1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Browsers not working, network is fine

Discussion in 'Virus & Other Malware Removal' started by dandennison84, Jul 11, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,639
    That's fine. :)
     
  2. dandennison84

    dandennison84 Thread Starter

    Joined:
    Jul 11, 2010
    Messages:
    19
    Ok, here are the results of DDS.txt.


    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Dad and Mom at 21:56:37.29 on Tue 07/13/2010
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.5.0_12
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.252 [GMT -5:00]

    FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    svchost.exe
    svchost.exe
    C:\Program Files\Tall Emu\Online Armor\OAcat.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
    C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\IMESHA~1\MediaBar\DataMngr\DataMngrUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Documents and Settings\Dad and Mom\Desktop\tools\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://search.imesh.com/
    uSearch Page = hxxp://www.google.com/hws/sb/dell-inc/en/side.html?channel=us
    uSearch Bar = hxxp://www.google.com/hws/sb/dell-inc/en/side.html?channel=us
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    uInternet Settings,ProxyOverride = *.local
    mSearchAssistant = hxxp://www.google.com/ie
    uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
    uURLSearchHooks: H - No File
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
    BHO: UrlHelper Class: {474597c5-ab09-49d6-a4d5-2e8d7341384e} - c:\program files\imesh applications\mediabar\datamngr\IEBHO.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
    BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_12\bin\ssv.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
    BHO: MediaBar: {abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f} - c:\program files\imesh applications\mediabar\toolbar\iMeshMediaBarDx.dll
    BHO: SweetIM Toolbar Helper: {eee6c35c-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
    TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    TB: SweetIM Toolbar for Internet Explorer: {eee6c35b-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
    TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
    TB: MediaBar: {abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f} - c:\program files\imesh applications\mediabar\toolbar\iMeshMediaBarDx.dll
    EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
    mRun: [@OnlineArmor GUI] "c:\program files\tall emu\online armor\oaui.exe"
    mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [DataMngr] c:\progra~1\imesha~1\mediabar\\datamngr\DataMngrUI.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
    IE: &Search
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    DPF: {25365FF3-2746-4230-9DA7-163CCA318309} - hxxp://inst.c-wss.com/vwhpro/EN/install/gtdownlr.cab
    DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-150-windows-i586.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-150-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
    DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
    Notify: avgrsstarter - avgrsstx.dll
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs: c:\progra~1\imesha~1\mediabar\\datamngr\datamngr.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\progra~1\tallem~1\online~1\oaevent.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\dadand~1\applic~1\mozilla\firefox\profiles\kq8x0kpw.default\
    FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
    FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
    FF - prefs.js: network.proxy.type - 4
    FF - component: c:\documents and settings\dad and mom\application data\mozilla\firefox\profiles\kq8x0kpw.default\extensions\{28d35620-51d9-11de-9d13-2db156d89593}\components\dtTransparency.dll
    FF - plugin: c:\documents and settings\dad and mom\application data\mozilla\plugins\np-mswmp.dll
    FF - plugin: c:\program files\java\jre1.5.0_12\bin\NPJPI150_12.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-2-12 28424]
    R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-2-12 360584]
    R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2010-2-12 223312]
    R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2010-2-12 24656]
    R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2010-2-12 29776]
    R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-7-24 54752]
    R2 OAcat;Online Armor Helper Service;c:\program files\tall emu\online armor\oacat.exe [2010-2-12 1282248]
    R2 WUSB54GSv2SVC;WUSB54GSv2SVC;c:\program files\linksys wireless-g usb wireless network monitor\WLService.exe [2008-1-13 41025]
    S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-2-12 333192]
    S2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-2-12 285392]
    S2 SvcOnlineArmor;Online Armor;c:\program files\tall emu\online armor\oasrv.exe [2010-2-12 3291336]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
    S3 XIRLINK;Veo Mobile/Advanced Web Camera;c:\windows\system32\drivers\ucdnt.sys [2004-1-26 728083]

    =============== Created Last 30 ================

    2010-07-12 03:47:07 711168 ----a-w- c:\windows\is-4A60K.exe
    2010-07-12 03:47:07 363 ----a-w- c:\windows\is-4A60K.lst
    2010-07-12 03:47:07 10562 ----a-w- c:\windows\is-4A60K.msg
    2010-07-12 02:45:18 0 d-----w- c:\windows\system32\wbem\Repository
    2010-07-12 02:44:34 0 dc----w- c:\program files\Sonic
    2010-07-12 02:44:33 0 dc----w- c:\program files\SweetIM
    2010-07-12 02:44:33 0 dc----w- c:\docume~1\alluse~1\applic~1\SweetIM
    2010-07-12 02:37:58 0 dc----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
    2010-07-12 02:37:55 0 d-----w- c:\windows\system32\drivers\Avg
    2010-07-12 02:34:15 0 d-----w- c:\windows\system32\CatRoot_bak
    2010-07-12 02:31:19 0 dc----w- c:\docume~1\dadand~1\applic~1\OnlineArmor
    2010-07-12 02:31:19 0 dc----w- c:\docume~1\alluse~1\applic~1\OnlineArmor
    2010-07-12 02:31:18 0 dc----w- c:\program files\Tall Emu
    2010-07-11 18:30:02 910 -c--a-w- c:\documents and settings\dad and mom\all
    2010-07-11 17:51:05 83748 ----a-w- c:\windows\system32\dllcache\prcp.nls
    2010-07-11 17:51:04 83748 ----a-w- c:\windows\system32\dllcache\prc.nls
    2010-07-11 17:45:02 47066 ----a-w- c:\windows\system32\dllcache\ksc.nls
    2010-07-11 17:34:59 195618 ----a-w- c:\windows\system32\dllcache\c_10002.nls
    2010-07-11 17:34:59 177698 ----a-w- c:\windows\system32\dllcache\c_10003.nls
    2010-07-11 17:34:58 162850 ----a-w- c:\windows\system32\dllcache\c_10001.nls
    2010-07-11 17:34:41 82172 ----a-w- c:\windows\system32\dllcache\bopomofo.nls
    2010-07-11 17:34:39 66728 ----a-w- c:\windows\system32\dllcache\big5.nls
    2010-07-11 16:05:13 0 dcsh--w- c:\documents and settings\dad and mom\IECompatCache
    2010-07-11 16:04:08 0 d-----w- c:\windows\system32\scripting
    2010-07-11 16:04:07 0 d-----w- c:\windows\l2schemas

    ==================== Find3M ====================

    2010-04-20 05:51:20 285696 ----a-w- c:\windows\system32\atmfd(3).dll
    2010-03-14 20:42:15 152 --sh--r- c:\windows\system32\0026B8D2F4.sys
    2010-03-14 20:42:22 6686 --sha-w- c:\windows\system32\KGyGaAvL.sys

    ============= FINISH: 21:57:20.17 ===============
     

    Attached Files:

  3. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,639
    Please go to Start - Run - type in eventvwr.msc to open the event viewer. Look under both "Application" and "System" for recent (the last 48 hours or so) errors (shown in red) and if found, do this for each one.

    Double-click the error to open it up and then click on the icon that looks like two pieces of paper. This will copy the full error. Then "paste" the error into Notepad. Do this for each one until you have them all listed in Notepad and then copy and paste the list in a reply here please.
     
  4. dandennison84

    dandennison84 Thread Starter

    Joined:
    Jul 11, 2010
    Messages:
    19
    Hi. There were quite a few events, so I didn't copy the duplicates. Here is a sampling.

