unauthorized spam emails are being sent to my friends and family using my email address

Hi frenchre,

I'm kevinf80 and I will be helping with any issues you may have. Please be aware that some of the logs I may ask for can be very complex and can take a long time to decipher. I am a volunteer here with a job and family so I ask that you be patient when waiting for replies.
Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.
Please Print or Save to Notepad all instructions and please follow them carefully and if there's something you don't understand or that will not work please let me know and we will go through it together.
Malware is often buggy and can be very unstable, with that in mind it is advisable to backup any important data before we begin.
If you do not reply within 72 hours the thread will be closed, if you need more time let me know. Likewise if I do not respond within 48 hours feel free to PM me.

* If you are using any cracked software, please remove it. In addition to being illegal, when you install cracked software, you are running executable files from dubious, unknown sources. You are giving these sources access to information on your hard disk, and potential control over operation of your computer. Definition of cracked software HERE

** If you are using any P2P (file sharing) programs, please remove them before we clean your computer. The nature of such software and the high incidence of malware in files downloaded with them is counter productive to restoring your PC to a healthy state. That includes BitTorrent and similar programs. There is a partial list HERE

You have Limewire installed, please uninstall it from Add/Remove Programs via the Control Panel. If you have any other associated P2P applications, remove them also. Next,

Please proceed as follows :-

Step 1

Please download Malwarebytes Anti-Malware and save it to your desktop.
Alernative D/L mirror
Alternative D/L mirror

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• Please save the log to a location you will remember.
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Step 2

We need to see some additional information about what is happening in your machine. 
Please perform the following scan:

• Download DDS by sUBs from one of the following links.  Save it to your desktop.
  • DDS.com
  • DDS.scr
  • DDS.pif
• Double click on the DDS icon, allow it to run.
• A small box will open, with an explanation about the tool.   
• When done, DDS will open two (2) logs         1. DDS.txt
           2. Attach.txt
• Save both reports to your desktop.
• The instructions here ask you to attach the Attach.txt. 
• Instead of attaching, please copy/past both logs into your next reply.
• Close the program window, and delete the program from your desktop.

Please note:  You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet. 
Information on A/V control HERE

Step 3

Download Security Check by screen317 from HERE or HERE.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

What i`d like in your reply :-

• Log from Malwarebytes
• Both logs from DDS
• Log from Security Checks

Kevin

Kevin:

Thanks for the help.

MBAM LOG:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4591

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

9/10/2010 4:04:45 PM
mbam-log-2010-09-10 (16-04-45).txt

Scan type: Quick scan
Objects scanned: 151291
Time elapsed: 12 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 12
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 16
Files Infected: 76

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\firefox (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\firefox\chrome (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Richard French\My Documents\downloads\MyFunCardsSetup2.3.50.62.ZUfox000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3REGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3AUXSTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3DLGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\33619D60.VsQ (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\3361A4C3.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\3361A5DC.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\3361A6E6.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\3361A80F.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\3361A995.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\firefox\CHROME.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\firefox\INSTALL.RDF (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\firefox\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History\search3 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.

DDS:

DDS (Ver_10-03-17.01) - NTFSx86 
Run by Richard French at 16:32:08.57 on Fri 09/10/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2038.1306 [GMT -7:00]

AV: BitDefender Antivirus *On-access scanning disabled* (Outdated)   {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning enabled* (Updated)   {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated)   {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
FW: BitDefender Firewall *disabled*   {4055920F-2E99-48A8-A270-4243D2B8F242}
FW: ZoneAlarm Firewall *enabled*   {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\DigitalPersona\Bin\DPWinLct.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
svchost.exe
C:\Program Files\DigitalPersona\Bin\DpHost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\Intel\IntelAppStoreBeta\bin\serviceManager.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\SupportSoft\bin\bcont.exe
C:\Program Files\Belkin\F1U201.401\usbshare.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Richard French\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
uURLSearchHooks: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - c:\program files\zonealarm\tbZone.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - c:\program files\zonealarm\tbZone.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\Scriptcl.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - c:\program files\zonealarm\tbZone.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Desktop Software] "c:\program files\common files\supportsoft\bin\bcont.exe"  /ini "c:\program files\comcastui\desktop software\uinstaller.ini" /fromrun /starthidden
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [DPAgnt] c:\program files\digitalpersona\bin\DPAgnt.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: [ ]
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [Intel AppUp(SM) center Beta] "c:\program files\intel\intelappstorebeta\bin\serviceManager.lnk"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe"  -osboot
mRun: [TMRUBottedTray] "c:\program files\trend micro\rubotted\TMRUBottedTray.exe"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\f1u201~1.lnk - c:\program files\belkin\f1u201.401\usbshare.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F4430FE8-2638-42e5-B849-800749B94EED} - c:\program files\partygaming.net\partypokernet\RunPF.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Notify: DPWLN   - c:\windows\system32\DPWLEvHd.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Notification Packages = scecli DPPWDFLT

