Sponsored By

  • Content Count

    11
  • Joined

  • Last visited

About [email protected]

  • Rank
    Member
  1. Ryan ... I think it might be GONE! Dare I say it? You mean to tell me that it was a Google toolbar or a Yahoo tool bar that brought this hideous thing in? I always heard that downloading toolbars was trouble. At the risk of jumping in too soon, THANK YOU!!!! (Fingers crossed) I hope this is it! You were magnificent! Patient, quick to respond, and thorough! I will tell everyone I know! Linda
  2. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:09:46 PM, on 12/5/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\WINDOWS\system32\CTSVCCDA.EXE C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Apoint\HidFind.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Creative\ShareDLL\CtNotify.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe C:\Program Files\Creative\ShareDLL\MediaDet.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Documents and Settings\LINDA SONDERMANN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll O4 - HKLM\..\Run: [ehTray] "C:\WINDOWS\ehome\ehtray.exe" O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe" O4 - HKLM\..\Run: [igfxtray] "C:\WINDOWS\system32\igfxtray.exe" O4 - HKLM\..\Run: [igfxhkcmd] "C:\WINDOWS\system32\hkcmd.exe" O4 - HKLM\..\Run: [igfxpers] "C:\WINDOWS\system32\igfxpers.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [dla] "C:\WINDOWS\system32\dla\tfswctrl.exe" O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe O4 - HKLM\..\Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [spybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\LINDA SONDERMANN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: LUMIX Simple Viewer.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Bejeweled Twist\Images\stg_drm.ocx O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1194798768671 O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Mortimer Beckett and the Time Paradox\Images\armhelper.ocx O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe O24 - Desktop Component 0: (no name) - http://www.knitpicks.com/images/structure/...MP3download.gif -- End of file - 11442 bytes
  3. Actually, Ryan, I go to a Dell page with a Google search field that says, Sorry, we couldn't find http://ad.yieldmanager.com/st%3Fad_type. Here are some related websites: Does that change anything? I'm being hijacked, but by whom? Linda
  4. Malwarebytes' Anti-Malware 1.30 Database version: 1427 Windows 5.1.2600 Service Pack 3 12/3/2008 1:45:05 PM mbam-log-2008-12-03 (13-45-05).txt Scan type: Full Scan (C:\|) Objects scanned: 252658 Time elapsed: 3 hour(s), 48 minute(s), 53 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) This is really irritating. If I use the eBay search engine, I get about 4 seconds before the page flips over. If I use Google or one of the others, I get a few minutes, but I always lose the page, sooner or later. It's really cutting into my holiday shopping, not to mention, my eBay sales ...
  5. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:59:57 PM, on 12/1/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\WINDOWS\system32\CTSVCCDA.EXE C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Creative\ShareDLL\CtNotify.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Apoint\HidFind.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Creative\ShareDLL\MediaDet.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Documents and Settings\LINDA SONDERMANN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar6.dll O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll O4 - HKLM\..\Run: [ehTray] "C:\WINDOWS\ehome\ehtray.exe" O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe" O4 - HKLM\..\Run: [igfxtray] "C:\WINDOWS\system32\igfxtray.exe" O4 - HKLM\..\Run: [igfxhkcmd] "C:\WINDOWS\system32\hkcmd.exe" O4 - HKLM\..\Run: [igfxpers] "C:\WINDOWS\system32\igfxpers.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [dla] "C:\WINDOWS\system32\dla\tfswctrl.exe" O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe O4 - HKLM\..\Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [spybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\LINDA SONDERMANN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: LUMIX Simple Viewer.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file://C:\Program Files\Mortimer Beckett and the Time Paradox\Images\stg_drm.ocx O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1194798768671 O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Mortimer Beckett and the Time Paradox\Images\armhelper.ocx O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe O24 - Desktop Component 0: (no name) - http://www.knitpicks.com/images/structure/...MP3download.gif -- End of file - 11932 bytes AND ... ComboFix 08-12-01.01 - LINDA SONDERMANN 2008-12-01 19:37:33.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.223 [GMT -5:00] Running from: c:\documents and settings\LINDA SONDERMANN\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Downloaded Program Files\setup.inf c:\windows\Downloaded Program Files\TriJinx.1.0.0.67 c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\music\mainmenumusic.ogg c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\areabomb.ogg c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\beetlezap.ogg c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\bonusrow.ogg c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\bonustimer.ogg c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\bucketfilled.ogg c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\clearpyramid.ogg c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle1a.ogg c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle1b.ogg c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle1c.ogg c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle2a.ogg c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle2b.ogg c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle2c.ogg c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\colorchain.ogg c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\dialogbox.ogg c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\drumbeat.ogg c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\fillrow.ogg c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\gateopen.ogg c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\helptip.ogg c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\powerup.ogg c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\rotateboardleft.ogg c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\timerup.ogg c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\warning.ogg c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\warning2.ogg c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\artifacts-bb.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\bar.jpg c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\chamber0.jpg c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\chamber1.jpg c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\circledoor.jpg c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\full_screen_dialog.jpg c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\global-hs-bb_large.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\global-hs-bb_small.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\help-bb_large.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\help-bb_small.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\hexfield.jpg c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\hidden-artifact_icon.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\large_dialog.jpg c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\local-hs-bb.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\mainmenu.jpg c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\small_dialog.jpg c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\textfield.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\trifield.jpg c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetlehover1.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetlehover2.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetlehover3.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetlehover4.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetleshock1.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetleshock2.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetleshock3.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetleshock4.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetletatoo.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\dirt.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\scarabpost.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\scarabpostovr.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\tritop.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowdown_down.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowdown_over.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowdown_up.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowleft_down.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowleft_over.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowleft_up.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowright_down.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowright_over.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowright_up.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowup_down.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowup_over.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowup_up.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowleft_down.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowleft_over.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowleft_up.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowright_down.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowright_over.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowright_up.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\checkdown.