    Event Type: Error
    Event Source: Application Hang
    Event Category: (101)
    Event ID: 1002
    Date: 7/11/2010
    Time: 10:39:20 PM
    User: N/A
    Computer: DHY2CQ91
    Description:
    Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
    Data:
    0000: 41 70 70 6c 69 63 61 74 Applicat
    0008: 69 6f 6e 20 48 61 6e 67 ion Hang
    0010: 20 20 69 65 78 70 6c 6f iexplo
    0018: 72 65 2e 65 78 65 20 38 re.exe 8
    0020: 2e 30 2e 36 30 30 31 2e .0.6001.
    0028: 31 38 37 30 32 20 69 6e 18702 in
    0030: 20 68 75 6e 67 61 70 70 hungapp
    0038: 20 30 2e 30 2e 30 2e 30 0.0.0.0
    0040: 20 61 74 20 6f 66 66 73 at offs
    0048: 65 74 20 30 30 30 30 30 et 00000
    0050: 30 30 30 000

    Event Type: Error
    Event Source: crypt32
    Event Category: None
    Event ID: 8
    Date: 7/11/2010
    Time: 10:15:23 PM
    User: N/A
    Computer: DHY2CQ91
    Description:
    Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    Event Type: Error
    Event Source: crypt32
    Event Category: None
    Event ID: 11
    Date: 7/11/2010
    Time: 10:15:23 PM
    User: N/A
    Computer: DHY2CQ91
    Description:
    Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    Event Type: Warning
    Event Source: crypt32
    Event Category: None
    Event ID: 6
    Date: 7/11/2010
    Time: 9:53:39 PM
    User: N/A
    Computer: DHY2CQ91
    Description:
    Reached crypt32 threshold of 50 events and will suspend logging for 60 minutes

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    Event Type: Warning
    Event Source: Userenv
    Event Category: None
    Event ID: 1517
    Date: 7/11/2010
    Time: 1:30:28 PM
    User: NT AUTHORITY\SYSTEM
    Computer: BOYS
    Description:
    Windows saved user BOYS\Dad and Mom registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

    This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    Event Type: Warning
    Event Source: WinMgmt
    Event Category: None
    Event ID: 63
    Date: 7/11/2010
    Time: 11:06:12 AM
    User: S-1-5-21-2696969475-2308742595-2740345709-1008
    Computer: DHY2CQ91
    Description:
    A provider, HiPerfCooker_v1, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    Event Type: Warning
    Event Source: System.ServiceModel.Install 3.0.0.0
    Event Category: None
    Event ID: 0
    Date: 7/11/2010
    Time: 10:09:01 AM
    User: N/A
    Computer: DHY2CQ91
    Description:
    Configuration section system.serviceModel.activation already exists in c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    Event Type: Warning
    Event Source: ASP.NET 2.0.50727.0
    Event Category: Setup
    Event ID: 1020
    Date: 7/11/2010
    Time: 10:07:46 AM
    User: N/A
    Computer: DHY2CQ91
    Description:
    Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    Event Type: Warning
    Event Source: Userenv
    Event Category: None
    Event ID: 1524
    Date: 7/10/2010
    Time: 12:55:47 PM
    User: S-1-5-21-2696969475-2308742595-2740345709-1008
    Computer: DHY2CQ91
    Description:
    Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    Event Type: Failure Audit
    Event Source: Security
    Event Category: Account Logon
    Event ID: 680
    Date: 7/15/2010
    Time: 6:23:49 AM
    User: NT AUTHORITY\SYSTEM
    Computer: DHY2CQ91
    Description:
    Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
    Logon account: Dad and Mom
    Source Workstation: DHY2CQ91
    Error Code: 0xC000006A


    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    Event Type: Failure Audit
    Event Source: Security
    Event Category: Logon/Logoff
    Event ID: 529
    Date: 7/15/2010
    Time: 6:23:49 AM
    User: NT AUTHORITY\SYSTEM
    Computer: DHY2CQ91
    Description:
    Logon Failure:
    Reason: Unknown user name or bad password
    User Name: Dad and Mom
    Domain: DHY2CQ91
    Logon Type: 2
    Logon Process: Advapi
    Authentication Package: Negotiate
    Workstation Name: DHY2CQ91

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    Event Type: Failure Audit
    Event Source: Security
    Event Category: Account Logon
    Event ID: 680
    Date: 7/14/2010
    Time: 6:52:19 PM
    User: NT AUTHORITY\SYSTEM
    Computer: DHY2CQ91
    Description:
    Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
    Logon account: Dad and Mom
    Source Workstation: DHY2CQ91
    Error Code: 0xC000006A


    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    Event Type: Failure Audit
    Event Source: Security
    Event Category: Policy Change
    Event ID: 615
    Date: 7/11/2010
    Time: 10:56:58 PM
    User: NT AUTHORITY\NETWORK SERVICE
    Computer: DHY2CQ91
    Description:
    IPSec Services: IPSec Services failed to get the complete list of network interfaces on the machine. This can be a potential security hazard to the machine since some of the network interfaces may not get the protection as desired by the applied IPSec filters. Please run IPSec monitor snap-in to further diagnose the problem.



    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    Event Type: Failure Audit
    Event Source: Security
    Event Category: Logon/Logoff
    Event ID: 529
    Date: 7/11/2010
    Time: 11:33:56 PM
    User: NT AUTHORITY\SYSTEM
    Computer: DHY2CQ91
    Description:
    Logon Failure:
    Reason: Unknown user name or bad password
    User Name: Dad and Mom
    Domain: DHY2CQ91
    Logon Type: 2
    Logon Process: Advapi
    Authentication Package: Negotiate
    Workstation Name: DHY2CQ91

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
     
  5. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,639
    Please visit Combofix Guide & Instructions for instructions for installing the recovery console and downloading and running ComboFix.

    The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

    Post the log from ComboFix when you've accomplished that along with a new HijackThis log.

    Important notes regarding ComboFix:

    ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

    ComboFix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read HERE for an article written by dvk01 on why we disable autoruns.
     
  6. dandennison84

    dandennison84 Thread Starter

    Joined:
    Jul 11, 2010
    Messages:
    19
    Hi, couple of things. When I ran ComboFix, it could not install Windows Recovery Console but it kept going anyway. Do I need to run it again? I've downloaded the manual install for it, but I haven't done it yet. Also, my online armor keeps starting up but I can't uninstall it. Do you want me to try to stop it from starting up using MSConfig?

    When I ran HiJackThis it popped up an error but kept going. I can't replicate the error, it runs fine now.

    ComboFix 10-07-15.01 - Dad and Mom 07/15/2010 16:42:58.1.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.245 [GMT -5:00]
    Running from: c:\documents and settings\Dad and Mom\Desktop\tools\puppy.exe
    FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\Downloaded Program Files\f3initialsetup1.0.0.15-3.inf

    .
    ((((((((((((((((((((((((( Files Created from 2010-06-15 to 2010-07-15 )))))))))))))))))))))))))))))))
    .

    2010-07-12 03:47 . 2010-07-12 03:47 711168 ----a-w- c:\windows\is-4A60K.exe
    2010-07-12 02:45 . 2010-07-12 02:45 -------- d-----w- c:\windows\system32\wbem\Repository
    2010-07-12 02:44 . 2010-07-12 02:44 -------- dc----w- c:\program files\Sonic
    2010-07-12 02:44 . 2010-07-12 02:44 -------- dc----w- c:\program files\SweetIM
    2010-07-12 02:44 . 2010-07-12 02:44 -------- dc----w- c:\documents and settings\All Users\Application Data\SweetIM
    2010-07-12 02:37 . 2010-07-12 03:25 -------- dc----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
    2010-07-12 02:37 . 2010-07-12 02:37 -------- dc----w- c:\documents and settings\Dad and Mom\Local Settings\Application Data\AVG Security Toolbar
    2010-07-12 02:37 . 2010-07-12 02:38 -------- d-----w- c:\windows\system32\drivers\Avg
    2010-07-12 02:34 . 2010-07-12 03:38 -------- d-----w- c:\windows\system32\CatRoot_bak
    2010-07-12 02:31 . 2010-07-12 03:23 -------- dc----w- c:\documents and settings\All Users\Application Data\OnlineArmor
    2010-07-12 02:31 . 2010-07-12 02:49 -------- dc----w- c:\documents and settings\Dad and Mom\Application Data\OnlineArmor
    2010-07-12 02:31 . 2010-07-12 02:31 -------- dc----w- c:\program files\Tall Emu
    2010-07-12 02:31 . 2010-07-12 02:31 -------- dc----w- c:\documents and settings\Dad and Mom\Local Settings\Application Data\iMesh
    2010-07-12 02:31 . 2010-07-12 02:40 -------- dc----w- c:\program files\Microsoft Silverlight
    2010-07-11 16:05 . 2010-07-11 16:05 -------- dcsh--w- c:\documents and settings\Dad and Mom\IECompatCache
    2010-07-11 16:04 . 2010-07-11 16:04 -------- d-----w- c:\windows\system32\scripting
    2010-07-11 16:04 . 2010-07-11 16:04 -------- d-----w- c:\windows\l2schemas