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\richar~1\applic~1\mozilla\firefox\profiles\k9l1p5ps.default\
FF - prefs.js: browser.search.selectedEngine - MyWebSearch
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZUfox000&fl=0&ptb=_zgo5ZdJ1sP9l6u2vo.VsQ&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor=
FF - component: c:\documents and settings\richard french\application data\mozilla\firefox\profiles\k9l1p5ps.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\richard french\application data\mozilla\firefox\profiles\k9l1p5ps.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}\components\RadioWMPCore.dll
FF - component: c:\program files\checkpoint\zaforcefield\trustchecker\components\TrustCheckerMozillaPlugin.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\richard french\application data\mozilla\firefox\profiles\k9l1p5ps.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\np_gp.dll
FF - plugin: c:\program files\mozilla firefox\plugins\np32dsw.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npnul32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPOFFICE.DLL
FF - plugin: c:\program files\mozilla firefox\plugins\nppdf32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppl3260.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin4.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin5.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin6.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprpjplug.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox 3.6 beta 5\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox 3.6 beta 5\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox 3.6 beta 5\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox 3.6 beta 5\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox 3.6 beta 5\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox 3.6 beta 5\greprefs\all.js - pref("javascript.options.mem.gc_frequency",   1600);
c:\program files\mozilla firefox 3.6 beta 5\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox 3.6 beta 5\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox 3.6 beta 5\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox 3.6 beta 5\greprefs\all.js - pref("browser.formfill.debug",            false);
c:\program files\mozilla firefox 3.6 beta 5\greprefs\all.js - pref("browser.formfill.agedWeight",       2);
c:\program files\mozilla firefox 3.6 beta 5\greprefs\all.js - pref("browser.formfill.bucketSize",       1);
c:\program files\mozilla firefox 3.6 beta 5\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox 3.6 beta 5\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox 3.6 beta 5\greprefs\all.js - pref("browser.formfill.boundaryWeight",   25);
c:\program files\mozilla firefox 3.6 beta 5\greprefs\all.js - pref("browser.formfill.prefixWeight",     5);
c:\program files\mozilla firefox 3.6 beta 5\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox 3.6 beta 5\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox 3.6 beta 5\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox 3.6 beta 5\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox 3.6 beta 5\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox 3.6 beta 5\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox 3.6 beta 5\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox 3.6 beta 5\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox 3.6 beta 5\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox 3.6 beta 5\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox 3.6 beta 5\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox 3.6 beta 5\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox 3.6 beta 5\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox 3.6 beta 5\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox 3.6 beta 5\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox 3.6 beta 5\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-9-7 64288]
R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2006-11-30 31944]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-9-7 532224]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2010-5-26 26352]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2010-5-26 493032]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2008-12-6 104000]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2007-2-22 144960]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2007-2-22 54872]
R2 RUBotted;Trend Micro RUBotted Service;c:\program files\trend micro\rubotted\TMRUBotted.exe [2010-9-7 582992]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 dpK0Bx01;Fingerprint Reader Filter Driver;c:\windows\system32\drivers\dpK0Bx01.sys [2004-8-4 32640]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2008-12-6 72264]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2008-12-6 34152]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2008-12-6 170408]
R3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\TMPassthru.sys [2010-9-7 206608]
R3 UsbdpFP;Fingerprint Reader Class Driver;c:\windows\system32\drivers\UsbdpFP.sys [2004-8-4 34560]
S2 BDVEDISK;BDVEDISK;\??\c:\program files\bitdefender\bitdefender 2009\bdvedisk.sys --> c:\program files\bitdefender\bitdefender 2009\BDVEDISK.sys [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-8-12 1355928]
S3 DellBIOS;DellBIOS;c:\windows\DellBIOS.Sys [2007-3-7 5120]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2010-1-28 18560]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-12 15008]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2007-12-7 40832]
S3 spotJ;Spot Software GPS USB Driver;c:\windows\system32\drivers\spotJ.sys [2006-12-9 34304]
S3 TMPassthru;Trend Micro Passthru Ndis Service;c:\windows\system32\drivers\TMPassthru.sys [2010-9-7 206608]

=============== Created Last 30 ================

2010-09-10 22:49:21    0    d-----w-    c:\docume~1\richar~1\applic~1\Malwarebytes
2010-09-10 22:49:01    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-10 22:48:57    0    d-----w-    c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-09-10 22:48:56    20952    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-09-10 07:42:38    86400    ----a-w-    c:\windows\~GLC0000.TMP
2010-09-08 05:19:44    15880    ----a-w-    c:\windows\system32\lsdelete.exe
2010-09-08 03:19:18    0    d-----w-    c:\docume~1\richar~1\applic~1\CheckPoint
2010-09-08 03:18:39    0    d-----w-    c:\program files\Conduit
2010-09-08 03:18:37    0    d-----w-    c:\program files\ZoneAlarm
2010-09-08 03:18:29    0    d-----w-    c:\program files\CheckPoint
2010-09-08 03:18:26    4212    ---ha-w-    c:\windows\system32\zllictbl.dat
2010-09-08 03:18:14    1238528    ----a-w-    c:\windows\system32\zpeng25.dll
2010-09-08 03:18:13    0    d-----w-    c:\windows\system32\ZoneLabs
2010-09-08 03:18:11    421443    ----a-w-    c:\windows\system32\vsconfig.xml
2010-09-08 03:18:11    0    d-----w-    c:\program files\Zone Labs
2010-09-08 03:17:21    0    d-----w-    c:\windows\Internet Logs
2010-09-07 18:29:50    64288    ----a-w-    c:\windows\system32\drivers\Lbd.sys
2010-09-07 18:29:25    95024    ----a-w-    c:\windows\system32\drivers\SBREDrv.sys
2010-09-07 08:24:36    0    dc-h--w-    c:\docume~1\alluse~1\applic~1\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-09-07 08:24:03    0    d-----w-    c:\program files\Lavasoft
2010-09-07 07:59:06    206608    ----a-w-    c:\windows\system32\drivers\TMPassthru.sys
2010-09-07 07:59:05    0    d-----w-    c:\program files\Trend Micro
2010-08-29 20:17:54    54156    ---ha-w-    c:\windows\QTFont.qfn
2010-08-29 20:17:54    1409    ----a-w-    c:\windows\QTFont.for
2010-08-12 16:29:09    423656    ----a-w-    c:\windows\system32\deployJava1.dll

