NeroCheck.exe
MSConfigStartUp-Steam - c:\program files\Steam\Steam.exe
MSConfigStartUp-SweetIM - c:\program files\SweetIM\Messenger\SweetIM.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-Turbine Download Manager Tray Icon - c:\program files\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe
MSConfigStartUp-Yahoo! Pager - ~c:\program files\Yahoo!\Messenger\YahooMessenger.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-15 16:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2364)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\IMESHA~1\MediaBar\DataMngr\DataMngrUI.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-07-15 16:59:27 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-15 21:59

Pre-Run: 54,390,431,744 bytes free
Post-Run: 54,439,194,624 bytes free

- - End Of File - - 22C566104739E35D4748667604EE816A


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:03:29 PM, on 7/15/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\IMESHA~1\MediaBar\DataMngr\DataMngrUI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.imesh.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: UrlHelper Class - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files\iMesh Applications\MediaBar\DataMngr\IEBHO.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: MediaBar - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: MediaBar - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DataMngr] C:\PROGRA~1\IMESHA~1\MediaBar\\DataMngr\DataMngrUI.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/vwhpro/EN/install/gtdownlr.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/tech...bs/tgctlsr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Online Armor Helper Service (OAcat) - Unknown owner - C:\Program Files\Tall Emu\Online Armor\OAcat.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
O23 - Service: WUSB54GSv2SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 9695 bytes
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 97,660 posts.
 
Join Date: Aug 2003
16-Jul-2010, 03:57 PM #22
Yes, please run ComboFix again with the Recovery Console installed.
dandennison84's Avatar
dandennison84 dandennison84 is offline
Junior Member with 19 posts.
THREAD STARTER
 
Join Date: Jul 2010
16-Jul-2010, 06:47 PM #23
ComboFix 10-07-15.01 - Dad and Mom 07/16/2010 17:27:43.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.285 [GMT -5:00]
Running from: c:\documents and settings\Dad and Mom\Desktop\tools\puppy.exe
Command switches used :: D:\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.

((((((((((((((((((((((((( Files Created from 2010-06-16 to 2010-07-16 )))))))))))))))))))))))))))))))
.

2010-07-15 22:02 . 2010-07-15 22:02 388096 -c--a-r- c:\documents and settings\Dad and Mom\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-15 22:02 . 2010-07-15 22:02 -------- dc----w- c:\program files\Trend Micro
2010-07-15 21:40 . 2010-07-15 21:59 -------- dc----w- C:\puppy
2010-07-12 03:47 . 2010-07-12 03:47 711168 ----a-w- c:\windows\is-4A60K.exe
2010-07-12 02:45 . 2010-07-12 02:45 -------- d-----w- c:\windows\system32\wbem\Repository
2010-07-12 02:44 . 2010-07-12 02:44 -------- dc----w- c:\program files\Sonic
2010-07-12 02:44 . 2010-07-12 02:44 -------- dc----w- c:\program files\SweetIM
2010-07-12 02:44 . 2010-07-12 02:44 -------- dc----w- c:\documents and settings\All Users\Application Data\SweetIM
2010-07-12 02:37 . 2010-07-12 03:25 -------- dc----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-07-12 02:37 . 2010-07-12 02:37 -------- dc----w- c:\documents and settings\Dad and Mom\Local Settings\Application Data\AVG Security Toolbar
2010-07-12 02:37 . 2010-07-12 02:38 -------- d-----w- c:\windows\system32\drivers\Avg
2010-07-12 02:34 . 2010-07-12 03:38 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-07-12 02:31 . 2010-07-12 03:23 -------- dc----w- c:\documents and settings\All Users\Application Data\OnlineArmor
2010-07-12 02:31 . 2010-07-12 02:49 -------- dc----w- c:\documents and settings\Dad and Mom\Application Data\OnlineArmor
2010-07-12 02:31 . 2010-07-12 02:31 -------- dc----w- c:\program files\Tall Emu
2010-07-12 02:31 . 2010-07-12 02:31 -------- dc----w- c:\documents and settings\Dad and Mom\Local Settings\Application Data\iMesh
2010-07-12 02:31 . 2010-07-12 02:40 -------- dc----w- c:\program files\Microsoft Silverlight
2010-07-11 16:05 . 2010-07-11 16:05 -------- dcsh--w- c:\documents and settings\Dad and Mom\IECompatCache
2010-07-11 16:04 . 2010-07-11 16:04 -------- d-----w- c:\windows\system32\scripting
2010-07-11 16:04 . 2010-07-11 16:04 -------- d-----w- c:\windows\l2schemas