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\checkup.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\long_button_down.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\long_button_over.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\long_button_up.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\orange-button_down.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\orange-button_over.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\orange-button_up.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotleft_down.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotleft_over.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotleft_up.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotright_down.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotright_over.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotright_up.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\simplebutton_down.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\simplebutton_over.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\simplebutton_up.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\sliderknob.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\sliderknobover.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\sliderrail.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\characters\anwar\look\pl0001.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\characters\bast\look\bl0001.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\characters\kristine\look\kl0001.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\crackedstopper.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\cursor.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\doorlights.txt c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\fonts\jackarmstrong.mvec c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\fonts\lithos.mvec c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\greybomb.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\helptips\arrowkeys.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\helptips\helptip.jpg c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\levels\levels.dat c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\disk.mesh c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\equilateraltriangle.mesh c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\flattri.mesh c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\pyramid.mesh c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\quad.mesh c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\rotatingpyramid.mesh c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\scarabpanel.mesh c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\p1icon.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\scenes\page1-0.xml c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\scenes\page1-1.xml c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\scenes\panel1-0-1.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\scenes\panel1-1-1.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\scorecloud.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\setup.xml c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\areashockwave.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_1.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_2.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_3.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_4.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_starter.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_tail.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\flash.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\rubble.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\smoke.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\smoke2.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\smoke3.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\splash\aol_logo.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\splash\playfirst_logo.jpg c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\statues\statue0\snake_dirty.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\statues\statue1\arm01_dirty.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\statues\statue1\mask01_1.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\statues\statue1\statue01_dirty.jpg c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\stopper.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\timer.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\timerglow.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\timericon.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\tm.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseblue1.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseblue2.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseblue3.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousegreen1.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousegreen2.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousegreen3.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousered1.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousered2.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousered3.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseyellow1.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseyellow2.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseyellow3.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\areabomb.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\areabombrollover.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\blue.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\bluerollover.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\boardfill.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\brick.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\brick1.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\brick2.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\brick3.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\bricktip.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared1.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared2.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared3.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared4.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared5.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared6.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\eye1.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\eye2.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\eye3.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\eye4.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\green.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\greenrollover.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-blue.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-bluerollover.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-green.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-greenrollover.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-red.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-redrollover.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-yellow.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-yellowrollover.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\red.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\redrollover.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\wild.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\wildrollover.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\yellow.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\yellowrollover.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\upsell\image0.jpg c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\upsell\image1.jpg c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\upsell\image2.jpg c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\upsell\image3.jpg c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\bluebucket.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\buckettriangle.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\chainlink.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\chaintip.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\genericbucket.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\greenbucket.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\redbucket.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\smallblue.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\smallgreen.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\smallred.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\smallyellow.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\urnglow.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\urnplatform.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\yellowbucket.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\warning.png c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\error.lua c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\game.lua c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\gameover.lua c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\hiscore.lua c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\hiscoreinfo.lua c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\hiscoresubmit.lua c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\instructions.lua c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\leveldesign.lua c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\levelover.lua c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\mainarcade.lua c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\mainconfirm.lua c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\maincontinue.lua c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\maingames.lua c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\mainpuzzle.lua c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\maphelptip.lua c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\options.lua c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\pause.lua c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\quitconfirm.lua c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\start.lua c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\storyplayer.lua c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\style.lua c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\upsell.lua c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\strings.xml c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\TriJinx.exe c:\windows\IE4 Error Log.txt . ((((((((((((((((((((((((( Files Created from 2008-11-02 to 2008-12-02 ))))))))))))))))))))))))))))))) . 