==================== Find3M  ====================

2010-09-02 03:12:22    3766    --sha-w-    c:\windows\system32\KGyGaAvL.sys
2010-07-27 06:30:35    8462336    ------w-    c:\windows\system32\dllcache\shell32.dll
2010-06-30 12:31:35    149504    ----a-w-    c:\windows\system32\schannel.dll
2010-06-30 12:31:35    149504    ------w-    c:\windows\system32\dllcache\schannel.dll
2010-06-23 13:44:04    1851904    ----a-w-    c:\windows\system32\win32k.sys
2010-06-23 13:44:04    1851904    ------w-    c:\windows\system32\dllcache\win32k.sys
2010-06-23 12:06:51    70656    ------w-    c:\windows\system32\dllcache\ie4uinit.exe
2010-06-23 12:06:51    13824    ------w-    c:\windows\system32\dllcache\ieudinit.exe
2010-06-21 15:27:11    354304    ------w-    c:\windows\system32\dllcache\srv.sys
2010-06-18 13:36:12    3558912    ----a-w-    c:\windows\system32\dllcache\moviemk.exe
2010-06-17 15:12:57    634656    ------w-    c:\windows\system32\dllcache\iexplore.exe
2010-06-17 15:11:25    161792    ----a-w-    c:\windows\system32\dllcache\ieakui.dll
2010-06-17 14:03:00    80384    ----a-w-    c:\windows\system32\iccvid.dll
2010-06-14 14:31:20    744448    ------w-    c:\windows\system32\dllcache\helpsvc.exe
2010-06-14 07:41:45    1172480    ----a-w-    c:\windows\system32\msxml3.dll
2010-06-14 07:41:45    1172480    ------w-    c:\windows\system32\dllcache\msxml3.dll
2008-11-03 04:31:21    32768    -csha-w-    c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008110220081103\index.dat

============= FINISH: 16:33:38.89 ===============

ATTACH:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 5/30/2006 4:33:19 PM
System Uptime: 9/10/2010 4:06:44 PM (0 hours ago)

Motherboard: Dell Inc. |  | 0KD882
Processor: Genuine Intel(R) CPU           T2400  @ 1.83GHz | Microprocessor | 1830/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 32 GiB total, 10.566 GiB free.
D: is CDROM ()
E: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\14DA0541434FC000
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\14DA0541434FC000
Service: NIC1394

==== System Restore Points ===================

RP1285: 8/6/2010 9:35:40 PM - System Checkpoint
RP1286: 8/8/2010 12:57:15 PM - System Checkpoint
RP1287: 8/9/2010 1:08:20 PM - System Checkpoint
RP1288: 8/10/2010 1:30:56 PM - System Checkpoint
RP1289: 8/11/2010 2:22:37 PM - System Checkpoint
RP1290: 8/12/2010 6:22:25 AM - Software Distribution Service 3.0
RP1291: 8/12/2010 9:28:13 AM - Installed Java(TM) 6 Update 21
RP1292: 8/13/2010 11:07:28 AM - System Checkpoint
RP1293: 8/14/2010 1:04:45 PM - System Checkpoint
RP1294: 8/15/2010 1:07:13 PM - System Checkpoint
RP1295: 8/16/2010 2:15:57 PM - System Checkpoint
RP1296: 8/17/2010 2:56:35 PM - System Checkpoint
RP1297: 8/18/2010 3:02:13 PM - System Checkpoint
RP1298: 8/19/2010 4:02:18 PM - System Checkpoint
RP1299: 8/20/2010 4:47:35 PM - System Checkpoint
RP1300: 8/21/2010 7:07:51 PM - System Checkpoint
RP1301: 8/22/2010 7:27:41 PM - System Checkpoint
RP1302: 8/24/2010 6:55:32 AM - System Checkpoint
RP1303: 8/25/2010 10:26:45 AM - System Checkpoint
RP1304: 8/26/2010 12:22:12 PM - System Checkpoint
RP1305: 8/27/2010 12:50:55 PM - System Checkpoint
RP1306: 8/28/2010 3:57:12 PM - System Checkpoint
RP1307: 8/29/2010 4:57:05 PM - System Checkpoint
RP1308: 8/30/2010 6:48:38 PM - System Checkpoint
RP1309: 9/1/2010 7:00:21 AM - System Checkpoint
RP1310: 9/2/2010 5:18:33 PM - System Checkpoint
RP1311: 9/3/2010 6:41:36 PM - System Checkpoint
RP1312: 9/4/2010 7:57:34 PM - System Checkpoint
RP1313: 9/6/2010 8:57:52 AM - System Checkpoint
RP1314: 9/7/2010 12:59:05 AM - Installed Trend Micro RUBotted
RP1315: 9/7/2010 1:01:04 AM - Installed HiJackThis
RP1316: 9/7/2010 8:28:16 PM - Software Distribution Service 3.0
RP1317: 9/9/2010 1:30:48 PM - System Checkpoint
RP1318: 9/10/2010 12:32:30 AM - Removed GoBoingo!
RP1319: 9/10/2010 12:36:44 AM - Removed GameTap
RP1320: 9/10/2010 12:42:02 AM - Removed Windows Mobile Daylight Saving Time 2007 Updates
RP1321: 9/10/2010 1:07:31 AM - Removed Microsoft ActiveSync 4.0