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-12 03:48 . 2010-02-12 23:15 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-12 03:38 . 2009-07-24 18:08 67992 -c--a-w- c:\documents and settings\Dad and Mom\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-12 02:44 . 2008-02-25 22:05 -------- d-----w- c:\program files\Tropico
2010-07-12 02:44 . 2010-05-23 02:11 -------- dc----w- c:\program files\Maxis
2010-07-12 02:44 . 2006-03-27 12:09 -------- dc-h--w- c:\program files\InstallShield Installation Information
2010-07-12 02:43 . 2006-03-27 12:12 -------- dc----w- c:\program files\Common Files\Real
2010-07-12 02:38 . 2010-02-13 00:33 -------- dc----w- c:\documents and settings\All Users\Application Data\avg9
2010-07-12 02:31 . 2010-03-03 02:08 -------- dc----w- c:\program files\iMesh Applications
2010-07-11 16:08 . 2004-08-10 19:03 77939 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-07-11 15:11 . 2009-09-08 13:53 -------- dc----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-23 20:38 . 2008-02-24 16:02 1261 ----a-w- c:\windows\eReg.dat
2010-05-23 12:23 . 2010-05-23 12:23 281 ----a-w- c:\windows\EReg072.dat
2010-04-29 20:39 . 2010-02-12 23:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 20:39 . 2010-02-12 23:15 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 05:51 . 2004-08-10 18:50 285696 ----a-w- c:\windows\system32\atmfd(3).dll
2010-03-14 20:42 . 2008-02-28 20:42 152 --sh--r- c:\windows\system32\0026B8D2F4.sys
2010-03-14 20:42 . 2008-02-28 20:42 6686 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
2010-02-24 00:02 392624 -c--a-w- c:\program files\iMesh Applications\MediaBar\DataMngr\IEBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 19:01 1230080 -c--a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}]
2009-11-20 17:34 87472 -c--a-w- c:\program files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 18:22 1172792 -c--a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
"{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}"= "c:\program files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll" [2009-11-20 87472]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-06 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-06 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-06 114688]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2009-12-05 6622920]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-16 141608]
"DataMngr"="c:\progra~1\IMESHA~1\MediaBar\\DataMngr\DataMngrUI.exe" [2010-02-24 786352]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-3-27 24576]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\Shell ExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2009-12-05 923336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-02-13 00:34 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkvMon.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NkvMon.exe.lnk
backup=c:\windows\pss\NkvMon.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
2010-02-13 00:34 2033432 -c--a-w- c:\progra~1\AVG\AVG9\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-10-05 09:12 94208 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 16:44 31072 -c--a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 16:44 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 16:44 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-02-16 00:07 141608 -c--a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
2005-07-13 01:05 1117184 -c--a-w- c:\program files\McAfee\SpamKiller\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 -c--a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 05:08 417792 -c--a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2006-03-27 12:12 26112 -c--a-w- c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-05-02 10:15 75520 ----a-w- c:\program files\Java\jre1.5.0_12\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SvcOnlineArmor"=2 (0x2)
"OAcat"=2 (0x2)
"avg9wd"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/12/2010 7:34 PM 360584]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2/12/2010 6:43 PM 223312]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2/12/2010 6:43 PM 24656]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2/12/2010 6:43 PM 29776]
R2 WUSB54GSv2SVC;WUSB54GSv2SVC;c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe [1/13/2008 2:16 PM 41025]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/12/2010 7:34 PM 333192]
S3 XIRLINK;Veo Mobile/Advanced Web Camera;c:\windows\system32\drivers\ucdnt.sys [1/26/2004 9:42 PM 728083]
S4 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2/12/2010 7:34 PM 285392]
S4 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [2/12/2010 6:43 PM 1282248]
S4 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [2/12/2010 6:43 PM 3291336]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - GTNDIS5
.
Contents of the 'Scheduled Tasks' folder

2010-07-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:34]

2010-07-16 c:\windows\Tasks\User_Feed_Synchronization-{501EF81D-F5B8-451D-8008-9B432276D977}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.imesh.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Dad and Mom\Application Data\Mozilla\Firefox\Profiles\kq8x0kpw.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\Dad and Mom\Application Data\Mozilla\Firefox\Profiles\kq8x0kpw.default\extensions\{28D35620-51D9-11DE-9D13-2DB156D89593}\components\dtTransparency.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-16 17:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3356)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-07-16 17:37:48
ComboFix-quarantined-files.txt 2010-07-16 22:37
ComboFix2.txt 2010-07-15 21:59

Pre-Run: 54,500,786,176 bytes free
Post-Run: 54,503,964,672 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 0CFEAAD29259520B9A70CDDEA412F427



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:45:18 PM, on 7/16/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\IMESHA~1\MediaBar\DataMngr\DataMngrUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.imesh.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: UrlHelper Class - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files\iMesh Applications\MediaBar\DataMngr\IEBHO.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: MediaBar - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: MediaBar - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DataMngr] C:\PROGRA~1\IMESHA~1\MediaBar\\DataMngr\DataMngrUI.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/vwhpro/EN/install/gtdownlr.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/tech...bs/tgctlsr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WUSB54GSv2SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 9347 bytes
dandennison84's Avatar
dandennison84 dandennison84 is offline
Junior Member with 19 posts.
THREAD STARTER
 