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-07-12 03:48 . 2010-02-12 23:15 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
    2010-07-12 03:38 . 2009-07-24 18:08 67992 -c--a-w- c:\documents and settings\Dad and Mom\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-07-12 02:44 . 2008-02-25 22:05 -------- d-----w- c:\program files\Tropico
    2010-07-12 02:44 . 2010-05-23 02:11 -------- dc----w- c:\program files\Maxis
    2010-07-12 02:44 . 2006-03-27 12:09 -------- dc-h--w- c:\program files\InstallShield Installation Information
    2010-07-12 02:43 . 2006-03-27 12:12 -------- dc----w- c:\program files\Common Files\Real
    2010-07-12 02:38 . 2010-02-13 00:33 -------- dc----w- c:\documents and settings\All Users\Application Data\avg9
    2010-07-12 02:31 . 2010-03-03 02:08 -------- dc----w- c:\program files\iMesh Applications
    2010-07-11 16:08 . 2004-08-10 19:03 77939 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
    2010-07-11 15:11 . 2009-09-08 13:53 -------- dc----w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2010-05-23 20:38 . 2008-02-24 16:02 1261 ----a-w- c:\windows\eReg.dat
    2010-05-23 12:23 . 2010-05-23 12:23 281 ----a-w- c:\windows\EReg072.dat
    2010-04-29 20:39 . 2010-02-12 23:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-04-29 20:39 . 2010-02-12 23:15 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-04-20 05:51 . 2004-08-10 18:50 285696 ----a-w- c:\windows\system32\atmfd(3).dll
    2010-03-14 20:42 . 2008-02-28 20:42 152 --sh--r- c:\windows\system32\0026B8D2F4.sys
    2010-03-14 20:42 . 2008-02-28 20:42 6686 --sha-w- c:\windows\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

    [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
    2010-02-24 00:02 392624 -c--a-w- c:\program files\iMesh Applications\MediaBar\DataMngr\IEBHO.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
    2009-11-25 19:01 1230080 -c--a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}]
    2009-11-20 17:34 87472 -c--a-w- c:\program files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
    2008-10-08 18:22 1172792 -c--a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
    "{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}"= "c:\program files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll" [2009-11-20 87472]

    [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
    [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
    [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
    [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

    [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

    [HKEY_CLASSES_ROOT\clsid\{abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

    [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
    [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
    [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
    [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

    [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-06 94208]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-06 77824]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-06 114688]
    "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
    "@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2009-12-05 6622920]
    "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-02-13 2033432]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-16 141608]
    "DataMngr"="c:\progra~1\IMESHA~1\MediaBar\\DataMngr\DataMngrUI.exe" [2010-02-24 786352]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-3-27 24576]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2009-12-05 923336]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2010-02-13 00:34 12464 ----a-w- c:\windows\system32\avgrsstx.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkvMon.exe.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NkvMon.exe.lnk
    backup=c:\windows\pss\NkvMon.exe.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
    2005-10-05 09:12 94208 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2008-10-25 16:44 31072 -c--a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    2005-06-10 16:44 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    2005-06-10 16:44 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-02-16 00:07 141608 -c--a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
    2005-07-13 01:05 1117184 -c--a-w- c:\program files\McAfee\SpamKiller\MSKDetct.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2004-10-13 16:24 1694208 -c--a-w- c:\program files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2009-11-11 05:08 417792 -c--a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
    2006-03-27 12:12 26112 -c--a-w- c:\program files\Real\RealPlayer\realplay.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2007-05-02 10:15 75520 ----a-w- c:\program files\Java\jre1.5.0_12\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=

    R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/12/2010 7:34 PM 360584]
    R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2/12/2010 6:43 PM 223312]
    R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2/12/2010 6:43 PM 24656]
    R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2/12/2010 6:43 PM 29776]
    R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [2/12/2010 6:43 PM 1282248]
    R2 WUSB54GSv2SVC;WUSB54GSv2SVC;c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe [1/13/2008 2:16 PM 41025]
    S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/12/2010 7:34 PM 333192]
    S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2/12/2010 7:34 PM 285392]
    S2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [2/12/2010 6:43 PM 3291336]
    S3 XIRLINK;Veo Mobile/Advanced Web Camera;c:\windows\system32\drivers\ucdnt.sys [1/26/2004 9:42 PM 728083]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-06-04 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:34]

    2010-07-15 c:\windows\Tasks\User_Feed_Synchronization-{501EF81D-F5B8-451D-8008-9B432276D977}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-14 09:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://search.imesh.com/
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    FF - ProfilePath - c:\documents and settings\Dad and Mom\Application Data\Mozilla\Firefox\Profiles\kq8x0kpw.default\
    FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
    FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
    FF - prefs.js: network.proxy.type - 4
    FF - component: c:\documents and settings\Dad and Mom\Application Data\Mozilla\Firefox\Profiles\kq8x0kpw.default\extensions\{28D35620-51D9-11DE-9D13-2DB156D89593}\components\dtTransparency.dll
    FF - plugin: c:\documents and settings\Dad and Mom\Application Data\Mozilla\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJPI150_12.dll
    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    .
    - - - - ORPHANS REMOVED - - - -

    URLSearchHooks-*{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
    MSConfigStartUp-msnmsgr - ~c:\program files\Windows Live\Messenger\msnmsgr.exe
    MSConfigStartUp-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
    MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    MSConfigStartUp-NeroFilterCheck - c:\windows\system32\NeroCheck.exe
    MSConfigStartUp-Steam - c:\program files\Steam\Steam.exe
    MSConfigStartUp-SweetIM - c:\program files\SweetIM\Messenger\SweetIM.exe
    MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    MSConfigStartUp-Turbine Download Manager Tray Icon - c:\program files\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe
    MSConfigStartUp-Yahoo! Pager - ~c:\program files\Yahoo!\Messenger\YahooMessenger.exe
    AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-07-15 16:52
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(2364)
    c:\windows\system32\WININET.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVG\AVG9\avgchsvx.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\system32\HPZipm12.exe
    c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe
    c:\windows\system32\wscntfy.exe
    c:\progra~1\IMESHA~1\MediaBar\DataMngr\DataMngrUI.exe
    c:\program files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Completion time: 2010-07-15 16:59:27 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-07-15 21:59

    Pre-Run: 54,390,431,744 bytes free
    Post-Run: 54,439,194,624 bytes free

    - - End Of File - - 22C566104739E35D4748667604EE816A


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 5:03:29 PM, on 7/15/2010
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\Tall Emu\Online Armor\OAcat.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
    C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\IMESHA~1\MediaBar\DataMngr\DataMngrUI.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.imesh.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
    O2 - BHO: UrlHelper Class - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files\iMesh Applications\MediaBar\DataMngr\IEBHO.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    O2 - BHO: MediaBar - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll
    O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
    O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    O3 - Toolbar: MediaBar - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [DataMngr] C:\PROGRA~1\IMESHA~1\MediaBar\\DataMngr\DataMngrUI.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/vwhpro/EN/install/gtdownlr.cab
    O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
    O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: Online Armor Helper Service (OAcat) - Unknown owner - C:\Program Files\Tall Emu\Online Armor\OAcat.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
    O23 - Service: WUSB54GSv2SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

    --
    End of file - 9695 bytes
     
  7. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,639
    Yes, please run ComboFix again with the Recovery Console installed.
     
  8. dandennison84

    dandennison84 Thread Starter

    Joined:
    Jul 11, 2010
    Messages:
    19
    ComboFix 10-07-15.01 - Dad and Mom 07/16/2010 17:27:43.2.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.285 [GMT -5:00]
    Running from: c:\documents and settings\Dad and Mom\Desktop\tools\puppy.exe
    Command switches used :: D:\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
    .

    ((((((((((((((((((((((((( Files Created from 2010-06-16 to 2010-07-16 )))))))))))))))))))))))))))))))
    .