==== Installed Programs ======================

2x1/4x1 USB Peripheral Switch
Ad-Aware
Adobe Flash Player 10 Plugin
Adobe Reader 7.1.0
Adobe Shockwave Player 11
AOLIcon
Audioblast
Avery Wizard 3.1
Best Buy Digital Music Store
Best Buy Rhapsody
Bluetooth Stack for Windows by Toshiba
Broadcom Management Programs
Business Complete Care Services Agreement
Canon MF3200 Series
Canon MP960
CDDRV_Installer
Comcast Desktop Software (v1.2.0.9)
Conexant HDA D110 MDC V.92 Modem
Corel Photo Album 6
Critical Update for Windows Media Player 11 (KB959772)
Dell Digital Jukebox Driver
Dell Media Experience
Dell Support Center
Dell System Restore
DellSupport
Desktop Doctor
Digital Content Portal
Digital Line Detect
DigitalPersona Password Manager 1.0.1
DivX Content Uploader
ELIcon
Garmin Communicator Plugin
Garmin USB Drivers
Garmin WebUpdater
High Definition Audio Driver Package - KB835221
HiJackThis
HijackThis 1.99.1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Hoyle Board Games 4
Hoyle Card Games 2005
Intel AppUp(SM) center Beta
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless Software
InterActual Player
J2SE Runtime Environment 5.0 Update 11
Java 2 Runtime Environment, SE v1.4.2_03
Java Auto Updater
Java(TM) 6 Update 21
KhalInstallWrapper
LeapFrog Connect
LeapFrog My Pals Plugin
LeapFrog Tag Junior Plugin
Learn2 Player (Uninstall Only)
LG USB Modem driver
Logitech Harmony Remote Software 7
Logitech SetPoint
Macromedia Flash Player
Malwarebytes' Anti-Malware
McAfee VirusScan Enterprise
mCore
MCU
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Location Finder
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Office Small Business Management Edition 2006 CD 2
Microsoft Silverlight
Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
mIWA
mLogView
mMHouse
Modem Helper
Mozilla Firefox (3.5.12)
Mozilla Firefox (3.6b5)
mPfMgr
mPfWiz
mProSafe
mSSO
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
mWlsSafe
mWMI
mXML
mZConfig
NetWaiting
PowerDVD 5.7
Q-bert (remove only)
Qualxserve Service Agreement
QuickBooks Simple Start Special Edition
QuickSet
QuickTime
RealPlayer
RealUpgrade 1.0
Remote Control USB Driver
Rhapsody
Rhapsody Player Engine
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
SmartDraw 2008
Sudoku Deluxe (remove only)
Synaptics Pointing Device Driver
Total T3 Field Order Processing
Trend Micro RUBotted
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Junior Plugin)
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VZAccess Manager
WebCyberCoach 3.2 Dell
WebFldrs XP
Wheel of Fortune (remove only)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (03/08/2007 2.2.1.0)
Windows Driver Package - LeapFrog (FlyUsb) USB  (11/05/2008 1.1.1.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows Search 4.0
Windows XP Service Pack 3
WinRAR archiver
WordPerfect Office 12
XML Paper Specification Shared Components Pack 1.0
ZoneAlarm
ZoneAlarm Toolbar

==== Event Viewer Messages From Past Week ========

9/8/2010 12:07:06 PM, error: Service Control Manager [7034]  - The Windows Image Acquisition (WIA) service terminated unexpectedly.  It has done this 1 time(s).
9/7/2010 8:30:24 PM, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 8 for Windows XP.
9/7/2010 8:23:14 PM, error: Service Control Manager [7000]  - The BDVEDISK service failed to start due to the following error:  The system cannot find the file specified.
9/7/2010 4:02:32 AM, error: Service Control Manager [7034]  - The Windows Image Acquisition (WIA) service terminated unexpectedly.  It has done this 3 time(s).
9/5/2010 3:31:04 PM, error: W32Time [17]  - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time-a.nist.gov,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
9/10/2010 1:04:38 AM, error: Service Control Manager [7034]  - The McAfee McShield service terminated unexpectedly.  It has done this 1 time(s).