Join Date: Jul 2010
16-Jul-2010, 07:02 PM #24
Also, I looked through the event viewer again and noticed I never sent you system errors, not app errors. Here are some system errors since the 11th.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: 7/16/2010
Time: 5:43:42 PM
User: N/A
Computer: DHY2CQ91
Description:
The Application Management service terminated with the following error:
The specified module could not be found.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Warning
Event Source: Dhcp
Event Category: None
Event ID: 1003
Date: 7/16/2010
Time: 5:21:00 PM
User: N/A
Computer: DHY2CQ91
Description:
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0016B652A33F. The following error occurred:
The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 79 00 00 00 y...

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7026
Date: 7/16/2010
Time: 5:20:21 PM
User: N/A
Computer: DHY2CQ91
Description:
The following boot-start or system-start driver(s) failed to load:
AvgLdx86

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Warning
Event Source: W32Time
Event Category: None
Event ID: 36
Date: 7/16/2010
Time: 6:36:59 AM
User: N/A
Computer: DHY2CQ91
Description:
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7024
Date: 7/15/2010
Time: 4:50:48 PM
User: N/A
Computer: DHY2CQ91
Description:
The AVG Free WatchDog service terminated with service-specific error 3758161981 (0xE001003D).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Warning
Event Source: MRxSmb
Event Category: None
Event ID: 3019
Date: 7/11/2010
Time: 1:18:24 PM
User: N/A
Computer: BOYS
Description:
The redirector failed to determine the connection type.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 04 00 4e 00 ......N.
0008: 00 00 00 00 cb 0b 00 80 ......?
0010: 00 00 00 00 10 00 00 c0 .......
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 7/11/2010
Time: 12:11:20 PM
User: N/A
Computer: DHY2CQ91
Description:
The IMAPI CD-Burning COM Service service failed to start due to the following error:
Access is denied.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 7/11/2010
Time: 12:10:20 PM
User: N/A
Computer: DHY2CQ91
Description:
The Fax service failed to start due to the following error:
Access is denied.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7001
Date: 7/11/2010
Time: 12:10:20 PM
User: N/A
Computer: DHY2CQ91
Description:
The WebClient service depends on the WebDav Client Redirector service which failed to start because of the following error:
Access is denied.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 7/11/2010
Time: 12:06:27 PM
User: N/A
Computer: DHY2CQ91
Description:
The WebDav Client Redirector service failed to start due to the following error:
Access is denied.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7001
Date: 7/11/2010
Time: 11:32:14 AM
User: N/A
Computer: DHY2CQ91
Description:
The SSDP Discovery Service service depends on the HTTP service which failed to start because of the following error:
Access is denied.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Warning
Event Source: Print
Event Category: None
Event ID: 20
Date: 7/11/2010
Time: 11:30:46 AM
User: NT AUTHORITY\SYSTEM
Computer: DHY2CQ91
Description:
Printer Driver Microsoft XPS Document Writer for Windows NT x86 Version-3 was added or updated. Files:- %4.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 7/11/2010
Time: 10:53:41 AM
User: N/A
Computer: DHY2CQ91
Description:
The Online Armor service terminated unexpectedly. It has done this 1 time(s).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Warning
Event Source: Dhcp
Event Category: None
Event ID: 1003
Date: 7/11/2010
Time: 11:06:55 AM
User: N/A
Computer: DHY2CQ91
Description:
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0016B652A33F. The following error occurred:
The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 79 00 00 00 y...

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 7/11/2010
Time: 10:32:58 AM
User: N/A
Computer: DHY2CQ91
Description:
The Bonjour Service service failed to start due to the following error:
Access is denied.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 7/11/2010
Time: 10:32:58 AM
User: N/A
Computer: DHY2CQ91
Description:
The ASCTRM service failed to start due to the following error:
Access is denied.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 97,660 posts.
 
Join Date: Aug 2003
17-Jul-2010, 04:27 PM #25
Open Notepad and copy and paste the text in the code box below into it:

Code:
Folder::
c:\program files\iMesh Applications

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}"=-
[-HKEY_CLASSES_ROOT\clsid\{abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f}]
Save the file to your desktop and name it CFScript.txt

Referring to the picture below, drag CFScript.txt into ComboFix.exe




This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.


In Firefox go to Tools - Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and click on "No proxy" if it's not already selected.


Finally, please do this:

Open HijackThis and click on the Open Misc Tools section button. Click on the Open Uninstall Manager button. Click the Save List button. Save the list then copy and paste it here.
dandennison84's Avatar
dandennison84 dandennison84 is offline
Junior Member with 19 posts.
THREAD STARTER
 
Join Date: Jul 2010
18-Jul-2010, 12:49 PM #26
Hi, here are the results of the instructions. Firexfox was set to autodetect proxy, so I changed it to no proxy.