2008-12-01 16:30 . 2008-12-01 16:30 <DIR> d-------- c:\program files\Bejeweled Twist 2008-11-30 21:58 . 2008-11-30 22:15 <DIR> d----c--- C:\Lop SD 2008-11-30 21:51 . 2008-11-30 21:57 <DIR> d-------- c:\documents and settings\LINDA SONDERMANN\.SunDownloadManager 2008-11-30 14:42 . 2008-11-30 14:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\WinZip 2008-11-30 07:37 . 2008-11-30 07:37 54,156 --ah----- c:\windows\QTFont.qfn 2008-11-30 07:37 . 2008-11-30 07:37 1,409 --a------ c:\windows\QTFont.for 2008-11-29 18:49 . 2008-11-29 18:49 <DIR> d-------- c:\windows\system32\ActiveX 2008-11-29 18:49 . 2008-11-30 16:54 <DIR> d-------- c:\program files\Hawaiian Explorer Pearl Harbor 2008-11-27 20:55 . 2008-11-29 18:47 <DIR> d-------- c:\documents and settings\LINDA SONDERMANN\Application Data\ForgottenRiddles 2008-11-27 20:54 . 2008-11-27 20:54 <DIR> d-------- c:\program files\Forgotten Riddles - The Mayan Princess 2008-11-27 11:51 . 2008-11-27 12:28 <DIR> d-------- c:\program files\Mortimer Beckett and the Time Paradox 2008-11-26 16:53 . 2008-11-26 16:53 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-11-26 16:53 . 2008-11-26 16:53 <DIR> d-------- c:\documents and settings\LINDA SONDERMANN\Application Data\Malwarebytes 2008-11-26 16:53 . 2008-11-26 16:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-11-26 16:53 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-11-26 16:53 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-11-24 23:00 . 2008-11-24 23:03 <DIR> d-------- c:\program files\Chowder 2008-11-19 17:36 . 2008-11-19 17:36 <DIR> d-------- c:\documents and settings\LINDA SONDERMANN\Application Data\Gogii Games 2008-11-19 17:36 . 2008-11-19 17:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\Gogii Games 2008-11-17 20:47 . 2008-11-17 20:47 <DIR> d-------- c:\documents and settings\LINDA SONDERMANN\Application Data\PlayFirst 2008-11-17 17:19 . 2008-11-17 17:19 <DIR> d-------- c:\program files\Book of Legends 2008-11-17 16:45 . 2008-11-17 16:48 <DIR> d-------- c:\program files\Herod's Lost Tomb 2008-11-14 18:57 . 2008-11-14 18:58 <DIR> d-------- c:\program files\Mystery P.I. - The New York Fortune 2008-11-14 12:19 . 2008-11-14 12:19 <DIR> d-------- c:\documents and settings\LINDA SONDERMANN\Application Data\eBay 2008-11-13 19:14 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll 2008-11-13 19:14 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui 2008-11-13 18:48 . 2008-11-13 18:48 <DIR> d-------- c:\program files\Common Files\xing shared 2008-11-13 18:48 . 2008-11-13 18:48 <DIR> d-------- c:\program files\7 Wonders - Treasures of Seven 2008-11-13 18:47 . 2008-11-13 18:47 <DIR> d-------- c:\program files\Mystery Case Files - Madame Fate 2008-11-13 18:47 . 2008-11-13 18:47 <DIR> d-------- c:\program files\Mushroom Age 2008-11-13 18:47 . 2008-11-13 18:47 <DIR> d-------- c:\program files\Microsoft Plus! Photo Story 2 LE 2008-11-13 18:47 . 2008-11-13 18:47 <DIR> d-------- c:\program files\Kidzui 2008-11-13 18:47 . 2008-11-13 18:47 <DIR> d-------- c:\program files\Jewel Quest Mysteries - Curse of the Emerald Tear 2008-11-13 18:47 . 2008-11-13 18:47 <DIR> d-------- c:\program files\Go Go Gourmet - Chef of the Year 2008-11-13 18:47 . 2008-11-13 18:47 <DIR> d-------- c:\program files\Dr. Lynch - Grave Secrets 2008-11-13 18:46 . 2008-11-13 18:46 <DIR> d-------- c:\program files\World Mosaics 2008-11-13 18:46 . 2008-11-13 18:46 <DIR> d-------- c:\program files\Viewpoint 2008-11-13 18:46 . 2008-11-13 18:46 <DIR> d-------- c:\program files\Electronic Arts 2008-11-13 18:46 . 2008-11-13 18:46 <DIR> d-------- c:\documents and settings\LINDA SONDERMANN\Application Data\Viewpoint 2008-11-12 09:40 . 2008-10-24 06:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys 2008-11-12 09:39 . 2008-09-04 12:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll 2008-11-11 20:05 . 2008-11-11 20:05 <DIR> d-------- c:\program files\GameMill Entertainment 2008-11-11 08:55 . 2008-11-11 08:55 <DIR> d-------- c:\program files\Trend Micro 2008-11-10 08:20 . 2008-11-10 08:20 <DIR> d-------- c:\documents and settings\LINDA SONDERMANN\Application Data\PC Tools 2008-11-10 08:20 . 2008-08-25 12:36 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys 2008-11-10 08:20 . 2008-08-25 12:36 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys 2008-11-10 08:20 . 2008-08-25 12:36 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys 2008-11-10 08:20 . 2008-06-02 16:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys 2008-11-02 19:35 . 2008-11-02 19:38 <DIR> d-------- c:\program files\Snood Towers 2008-11-02 16:10 . 2008-11-02 16:10 <DIR> d-------- c:\program files\THQ . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-02 00:17 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2008-12-01 23:49 --------- d-----w c:\documents and settings\LINDA SONDERMANN\Application Data\WholeSecurity 2008-12-01 23:49 --------- d-----w c:\documents and settings\All Users\Application Data\WholeSecurity 2008-12-01 15:55 --------- d-----w c:\documents and settings\LINDA SONDERMANN\Application Data\AVG7 2008-12-01 12:50 --------- d-----w c:\program files\Spyware Doctor 2008-11-29 00:01 --------- d-----w c:\documents and settings\LINDA SONDERMANN\Application Data\Leadertech 2008-11-27 23:41 --------- d-----w c:\program files\Common Files\Adobe 2008-11-21 00:00 --------- d-----w c:\documents and settings\LINDA SONDERMANN\Application Data\SpinTop Games 2008-11-18 01:47 --------- d-----w c:\documents and settings\All Users\Application Data\PlayFirst 2008-11-14 17:19 --------- d-----w c:\documents and settings\All Users\Application Data\eBay 2008-11-13 23:48 --------- d-----w c:\program files\Real 2008-11-13 23:48 --------- d-----w c:\program files\Common Files\Real 2008-11-13 23:46 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint 2008-11-13 23:34 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-06 00:37 --------- d-----w c:\documents and settings\All Users\Application Data\MumboJumbo 2008-10-28 21:34 --------- d-----w c:\program files\Between the Worlds 2008-10-27 22:11 164 -c--a-w C:\install.dat 2008-10-27 02:31 --------- d-----w c:\program files\Hidden Expedition Titanic 2008-10-26 22:18 --------- d-----w c:\program files\Norton Security Scan 2008-10-26 22:18 --------- d-----w c:\program files\Common Files\Symantec Shared 2008-10-26 15:56 --------- d-----w c:\program files\MSN Messenger 2008-10-24 22:23 --------- d-----w c:\documents and settings\All Users\Application Data\Flood Light Games 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-23 22:55 --------- d-----w c:\program files\Snoodoku 2008-10-23 20:29 --------- d-----w c:\program files\WOMGames 2008-10-22 19:21 --------- d-----w c:\program files\Lavasoft 2008-10-22 19:21 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft 2008-10-22 19:20 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2008-10-22 18:54 --------- d-----w c:\program files\Advanced Registry Optimizer 2008-10-22 18:31 --------- d-----w c:\program files\AskBarDis 2008-10-22 18:31 --------- d-----w c:\documents and settings\LINDA SONDERMANN\Application Data\Sammsoft 2008-10-21 21:02 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2008-10-21 19:45 61,224 ----a-w c:\documents and settings\LINDA SONDERMANN\GoToAssistDownloadHelper.exe 2008-10-21 17:46 --------- d-----w c:\program files\Spybot - Search & Destroy 2008-10-18 00:18 --------- d-----w c:\documents and settings\All Users\Application Data\PC Tools 2008-10-17 23:03 --------- d-----w c:\program files\Spyware Doctor(2) 2008-10-14 23:46 --------- d-----w c:\program files\Mystery Case Files - Ravenhearst 2008-10-11 22:16 --------- d-----w c:\program files\Hidden Expedition - Everest 2008-10-11 18:40 --------- d-----w c:\program files\Activision Value 2008-03-08 14:33 0 ----a-w c:\program files\temp01 2007-03-26 12:02 630,784 ----a-w c:\documents and settings\LINDA SONDERMANN\GoToAssist_chat2way__317_en.exe 2006-12-11 00:24 557,056 ----a-w c:\documents and settings\LINDA SONDERMANN\GoToAssist_phone__317_en.exe 2006-06-25 16:24 774,144 ----a-w c:\program files\RngInterstitial.dll 2006-02-27 23:02 251 ----a-w c:\program files\wt3d.ini 2006-02-26 00:48 557,056 ----a-w c:\documents and settings\LINDA SONDERMANN\chatlnk.exe 2006-05-12 13:36 56 --sh--r c:\windows\system32\4BC3057C5F.sys 2006-05-12 13:36 3,558 --sha-w c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296] "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784] "Google Update"="c:\documents and settings\LINDA SONDERMANN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-16 133104] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584] "Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-02-15 98304] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664] "Disc Detector"="c:\program files\Creative\ShareDLL\CtNotify.exe" [2001-04-02 191488] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152] "eBayToolbar"="c:\program files\eBay\eBay Toolbar2\eBayTBDaemon.exe" [2008-08-06 652528] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-11-21 842584] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-08-23 196608] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384] "AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2008-10-17 590848] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-09-01 684032] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544] "Dell AIO Printer A920"="c:\program files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-06-02 270336] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-12 185872] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2007-12-31 219136] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-02-25 113664] Event Reminder.lnk - c:\program files\Broderbund\PrintMaster\PMremind.exe [2006-11-06 323584] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 241664] HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-28 53248] LUMIX Simple Viewer.lnk - c:\program files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2007-12-23 57344] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-09-10 525664] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.iv41"= ir41_32.