==== End Of File ===========================

SECURITY CHECKS:

 Results of screen317's Security Check version 0.99.5 
 Windows XP Service Pack 3 
 Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
 Windows Firewall Disabled! 
 McAfee VirusScan Enterprise   
 ZoneAlarm     
 ZoneAlarm Toolbar    
 Trend Micro RUBotted   
 Antivirus out of date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:
 Ad-Aware
 Out of date HijackThis installed!
 Malwarebytes' Anti-Malware   
 HijackThis 1.99.1   
 Java(TM) 6 Update 21 
 Java 2 Runtime Environment, SE v1.4.2_03
 Adobe Flash Player 10.1.82.76 
Adobe Reader 7.1.0
Out of date Adobe Reader installed!
 Mozilla Firefox (3.6b5.) Firefox Out of Date! 
````````````````````````````````
Process Check: 
objlist.exe by Laurent
 Ad-Aware AAWService.exe is disabled!
 Ad-Aware AAWTray.exe is disabled!
 McAfee VirusScan Enterprise Mcshield.exe 
 McAfee VirusScan Enterprise VsTskMgr.exe 
 McAfee VirusScan Enterprise SHSTAT.EXE 
 Zone Labs ZoneAlarm zlclient.exe 
 Trend Micro RUBotted TMRUBotted.exe 
 Trend Micro RUBotted TMRUBottedTray.exe 
````````````````````````````````
DNS Vulnerability Check:
 GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

Richard

Hi Richard,

We have made some inroads and removed a considerable amount of malware. Couple of issues that need to be addressed before we continue. The following security programs are installed :-

BitDefender - Firewall and Anti-virus, this seems to be outdated
ZoneAlarm - Firewall
McAfee VirusScan Enterprise - Anti-virus

Having more than one Firewall and more than one Anti-virus programs installed and running is counter productive and may even negate protection. There should only be one Firewall installed and engaged. Likewise with your Ant-virus, there should only be one AV running with realtime protection engaged
If BitDefender is outdated please uninstall it by using the removal utility available here from BitDefender. Download and save to your Desktop. Next,

When download is finished, go to the download location and double click to run the .exe file.
The uninstall tool interface will be loaded very shortly and click on Uninstall.
When uninstallation is completed, Restart your computer.
That's all to uninstall and remove BitDefender totally.
Delete the Utility from yor Desktop. Next,

You mention Email accounts being compromised. The passwords require resetting, either wait until we confirm your PC is clean or reset them from a known clean computer.

Please continue as follows :-

Step 1

• Re-open Malwarebyts and check for updates.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• Please save the log to a location you will remember.
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Step 2

We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

Combofix

Don`t forget Combofix must be saved to your desktop. <--Very important

Ensure you have disabled your Firwall, all anti virus and anti malware programs so they do not interfere with the running of ComboFix. <---Very important

Please include the C:\ComboFix.txt in your next reply for further review.

Examples of how to disable realtime protection available at the following link :-

Disable realtime protection


Note: Do not click combofix's window with your mouse while it's running. That action may cause it to stall.

*EXTRA NOTES*

• If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
• If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
• If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Let me see the new Malwarebytes log and Combofix log in your reply.

Kevin.

Edit...

Just gone through the logs again and notice you use Ad-Aware too. Please be informed that the latest versions of Ad-Aware now have Anti-virus protection included. It is not recommended to have more than one anti-virus installed on a system, and that doing so not only does not provide better protection, it can actually cause additional problems. Anti-virus programs patch into the system kernel. Having more than one anti-virus patching into the system kernel will not only destabilize a system, it can corrupt system files and can cause crashes!

You can turn off the anti-virus engine as follows:

• Open Ad-Aware
• Click on switch to advanced mode
• Click on Settings
• Click on the Ad-watch live! tab and under Detection layers ensure Antivirus engine is UNchecked
• Click OK and close Ad-Aware

Kevin

-

Kevin:

1. Ad Aware AV turned off.

2. Bit Defender removed completely

Combofix log:

ComboFix 10-09-11.02 - Richard French 09/11/2010  23:03:17.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2038.1112 [GMT -7:00]
Running from: c:\documents and settings\Richard French\My Documents\Downloads\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Richard French\g2mdlhlpx.exe
c:\documents and settings\Richard French\Recent\js_login.url
c:\documents and settings\Richard French\System
c:\documents and settings\Richard French\System\win_qs8.jqx
c:\windows\system32\bszip.dll

.
(((((((((((((((((((((((((   Files Created from 2010-08-12 to 2010-09-12  )))))))))))))))))))))))))))))))
.

2010-09-12 04:30 . 2010-09-12 05:38    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2010-09-10 22:49 . 2010-09-10 22:49    --------    d-----w-    c:\documents and settings\Richard French\Application Data\Malwarebytes
2010-09-10 22:48 . 2010-09-10 22:48    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-08 05:19 . 2010-08-12 12:15    15880    ----a-w-    c:\windows\system32\lsdelete.exe
2010-09-08 03:19 . 2010-09-08 03:19    --------    d-----w-    c:\documents and settings\Richard French\Application Data\CheckPoint
2010-09-08 03:17 . 2010-09-12 05:43    --------    d-----w-    c:\windows\Internet Logs
2010-09-07 18:29 . 2010-08-12 12:15    64288    ----a-w-    c:\windows\system32\drivers\Lbd.sys
2010-09-07 18:29 . 2010-09-07 18:29    95024    ----a-w-    c:\windows\system32\drivers\SBREDrv.sys
2010-09-07 08:25 . 2010-09-07 08:25    --------    d-----w-    c:\documents and settings\Richard French\Local Settings\Application Data\Sunbelt Software
2010-09-07 08:24 . 2010-09-07 08:24    --------    dc-h--w-    c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-09-07 08:24 . 2010-08-12 12:16    2979848    -c--a-w-    c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}\Ad-AwareInstall.exe
2010-09-07 08:24 . 2010-09-07 08:24    --------    d-----w-    c:\program files\Lavasoft
2010-09-07 08:01 . 2010-09-07 08:01    388096    ----a-r-    c:\documents and settings\Richard French\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-07 07:59 . 2008-03-02 10:28    206608    ----a-w-    c:\windows\system32\drivers\TMPassthru.sys
2010-09-07 07:59 . 2010-09-07 08:01    --------    d-----w-    c:\program files\Trend Micro
2010-08-29 06:21 . 2010-08-29 06:21    45056    ----a-w-    c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-08-29 06:21 . 2010-08-29 06:21    45056    ----a-w-    c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-08-29 06:21 . 2010-08-29 06:21    45056    ----a-w-    c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-08-29 06:21 . 2010-08-29 06:21    49152    ----a-w-    c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-08-29 06:21 . 2010-08-29 06:21    45056    ----a-w-    c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-08-29 06:21 . 2010-08-29 06:21    308808    ----a-w-    c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-08-29 06:21 . 2010-08-29 06:21    14848    ----a-w-    c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-08-29 06:21 . 2010-08-29 06:21    40960    ----a-w-    c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-08-29 06:21 . 2010-08-29 06:21    341600    ----a-w-    c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-08-29 06:14 . 2010-08-29 06:14    --------    d-----w-    c:\documents and settings\Richard French\Local Settings\Application Data\Intel