ComboFix 10-07-15.01 - Dad and Mom 07/18/2010 11:28:13.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.217 [GMT -5:00]
Running from: c:\documents and settings\Dad and Mom\Desktop\tools\puppy.exe
Command switches used :: D:\CFScript.txt
FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\iMesh Applications
c:\program files\iMesh Applications\iMesh\ammp3.dll
c:\program files\iMesh Applications\iMesh\avcodec-51.dll
c:\program files\iMesh Applications\iMesh\avformat-51.dll
c:\program files\iMesh Applications\iMesh\avutil-49.dll
c:\program files\iMesh Applications\iMesh\BerkeleyLoader.dll
c:\program files\iMesh Applications\iMesh\DiscoveryHelper.dll
c:\program files\iMesh Applications\iMesh\FFPage.exe
c:\program files\iMesh Applications\iMesh\FixAudioDriverSignature.reg
c:\program files\iMesh Applications\iMesh\GIFAnimator.dll
c:\program files\iMesh Applications\iMesh\ImageUploader5.ocx
c:\program files\iMesh Applications\iMesh\iMesh.exe
c:\program files\iMesh Applications\iMesh\IMTrProgress.dll
c:\program files\iMesh Applications\iMesh\IMWebControl.dll
c:\program files\iMesh Applications\iMesh\InstallHelper.dll
c:\program files\iMesh Applications\iMesh\Launcher.exe
c:\program files\iMesh Applications\iMesh\libungif4.dll
c:\program files\iMesh Applications\iMesh\lic_helper.dll
c:\program files\iMesh Applications\iMesh\NCTAudioCDGrabber2.dll
c:\program files\iMesh Applications\iMesh\NCTAudioCDWriter2.dll
c:\program files\iMesh Applications\iMesh\NCTAudioCompress3.dll
c:\program files\iMesh Applications\iMesh\NCTAudioFile3.dll
c:\program files\iMesh Applications\iMesh\NCTAudioFileWMA3.dll
c:\program files\iMesh Applications\iMesh\NCTAudioFormatSettings3.dll
c:\program files\iMesh Applications\iMesh\NCTDataCDWriter2.dll
c:\program files\iMesh Applications\iMesh\ResourcesLOC.dll
c:\program files\iMesh Applications\iMesh\Shw32.dll
c:\program files\iMesh Applications\iMesh\Skins\PS.exe
c:\program files\iMesh Applications\iMesh\Skins\RemoteSkin.wmz
c:\program files\iMesh Applications\iMesh\UninstallSurvey.exe
c:\program files\iMesh Applications\iMesh\UninstallUsers.exe
c:\program files\iMesh Applications\iMesh\UNWISE.EXE
c:\program files\iMesh Applications\iMesh\UnwiseLauncher.exe
c:\program files\iMesh Applications\iMesh\UpdateInst.exe
c:\program files\iMesh Applications\iMesh\WMAProfiles.prx
c:\program files\iMesh Applications\iMesh\WMHelper.dll
c:\program files\iMesh Applications\MediaBar\DataMngr\datamngr.dll
c:\program files\iMesh Applications\MediaBar\DataMngr\DataMngrUI.exe
c:\program files\iMesh Applications\MediaBar\DataMngr\IEBHO.dll
c:\program files\iMesh Applications\MediaBar\INSTALL.LOG
c:\program files\iMesh Applications\MediaBar\main.ico
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\data\search\engines.xml
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\data\search\search.xsl
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\imeshmediabar.js
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\lib\about.xml
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\lib\dtxpanelwin.xul
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\lib\dtxprefwin.xul
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\lib\dtxwin.xul
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\lib\emailnotifierproviders.xml
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\lib\external.js
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\lib\neterror.xhtml
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\lib\wmpstreamer.html
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\modules\datastore.jsm
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\neterror.xhtml
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\preferences.xml
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\toolbar.htm
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\toolbar.xul
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\uwa.js
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\bg-scalable-mdl.gif
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\bg-scalable-tl.gif
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\bg-scalable-tr.gif
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-dragresize.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-close-down.PNG
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-close-over.PNG
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-close.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-maximize-down.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-maximize-over.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-maximize.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-minimize-down.PNG
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-minimize-over.PNG
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-minimize.PNG
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-next-off.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-next.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-previous-off.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-previous.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\navico-home.gif
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\panel.html
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\powered-mystart.gif
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\tb_icon.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\widget.js
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\widget.xml
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\bg-scalable-mdl.gif
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\bg-scalable-tl.gif
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\bg-scalable-tr.gif
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-dragresize.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-close-down.PNG
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-close-over.PNG
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-close.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-maximize-down.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-maximize-over.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-maximize.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-minimize-down.PNG
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-minimize-over.PNG
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-minimize.PNG
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-next-off.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-next.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-previous-off.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-previous.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\navico-home.gif
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\panel.html
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\powered-mystart.gif
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\tb_icon.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\widget.js
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\widget.xml
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\bluelite.gif
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\bluesky.gif
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\btn-search-over.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\btn-search.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\btn-settings-over.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\btn-settings.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\btn-widgets-over.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\btn-widgets.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\btn_settings.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\button-down-back-ff.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\button-down-back.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\button-down-left.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\button-down-right.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\button-down-splitter.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\button-drop-back.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\button-drop-left.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\button-drop-right.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\button-drop-splitter.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\button-hover-back-ff.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\button-hover-back.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\button-hover-left.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\button-hover-right.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\button-hover-splitter.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\ca.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\dictionary.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\divider.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\downloadcom.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\dtxlogo.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\ebay.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\email.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\email_on.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\games.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\graphred0.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\graphred0_5.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\grey.gif
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\headsup.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\ico-shield.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\images.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\imeshmediabar.css
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\add.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\aol.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\arrow-dn.gif
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\arrow-right.gif
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\arrow-up.gif
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\bg-btn-end.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\bg-btn-mdl.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\bg-btn-mdl_ff.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\bg-btn-start.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\bg-btnover-end.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\bg-btnover-mdl.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\bg-btnover-start.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\blank.gif
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\btnback-down-vista.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\btnback-vista.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\btnleft-down-vista.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\btnleft-vista.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\btnright-down-vista.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\btnright-vista.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\button-splitter-down-vista.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\button-splitter-vista.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\checkmark.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\chevron.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\collapse.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\comcast.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\dtx.css
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\edit-back-hot.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\edit-back.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\expand.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\found.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\gmail.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\highlight.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\highlight_blue.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\highlight_cyan.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\highlight_lime.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\highlight_magenta.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\highlight_yellow.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\hotmail.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\imap.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\lastsearch-thumb-back.gif
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\loadingMid.gif
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\lock.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\mailcom.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\menu_bg-basic.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\menu_separator_bar.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\menu_separator_white.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\menuitem-splitter.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\menuitemback-down-vista.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\menuitemback-vista.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\menuitemleft-down-vista.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\menuitemleft-vista.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\menuitemright-down-vista.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\menuitemright-vista.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\modify.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\move.gif
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\movetarget.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\css\popupAbout.css
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\css\popupGames.css
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\css\popupWidgets.css
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\footer.htm
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\gamecategory.xsl
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\gameData.js
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\gameList.xsl
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\gametype.xsl