    2010-07-15 22:02 . 2010-07-15 22:02 388096 -c--a-r- c:\documents and settings\Dad and Mom\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2010-07-15 22:02 . 2010-07-15 22:02 -------- dc----w- c:\program files\Trend Micro
    2010-07-15 21:40 . 2010-07-15 21:59 -------- dc----w- C:\puppy
    2010-07-12 03:47 . 2010-07-12 03:47 711168 ----a-w- c:\windows\is-4A60K.exe
    2010-07-12 02:45 . 2010-07-12 02:45 -------- d-----w- c:\windows\system32\wbem\Repository
    2010-07-12 02:44 . 2010-07-12 02:44 -------- dc----w- c:\program files\Sonic
    2010-07-12 02:44 . 2010-07-12 02:44 -------- dc----w- c:\program files\SweetIM
    2010-07-12 02:44 . 2010-07-12 02:44 -------- dc----w- c:\documents and settings\All Users\Application Data\SweetIM
    2010-07-12 02:37 . 2010-07-12 03:25 -------- dc----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
    2010-07-12 02:37 . 2010-07-12 02:37 -------- dc----w- c:\documents and settings\Dad and Mom\Local Settings\Application Data\AVG Security Toolbar
    2010-07-12 02:37 . 2010-07-12 02:38 -------- d-----w- c:\windows\system32\drivers\Avg
    2010-07-12 02:34 . 2010-07-12 03:38 -------- d-----w- c:\windows\system32\CatRoot_bak
    2010-07-12 02:31 . 2010-07-12 03:23 -------- dc----w- c:\documents and settings\All Users\Application Data\OnlineArmor
    2010-07-12 02:31 . 2010-07-12 02:49 -------- dc----w- c:\documents and settings\Dad and Mom\Application Data\OnlineArmor
    2010-07-12 02:31 . 2010-07-12 02:31 -------- dc----w- c:\program files\Tall Emu
    2010-07-12 02:31 . 2010-07-12 02:31 -------- dc----w- c:\documents and settings\Dad and Mom\Local Settings\Application Data\iMesh
    2010-07-12 02:31 . 2010-07-12 02:40 -------- dc----w- c:\program files\Microsoft Silverlight
    2010-07-11 16:05 . 2010-07-11 16:05 -------- dcsh--w- c:\documents and settings\Dad and Mom\IECompatCache
    2010-07-11 16:04 . 2010-07-11 16:04 -------- d-----w- c:\windows\system32\scripting
    2010-07-11 16:04 . 2010-07-11 16:04 -------- d-----w- c:\windows\l2schemas

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-07-12 03:48 . 2010-02-12 23:15 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
    2010-07-12 03:38 . 2009-07-24 18:08 67992 -c--a-w- c:\documents and settings\Dad and Mom\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-07-12 02:44 . 2008-02-25 22:05 -------- d-----w- c:\program files\Tropico
    2010-07-12 02:44 . 2010-05-23 02:11 -------- dc----w- c:\program files\Maxis
    2010-07-12 02:44 . 2006-03-27 12:09 -------- dc-h--w- c:\program files\InstallShield Installation Information
    2010-07-12 02:43 . 2006-03-27 12:12 -------- dc----w- c:\program files\Common Files\Real
    2010-07-12 02:38 . 2010-02-13 00:33 -------- dc----w- c:\documents and settings\All Users\Application Data\avg9
    2010-07-12 02:31 . 2010-03-03 02:08 -------- dc----w- c:\program files\iMesh Applications
    2010-07-11 16:08 . 2004-08-10 19:03 77939 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
    2010-07-11 15:11 . 2009-09-08 13:53 -------- dc----w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2010-05-23 20:38 . 2008-02-24 16:02 1261 ----a-w- c:\windows\eReg.dat
    2010-05-23 12:23 . 2010-05-23 12:23 281 ----a-w- c:\windows\EReg072.dat
    2010-04-29 20:39 . 2010-02-12 23:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-04-29 20:39 . 2010-02-12 23:15 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-04-20 05:51 . 2004-08-10 18:50 285696 ----a-w- c:\windows\system32\atmfd(3).dll
    2010-03-14 20:42 . 2008-02-28 20:42 152 --sh--r- c:\windows\system32\0026B8D2F4.sys
    2010-03-14 20:42 . 2008-02-28 20:42 6686 --sha-w- c:\windows\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

    [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
    2010-02-24 00:02 392624 -c--a-w- c:\program files\iMesh Applications\MediaBar\DataMngr\IEBHO.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
    2009-11-25 19:01 1230080 -c--a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}]
    2009-11-20 17:34 87472 -c--a-w- c:\program files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
    2008-10-08 18:22 1172792 -c--a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
    "{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}"= "c:\program files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll" [2009-11-20 87472]

    [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
    [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
    [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
    [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

    [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

    [HKEY_CLASSES_ROOT\clsid\{abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

    [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
    [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
    [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
    [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

    [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-06 94208]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-06 77824]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-06 114688]
    "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
    "@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2009-12-05 6622920]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-16 141608]
    "DataMngr"="c:\progra~1\IMESHA~1\MediaBar\\DataMngr\DataMngrUI.exe" [2010-02-24 786352]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-3-27 24576]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2009-12-05 923336]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2010-02-13 00:34 12464 ----a-w- c:\windows\system32\avgrsstx.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkvMon.exe.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NkvMon.exe.lnk
    backup=c:\windows\pss\NkvMon.exe.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
    2010-02-13 00:34 2033432 -c--a-w- c:\progra~1\AVG\AVG9\avgtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
    2005-10-05 09:12 94208 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2008-10-25 16:44 31072 -c--a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    2005-06-10 16:44 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    2005-06-10 16:44 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-02-16 00:07 141608 -c--a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
    2005-07-13 01:05 1117184 -c--a-w- c:\program files\McAfee\SpamKiller\MSKDetct.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2004-10-13 16:24 1694208 -c--a-w- c:\program files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2009-11-11 05:08 417792 -c--a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
    2006-03-27 12:12 26112 -c--a-w- c:\program files\Real\RealPlayer\realplay.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2007-05-02 10:15 75520 ----a-w- c:\program files\Java\jre1.5.0_12\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "SvcOnlineArmor"=2 (0x2)
    "OAcat"=2 (0x2)
    "avg9wd"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=

    R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/12/2010 7:34 PM 360584]
    R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2/12/2010 6:43 PM 223312]
    R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2/12/2010 6:43 PM 24656]
    R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2/12/2010 6:43 PM 29776]
    R2 WUSB54GSv2SVC;WUSB54GSv2SVC;c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe [1/13/2008 2:16 PM 41025]
    S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/12/2010 7:34 PM 333192]
    S3 XIRLINK;Veo Mobile/Advanced Web Camera;c:\windows\system32\drivers\ucdnt.sys [1/26/2004 9:42 PM 728083]
    S4 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2/12/2010 7:34 PM 285392]
    S4 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [2/12/2010 6:43 PM 1282248]
    S4 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [2/12/2010 6:43 PM 3291336]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - GTNDIS5
    .
    Contents of the 'Scheduled Tasks' folder

    2010-07-16 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:34]

    2010-07-16 c:\windows\Tasks\User_Feed_Synchronization-{501EF81D-F5B8-451D-8008-9B432276D977}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-14 09:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://search.imesh.com/
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    FF - ProfilePath - c:\documents and settings\Dad and Mom\Application Data\Mozilla\Firefox\Profiles\kq8x0kpw.default\
    FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
    FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
    FF - prefs.js: network.proxy.type - 4
    FF - component: c:\documents and settings\Dad and Mom\Application Data\Mozilla\Firefox\Profiles\kq8x0kpw.default\extensions\{28D35620-51D9-11DE-9D13-2DB156D89593}\components\dtTransparency.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-07-16 17:33
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(3356)
    c:\windows\system32\WININET.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2010-07-16 17:37:48
    ComboFix-quarantined-files.txt 2010-07-16 22:37
    ComboFix2.txt 2010-07-15 21:59

    Pre-Run: 54,500,786,176 bytes free
    Post-Run: 54,503,964,672 bytes free

    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

    - - End Of File - - 0CFEAAD29259520B9A70CDDEA412F427



    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 5:45:18 PM, on 7/16/2010
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
    C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\IMESHA~1\MediaBar\DataMngr\DataMngrUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.imesh.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
    O2 - BHO: UrlHelper Class - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files\iMesh Applications\MediaBar\DataMngr\IEBHO.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    O2 - BHO: MediaBar - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll
    O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
    O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    O3 - Toolbar: MediaBar - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [DataMngr] C:\PROGRA~1\IMESHA~1\MediaBar\\DataMngr\DataMngrUI.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/vwhpro/EN/install/gtdownlr.cab
    O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
    O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: WUSB54GSv2SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

    --
    End of file - 9347 bytes
     
  9. dandennison84

    dandennison84 Thread Starter

    Joined:
    Jul 11, 2010
    Messages:
    19
    Also, I looked through the event viewer again and noticed I never sent you system errors, not app errors. Here are some system errors since the 11th.