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-12 05:38 . 2010-09-12 05:39    1622528    ----a-w-    c:\windows\Internet Logs\xDB5.tmp
2010-09-12 05:23 . 2010-09-12 05:25    1777152    ----a-w-    c:\windows\Internet Logs\xDB3.tmp
2010-09-12 05:23 . 2010-09-12 05:25    1777152    ----a-w-    c:\windows\Internet Logs\xDB4.tmp
2010-09-12 01:39 . 2006-06-01 04:19    3766    --sha-w-    c:\windows\system32\KGyGaAvL.sys
2010-09-12 01:39 . 2006-06-01 04:19    88    --sh--r-    c:\windows\system32\35CAF81C2B.sys
2010-09-10 08:08 . 2010-01-18 23:02    --------    d-----w-    c:\program files\ydkj volume 2
2010-09-10 08:07 . 2006-06-06 02:12    --------    d-----w-    c:\program files\Microsoft ActiveSync
2010-09-10 08:06 . 2010-08-04 21:51    --------    d-----w-    c:\program files\eMusic Download Manager
2010-09-10 08:06 . 2010-08-04 21:51    --------    d-----w-    c:\documents and settings\Richard French\Application Data\eMusic
2010-09-10 07:43 . 2010-09-10 07:45    1782784    ----a-w-    c:\windows\Internet Logs\xDB1.tmp
2010-09-10 07:43 . 2007-06-01 09:44    --------    d-----w-    c:\documents and settings\Richard French\Application Data\LimeWire
2010-09-10 07:42 . 2010-09-10 07:45    1782272    ----a-w-    c:\windows\Internet Logs\xDB2.tmp
2010-09-10 07:42 . 2010-09-10 07:42    86400    ----a-w-    c:\windows\~GLC0000.TMP
2010-09-10 07:37 . 2007-06-01 09:43    --------    d-----w-    c:\program files\LimeWire
2010-09-10 07:37 . 2008-01-17 01:11    --------    d-----w-    c:\documents and settings\All Users\Application Data\Sony Online Entertainment
2010-09-10 07:37 . 2008-01-17 01:11    --------    d-----w-    c:\program files\Sony Online Entertainment
2010-09-10 07:37 . 2006-05-24 00:07    --------    d--h--w-    c:\program files\InstallShield Installation Information
2010-09-10 07:33 . 2010-03-03 16:01    --------    d-----w-    c:\program files\Citrix
2010-09-08 03:18 . 2010-09-08 03:18    --------    d-----w-    c:\program files\ZoneAlarm
2010-09-08 03:18 . 2010-09-08 03:18    --------    d-----w-    c:\program files\Conduit
2010-09-08 03:18 . 2010-09-08 03:18    --------    d-----w-    c:\program files\CheckPoint
2010-09-08 03:18 . 2010-09-08 03:18    4212    ---ha-w-    c:\windows\system32\zllictbl.dat
2010-09-08 03:18 . 2010-09-08 03:18    --------    d-----w-    c:\program files\Zone Labs
2010-09-07 08:24 . 2008-12-08 14:49    --------    d-----w-    c:\documents and settings\All Users\Application Data\Lavasoft
2010-09-07 08:23 . 2008-12-08 14:48    --------    d-----w-    c:\program files\Common Files\Wise Installation Wizard
2010-09-02 02:56 . 2010-09-08 03:18    52224    ----a-w-    c:\documents and settings\Richard French\Application Data\Mozilla\Firefox\Profiles\k9l1p5ps.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}\components\FFExternalAlert.dll
2010-09-02 02:56 . 2010-09-08 03:18    101376    ----a-w-    c:\documents and settings\Richard French\Application Data\Mozilla\Firefox\Profiles\k9l1p5ps.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}\components\RadioWMPCore.dll
2010-08-29 06:21 . 2006-05-24 00:15    --------    d-----w-    c:\program files\Common Files\Real
2010-08-29 06:20 . 2006-05-24 00:15    --------    d-----w-    c:\program files\Real
2010-08-29 06:13 . 2006-05-24 00:06    --------    d-----w-    c:\documents and settings\All Users\Application Data\Intel
2010-08-29 06:13 . 2006-05-24 00:06    --------    d-----w-    c:\program files\Intel
2010-08-12 16:29 . 2006-05-24 00:04    --------    d-----w-    c:\program files\Common Files\Java
2010-08-12 16:29 . 2010-08-12 16:29    503808    ----a-w-    c:\documents and settings\Richard French\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2683d721-n\msvcp71.dll
2010-08-12 16:29 . 2010-08-12 16:29    61440    ----a-w-    c:\documents and settings\Richard French\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-34a62b23-n\decora-sse.dll
2010-08-12 16:29 . 2010-08-12 16:29    499712    ----a-w-    c:\documents and settings\Richard French\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2683d721-n\jmc.dll
2010-08-12 16:29 . 2010-08-12 16:29    348160    ----a-w-    c:\documents and settings\Richard French\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2683d721-n\msvcr71.dll
2010-08-12 16:29 . 2010-08-12 16:29    12800    ----a-w-    c:\documents and settings\Richard French\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-34a62b23-n\decora-d3d.dll
2010-08-12 16:29 . 2006-05-24 00:04    --------    d-----w-    c:\program files\Java
2010-07-17 12:00 . 2010-08-12 16:29    423656    ----a-w-    c:\windows\system32\deployJava1.dll
2010-06-30 12:31 . 2004-08-11 22:00    149504    ----a-w-    c:\windows\system32\schannel.dll
2010-06-24 12:15 . 2004-08-11 22:00    832512    ----a-w-    c:\windows\system32\wininet.dll
2010-06-24 12:15 . 2004-08-11 22:00    78336    ----a-w-    c:\windows\system32\ieencode.dll
2010-06-24 12:15 . 2004-08-11 22:00    17408    ------w-    c:\windows\system32\corpol.dll
2010-06-23 20:51 . 2010-09-08 03:18    1238528    ----a-w-    c:\windows\system32\zpeng25.dll
2010-06-23 20:51 . 2010-09-08 03:18    103936    ----a-w-    c:\windows\system32\zlcommdb.dll
2010-06-23 20:51 . 2010-09-08 03:18    69120    ----a-w-    c:\windows\system32\zlcomm.dll
2010-06-23 13:44 . 2004-08-11 22:00    1851904    ----a-w-    c:\windows\system32\win32k.sys
2010-06-23 04:20 . 2010-06-23 04:20    2568656    ----a-w-    c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2010-06-21 15:27 . 2006-05-23 23:44    354304    ----a-w-    c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-11 22:00    80384    ----a-w-    c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2004-08-11 22:12    744448    ----a-w-    c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2004-08-11 22:00    1172480    ----a-w-    c:\windows\system32\msxml3.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}"= "c:\program files\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]