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\arrow-sml.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\bg-btnover.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-close-grey.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-drag.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-next-over.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-next.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-previous-over.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-previous.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\gamethumb-on.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\gamethumb2-over.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\ico-calendar.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\ico-download.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\ico-joystick24.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\ico-play.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\ico-tags.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\icon-Add.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\icon-download.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\icon-Info.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\icon-play.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\icon-shop.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\menul-bgon.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\menul-bgover.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\scroll-bg.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\scroll-topwin.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\scrollb-disable.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\scrollb-down.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\scrollb-over.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\scrollb.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\scrollt-disable.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\scrollt-down.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\scrollt-over.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\scrollt.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\star_x_grey.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\star_x_orange.p ng
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\TRUSTe_about.pn g
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\view-detailed-on.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\view-detailed-over.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\view-thumb-on.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\view-thumb-over.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\popupGames.html
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\popupWidgets.html
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\pop.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\radio.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\radio\css\manager.css
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\radio\css\slider.css
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\bg-pnl.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\btn-close-grey.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\btn-close-greyover.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\collapsed_button .gif
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\expanded_button. gif
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\ico-playstation-down.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\ico-playstation-over.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\ico-playstation.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\ico-radio.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\music-note.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause-on.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-btn-play-on.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-btn-play.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-eq-bg.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-eq-busy.gif
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-eq-off.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-eq-on.gif
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-eq-warning.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-options-design-on.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-options-design.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-options-on.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-options.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-volume-0.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-volume-1.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-volume-2.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-volume-3.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-volume-mute.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\scrollbar-handle.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\scrollbar-track.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\slider.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\slideron.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\track.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\radio\managerpanel.html
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\radio\volumeslider.html
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\reload.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\remove.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\rename.gif
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\resize-box.gif
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\rss.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\rsschannelback.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\RSSLogo.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\rsstabdivider.gif
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\scroll-left.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\scroll-right.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\search-go.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\search.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\text-ellipsis.xml
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\toolbarsplitter.gif
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\transparent_1px.gif
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\border_02.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\border_03.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\border_04.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\border_06.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\border_07.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\border_08.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\border_09.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\border_10.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\border_11.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\border_12.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\border_13.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\border_14.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\border_15.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\border_16.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\border_18.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\border_19.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\border_20.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\border_21.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\btn-close-grey.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\btn-close-greyover.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\close-hot.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\close-normal.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\loadingMid.gif
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\proxy.html
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\template.html
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\template.xml
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\template_youtube.xml
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\templateFF.html
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\templateFF_save.html
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\throbber.gif
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\icons\cond999.p ng
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\icons\icons.xml
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\icons\na-s.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\icons\na.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\a dd.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\a rrowr-bluew5.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\b g-pnl.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\b g-pnl520x350blue-whitebg.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\b g-pnl520x350blue.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\b ox-check.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\b ox-uncheck.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\b tn-close-grey.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\b tn-close-greyover.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\b tn-delete.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\b tn-search-pnlbtm.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\b tnarrow-next-off.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\b tnarrow-next.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\b tnarrow-previous-off.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\b tnarrow-previous.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\i co-check.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\i co-hotandhumid-s.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\i co-hotandhumid.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\o ptions-weather.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\o ver-blue.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\o ver-orange.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\p owered-by-weatherbug.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\p owered-by-weatherbug2.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\r adio-checked.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\r adio-unchecked.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\s earchbox-pnlbtm.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\w eather-contour.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWea ther.css
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWea ther.html
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\yahoo.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lichen.gif
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\logo-about.jpg
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\logo-about.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\logo-over.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\logo.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\logo_save.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\maps.bmp
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\menuseparatorback.gif
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\modify-save.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\modify.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\modifyhot.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\music.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\news.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\options\options-main.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\options\options-search.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\options\options-weather.gif
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\options\options-widgets.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\orange.gif
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\pixsy.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\relatedlinks.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\rss-collapse.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\rss-delete.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\rss-expand.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\rss-feed.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\rss-folder-remove.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\rss-folder-rename.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\rss-folder.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\rss-found.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\rss-reload.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\rss-subscribe.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\rss.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\rssback.gif
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\rsstopback.gif
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\search-over.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\search.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\searchbar\searchbar-background-left.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\searchbar\searchbar-background-middle.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\searchbar\searchbar-background-right.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\settings.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\shopping.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\siteinfo.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\skin-bluelite.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\skin-bluesky.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\skin-grey.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\skin-lichen.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\skin-orange.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\skin-yellow.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\technorati.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\throbber.gif
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\toolbarsplitter.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\video.bmp
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\weather.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\web.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\widget_allocine.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\widget_bliptv.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\widget_calcal.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\widget_calculator.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\widget_gservices.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\widget_sudoku.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\widget_todo.jpg
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\widget_todo.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\widget_trio.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\widget_uconverter.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\widgets-square-16px.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\widgets.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\wikipedia.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\yahoosearch.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\yellow.gif
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\youtube.png
c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\zoom.png
c:\program files\iMesh Applications\MediaBar\ToolBar\components\windowmediator.js
c:\program files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll
c:\program files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarTb.dll
c:\program files\iMesh Applications\MediaBar\ToolBar\manifest.xml
c:\program files\iMesh Applications\MediaBar\ToolBar\uninstall.exe
c:\program files\iMesh Applications\MediaBar\UNWISE.EXE
c:\program files\iMesh Applications\MediaBar\UnwiseLauncher.exe