    Event Type: Error
    Event Source: Service Control Manager
    Event Category: None
    Event ID: 7023
    Date: 7/16/2010
    Time: 5:43:42 PM
    User: N/A
    Computer: DHY2CQ91
    Description:
    The Application Management service terminated with the following error:
    The specified module could not be found.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    Event Type: Warning
    Event Source: Dhcp
    Event Category: None
    Event ID: 1003
    Date: 7/16/2010
    Time: 5:21:00 PM
    User: N/A
    Computer: DHY2CQ91
    Description:
    Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0016B652A33F. The following error occurred:
    The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
    Data:
    0000: 79 00 00 00 y...

    Event Type: Error
    Event Source: Service Control Manager
    Event Category: None
    Event ID: 7026
    Date: 7/16/2010
    Time: 5:20:21 PM
    User: N/A
    Computer: DHY2CQ91
    Description:
    The following boot-start or system-start driver(s) failed to load:
    AvgLdx86

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    Event Type: Warning
    Event Source: W32Time
    Event Category: None
    Event ID: 36
    Date: 7/16/2010
    Time: 6:36:59 AM
    User: N/A
    Computer: DHY2CQ91
    Description:
    The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    Event Type: Error
    Event Source: Service Control Manager
    Event Category: None
    Event ID: 7024
    Date: 7/15/2010
    Time: 4:50:48 PM
    User: N/A
    Computer: DHY2CQ91
    Description:
    The AVG Free WatchDog service terminated with service-specific error 3758161981 (0xE001003D).

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    Event Type: Warning
    Event Source: MRxSmb
    Event Category: None
    Event ID: 3019
    Date: 7/11/2010
    Time: 1:18:24 PM
    User: N/A
    Computer: BOYS
    Description:
    The redirector failed to determine the connection type.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
    Data:
    0000: 00 00 00 00 04 00 4e 00 ......N.
    0008: 00 00 00 00 cb 0b 00 80 ....Ë..?
    0010: 00 00 00 00 10 00 00 c0 .......À
    0018: 00 00 00 00 00 00 00 00 ........
    0020: 00 00 00 00 00 00 00 00 ........

    Event Type: Error
    Event Source: Service Control Manager
    Event Category: None
    Event ID: 7000
    Date: 7/11/2010
    Time: 12:11:20 PM
    User: N/A
    Computer: DHY2CQ91
    Description:
    The IMAPI CD-Burning COM Service service failed to start due to the following error:
    Access is denied.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    Event Type: Error
    Event Source: Service Control Manager
    Event Category: None
    Event ID: 7000
    Date: 7/11/2010
    Time: 12:10:20 PM
    User: N/A
    Computer: DHY2CQ91
    Description:
    The Fax service failed to start due to the following error:
    Access is denied.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


    Event Type: Error
    Event Source: Service Control Manager
    Event Category: None
    Event ID: 7001
    Date: 7/11/2010
    Time: 12:10:20 PM
    User: N/A
    Computer: DHY2CQ91
    Description:
    The WebClient service depends on the WebDav Client Redirector service which failed to start because of the following error:
    Access is denied.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    Event Type: Error
    Event Source: Service Control Manager
    Event Category: None
    Event ID: 7000
    Date: 7/11/2010
    Time: 12:06:27 PM
    User: N/A
    Computer: DHY2CQ91
    Description:
    The WebDav Client Redirector service failed to start due to the following error:
    Access is denied.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    Event Type: Error
    Event Source: Service Control Manager
    Event Category: None
    Event ID: 7001
    Date: 7/11/2010
    Time: 11:32:14 AM
    User: N/A
    Computer: DHY2CQ91
    Description:
    The SSDP Discovery Service service depends on the HTTP service which failed to start because of the following error:
    Access is denied.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    Event Type: Warning
    Event Source: Print
    Event Category: None
    Event ID: 20
    Date: 7/11/2010
    Time: 11:30:46 AM
    User: NT AUTHORITY\SYSTEM
    Computer: DHY2CQ91
    Description:
    Printer Driver Microsoft XPS Document Writer for Windows NT x86 Version-3 was added or updated. Files:- %4.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    Event Type: Error
    Event Source: Service Control Manager
    Event Category: None
    Event ID: 7034
    Date: 7/11/2010
    Time: 10:53:41 AM
    User: N/A
    Computer: DHY2CQ91
    Description:
    The Online Armor service terminated unexpectedly. It has done this 1 time(s).

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    Event Type: Warning
    Event Source: Dhcp
    Event Category: None
    Event ID: 1003
    Date: 7/11/2010
    Time: 11:06:55 AM
    User: N/A
    Computer: DHY2CQ91
    Description:
    Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0016B652A33F. The following error occurred:
    The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
    Data:
    0000: 79 00 00 00 y...

    Event Type: Error
    Event Source: Service Control Manager
    Event Category: None
    Event ID: 7000
    Date: 7/11/2010
    Time: 10:32:58 AM
    User: N/A
    Computer: DHY2CQ91
    Description:
    The Bonjour Service service failed to start due to the following error:
    Access is denied.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    Event Type: Error
    Event Source: Service Control Manager
    Event Category: None
    Event ID: 7000
    Date: 7/11/2010
    Time: 10:32:58 AM
    User: N/A
    Computer: DHY2CQ91
    Description:
    The ASCTRM service failed to start due to the following error:
    Access is denied.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
     
  10. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,639
    Open Notepad and copy and paste the text in the code box below into it:

    Code:
    Folder::
    c:\program files\iMesh Applications
    
    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}"=-
    [-HKEY_CLASSES_ROOT\clsid\{abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f}]
     
    Save the file to your desktop and name it CFScript.txt

    Referring to the picture below, drag CFScript.txt into ComboFix.exe

    [​IMG]


    This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.

    Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.


    In Firefox go to Tools - Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and click on "No proxy" if it's not already selected.


    Finally, please do this:

    Open HijackThis and click on the Open Misc Tools section button. Click on the Open Uninstall Manager button. Click the Save List button. Save the list then copy and paste it here.
     
  11. dandennison84

    dandennison84 Thread Starter

    Joined:
    Jul 11, 2010
    Messages:
    19
    Hi, here are the results of the instructions. Firexfox was set to autodetect proxy, so I changed it to no proxy.