[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
2010-05-09 18:50    2517088    ----a-w-    c:\program files\ZoneAlarm\tbZone.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}"= "c:\program files\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]

[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Desktop Software"="c:\program files\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-14 98304]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-23 112216]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 136768]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"DPAgnt"="c:\program files\DigitalPersona\Bin\DPAgnt.exe" [2004-10-14 913408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2009-11-10 443728]
"Intel AppUp(SM) center Beta"="c:\program files\Intel\IntelAppStoreBeta\bin\serviceManager.lnk" [2010-08-29 961]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-08-29 202256]
"TMRUBottedTray"="c:\program files\Trend Micro\RUBotted\TMRUBottedTray.exe" [2008-11-06 288088]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2010-05-26 730600]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
F1U201.401.lnk - c:\program files\Belkin\F1U201.401\usbshare.exe [2008-2-26 135168]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DPWLN  ]
2004-10-14 02:29    102400    ----a-w-    c:\windows\system32\DPWLEvHd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages    REG_MULTI_SZ       scecli DPPWDFLT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2006-02-09 22:34    106496    -c--a-w-    c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 18:09    460784    ----a-w-    c:\program files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-12-10 01:29    49152    -c----w-    c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-12-14 04:41    77824    -c--a-w-    c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-12-14 04:45    118784    -c--a-w-    c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 15:44    249856    -c--a-w-    c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 15:44    81920    -c--a-w-    c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2007-04-11 22:32    56080    -c--a-w-    c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Location Finder]
2005-08-25 01:25    101080    -c--a-w-    c:\program files\Microsoft Location Finder\LocationFinder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
2005-08-12 23:16    1121792    -c--a-w-    c:\program files\McAfee\SpamKiller\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-05-24 00:16    98304    -c--a-w-    c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2005-11-17 02:35    397312    -c--a-w-    c:\windows\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2006-12-15 10:23    75520    -c--a-w-    c:\program files\Java\jre1.5.0_11\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-08-29 06:19    202256    ----a-w-    c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Java\\jre1.5.0_11\\bin\\javaw.exe"=
"c:\\Program Files\\Sony Online Entertainment\\Q-bert\\Q-bert.exe"=
"c:\\Program Files\\Sony Online Entertainment\\Wheel of Fortune\\Wheel of Fortune.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\Rhapsody\\rhapsody.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/7/2010 11:29 AM 64288]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [5/26/2010 6:35 AM 26352]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [5/26/2010 6:35 AM 493032]
R2 RUBotted;Trend Micro RUBotted Service;c:\program files\Trend Micro\RUBotted\TMRUBotted.exe [9/7/2010 12:59 AM 582992]
R3 dpK0Bx01;Fingerprint Reader Filter Driver;c:\windows\system32\drivers\dpK0Bx01.sys [8/4/2004 5:58 PM 32640]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [8/12/2010 5:15 AM 1355928]
R3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\TMPassthru.sys [9/7/2010 12:59 AM 206608]
R3 UsbdpFP;Fingerprint Reader Class Driver;c:\windows\system32\drivers\UsbdpFP.sys [8/4/2004 5:59 PM 34560]
S3 DellBIOS;DellBIOS;c:\windows\DellBIOS.Sys [3/7/2007 10:16 AM 5120]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [1/28/2010 12:37 PM 18560]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/12/2010 5:15 AM 15008]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [12/7/2007 4:53 PM 40832]
S3 spotJ;Spot Software GPS USB Driver;c:\windows\system32\drivers\spotJ.sys [12/9/2006 1:41 AM 34304]
S3 TMPassthru;Trend Micro Passthru Ndis Service;c:\windows\system32\drivers\TMPassthru.sys [9/7/2010 12:59 AM 206608]
.
Contents of the 'Scheduled Tasks' folder