.
((((((((((((((((((((((((( Files Created from 2010-06-18 to 2010-07-18 )))))))))))))))))))))))))))))))
.

2010-07-16 22:44 . 2010-07-16 22:44 388096 -c--a-r- c:\documents and settings\Dad and Mom\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-16 22:44 . 2010-07-16 22:44 -------- dc----w- c:\program files\Trend Micro
2010-07-15 21:40 . 2010-07-15 21:59 -------- dc----w- C:\puppy
2010-07-12 03:47 . 2010-07-12 03:47 711168 ----a-w- c:\windows\is-4A60K.exe
2010-07-12 02:45 . 2010-07-12 02:45 -------- d-----w- c:\windows\system32\wbem\Repository
2010-07-12 02:44 . 2010-07-12 02:44 -------- dc----w- c:\program files\Sonic
2010-07-12 02:44 . 2010-07-12 02:44 -------- dc----w- c:\program files\SweetIM
2010-07-12 02:44 . 2010-07-12 02:44 -------- dc----w- c:\documents and settings\All Users\Application Data\SweetIM
2010-07-12 02:37 . 2010-07-12 03:25 -------- dc----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-07-12 02:37 . 2010-07-12 02:37 -------- dc----w- c:\documents and settings\Dad and Mom\Local Settings\Application Data\AVG Security Toolbar
2010-07-12 02:37 . 2010-07-12 02:38 -------- d-----w- c:\windows\system32\drivers\Avg
2010-07-12 02:34 . 2010-07-12 03:38 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-07-12 02:31 . 2010-07-12 03:23 -------- dc----w- c:\documents and settings\All Users\Application Data\OnlineArmor
2010-07-12 02:31 . 2010-07-12 02:49 -------- dc----w- c:\documents and settings\Dad and Mom\Application Data\OnlineArmor
2010-07-12 02:31 . 2010-07-12 02:31 -------- dc----w- c:\program files\Tall Emu
2010-07-12 02:31 . 2010-07-12 02:31 -------- dc----w- c:\documents and settings\Dad and Mom\Local Settings\Application Data\iMesh
2010-07-12 02:31 . 2010-07-12 02:40 -------- dc----w- c:\program files\Microsoft Silverlight
2010-07-11 16:05 . 2010-07-11 16:05 -------- dcsh--w- c:\documents and settings\Dad and Mom\IECompatCache
2010-07-11 16:04 . 2010-07-11 16:04 -------- d-----w- c:\windows\system32\scripting
2010-07-11 16:04 . 2010-07-11 16:04 -------- d-----w- c:\windows\l2schemas