    ComboFix 10-07-15.01 - Dad and Mom 07/18/2010 11:28:13.3.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.217 [GMT -5:00]
    Running from: c:\documents and settings\Dad and Mom\Desktop\tools\puppy.exe
    Command switches used :: D:\CFScript.txt
    FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\iMesh Applications
    c:\program files\iMesh Applications\iMesh\ammp3.dll
    c:\program files\iMesh Applications\iMesh\avcodec-51.dll
    c:\program files\iMesh Applications\iMesh\avformat-51.dll
    c:\program files\iMesh Applications\iMesh\avutil-49.dll
    c:\program files\iMesh Applications\iMesh\BerkeleyLoader.dll
    c:\program files\iMesh Applications\iMesh\DiscoveryHelper.dll
    c:\program files\iMesh Applications\iMesh\FFPage.exe
    c:\program files\iMesh Applications\iMesh\FixAudioDriverSignature.reg
    c:\program files\iMesh Applications\iMesh\GIFAnimator.dll
    c:\program files\iMesh Applications\iMesh\ImageUploader5.ocx
    c:\program files\iMesh Applications\iMesh\iMesh.exe
    c:\program files\iMesh Applications\iMesh\IMTrProgress.dll
    c:\program files\iMesh Applications\iMesh\IMWebControl.dll
    c:\program files\iMesh Applications\iMesh\InstallHelper.dll
    c:\program files\iMesh Applications\iMesh\Launcher.exe
    c:\program files\iMesh Applications\iMesh\libungif4.dll
    c:\program files\iMesh Applications\iMesh\lic_helper.dll
    c:\program files\iMesh Applications\iMesh\NCTAudioCDGrabber2.dll
    c:\program files\iMesh Applications\iMesh\NCTAudioCDWriter2.dll
    c:\program files\iMesh Applications\iMesh\NCTAudioCompress3.dll
    c:\program files\iMesh Applications\iMesh\NCTAudioFile3.dll
    c:\program files\iMesh Applications\iMesh\NCTAudioFileWMA3.dll
    c:\program files\iMesh Applications\iMesh\NCTAudioFormatSettings3.dll
    c:\program files\iMesh Applications\iMesh\NCTDataCDWriter2.dll
    c:\program files\iMesh Applications\iMesh\ResourcesLOC.dll
    c:\program files\iMesh Applications\iMesh\Shw32.dll
    c:\program files\iMesh Applications\iMesh\Skins\PS.exe
    c:\program files\iMesh Applications\iMesh\Skins\RemoteSkin.wmz
    c:\program files\iMesh Applications\iMesh\UninstallSurvey.exe
    c:\program files\iMesh Applications\iMesh\UninstallUsers.exe
    c:\program files\iMesh Applications\iMesh\UNWISE.EXE
    c:\program files\iMesh Applications\iMesh\UnwiseLauncher.exe
    c:\program files\iMesh Applications\iMesh\UpdateInst.exe
    c:\program files\iMesh Applications\iMesh\WMAProfiles.prx
    c:\program files\iMesh Applications\iMesh\WMHelper.dll
    c:\program files\iMesh Applications\MediaBar\DataMngr\datamngr.dll
    c:\program files\iMesh Applications\MediaBar\DataMngr\DataMngrUI.exe
    c:\program files\iMesh Applications\MediaBar\DataMngr\IEBHO.dll
    c:\program files\iMesh Applications\MediaBar\INSTALL.LOG
    c:\program files\iMesh Applications\MediaBar\main.ico
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\data\search\engines.xml
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\data\search\search.xsl
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\imeshmediabar.js
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\lib\about.xml
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\lib\dtxpanelwin.xul
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\lib\dtxprefwin.xul
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\lib\dtxwin.xul
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\lib\emailnotifierproviders.xml
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\lib\external.js
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\lib\neterror.xhtml
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\lib\wmpstreamer.html
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\modules\datastore.jsm
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\neterror.xhtml
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\preferences.xml
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\toolbar.htm
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\toolbar.xul
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\uwa.js
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\bg-scalable-mdl.gif
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\bg-scalable-tl.gif
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\bg-scalable-tr.gif
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-dragresize.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-close-down.PNG
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-close-over.PNG
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-close.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-maximize-down.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-maximize-over.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-maximize.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-minimize-down.PNG
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-minimize-over.PNG
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-minimize.PNG
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-next-off.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-next.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-previous-off.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-previous.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\navico-home.gif
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\panel.html
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\powered-mystart.gif
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\tb_icon.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\widget.js
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\widget.xml
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\bg-scalable-mdl.gif
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\bg-scalable-tl.gif
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\bg-scalable-tr.gif
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-dragresize.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-close-down.PNG
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-close-over.PNG
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-close.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-maximize-down.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-maximize-over.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-maximize.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-minimize-down.PNG
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-minimize-over.PNG
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-minimize.PNG
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-next-off.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-next.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-previous-off.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-previous.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\navico-home.gif
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\panel.html
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\powered-mystart.gif
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\tb_icon.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\widget.js
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\widget.xml
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\bluelite.gif
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\bluesky.gif
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\btn-search-over.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\btn-search.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\btn-settings-over.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\btn-settings.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\btn-widgets-over.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\btn-widgets.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\btn_settings.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\button-down-back-ff.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\button-down-back.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\button-down-left.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\button-down-right.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\button-down-splitter.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\button-drop-back.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\button-drop-left.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\button-drop-right.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\button-drop-splitter.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\button-hover-back-ff.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\button-hover-back.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\button-hover-left.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\button-hover-right.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\button-hover-splitter.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\ca.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\dictionary.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\divider.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\downloadcom.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\dtxlogo.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\ebay.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\email.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\email_on.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\games.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\graphred0.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\graphred0_5.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\grey.gif
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\headsup.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\ico-shield.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\images.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\imeshmediabar.css
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\add.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\aol.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\arrow-dn.gif
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\arrow-right.gif
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\arrow-up.gif
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\bg-btn-end.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\bg-btn-mdl.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\bg-btn-mdl_ff.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\bg-btn-start.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\bg-btnover-end.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\bg-btnover-mdl.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\bg-btnover-mdl_ff.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\bg-btnover-start.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\blank.gif
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\btnback-down-vista.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\btnback-vista.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\btnleft-down-vista.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\btnleft-vista.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\btnright-down-vista.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\btnright-vista.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\button-splitter-down-vista.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\button-splitter-vista.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\checkmark.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\chevron.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\collapse.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\comcast.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\dtx.css
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\edit-back-hot.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\edit-back.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\expand.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\found.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\gmail.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\highlight.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\highlight_blue.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\highlight_cyan.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\highlight_lime.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\highlight_magenta.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\highlight_yellow.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\hotmail.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\imap.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\lastsearch-thumb-back.gif
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\loadingMid.gif
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\lock.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\mailcom.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\menu_bg-basic.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\menu_separator_bar.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\menu_separator_white.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\menuitem-splitter.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\menuitemback-down-vista.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\menuitemback-vista.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\menuitemleft-down-vista.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\menuitemleft-vista.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\menuitemright-down-vista.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\menuitemright-vista.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\modify.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\move.gif
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\movetarget.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\css\popupAbout.css
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\css\popupGames.css
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\css\popupWidgets.css
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\footer.htm
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\gamecategory.xsl
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\gameData.js
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\gameList.xsl
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\gametype.xsl
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\arrow-sml-drop.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\arrow-sml.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\arrowr-bluew5.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\bg-aboutbox.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\bg-btnover.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\bg-pnl520x390.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-close-grey.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-close-greyover.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-drag.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-next-over.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-next.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-previous-over.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-previous.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\gamethumb-on.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\gamethumb2-over.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\ico-calendar.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\ico-download.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\ico-joystick24.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\ico-play.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\ico-tags.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\icon-Add.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\icon-download.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\icon-Info.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\icon-play.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\icon-shop.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\menul-bgon.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\menul-bgover.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\panel-botm-noscroll.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\scroll-bg-206.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\scroll-bg.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\scroll-topwin.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\scrollb-disable.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\scrollb-down.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\scrollb-over.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\scrollb.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\scrollt-disable.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\scrollt-down.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\scrollt-over.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\scrollt.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\star_x_grey.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\star_x_orange.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\TRUSTe_about.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\view-detailed-on.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\view-detailed-over.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\view-thumb-on.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\view-thumb-over.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\widgets-square-16px.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images\widgets-square-24px.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\popupGames.html
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\popupWidgets.html
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\pop.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\radio.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\radio\css\manager.css
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\radio\css\slider.css
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\bg-pnl.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\btn-close-grey.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\btn-close-greyover.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\collapsed_button.gif
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\expanded_button.gif
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\ico-playstation-down.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\ico-playstation-over.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\ico-playstation.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\ico-radio.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\music-note.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause-on.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-btn-play-on.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-btn-play.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-eq-bg.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-eq-busy.gif
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-eq-off.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-eq-on.gif
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-eq-warning.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-options-design-on.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-options-design.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-options-on.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-options.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-volume-0.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-volume-1.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-volume-2.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-volume-3.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-volume-mute.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\scrollbar-handle.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\scrollbar-track.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\slider.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\slideron.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images\track.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\radio\managerpanel.html
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\radio\volumeslider.html
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\reload.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\remove.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\rename.gif
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\resize-box.gif
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\rss.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\rsschannelback.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\RSSLogo.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\rsstabdivider.gif
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\scroll-left.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\scroll-right.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\search-go.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\search.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\text-ellipsis.xml
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\toolbarsplitter.gif
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\transparent_1px.gif
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\border_02.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\border_03.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\border_04.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\border_06.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\border_07.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\border_08.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\border_09.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\border_10.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\border_11.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\border_12.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\border_13.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\border_14.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\border_15.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\border_16.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\border_18.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\border_19.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\border_20.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\border_21.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\btn-close-grey.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\btn-close-greyover.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\close-hot.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\close-normal.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\loadingMid.gif
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\proxy.html
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\template.html
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\template.xml
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\template_youtube.xml
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\templateFF.html
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\templateFF_save.html
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\uwa\throbber.gif
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\icons\cond999.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\icons\icons.xml
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\icons\na-s.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\icons\na.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\add.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-check.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.css
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.html
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\yahoo.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lichen.gif
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\logo-about.jpg
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\logo-about.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\logo-over.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\logo.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\logo_save.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\maps.bmp
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\menuseparatorback.gif
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\modify-save.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\modify.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\modifyhot.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\music.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\news.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\options\options-main.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\options\options-search.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\options\options-weather.gif
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\options\options-widgets.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\orange.gif
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\pixsy.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\relatedlinks.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\rss-collapse.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\rss-delete.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\rss-expand.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\rss-feed.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\rss-folder-remove.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\rss-folder-rename.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\rss-folder.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\rss-found.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\rss-reload.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\rss-subscribe.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\rss.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\rssback.gif
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\rsstopback.gif
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\search-over.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\search.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\searchbar\searchbar-background-left.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\searchbar\searchbar-background-middle.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\searchbar\searchbar-background-right.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\settings.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\shopping.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\siteinfo.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\skin-bluelite.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\skin-bluesky.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\skin-grey.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\skin-lichen.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\skin-orange.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\skin-yellow.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\technorati.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\throbber.gif
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\toolbarsplitter.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\video.bmp
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\weather.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\web.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\widget_allocine.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\widget_bliptv.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\widget_calcal.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\widget_calculator.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\widget_gservices.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\widget_sudoku.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\widget_todo.jpg
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\widget_todo.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\widget_trio.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\widget_uconverter.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\widgets-square-16px.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\widgets.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\wikipedia.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\yahoosearch.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\yellow.gif
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\youtube.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\chrome\skin\zoom.png
    c:\program files\iMesh Applications\MediaBar\ToolBar\components\windowmediator.js
    c:\program files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll
    c:\program files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarTb.dll
    c:\program files\iMesh Applications\MediaBar\ToolBar\manifest.xml
    c:\program files\iMesh Applications\MediaBar\ToolBar\uninstall.exe
    c:\program files\iMesh Applications\MediaBar\UNWISE.EXE
    c:\program files\iMesh Applications\MediaBar\UnwiseLauncher.exe