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\America Online 9.0\\waol.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"= "c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"= "c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"= "c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"= "c:\\Program Files\\Cartoon Network\\Ben 10 Bounty Hunters\\RT_Multiplayer.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 S3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\system32\drivers\hphius09.sys [2008-01-11 18864] S3 PD016BLK;Creative PC-CAM 300 (Still Image);c:\windows\system32\DRIVERS\PD016blk.sys [2006-02-22 28665] S3 PD016VID;Creative PC-CAM 300 (Video);c:\windows\system32\DRIVERS\PD016vid.sys [2006-02-22 433152] S4 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2007-06-03 24652] *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . Contents of the 'Scheduled Tasks' folder 2008-12-01 c:\windows\Tasks\GoogleUpdateTaskUser.job - c:\documents and settings\LINDA SONDERMANN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-16 16:46] 2007-02-05 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job - c:\program files\Microsoft IntelliPoint\ipoint.exe [2006-11-21 17:09] . - - - - ORPHANS REMOVED - - - - Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file) WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file) . ------- Supplementary Scan ------- . mStart Page = hxxp://www.dell.com uInternet Connection Wizard,ShellNext = iexplore IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000 IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html c:\windows\Downloaded Program Files\CONFLICT.46\stg_drm.ocx - c:\windows\Downloaded Program Files\CONFLICT.47\stg_drm.ocx O16 -: {149E45D8-163E-4189-86FC-45022AB2B6C9} file://c:\program files\Mortimer Beckett and the Time Paradox\Images\stg_drm.ocx c:\windows\Downloaded Program Files\CONFLICT.3\armhelper.ocx - c:\windows\Downloaded Program Files\CONFLICT.4\armhelper.ocx c:\windows\Downloaded Program Files\CONFLICT.5\armhelper.ocx c:\windows\Downloaded Program Files\CONFLICT.6\armhelper.ocx c:\windows\Downloaded Program Files\CONFLICT.7\armhelper.ocx O16 -: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file://c:\program files\Mortimer Beckett and the Time Paradox\Images\armhelper.ocx . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-01 19:44:09 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Disc Detector = c:\program files\Creative\ShareDLL\CtNotify.exe?X???????????????? C?????Disc Detector?B???A???????A?? [email protected][email protected]?? [email protected][email protected]?B???A???????A?? [email protected][email protected]?P [email protected]?a?????????????????B?????? ???????????????????p????????B scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-12-01 19:47:43 ComboFix-quarantined-files.txt 2008-12-02 00:47:10 Pre-Run: 45,164,515,328 bytes free Post-Run: 45,674,184,704 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect 471 --- E O F --- 2008-11-27 03:40:34 Thanks, again, Ryan!
  6. --------------------\\ Lop S&D 4.2.4-9c XP/Vista Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3 X86-based PC ( Uniprocessor Free : Intel® Pentium® M processor 1.70GHz ) BIOS : Phoenix ROM BIOS PLUS Version 1.10 A09 USER : LINDA SONDERMANN ( Administrator ) BOOT : Normal boot Antivirus : AVG 7.5.552 7.5.552 (Activated) C:\ (Local Disk) - NTFS - Total:88 Go (Free:42 Go) D:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go) "C:\Lop SD" ( MAJ : 01-11-2008|16:30 ) Option : [1] ( Sun 11/30/2008|21:59 ) --------------------\\ Listing folders in APPLIC~1 [02/15/2006|12:50] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Corel [02/15/2006|12:51] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Google [08/16/2005|05:50] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Identities [12/31/2007|07:58] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft [02/15/2006|12:31] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Sun [03/26/2007|11:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe [11/06/2007|05:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL [03/21/2006|09:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL Downloads [11/06/2007|05:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL OCP [05/24/2008|06:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Astar Games [04/19/2008|07:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Avg7 [03/08/2008|09:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> BigFishGamesCache [08/20/2008|01:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> BVRP Software [08/04/2008|05:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> cerasus.media [03/04/2006|01:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Chasing Dogs Studios [12/01/2007|01:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Christmasville [02/27/2008|09:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Dell [11/14/2008|12:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> eBay [08/20/2008|03:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> EscapeTheMuseum [08/27/2008|03:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> FLEXnet [10/24/2008|05:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Flood Light Games [08/16/2008|12:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Fugazo [04/22/2008|04:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Gogii [11/19/2008|05:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Gogii Games [07/20/2007|06:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google [12/31/2007|07:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Grisoft [02/15/2006|12:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> GTek [02/22/2006|10:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Hewlett-Packard [12/30/2007|07:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> HiddenSecretsNightmare [02/15/2006|12:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield [05/04/2007|04:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> JollyBear [10/22/2008|02:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Lavasoft [11/26/2008|04:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes [01/09/2008|07:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft [11/05/2008|07:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> MumboJumbo [06/13/2007|09:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> n7-89-o9-3r-4t-r9 [02/27/2006|06:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Otto [10/17/2008|07:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PC Tools [11/17/2008|08:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PlayFirst [04/05/2008|09:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PlayPond [02/03/2008|11:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QB9 S.R.L [02/15/2006|12:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QuickTime [03/24/2007|10:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> RoboForm [09/06/2008|03:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Rosetta Stone [08/27/2008|05:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> RosettaStoneLtdBackup [12/25/2006|03:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sandlot Games [02/25/2006|03:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SBT [05/16/2007|06:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SpinTop [06/29/2007|10:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SpinTop Games [10/21/2008|04:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy [11/29/2006|06:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SugarGames [12/23/2007|02:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SupportSoft [04/01/2007|02:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Symantec [11/30/2008|03:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP [07/26/2008|03:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TERMINAL Studio [08/04/2008|03:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TheRace_dev [03/04/2006|12:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Trymedia [11/13/2008|06:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Viewpoint [11/30/2008|09:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WholeSecurity [05/11/2006|07:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage [11/30/2008|02:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WinZip [04/04/2008|01:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WinZipSE [03/22/2007|11:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo! Companion [02/15/2006|12:50] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Corel [02/15/2006|12:51] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Google [08/16/2005|05:50] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Identities [02/26/2006|06:05] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft [02/15/2006|12:31] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Sun [03/21/2006|09:02] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> acccore [06/04/2008|02:23] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> Adobe [03/24/2006|09:48] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> AdobeAUM [03/04/2007|03:44] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> AdobeUM [11/30/2008|08:00] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> AVG7 [01/16/2007|12:53] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> Axialis [08/04/2008|05:33] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> cerasus.media [04/22/2007|06:22] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> CyberLink [11/14/2008|12:19] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> eBay [11/29/2008|06:47] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> ForgottenRiddles [05/02/2008|10:45] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> Friday's games [02/07/2007|06:43] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> funkitron [09/17/2006|07:15] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> Gaijin Ent [11/19/2008|05:36] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> Gogii Games [08/03/2006|07:41] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> Google [04/11/2007|09:15] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> Gtek [07/11/2006|10:44] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> Help [08/16/2005|05:50] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> Identities [12/23/2007|03:10] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> InstallShield [01/09/2008|07:59] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> Lavasoft [11/28/2008|07:01] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> Leadertech [04/18/2007|06:30] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> Macromedia [11/26/2008|04:53] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> Malwarebytes [01/01/2008|11:02] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> Microsoft [02/27/2006|06:02] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> Otto [12/23/2007|03:11] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> Panasonic [11/10/2008|08:20] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> PC Tools [11/17/2008|08:47] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> PlayFirst [11/13/2008|06:48] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> Real [10/22/2008|01:31] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> Sammsoft [08/04/2008|07:20] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> Snood [02/22/2006|09:00] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> Sonic [11/07/2007|07:50] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> SpinTop [11/20/2008|07:00] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> SpinTop Games [02/15/2006|12:31] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> Sun [03/22/2007|11:06] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> Symantec [12/29/2007|11:19] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> URSE Games [11/13/2008|06:46] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> Viewpoint [11/30/2008|06:39] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> WholeSecurity [11/04/2007|12:06] C:\DOCUME~1\LINDAS~1\APPLIC~1\<DIR> WinRAR [12/31/2007|07:59] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> AVG7 [11/26/2007|08:29] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Google [11/15/2008|09:30] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Help [10/04/2008|01:23] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft [10/21/2006|10:03] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Symantec [12/31/2007|07:58] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft --------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks [11/30/2008 08:13 PM][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUser.job [02/05/2007 04:08 PM][--ah-----] C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IPoint_exe.job [11/30/2008 03:13 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT [08/10/2004 06:00 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini --------------------\\ Listing Folders in C:\Program Files [11/11/2007|09:31] C:\Program Files\<DIR> 3DGroove [11/13/2008|06:48] C:\Program Files\<DIR> 7 Wonders - Treasures of Seven [08/20/2008|01:11] C:\Program Files\<DIR> ABBYY FineReader 5.0 Sprint [08/20/2008|01:11] C:\Program Files\<DIR> ABBYY FineReader 6.0 [10/11/2008|01:40] C:\Program Files\<DIR> Activision Value [11/27/2008|06:41] C:\Program Files\<DIR> Adobe [10/22/2008|01:54] C:\Program Files\<DIR> Advanced Registry Optimizer [04/21/2007|12:24] C:\Program Files\<DIR> Agatha Christie - Death on the Nile [11/06/2007|05:52] C:\Program Files\<DIR> AIM6 [09/16/2007|03:31] C:\Program Files\<DIR> America Online 9.0 [03/21/2006|08:50] C:\Program Files\<DIR> AOD [04/24/2006|05:30] C:\Program Files\<DIR> AOL [02/15/2006|12:42] C:\Program Files\<DIR> AOL Companion [12/11/2007|05:03] C:\Program Files\<DIR> AOL Games [09/16/2007|03:31] C:\Program Files\<DIR> Apoint [10/22/2008|01:31] C:\Program Files\<DIR> AskBarDis [01/16/2007|12:53] C:\Program Files\<DIR> Axialis [10/28/2008|04:34] C:\Program Files\<DIR> Between the Worlds [09/16/2007|03:31] C:\Program Files\<DIR> BFG [06/10/2008|08:57] C:\Program Files\<DIR> bfgclient [08/21/2008|07:57] C:\Program Files\<DIR> Boggle [11/17/2008|05:19] C:\Program Files\<DIR> Book of Legends [08/29/2007|09:15] C:\Program Files\<DIR> Borland [02/15/2006|12:35] C:\Program Files\<DIR> Broadcom [11/06/2006|06:11] C:\Program Files\<DIR> Broderbund [03/25/2007|09:21] C:\Program Files\<DIR> CA [08/30/2008|08:54] C:\Program Files\<DIR> Cartoon Network [11/24/2008|11:03] C:\Program Files\<DIR> Chowder [11/13/2008|07:52] C:\Program Files\<DIR> Common Files [08/16/2005|05:38] C:\Program Files\<DIR> ComPlus Applications [02/15/2006|12:19] C:\Program Files\<DIR> CONEXANT [03/22/2007|11:02] C:\Program Files\<DIR> Creative [02/15/2006|12:38] C:\Program Files\<DIR> CyberLink [02/12/2008|10:28] C:\Program Files\<DIR> Davidson [02/15/2006|12:48] C:\Program Files\<DIR> Dell [08/30/2008|11:33] C:\Program Files\<DIR> Dell A920 [08/30/2008|11:36] C:\Program Files\<DIR> Dell AIO Printer A920 [12/23/2007|02:38] C:\Program Files\<DIR> Dell Support Center [04/11/2007|08:50] C:\Program Files\<DIR> DellSupport [02/15/2006|12:37] C:\Program Files\<DIR> Digital Line Detect [10/21/2006|11:47] C:\Program Files\<DIR> directx [04/19/2007|09:07] C:\Program Files\<DIR> Disney [01/13/2008|02:48] C:\Program Files\<DIR> Disney Interactive [11/13/2008|06:47] C:\Program Files\<DIR> Dr. Lynch - Grave Secrets [09/20/2007|09:40] C:\Program Files\<DIR> eBay [02/12/2008|10:54] C:\Program Files\<DIR> Edmark [11/13/2008|06:46] C:\Program Files\<DIR> Electronic Arts [07/08/2008|06:42] C:\Program Files\<DIR> Elf Bowling - Hawaiian Vacation [01/02/2008|03:33] C:\Program Files\<DIR> Elf Bowling 7 17 - The Last Insult [09/16/2007|03:31] C:\Program Files\<DIR> EnglishOtto [09/17/2008|06:27] C:\Program Files\<DIR> Escape The Museum [08/20/2008|01:09] C:\Program Files\<DIR> FaxTools [09/15/2007|10:49] C:\Program Files\<DIR> Fisher-Price® [11/27/2008|08:54] C:\Program Files\<DIR> Forgotten Riddles - The Mayan Princess [09/16/2007|03:31] C:\Program Files\<DIR> GameHouse [11/11/2008|08:05] C:\Program Files\<DIR> GameMill Entertainment [05/16/2007|06:09] C:\Program Files\<DIR> Games [05/16/2007|06:08] C:\Program Files\<DIR> GemMaster [11/30/2006|06:38] C:\Program Files\<DIR> GH-SCRABBLE [11/13/2008|06:47] C:\Program Files\<DIR> Go Go Gourmet - Chef of the Year [02/04/2007|04:10] C:\Program Files\<DIR> Google [02/15/2006|12:51] C:\Program Files\<DIR> GoogleAFE [04/09/2007|01:11] C:\Program Files\<DIR> Grisoft [11/30/2008|04:15] C:\Program Files\<DIR> Hawaiian Explorer Pearl Harbor [11/17/2008|04:48] C:\Program Files\<DIR> Herod's Lost Tomb [02/22/2006|10:17] C:\Program Files\<DIR> Hewlett-Packard [10/11/2008|05:16] C:\Program Files\<DIR> Hidden Expedition - Everest [10/26/2008|09:31] C:\Program Files\<DIR> Hidden Expedition Titanic [08/19/2007|06:07] C:\Program Files\<DIR> HP [01/11/2008|01:33] C:\Program Files\<DIR> hp photosmart [08/30/2008|11:12] C:\Program Files\<DIR> HP PhotoSmart Printers [09/27/2008|11:26] C:\Program Files\<DIR> Infogrames Interactive [11/13/2008|06:34] C:\Program Files\<DIR> InstallShield Installation Information [02/15/2006|12:36] C:\Program Files\<DIR> Intel [08/31/2008|09:19] C:\Program Files\<DIR> Internet Explorer [02/25/2006|03:15] C:\Program Files\<DIR> Intuit [07/17/2008|06:49] C:\Program Files\<DIR> Java [11/13/2008|06:47] C:\Program Files\<DIR> Jewel Quest Mysteries - Curse of the Emerald Tear [11/13/2008|06:47] C:\Program Files\<DIR> Kidzui [03/01/2008|01:09] C:\Program Files\<DIR> Knitting Wizards [08/29/2007|09:15] C:\Program Files\<DIR> Knitware [10/22/2008|02:21] C:\Program Files\<DIR> Lavasoft [02/15/2006|12:42] C:\Program Files\<DIR> Learn2.com [07/27/2008|06:53] C:\Program Files\<DIR> Mah Jong Medley [03/24/2008|03:24] C:\Program Files\<DIR> Mahjong Escape - Ancient Japan [08/05/2008|08:16] C:\Program Files\<DIR> Mahjongg - Ancient Mayas [11/26/2008|04:53] C:\Program Files\<DIR> Malwarebytes' Anti-Malware [08/31/2008|10:26] C:\Program Files\<DIR> Messenger [11/01/2007|05:15] C:\Program Files\<DIR> Microsoft ActiveSync [08/16/2005|05:43] C:\Program Files\<DIR> microsoft frontpage [09/16/2007|03:32] C:\Program Files\<DIR> Microsoft Image Composer [02/05/2007|04:06] C:\Program Files\<DIR> Microsoft IntelliPoint [11/01/2007|05:08] C:\Program Files\<DIR> Microsoft Office [02/15/2006|12:40] C:\Program Files\<DIR> Microsoft Plus! Digital Media Edition [11/13/2008|06:47] C:\Program Files\<DIR> Microsoft Plus! Photo Story 2 LE [02/22/2006|11:07] C:\Program Files\<DIR> Microsoft Visual Studio [09/16/2007|03:32] C:\Program Files\<DIR> Modem Helper [09/16/2007|03:32] C:\Program Files\<DIR> Monopoly 3 [03/22/2007|11:04] C:\Program Files\<DIR> Monopoly Here & Now Edition [11/27/2008|12:28] C:\Program Files\<DIR> Mortimer Beckett and the Time Paradox [08/31/2008|09:19] C:\Program Files\<DIR> Movie Maker [11/13/2008|06:47] C:\Program Files\<DIR> Mozilla Firefox [08/07/2007|10:06] C:\Program Files\<DIR> MSECACHE [08/16/2005|05:37] C:\Program Files\<DIR> MSN [02/11/2008|05:28] C:\Program Files\<DIR> MSN Games [08/16/2005|05:37] C:\Program Files\<DIR> MSN Gaming Zone [10/26/2008|10:56] C:\Program Files\<DIR> MSN Messenger [11/18/2006|06:57] C:\Program Files\<DIR> MSXML 4.0 [11/13/2008|06:47] C:\Program Files\<DIR> Mushroom Age [12/06/2007|09:16] C:\Program Files\<DIR> MUSICMATCH [11/13/2008|06:47] C:\Program Files\<DIR> Mystery Case Files - Madame Fate [10/14/2008|06:46] C:\Program Files\<DIR> Mystery Case Files - Ravenhearst [11/14/2008|06:58] C:\Program Files\<DIR> Mystery P.I. - The New York Fortune [01/29/2007|02:26] C:\Program Files\<DIR> Mysteryville [01/29/2007|03:21] C:\Program Files\<DIR> Nancy Drew [05/31/2008|05:37] C:\Program Files\<DIR> NeedlTx [08/31/2008|09:09] C:\Program Files\<DIR> NetMeeting [09/16/2007|03:32] C:\Program Files\<DIR> NetWaiting [02/15/2006|12:39] C:\Program Files\<DIR> NetZeroInstallers [03/28/2007|08:39] C:\Program Files\<DIR> Norton Internet Security [03/22/2007|11:07] C:\Program Files\<DIR> Norton Password Manager [10/26/2008|05:18] C:\Program Files\<DIR> Norton Security Scan [12/22/2007|06:31] C:\Program Files\<DIR> Nstorm [06/23/2006|10:08] C:\Program Files\<DIR> OfficeUpdate11 [08/16/2005|05:38] C:\Program Files\<DIR> Online Services [08/31/2008|09:09] C:\Program Files\<DIR> Outlook Express [12/23/2007|03:12] C:\Program Files\<DIR> Panasonic [11/30/2006|06:38] C:\Program Files\<DIR> Pantheon [07/15/2008|09:17] C:\Program Files\<DIR> PayPal [03/28/2007|08:13] C:\Program Files\<DIR> PCSecurityShield [02/22/2006|10:46] C:\Program Files\<DIR> PixAround.com [10/26/2006|02:04] C:\Program Files\<DIR> PopCap Games [06/23/2006|10:39] C:\Program Files\<DIR> QuickTime [11/30/2006|06:38] C:\Program Files\<DIR> Rainbow Mystery [11/13/2008|06:48] C:\Program Files\<DIR> Real [08/17/2006|07:50] C:\Program Files\<DIR> ReflexiveArcade [09/16/2007|03:32] C:\Program Files\<DIR> RGB [08/27/2008|05:14] C:\Program Files\<DIR> Rosetta Stone [09/16/2007|03:32] C:\Program Files\<DIR> SCRABBLE [03/24/2007|10:22] C:\Program Files\<DIR> Siber Systems [02/15/2006|12:19] C:\Program Files\<DIR> Sigmatel [08/27/2006|08:20] C:\Program Files\<DIR> Slingo [02/18/2008|02:38] C:\Program Files\<DIR> Slingo Deluxe [02/25/2006|03:08] C:\Program Files\<DIR> Snapshot Viewer [02/07/2008|08:20] C:\Program Files\<DIR> Snood [09/09/2007|07:39] C:\Program Files\<DIR> Snood 4 Beta [09/25/2008|06:19] C:\Program Files\<DIR> Snood Deluxe [01/30/2007|08:21] C:\Program Files\<DIR> Snood Solitaire [11/02/2008|07:38] C:\Program Files\<DIR> Snood Towers [10/23/2008|05:55] C:\Program Files\<DIR> Snoodoku [02/15/2006|12:43] C:\Program Files\<DIR> Sonic [10/21/2008|12:46] C:\Program Files\<DIR> Spybot - Search & Destroy [11/28/2008|09:24] C:\Program Files\<DIR> Spyware Doctor [10/17/2008|06:03] C:\Program Files\<DIR> Spyware Doctor(2) [11/30/2006|06:38] C:\Program Files\<DIR> Sweetopia [04/01/2007|02:48] C:\Program Files\<DIR> Symantec [03/13/2008|03:23] C:\Program Files\<DIR> The Adventure Company [06/08/2008|02:14] C:\Program Files\<DIR> The Learning Company [11/02/2008|04:10] C:\Program Files\<DIR> THQ [03/16/2006|11:23] C:\Program Files\<DIR> TLI [11/11/2008|08:55] C:\Program Files\<DIR> Trend Micro [11/18/2007|08:53] C:\Program Files\<DIR> Turtix [08/16/2005|05:50] C:\Program Files\<DIR> Uninstall Information [05/17/2008|07:37] C:\Program Files\<DIR> Unity [11/13/2008|06:46] C:\Program Files\<DIR> Viewpoint [06/10/2008|08:33] C:\Program Files\<DIR> Virtools [11/06/2006|06:31] C:\Program Files\<DIR> Web Publish [02/15/2006|12:45] C:\Program Files\<DIR> WebCyberCoach [03/26/2007|10:54] C:\Program Files\<DIR> Windows Installer Clean Up [03/31/2008|02:37] C:\Program Files\<DIR> Windows Media Connect 2 [02/16/2008|02:29] C:\Program Files\<DIR> Windows Media Player [08/31/2008|09:09] C:\Program Files\<DIR> Windows NT [08/16/2005|05:37] C:\Program Files\<DIR> Windows Plus [08/16/2005|05:40] C:\Program Files\<DIR> WindowsUpdate [11/30/2008|02:44] C:\Program Files\<DIR> WinZip [04/04/2008|01:46] C:\Program Files\<DIR> WinZip Self-Extractor [10/23/2008|03:29] C:\Program Files\<DIR> WOMGames [11/13/2008|06:46] C:\Program Files\<DIR> World Mosaics [11/18/2007|08:54] C:\Program Files\<DIR> Xango Tango [08/16/2005|05:43] C:\Program Files\<DIR> xerox [03/22/2007|11:06] C:\Program Files\<DIR> Yahoo! --------------------\\ Listing Folders in C:\Program Files\Common Files [11/27/2008|06:41] C:\Program Files\Common Files\<DIR> Adobe [11/06/2007|05:51] C:\Program Files\Common Files\<DIR> AOL [02/15/2006|12:42] C:\Program Files\Common Files\<DIR> aolshare [11/06/2006|06:09] C:\Program Files\Common Files\<DIR> Broderbund [02/22/2006|11:07] C:\Program Files\Common Files\<DIR> Designer [02/22/2006|10:15] C:\Program Files\Common Files\<DIR> Hewlett-Packard [02/22/2006|10:16] C:\Program Files\Common Files\<DIR> HP [02/15/2006|12:43] C:\Program Files\Common Files\<DIR> InstallShield [02/25/2006|03:16] C:\Program Files\Common Files\<DIR> Intuit [02/15/2006|12:31] C:\Program Files\Common Files\<DIR> Java [09/15/2007|10:50] C:\Program Files\Common Files\<DIR> Knowledge Adventure [02/25/2006|03:16] C:\Program Files\Common Files\<DIR> LHSPF [08/27/2008|03:57] C:\Program Files\Common Files\<DIR> Macrovision Shared [11/26/2008|10:39] C:\Program Files\Common Files\<DIR> Microsoft Shared [03/21/2006|06:38] C:\Program Files\Common Files\<DIR> MimarSinan [08/16/2005|05:40] C:\Program Files\Common Files\<DIR> MSSoap [02/15/2006|12:42] C:\Program Files\Common Files\<DIR> Nullsoft [08/16/2005|05:33] C:\Program Files\Common Files\<DIR> ODBC [02/22/2006|10:46] C:\Program Files\Common Files\<DIR> PixAround.com [11/13/2008|06:48] C:\Program Files\Common Files\<DIR> Real [08/16/2005|05:40] C:\Program Files\Common Files\<DIR> Services [02/15/2006|12:43] C:\Program Files\Common Files\<DIR> Sonic Shared [08/16/2005|05:33] C:\Program Files\Common Files\<DIR> SpeechEngines [12/23/2007|02:38] C:\Program Files\Common Files\<DIR> supportsoft [10/26/2008|05:18] C:\Program Files\Common Files\<DIR> Symantec Shared [08/31/2008|09:09] C:\Program Files\Common Files\<DIR> System [02/15/2006|12:40] C:\Program Files\Common Files\<DIR> TiVo Shared [02/25/2006|03:46] C:\Program Files\Common Files\<DIR> WexTech Shared [10/22/2008|02:20] C:\Program Files\Common Files\<DIR> Wise Installation Wizard [11/13/2008|06:48] C:\Program Files\Common Files\<DIR> xing shared --------------------\\ Process ( 72 Processes ) iexplore.exe ~ [PID:564] --------------------\\ Searching with S_Lop No Lop folder found ! --------------------\\ Searching for Lop Files - Folders C:\DOCUME~1\LINDAS~1\LOCALS~1\Temp\nsc85.tmp C:\DOCUME~1\LINDAS~1\LOCALS~1\Temp\nsd36.tmp C:\DOCUME~1\LINDAS~1\LOCALS~1\Temp\nse2E.tmp C:\DOCUME~1\LINDAS~1\LOCALS~1\Temp\nsh90.tmp C:\DOCUME~1\LINDAS~1\LOCALS~1\Temp\nsisdt.dll C:\DOCUME~1\LINDAS~1\LOCALS~1\Temp\nsj7B.tmp C:\DOCUME~1\LINDAS~1\LOCALS~1\Temp\nsl184.tmp C:\DOCUME~1\LINDAS~1\LOCALS~1\Temp\nsl378.tmp C:\DOCUME~1\LINDAS~1\LOCALS~1\Temp\nsm80.tmp C:\DOCUME~1\LINDAS~1\LOCALS~1\Temp\nsr40.tmp C:\DOCUME~1\LINDAS~1\LOCALS~1\Temp\nsr76.tmp C:\DOCUME~1\LINDAS~1\LOCALS~1\Temp\nss14.tmp C:\DOCUME~1\LINDAS~1\LOCALS~1\Temp\nss25.tmp C:\DOCUME~1\LINDAS~1\LOCALS~1\Temp\nss47.tmp C:\DOCUME~1\LINDAS~1\LOCALS~1\Temp\nst325.tmp C:\DOCUME~1\LINDAS~1\LOCALS~1\Temp\nst4C.tmp C:\DOCUME~1\LINDAS~1\LOCALS~1\Temp\nst51.tmp C:\DOCUME~1\LINDAS~1\LOCALS~1\Temp\nsv7C.tmp C:\DOCUME~1\LINDAS~1\LOCALS~1\Temp\nsv9B.tmp C:\DOCUME~1\LINDAS~1\LOCALS~1\Temp\nsx19.tmp C:\DOCUME~1\LINDAS~1\Cookies\linda [email protected][1].txt C:\DOCUME~1\LINDAS~1\Cookies\linda [email protected][1].txt C:\DOCUME~1\LINDAS~1\Cookies\linda [email protected][3].txt --------------------\\ Searching within the Registry ..... OK ! --------------------\\ Checking the Hosts file Hosts file CLEAN --------------------\\ Searching for hidden files with Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-30 22:01:51 Windows 5.1.2600 Service Pack 3 NTFS detected NTDLL code modification: ZwClose scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 0 --------------------\\ Searching for other infections No other infections found ! [F:1139][D:157]-> C:\DOCUME~1\LINDAS~1\LOCALS~1\Temp [F:1476][D:0]-> C:\DOCUME~1\LINDAS~1\Cookies [F:7311][D:37]-> C:\DOCUME~1\LINDAS~1\LOCALS~1\TEMPOR~1\content.IE5 1 - "C:\Lop SD\LopR_1.txt" - Sun 11/30/2008|22:15 - Option : [1] --------------------\\ Scan completed at 22:15:09
  7. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:20:25 PM, on 11/30/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\Explorer.EXE C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Apoint\Apoint.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\system32\CTSVCCDA.EXE C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Apoint\HidFind.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\eHome\ehRecvr.exe C:\Program Files\Creative\ShareDLL\CtNotify.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\Program Files\Creative\ShareDLL\MediaDet.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Documents and Settings\LINDA SONDERMANN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar6.dll O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll O3 - Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file) O4 - HKLM\..\Run: [ehTray] "C:\WINDOWS\ehome\ehtray.exe" O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe" O4 - HKLM\..\Run: [igfxtray] "C:\WINDOWS\system32\igfxtray.exe" O4 - HKLM\..\Run: [igfxhkcmd] "C:\WINDOWS\system32\hkcmd.exe" O4 - HKLM\..\Run: [igfxpers] "C:\WINDOWS\system32\igfxpers.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [dla] "C:\WINDOWS\system32\dla\tfswctrl.exe" O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe O4 - HKLM\..\Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [spybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\LINDA SONDERMANN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: LUMIX Simple Viewer.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Mortimer Beckett and the Time Paradox\Images\stg_drm.ocx O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1194798768671 O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Mortimer Beckett and the Time Paradox\Images\armhelper.ocx O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe O24 - Desktop Component 0: (no name) - http://www.knitpicks.com/images/structure/...MP3download.gif -- End of file - 12149 bytes Thanks, Ryan! Still had ad.yeildmanager taking over my search engines as of this morning. Let's hope this does the trick. Linda