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-12 03:48 . 2010-02-12 23:15 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-12 03:38 . 2009-07-24 18:08 67992 -c--a-w- c:\documents and settings\Dad and Mom\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-12 02:44 . 2008-02-25 22:05 -------- d-----w- c:\program files\Tropico
2010-07-12 02:44 . 2010-05-23 02:11 -------- dc----w- c:\program files\Maxis
2010-07-12 02:44 . 2006-03-27 12:09 -------- dc-h--w- c:\program files\InstallShield Installation Information
2010-07-12 02:43 . 2006-03-27 12:12 -------- dc----w- c:\program files\Common Files\Real
2010-07-12 02:38 . 2010-02-13 00:33 -------- dc----w- c:\documents and settings\All Users\Application Data\avg9
2010-07-11 16:08 . 2004-08-10 19:03 77939 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-07-11 15:11 . 2009-09-08 13:53 -------- dc----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-23 20:38 . 2008-02-24 16:02 1261 ----a-w- c:\windows\eReg.dat
2010-05-23 12:23 . 2010-05-23 12:23 281 ----a-w- c:\windows\EReg072.dat
2010-04-29 20:39 . 2010-02-12 23:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 20:39 . 2010-02-12 23:15 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 05:51 . 2004-08-10 18:50 285696 ----a-w- c:\windows\system32\atmfd(3).dll
2010-03-14 20:42 . 2008-02-28 20:42 152 --sh--r- c:\windows\system32\0026B8D2F4.sys
2010-03-14 20:42 . 2008-02-28 20:42 6686 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-07-16_22.33.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-16 22:44 . 2010-07-16 22:44 1094656 c:\windows\Installer\158985.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 19:01 1230080 -c--a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 18:22 1172792 -c--a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-06 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-06 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-06 114688]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2009-12-05 6622920]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-16 141608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-3-27 24576]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\Shell ExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2009-12-05 923336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-02-13 00:34 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkvMon.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NkvMon.exe.lnk
backup=c:\windows\pss\NkvMon.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
2010-02-13 00:34 2033432 -c--a-w- c:\progra~1\AVG\AVG9\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-10-05 09:12 94208 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 16:44 31072 -c--a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 16:44 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 16:44 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-02-16 00:07 141608 -c--a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
2005-07-13 01:05 1117184 -c--a-w- c:\program files\McAfee\SpamKiller\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 -c--a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 05:08 417792 -c--a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2006-03-27 12:12 26112 -c--a-w- c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-05-02 10:15 75520 ----a-w- c:\program files\Java\jre1.5.0_12\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SvcOnlineArmor"=2 (0x2)
"OAcat"=2 (0x2)
"avg9wd"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/12/2010 7:34 PM 360584]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2/12/2010 6:43 PM 223312]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2/12/2010 6:43 PM 24656]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2/12/2010 6:43 PM 29776]
R2 WUSB54GSv2SVC;WUSB54GSv2SVC;c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe [1/13/2008 2:16 PM 41025]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/12/2010 7:34 PM 333192]
S3 XIRLINK;Veo Mobile/Advanced Web Camera;c:\windows\system32\drivers\ucdnt.sys [1/26/2004 9:42 PM 728083]
S4 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2/12/2010 7:34 PM 285392]
S4 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [2/12/2010 6:43 PM 1282248]
S4 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [2/12/2010 6:43 PM 3291336]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - GTNDIS5
.
Contents of the 'Scheduled Tasks' folder

2010-07-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:34]