    .
    ((((((((((((((((((((((((( Files Created from 2010-06-18 to 2010-07-18 )))))))))))))))))))))))))))))))
    .

    2010-07-16 22:44 . 2010-07-16 22:44 388096 -c--a-r- c:\documents and settings\Dad and Mom\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2010-07-16 22:44 . 2010-07-16 22:44 -------- dc----w- c:\program files\Trend Micro
    2010-07-15 21:40 . 2010-07-15 21:59 -------- dc----w- C:\puppy
    2010-07-12 03:47 . 2010-07-12 03:47 711168 ----a-w- c:\windows\is-4A60K.exe
    2010-07-12 02:45 . 2010-07-12 02:45 -------- d-----w- c:\windows\system32\wbem\Repository
    2010-07-12 02:44 . 2010-07-12 02:44 -------- dc----w- c:\program files\Sonic
    2010-07-12 02:44 . 2010-07-12 02:44 -------- dc----w- c:\program files\SweetIM
    2010-07-12 02:44 . 2010-07-12 02:44 -------- dc----w- c:\documents and settings\All Users\Application Data\SweetIM
    2010-07-12 02:37 . 2010-07-12 03:25 -------- dc----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
    2010-07-12 02:37 . 2010-07-12 02:37 -------- dc----w- c:\documents and settings\Dad and Mom\Local Settings\Application Data\AVG Security Toolbar
    2010-07-12 02:37 . 2010-07-12 02:38 -------- d-----w- c:\windows\system32\drivers\Avg
    2010-07-12 02:34 . 2010-07-12 03:38 -------- d-----w- c:\windows\system32\CatRoot_bak
    2010-07-12 02:31 . 2010-07-12 03:23 -------- dc----w- c:\documents and settings\All Users\Application Data\OnlineArmor
    2010-07-12 02:31 . 2010-07-12 02:49 -------- dc----w- c:\documents and settings\Dad and Mom\Application Data\OnlineArmor
    2010-07-12 02:31 . 2010-07-12 02:31 -------- dc----w- c:\program files\Tall Emu
    2010-07-12 02:31 . 2010-07-12 02:31 -------- dc----w- c:\documents and settings\Dad and Mom\Local Settings\Application Data\iMesh
    2010-07-12 02:31 . 2010-07-12 02:40 -------- dc----w- c:\program files\Microsoft Silverlight
    2010-07-11 16:05 . 2010-07-11 16:05 -------- dcsh--w- c:\documents and settings\Dad and Mom\IECompatCache
    2010-07-11 16:04 . 2010-07-11 16:04 -------- d-----w- c:\windows\system32\scripting
    2010-07-11 16:04 . 2010-07-11 16:04 -------- d-----w- c:\windows\l2schemas

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-07-12 03:48 . 2010-02-12 23:15 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
    2010-07-12 03:38 . 2009-07-24 18:08 67992 -c--a-w- c:\documents and settings\Dad and Mom\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-07-12 02:44 . 2008-02-25 22:05 -------- d-----w- c:\program files\Tropico
    2010-07-12 02:44 . 2010-05-23 02:11 -------- dc----w- c:\program files\Maxis
    2010-07-12 02:44 . 2006-03-27 12:09 -------- dc-h--w- c:\program files\InstallShield Installation Information
    2010-07-12 02:43 . 2006-03-27 12:12 -------- dc----w- c:\program files\Common Files\Real
    2010-07-12 02:38 . 2010-02-13 00:33 -------- dc----w- c:\documents and settings\All Users\Application Data\avg9
    2010-07-11 16:08 . 2004-08-10 19:03 77939 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
    2010-07-11 15:11 . 2009-09-08 13:53 -------- dc----w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2010-05-23 20:38 . 2008-02-24 16:02 1261 ----a-w- c:\windows\eReg.dat
    2010-05-23 12:23 . 2010-05-23 12:23 281 ----a-w- c:\windows\EReg072.dat
    2010-04-29 20:39 . 2010-02-12 23:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-04-29 20:39 . 2010-02-12 23:15 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-04-20 05:51 . 2004-08-10 18:50 285696 ----a-w- c:\windows\system32\atmfd(3).dll
    2010-03-14 20:42 . 2008-02-28 20:42 152 --sh--r- c:\windows\system32\0026B8D2F4.sys
    2010-03-14 20:42 . 2008-02-28 20:42 6686 --sha-w- c:\windows\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((( SnapShot@2010-07-16_22.33.18 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-07-16 22:44 . 2010-07-16 22:44 1094656 c:\windows\Installer\158985.msi
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

    [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
    2009-11-25 19:01 1230080 -c--a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
    2008-10-08 18:22 1172792 -c--a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

    [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
    [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
    [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
    [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

    [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

    [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
    [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
    [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
    [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

    [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-06 94208]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-06 77824]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-06 114688]
    "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
    "@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2009-12-05 6622920]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-16 141608]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-3-27 24576]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2009-12-05 923336]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2010-02-13 00:34 12464 ----a-w- c:\windows\system32\avgrsstx.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkvMon.exe.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NkvMon.exe.lnk
    backup=c:\windows\pss\NkvMon.exe.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
    2010-02-13 00:34 2033432 -c--a-w- c:\progra~1\AVG\AVG9\avgtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
    2005-10-05 09:12 94208 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2008-10-25 16:44 31072 -c--a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    2005-06-10 16:44 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    2005-06-10 16:44 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-02-16 00:07 141608 -c--a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
    2005-07-13 01:05 1117184 -c--a-w- c:\program files\McAfee\SpamKiller\MSKDetct.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2004-10-13 16:24 1694208 -c--a-w- c:\program files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2009-11-11 05:08 417792 -c--a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
    2006-03-27 12:12 26112 -c--a-w- c:\program files\Real\RealPlayer\realplay.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2007-05-02 10:15 75520 ----a-w- c:\program files\Java\jre1.5.0_12\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "SvcOnlineArmor"=2 (0x2)
    "OAcat"=2 (0x2)
    "avg9wd"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=

    R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/12/2010 7:34 PM 360584]
    R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2/12/2010 6:43 PM 223312]
    R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2/12/2010 6:43 PM 24656]
    R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2/12/2010 6:43 PM 29776]
    R2 WUSB54GSv2SVC;WUSB54GSv2SVC;c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe [1/13/2008 2:16 PM 41025]
    S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/12/2010 7:34 PM 333192]
    S3 XIRLINK;Veo Mobile/Advanced Web Camera;c:\windows\system32\drivers\ucdnt.sys [1/26/2004 9:42 PM 728083]
    S4 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2/12/2010 7:34 PM 285392]
    S4 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [2/12/2010 6:43 PM 1282248]
    S4 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [2/12/2010 6:43 PM 3291336]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - GTNDIS5
    .
    Contents of the 'Scheduled Tasks' folder

    2010-07-16 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:34]