  8. As of an hour ago, I still can't use eBay search. Here is the HJT log, and the Uninstall log. Thanks, Ryan! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:35:50 PM, on 11/26/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\Explorer.EXE C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\WINDOWS\ehome\ehtray.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxsrvc.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\WINDOWS\system32\CTSVCCDA.EXE C:\Program Files\Apoint\Apntex.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Apoint\HidFind.exe C:\WINDOWS\eHome\ehRecvr.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Creative\ShareDLL\CtNotify.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Creative\ShareDLL\MediaDet.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Documents and Settings\LINDA SONDERMANN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\WINDOWS\eHome\ehmsas.exe C:\PROGRA~1\MICROS~4\Office10\OUTLOOK.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\PayPal\PayPal Plug-In\RBroker.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file) O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar6.dll O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll O3 - Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file) O4 - HKLM\..\Run: [ehTray] "C:\WINDOWS\ehome\ehtray.exe" O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe" O4 - HKLM\..\Run: [igfxtray] "C:\WINDOWS\system32\igfxtray.exe" O4 - HKLM\..\Run: [igfxhkcmd] "C:\WINDOWS\system32\hkcmd.exe" O4 - HKLM\..\Run: [igfxpers] "C:\WINDOWS\system32\igfxpers.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [dla] "C:\WINDOWS\system32\dla\tfswctrl.exe" O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe O4 - HKLM\..\Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [spybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\LINDA SONDERMANN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: LUMIX Simple Viewer.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Herod's Lost Tomb\Images\stg_drm.ocx O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1194798768671 O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file://C:\Program Files\Mystery P.I. - The New York Fortune\Images\armhelper.ocx O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe O24 - Desktop Component 0: (no name) - http://www.knitpicks.com/images/structure/...MP3download.gif -- End of file - 12454 bytes 33 Corners 7 Wonders - Treasures of Seven ABBYY FineReader 5.0 Sprint Ad-Aware Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) Adobe Flash Player ActiveX Adobe Flash Player Plugin Adobe Photoshop 7.0 Adobe Reader 8.1.2 Adobe Shockwave Player 11 Advanced Registry Optimizer AIM 6 Alchemy Alchemy and Bejeweled Pack ALPS Touch Pad Driver AOL Coach Version 1.0(Build:20040229.1 en) AOL Connectivity Services AOL Uninstaller (Choose which Products to Remove) AOLIcon Ask Toolbar AVG 7.5 Axialis IconWorkshop 6.0 Ben 10 Alien Force Bounty Hunters Between the Worlds Big Fish Games Client Boggle Boggle Supreme Book of Legends Bookworm Adventures Broadcom Management Programs 2 Caterpillar Construction Tycoon Chowder for Windows version 1.0 Complete Spanish Conexant D110 MDC V.9x Modem Consumer Complete Care Services Agreement Creative PC-CAM 300 Driver Creative PC-CAM Center Creative WebCam Monitor Creative WebCam PhotoEditor Dell AIO Printer A920 Dell Digital Jukebox Driver Dell Driver Reset Tool Dell Support Center Dell Wireless WLAN Card DellSupport Digital Content Portal Digital Line Detect Disney Pirates of the Caribbean Online Disney's Ready for Math with Pooh Disney's Toontown Online Dr. Lynch - Grave Secrets eBay Toolbar Featuring Yahoo! EducateU Elf Bowling - Hawaiian Vacation Elf Bowling 7 1/7 - The Last Insult ELIcon Escape The Museum FaxTools GdiplusUpgrade Go Go Gourmet - Chef of the Year Google AFE Google Toolbar for Internet Explorer Herod's Lost Tomb Hidden Expedition Titanic (remove only) Hidden Mysteries Civil War HijackThis 2.0.2 Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 10 (KB903157) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB952287) HP Image Zone 4.0 HP Product Detection HP Scanjet 4070 HP Software Update HP Update Intel® Graphics Media Accelerator Driver for Mobile Internal Network Card Power Management J2SE Runtime Environment 5.0 Update 10 J2SE Runtime Environment 5.0 Update 11 J2SE Runtime Environment 5.0 Update 6 J2SE Runtime Environment 5.0 Update 9 Java 2 Runtime Environment, SE v1.4.2_03 Java 6 Update 2 Java 6 Update 3 Java 6 Update 5 Java 6 Update 7 Java SE Runtime Environment 6 Update 1 Jewel Quest Mysteries - Curse of the Emerald Tear JumpStart 3rd Grade v1.2 Kidzui Knitware Sweaters 2.50 Learn2 Player (Uninstall Only) LUMIX Simple Viewer Mah Jong Medley Mahjong Escape - Ancient Japan Mahjongg - Ancient Mayas Malwarebytes' Anti-Malware Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft Compression Client Pack 1.0 for Windows XP Microsoft FrontPage 2000 SR-1 Microsoft Image Composer 1.5 Microsoft Office 2000 SR-1 Disc 2 Microsoft Office 2000 SR-1 Professional Microsoft Office XP Media Content Microsoft Office XP Standard Microsoft Plus! Digital Media Edition Installer Microsoft Plus! Photo Story 2 LE Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Web Publishing Wizard 1.52 Mighty Math Calculating Crew (Remove only) Modem Helper Mozilla Firefox (2.0.0.11) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 and SOAP Toolkit 3.0 Mushroom Age Musicmatch for Windows Media Player Mystery Case Files: Madame Fate (remove only) Mystery P.I. - The New York Fortune Nancy Drew: Ghost Dogs of Moon Lake NeedleTrax NetWaiting NetZeroInstallers Oozic Player OTOY Otto PayPal Plug-In PHOTOfunSTUDIO -viewer- PhotoSmart Printer Software PixMaker PixScreenCE_1.5 PowerDVD 5.5 Print-A-Grid PrintMaster QuickBooks Premier: Accountant Edition 2003 QuickSet QuickTime RealArcade RealPlayer Rescue Heroes Tremor Trouble Rhapsody Player Engine Rosetta Stone Version 3 SCRABBLE Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950759) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953838) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956390) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Slingo Deluxe Slingo Deluxe Snood 4 Snood 4 Beta version 6.1 Snood Deluxe Snood for Windows version 3.52-W Snood Poppers 1.0 Snood Slide 2.0 Snood Solitaire version 1.1 Snood Towers for Windows version 1.02 Snoodoku for Windows Version 1.1W Sonic DLA Sonic Encoders Sonic MyDVD LE Sonic RecordNow Audio Sonic RecordNow Copy Sonic RecordNow Data Sonic Update Manager Spelling Dictionaries Support For Adobe Reader 8 SPOREâ„¢ Creature Creator Trial Edition Spybot - Search & Destroy Spybot - Search & Destroy 1.4 Spyware Doctor 6.0 Stitch Motif Maker Demo Sweater Wizard V3 Time Force TONKA Search & Rescue 2 Tri-Peaks Solitaire To Go Turbo Lister 2 Unity Web Player Update for Windows Media Player 10 (KB910393) Update for Windows Media Player 10 (KB913800) Update for Windows Media Player 10 (KB926251) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update Rollup 2 for Windows XP Media Center Edition 2005 Viewpoint Manager (Remove Only) Viewpoint Media Player WebCyberCoach 3.2 Dell Wild Stitches v.1 Demo Windows Genuine Advantage v1.3.0254.0 Windows Installer Clean Up Windows Live Messenger Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 10 Windows Media Player 10 Hotfix - KB895316 Windows Media Player 10 Hotfix [see EmeraldQFE2 for more information] Windows Media Player 11 Windows Media Player 11 Windows XP Media Center Edition 2005 KB908246 Windows XP Media Center Edition 2005 KB925766 Windows XP Service Pack 3 WinZip WinZip Self-Extractor World Mosaics Yahoo! Toolbar Zam Beezee Zodiac Tower Zoombinis Island Odyssey Zoombinis Logical Journey
  9. Hey, Ryan, Here is the log file from mbam. Gosh, I sure hope this works! Malwarebytes' Anti-Malware 1.30 Database version: 1427 Windows 5.1.2600 Service Pack 3 11/26/2008 7:08:44 PM mbam-log-2008-11-26 (19-08-44).txt Scan type: Full Scan (C:\|) Objects scanned: 260311 Time elapsed: 2 hour(s), 9 minute(s), 4 second(s) Memory Processes Infected: 1 Memory Modules Infected: 0 Registry Keys Infected: 7 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 5 Files Infected: 58 Memory Processes Infected: C:\Program Files\Intelinet\intelin2.exe (Rogue.Intelinet) -> Unloaded process successfully. Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\intelinetsecure (Rogue.Intelinet) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\intelinetsecure (Rogue.Intelinet) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\intelinetsecure (Rogue.Intelinet) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Intelinet_is1 (Rogue.Intelinet) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Intelinet (Rogue.Intelinet) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\SpyClean (Rogue.SpyClean) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\intelinet (Rogue.Intelinet) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Program Files\Intelinet (Rogue.Intelinet) -> Quarantined and deleted successfully. C:\Program Files\Intelinet\Backup (Rogue.Intelinet) -> Quarantined and deleted successfully. C:\Program Files\Intelinet\Database (Rogue.Intelinet) -> Quarantined and deleted successfully. C:\Program Files\Intelinet\Logs (Rogue.Intelinet) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Start Menu\Programs\Intelinet (Rogue.Intelinet) -> Quarantined and deleted successfully. Files Infected: C:\Program Files\Intelinet\intelin2.exe (Rogue.Intelinet) -> Quarantined and deleted successfully. C:\Program Files\Intelinet\Intelinet.exe (Rogue.Intelinet) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP908\A0320160.exe (Rogue.Intelinet) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP908\A0320167.exe (Rogue.Intelinet) -> Quarantined and deleted successfully. C:\Program Files\Intelinet\BCKManager.dll (Rogue.Intelinet) -> Quarantined and deleted successfully. C:\Program Files\Intelinet\CheckRegistry.dll (Rogue.Intelinet) -> Quarantined and deleted successfully. C:\Program Files\Intelinet\hashes.md5 (Rogue.Intelinet) -> Quarantined and deleted successfully. C:\Program Files\Intelinet\ListLogs.dll (Rogue.Intelinet) -> Quarantined and deleted successfully. C:\Program Files\Intelinet\ManageRegistry.dll (Rogue.Intelinet) -> Quarantined and deleted successfully. C:\Program Files\Intelinet\MFC71.dll (Rogue.Intelinet) -> Quarantined and deleted successfully. C:\Program Files\Intelinet\msvcp71.dll (Rogue.Intelinet) -> Quarantined and deleted successfully. C:\Program Files\Intelinet\msvcr71.dll (Rogue.Intelinet) -> Quarantined and deleted successfully. C:\Program Files\Intelinet\SpywareGuard.dll (Rogue.Intelinet) -> Quarantined and deleted successfully. C:\Program Files\Intelinet\Spywarehandler.dll (Rogue.Intelinet) -> Quarantined and deleted successfully. C:\Program Files\Intelinet\unins000.dat (Rogue.Intelinet) -> Quarantined and deleted successfully. C:\Program Files\Intelinet\unins000.exe (Rogue.Intelinet) -> Quarantined and deleted successfully. C:\Program Files\Intelinet\Backup\{093A90A7-B13F-4313-A6F5-AE6C90814FEF}.rbk (Rogue.Intelinet) -> Quarantined and deleted successfully. C:\Program Files\Intelinet\Backup\{237264C1-9B03-479E-98C3-EBFB5B636587}.rbk (Rogue.Intelinet) -> Quarantined and deleted successfully. C:\Program Files\Intelinet\Backup\{2699C183-858F-45CC-9754-DFCE7365088C}.rbk (Rogue.Intelinet) -> Quarantined and deleted successfully. C:\Program Files\Intelinet\Backup\{4F30ACE4-B904-4B12-9F65-105EDCD0FA20}.rbk (Rogue.Intelinet) -> Quarantined and deleted successfully. C:\Program Files\Intelinet\Backup\{57D3E3AA-E29E-46CF-9788-C12D63E67C03}.rbk (Rogue.Intelinet) -> Quarantined and deleted successfully. C:\Program Files\Intelinet\Backup\{82FE6BCB-CD7C-4A2A-985E-B8E253F9B06D}.rbk (Rogue.Intelinet) -> Quarantined and deleted successfully. C:\Program Files\Intelinet\Backup\{9816C857-C27B-4FD6-A2BD-CDD8A9A5FDD8}.rbk (Rogue.Intelinet) -> Quarantined and deleted successfully. C:\Program Files\Intelinet\Backup\{A0479FED-59B7-49B3-B546-6512070066AF}.rbk (Rogue.Intelinet) -> Quarantined and deleted successfully. C:\Program Files\Intelinet\Backup\{AB25CEBE-D765-49D7-9D88-91A3A0F14AFB}.rbk (Rogue.Intelinet) -> Quarantined and deleted successfully. C:\Program Files\Intelinet\Backup\{E277414C-FE4F-456F-B7BE-274FA729F7FC}.rbk (Rogue.Intelinet) -> Quarantined and deleted successfully. C:\Program Files\Intelinet\Database\Immunizer.db (Rogue.Intelinet) -> Quarantined and deleted successfully. C:\Program Files\Intelinet\Database\Spyware.db (Rogue.Intelinet) -> Quarantined and deleted successfully. C:\Program Files\Intelinet\Logs\2008_10_29.log (Rogue.Intelinet) -> Quarantined and deleted successfully. C:\Program Files\Intelinet\Logs\2008_10_30.log (Rogue.Intelinet) -> Quarantined and deleted successfully. C:\Program Files\Intelinet\Logs\2008_10_31.log (Rogue.Intelinet) -> Quarantined and deleted successfully. C:\Program Files\Intelinet\Logs\2008_11_01.log (Rogue.Intelinet) -> Quarantined and deleted successfully. C:\Program Files\Intelinet\Logs\2008_11_02.log (Rogue.Intelinet) -> Quarantined and deleted successfully. C:\Program Files\Intelinet\Logs\2008_11_04.log (Rogue.Intelinet) -> Quarantined and deleted successfully. C:\Program Files\Intelinet\Logs\2008_11_05.log (Rogue.Intelinet) -> Quarantined and deleted successfully. C:\Program Files\Intelinet\Logs\2008_11_06.log (Rogue.Intelinet) -> Quarantined and deleted successfully. C:\Program Files\Intelinet\Logs\2008_11_07.log (Rogue.Intelinet) -> Quarantined and deleted successfully. C:\Program Files\Intelinet\Logs\2008_11_08.log (Rogue.Intelinet) -> Quarantined and deleted successfully. C:\Program Files\Intelinet\Logs\2008_11_09.log (Rogue.Intelinet) -> Quarantined and deleted successfully. C:\Program Files\Intelinet\Logs\2008_11_10.log (Rogue.Intelinet) -> Quarantined and deleted successfully. C:\Program Files\Intelinet\Logs\2008_11_11.log (Rogue.Intelinet) -> Quarantined and deleted successfully. C:\Program Files\Intelinet\Logs\2008_11_12.log (Rogue.Intelinet) -> Quarantined and deleted successfully. C:\Program Files\Intelinet\Logs\2008_11_13.log (Rogue.Intelinet) -> Quarantined and deleted successfully. C:\Program Files\Intelinet\Logs\2008_11_14.log (Rogue.Intelinet) -> Quarantined and deleted successfully. C:\Program Files\Intelinet\Logs\2008_11_15.log (Rogue.Intelinet) -> Quarantined and deleted successfully. C:\Program Files\Intelinet\Logs\2008_11_17.log (Rogue.Intelinet) -> Quarantined and deleted successfully. C:\Program Files\Intelinet\Logs\2008_11_18.log (Rogue.Intelinet) -> Quarantined and deleted successfully. C:\Program Files\Intelinet\Logs\2008_11_19.log (Rogue.Intelinet) -> Quarantined and deleted successfully. C:\Program Files\Intelinet\Logs\2008_11_20.log (Rogue.Intelinet) -> Quarantined and deleted successfully. C:\Program Files\Intelinet\Logs\2008_11_21.log (Rogue.Intelinet) -> Quarantined and deleted successfully. C:\Program Files\Intelinet\Logs\2008_11_23.log (Rogue.Intelinet) -> Quarantined and deleted successfully. C:\Program Files\Intelinet\Logs\2008_11_24.log (Rogue.Intelinet) -> Quarantined and deleted successfully. C:\Program Files\Intelinet\Logs\2008_11_25.log (Rogue.Intelinet) -> Quarantined and deleted successfully. C:\Program Files\Intelinet\Logs\2008_11_26.log (Rogue.Intelinet) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Start Menu\Programs\Intelinet\Intelinet.lnk (Rogue.Intelinet) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Start Menu\Programs\Intelinet\Uninstall Intelinet.lnk (Rogue.Intelinet) -> Quarantined and deleted successfully. C:\Documents and Settings\LINDA SONDERMANN\Desktop\Intelinet.lnk (Rogue.Intelinet) -> Quarantined and deleted successfully. C:\Documents and Settings\LINDA SONDERMANN\Application Data\Microsoft\Internet Explorer\Quick Launch\Intelinet.lnk (Rogue.Intelinet) -> Quarantined and deleted successfully.
  10. I run Intelinet every day. AVG once in a while. Tried PC TOOLS. Went through the self-help list and deleated as instructed, but the freaking thing is still here. I can't use my eBay search at all. It's making me nuts. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:08:31 PM, on 11/26/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Apoint\Apoint.exeAd C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\igfxsrvc.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Apoint\HidFind.exe C:\Program Files\Apoint\Apntex.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Creative\ShareDLL\CtNotify.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Creative\ShareDLL\MediaDet.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\WINDOWS\system32\CTSVCCDA.EXE C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\WINDOWS\eHome\ehRecvr.exe C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Documents and Settings\LINDA SONDERMANN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\Program Files\Intelinet\Intelinet.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgw.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Intelinet\intelin2.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\dllhost.exe C:\PROGRA~1\MICROS~4\Office10\OUTLOOK.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\PayPal\PayPal Plug-In\RBroker.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D- 784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file) O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9- B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar6.dll O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518- A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll O3 - Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file) O4 - HKLM\..\Run: [ehTray] "C:\WINDOWS\ehome\ehtray.exe" O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe" O4 - HKLM\..\Run: [igfxtray] "C:\WINDOWS\system32\igfxtray.exe" O4 - HKLM\..\Run: [igfxhkcmd] "C:\WINDOWS\system32\hkcmd.exe" O4 - HKLM\..\Run: [igfxpers] "C:\WINDOWS\system32\igfxpers.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07 \bin\jusched.exe" O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" - atboottime O4 - HKLM\..\Run: [dla] "C:\WINDOWS\system32\dla\tfswctrl.exe" O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2 \eBayTBDaemon.exe O4 - HKLM\..\Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] "C:\WINDOWS\system32 \spool\drivers\w32x86\3\hpztsb04.exe" O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920 \dlbkbmgr.exe" O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [spybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\LINDA SONDERMANN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [intelinet] C:\Program Files\Intelinet\Intelinet.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: LUMIX Simple Viewer.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10 \OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1 \MICROS~4\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5- 00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3- 47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7- f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E- 00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Herod's Lost Tomb\Images\stg_drm.ocx O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...86/client/muweb _site.cab?1194798768671 O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file://C:\Program Files\Mystery P.I. - The New York Fortune\Images\armhelper.ocx O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1 \Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1 \Grisoft\AVG7\avgupsvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: IntelinetSecure - Unknown owner - C:\Program Files\Intelinet\intelin2.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe O24 - Desktop Component 0: (no name) - http://www.knitpicks.com/images/structure/...MP3download.gif -- End of file - 12693 bytes