2010-07-18 c:\windows\Tasks\User_Feed_Synchronization-{501EF81D-F5B8-451D-8008-9B432276D977}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.imesh.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Dad and Mom\Application Data\Mozilla\Firefox\Profiles\kq8x0kpw.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\Dad and Mom\Application Data\Mozilla\Firefox\Profiles\kq8x0kpw.default\extensions\{28D35620-51D9-11DE-9D13-2DB156D89593}\components\dtTransparency.dll
FF - plugin: c:\documents and settings\Dad and Mom\Application Data\Mozilla\plugins\np-mswmp.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJPI150_12.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-DataMngr - c:\progra~1\IMESHA~1\MediaBar\\DataMngr\DataMngrUI.exe
AddRemove-iMesh - c:\program files\iMesh Applications\iMesh\UninstallSurvey.exe
AddRemove-iMesh MediaBar - c:\program files\iMesh Applications\MediaBar\\UnwiseLauncher.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-18 11:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(416)
c:\windows\system32\igfxdev.dll
.
Completion time: 2010-07-18 11:41:49
ComboFix-quarantined-files.txt 2010-07-18 16:41
ComboFix2.txt 2010-07-16 22:37
ComboFix3.txt 2010-07-15 21:59

Pre-Run: 54,407,585,792 bytes free
Post-Run: 54,368,292,864 bytes free

- - End Of File - - BDEDEC340F688C08D7E27568971C84C8


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:44:01 AM, on 7/18/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\IMESHA~1\MediaBar\DataMngr\DataMngrUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.imesh.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/vwhpro/EN/install/gtdownlr.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/tech...bs/tgctlsr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WUSB54GSv2SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 8820 bytes


Adobe Flash Player 10 ActiveX
Adobe Reader 7.0.9
Adobe Shockwave Player
AOLIcon
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Panorama Maker 3.0
AVG Free 9.0
Bonjour
Canon i560
CCleaner
Conexant D850 56K V.9x DFVc Modem
Corel Paint Shop Pro X
Corel Photo Album 6
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Reset Tool
DellSupport
Desktop Players
Digital Content Portal
Digital Line Detect
EducateU
ELIcon
ERUNT 1.1j
Football Manager 2006
getPlus(R)_ocx
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
iTunes
J2SE Runtime Environment 5.0 Update 12
Junk Mail filter update
Linksys Wireless-G USB Network Adapter
Malwarebytes' Anti-Malware
MCU
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel Viewer 2003
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Modem Helper
Mozilla Firefox (3.6)
MSN
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Nikon View 6
Online Armor 4.0
QuickTime
RealPlayer Basic
Roxio DLA
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
RS2
Samsung Master
Samsung USB Driver
Search Assist
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Segoe UI
Sonic Activation Module
Sonic Update Manager
SweetIM Toolbar for Internet Explorer 3.3
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Outlook 2007 Junk Email Filter (kb979895)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Viewpoint Media Player
WildTangent Web Driver
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Yahoo! Internet Mail
Yahoo! Messenger
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 97,660 posts.
 
Join Date: Aug 2003
19-Jul-2010, 01:07 PM #27
Your earlier log showed you had SP3 and now it shows SP2. When did you install SP3? I suspect doing the system restore to a date that far back may have uninstalled it.
dandennison84's Avatar
dandennison84 dandennison84 is offline
Junior Member with 19 posts.
THREAD STARTER
 
Join Date: Jul 2010
19-Jul-2010, 01:10 PM #28
You are probably right. I don't remember installing it, it was on auto-update so it probably did so after last April. Since the restore, I can't uninstall a few things like Online Armor.
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 97,660 posts.
 
Join Date: Aug 2003
19-Jul-2010, 01:11 PM #29
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 21 .
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 21 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u21-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment, JRE, J2SE or Java(TM) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.

This is the older version of Java that you need to uninstall:

J2SE Runtime Environment 5.0 Update 12

Also uninstall the following at it's foistware, meaning it gets installed without your knowledge or approval.

Viewpoint Media Player
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 97,660 posts.
 
Join Date: Aug 2003
19-Jul-2010, 01:21 PM #30
Quote:
Originally Posted by dandennison84 View Post
You are probably right. I don't remember installing it, it was on auto-update so it probably did so after last April. Since the restore, I can't uninstall a few things like Online Armor.
Before doing anything else, try undoing the restore. That should put you back to the state you were before you did it. Unless of course it helped you get back to a working state but I can't recall if there were any benefits to doing the system restore or not.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


Similar Threads
Title Thread Starter Forum Replies Last Post
My wireless network is not working and it was working today arturo4262 Networking 1 27-Apr-2010 08:39 AM
weird internet connection problem in Vista, connection fine but browser does not work rainstone Windows Vista 1 26-Apr-2010 01:31 PM
Computer not recognizing DVDs, Firefox/Safari NOT working, IE is working jillbo8 Windows Vista 0 17-Jan-2010 01:20 AM
Solved: Browsers only work in safe mode Hans_Schwarzwald Web & Email 4 18-Aug-2009 05:54 PM
IE not working, firefox is fine kalv Web & Email 5 04-May-2006 07:44 PM

WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