    2010-07-18 c:\windows\Tasks\User_Feed_Synchronization-{501EF81D-F5B8-451D-8008-9B432276D977}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-14 09:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://search.imesh.com/
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    FF - ProfilePath - c:\documents and settings\Dad and Mom\Application Data\Mozilla\Firefox\Profiles\kq8x0kpw.default\
    FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
    FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
    FF - prefs.js: network.proxy.type - 4
    FF - component: c:\documents and settings\Dad and Mom\Application Data\Mozilla\Firefox\Profiles\kq8x0kpw.default\extensions\{28D35620-51D9-11DE-9D13-2DB156D89593}\components\dtTransparency.dll
    FF - plugin: c:\documents and settings\Dad and Mom\Application Data\Mozilla\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJPI150_12.dll
    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-DataMngr - c:\progra~1\IMESHA~1\MediaBar\\DataMngr\DataMngrUI.exe
    AddRemove-iMesh - c:\program files\iMesh Applications\iMesh\UninstallSurvey.exe
    AddRemove-iMesh MediaBar - c:\program files\iMesh Applications\MediaBar\\UnwiseLauncher.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-07-18 11:37
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(416)
    c:\windows\system32\igfxdev.dll
    .
    Completion time: 2010-07-18 11:41:49
    ComboFix-quarantined-files.txt 2010-07-18 16:41
    ComboFix2.txt 2010-07-16 22:37
    ComboFix3.txt 2010-07-15 21:59

    Pre-Run: 54,407,585,792 bytes free
    Post-Run: 54,368,292,864 bytes free

    - - End Of File - - BDEDEC340F688C08D7E27568971C84C8


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:44:01 AM, on 7/18/2010
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
    C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\IMESHA~1\MediaBar\DataMngr\DataMngrUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.imesh.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
    O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/vwhpro/EN/install/gtdownlr.cab
    O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
    O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: WUSB54GSv2SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

    --
    End of file - 8820 bytes


    Adobe Flash Player 10 ActiveX
    Adobe Reader 7.0.9
    Adobe Shockwave Player
    AOLIcon
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft Panorama Maker 3.0
    AVG Free 9.0
    Bonjour
    Canon i560
    CCleaner
    Conexant D850 56K V.9x DFVc Modem
    Corel Paint Shop Pro X
    Corel Photo Album 6
    Dell CinePlayer
    Dell Digital Jukebox Driver
    Dell Driver Reset Tool
    DellSupport
    Desktop Players
    Digital Content Portal
    Digital Line Detect
    EducateU
    ELIcon
    ERUNT 1.1j
    Football Manager 2006
    getPlus(R)_ocx
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB914440)
    Hotfix for Windows XP (KB915865)
    Hotfix for Windows XP (KB926239)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954708)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Intel(R) Extreme Graphics 2 Driver
    Intel(R) PRO Network Adapters and Drivers
    Intel(R) PROSet for Wired Connections
    iTunes
    J2SE Runtime Environment 5.0 Update 12
    Junk Mail filter update
    Linksys Wireless-G USB Network Adapter
    Malwarebytes' Anti-Malware
    MCU
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB953297)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 3.5 SP1
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Excel Viewer 2003
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Live Add-in 1.3
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Plus! Digital Media Edition Installer
    Microsoft Plus! Photo Story 2 LE
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Modem Helper
    Mozilla Firefox (3.6)
    MSN
    MSVCRT
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6 Service Pack 2 (KB973686)
    Nikon View 6
    Online Armor 4.0
    QuickTime
    RealPlayer Basic
    Roxio DLA
    Roxio RecordNow Audio
    Roxio RecordNow Copy
    Roxio RecordNow Data
    RS2
    Samsung Master
    Samsung USB Driver
    Search Assist
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB978380)
    Security Update for Microsoft Office Excel 2007 (KB978382)
    Security Update for Microsoft Office Outlook 2007 (KB972363)
    Security Update for Microsoft Office PowerPoint 2007 (KB957789)
    Security Update for Microsoft Office Publisher 2007 (KB969693)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB969613)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB969604)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB917344)
    Security Update for Windows XP (KB918118)
    Security Update for Windows XP (KB918439)
    Security Update for Windows XP (KB919007)
    Security Update for Windows XP (KB920213)
    Security Update for Windows XP (KB920670)
    Security Update for Windows XP (KB920683)
    Security Update for Windows XP (KB920685)
    Security Update for Windows XP (KB921503)
    Security Update for Windows XP (KB922819)
    Security Update for Windows XP (KB923191)
    Security Update for Windows XP (KB923414)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923980)
    Security Update for Windows XP (KB924270)
    Security Update for Windows XP (KB924667)
    Security Update for Windows XP (KB925902)
    Security Update for Windows XP (KB926255)
    Security Update for Windows XP (KB926436)
    Security Update for Windows XP (KB927779)
    Security Update for Windows XP (KB927802)
    Security Update for Windows XP (KB928255)
    Security Update for Windows XP (KB928843)
    Security Update for Windows XP (KB929123)
    Security Update for Windows XP (KB930178)
    Security Update for Windows XP (KB931261)
    Security Update for Windows XP (KB931784)
    Security Update for Windows XP (KB932168)
    Security Update for Windows XP (KB933729)
    Security Update for Windows XP (KB935839)
    Security Update for Windows XP (KB935840)
    Security Update for Windows XP (KB936021)
    Security Update for Windows XP (KB938127)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB938829)
    Security Update for Windows XP (KB941202)
    Security Update for Windows XP (KB941568)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB941644)
    Security Update for Windows XP (KB941693)
    Security Update for Windows XP (KB942615)
    Security Update for Windows XP (KB943055)
    Security Update for Windows XP (KB943460)
    Security Update for Windows XP (KB943485)
    Security Update for Windows XP (KB944653)
    Security Update for Windows XP (KB945553)
    Security Update for Windows XP (KB946026)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB948590)
    Security Update for Windows XP (KB948881)
    Security Update for Windows XP (KB950749)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958470)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978706)
    Segoe UI
    Sonic Activation Module
    Sonic Update Manager
    SweetIM Toolbar for Internet Explorer 3.3
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office InfoPath 2007 (KB976416)
    Update for Outlook 2007 Junk Email Filter (kb979895)
    Update for Windows Internet Explorer 7 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows Internet Explorer 8 (KB980302)
    Update for Windows XP (KB894391)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB904942)
    Update for Windows XP (KB908531)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB911280)
    Update for Windows XP (KB916595)
    Update for Windows XP (KB920872)
    Update for Windows XP (KB922582)
    Update for Windows XP (KB925720)
    Update for Windows XP (KB927891)
    Update for Windows XP (KB930916)
    Update for Windows XP (KB932823-v3)
    Update for Windows XP (KB936357)
    Update for Windows XP (KB938828)
    Update for Windows XP (KB942763)
    Update for Windows XP (KB942840)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Viewpoint Media Player
    WildTangent Web Driver
    Windows Imaging Component
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    Windows Media Format 11 runtime
    Windows Media Format 11 runtime
    Windows Media Player 10
    Windows Media Player 11
    Windows Media Player 11
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890859
    Yahoo! Internet Mail
    Yahoo! Messenger
     
  12. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,639
    Your earlier log showed you had SP3 and now it shows SP2. When did you install SP3? I suspect doing the system restore to a date that far back may have uninstalled it.
     
  13. dandennison84

    dandennison84 Thread Starter

    Joined:
    Jul 11, 2010
    Messages:
    19
    You are probably right. I don't remember installing it, it was on auto-update so it probably did so after last April. Since the restore, I can't uninstall a few things like Online Armor.
     
  14. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,639
    Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application.

    Upgrading Java:

    • Download the latest version of Java Runtime Environment (JRE) 6 Update 21 .
    • Click the "Download" button to the right.
    • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 21 License Agreement.".
    • Click on Continue.
    • Click on the link to download Windows Offline Installation (jre-6u21-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
    • Check any item with Java Runtime Environment, JRE, J2SE or Java(TM) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java version.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on the download to install the newest version.

    This is the older version of Java that you need to uninstall:

    J2SE Runtime Environment 5.0 Update 12

    Also uninstall the following at it's foistware, meaning it gets installed without your knowledge or approval.

    Viewpoint Media Player
     
  15. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,639
    Before doing anything else, try undoing the restore. That should put you back to the state you were before you did it. Unless of course it helped you get back to a working state but I can't recall if there were any benefits to doing the system restore or not.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/934945