2010-09-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 18:29]

2010-09-12 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3136299633-794121092-4189502116-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 10:02]

2010-08-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3136299633-794121092-4189502116-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 10:02]

2010-09-12 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2008-08-02 16:53]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Richard French\Application Data\Mozilla\Firefox\Profiles\k9l1p5ps.default\
FF - prefs.js: browser.search.selectedEngine - MyWebSearch
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZUfox000&fl=0&ptb=_zgo5ZdJ1sP9l6u2vo.VsQ&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor=
FF - component: c:\documents and settings\Richard French\Application Data\Mozilla\Firefox\Profiles\k9l1p5ps.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Richard French\Application Data\Mozilla\Firefox\Profiles\k9l1p5ps.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}\components\RadioWMPCore.dll
FF - component: c:\program files\CheckPoint\ZAForceField\TrustChecker\components\TrustCheckerMozillaPlugin.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\Richard French\Application Data\Mozilla\Firefox\Profiles\k9l1p5ps.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - plugin: c:\program files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np32dsw.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npnul32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPOFFICE.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppdf32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppl3260.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nprjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nprpjplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-GoBoingo - c:\program files\Boingo\GoBoingo\GoBoingo.lnk
MSConfigStartUp-PC Connection Agent - c:\progra~1\MI3AA1~1\wcescomm.exe
MSConfigStartUp-MMTray - c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
AddRemove-HijackThis - c:\docume~1\RICHAR~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-11 23:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\* Æ]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"

[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\ * Æ]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1284)
c:\windows\system32\DPWLEvHd.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

- - - - - - - > 'lsass.exe'(1340)
c:\windows\DPPWDFLT.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
Completion time: 2010-09-11  23:16:28
ComboFix-quarantined-files.txt  2010-09-12 06:16

Pre-Run: 11,364,384,768 bytes free
Post-Run: 12,544,737,280 bytes free

- - End Of File - - AECD99BF8360D9E31181B199AA806BB2

MALWARE LOG:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4597

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

9/11/2010 9:44:22 PM
mbam-log-2010-09-11 (21-44-22).txt

Scan type: Quick scan
Objects scanned: 152421
Time elapsed: 13 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Hi Richard,

Please proceed as follows :-

Step 1

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text between the dotted lines below into it:


---------------------------------------------------------------------------------------------------------------

KillAll::
File::
c:\windows\Internet Logs\xDB5.tmp
c:\windows\Internet Logs\xDB3.tmp
c:\windows\Internet Logs\xDB4.tmp
c:\windows\Internet Logs\xDB1.tmp
c:\windows\Internet Logs\xDB2.tmp
c:\windows\~GLC0000.TMP
Folder::
c:\program files\LimeWire
c:\documents and settings\Richard French\Application Data\LimeWire












---------------------------------------------------------------------------------------------------------------


Save this as CFScript.txt, in the same location as ComboFix.exe





Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Step 2

Run an online virus scan with Kaspersky from HERE. This scan is very thorough and may take several hours to run, please allow it to complete.
1. At the main page. Press on "Accept". After reading the contents.
2. At the next window Select  Update. Allow the Database to update.
Note: If prompted to run or update your Java, then follow the prompts to do so. Kaspersky requires Java to run.
3. Once the Database has finished, under the Scan icon Select My Computer to start the scan.
4. Select Scan Report.
5. If any threats were found they will appear in the report
6. Select "Save error report as"
Then in the file name just type in kaspersky
Under "save as type" select text .txt
Save it to your Desktop.
Copy and post the results of the Kaspersky Online scan. If no threats were found then report that as well.

The following animation may help.

Kaspersky Gif

Post logs from Combofix and Kaspersky in your reply. Also letme know how your system is responding, any specific issues.

Kevin

System seems to be running about the same as far as speed and program running.  

Combofix:

ComboFix 10-09-12.01 - Richard French 09/12/2010  16:10:03.3.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2038.1197 [GMT -7:00]
Running from: c:\documents and settings\Richard French\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Richard French\My Documents\Downloads\CFScript.txt
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

FILE ::
"c:\windows\~GLC0000.TMP"
"c:\windows\Internet Logs\xDB1.tmp"
"c:\windows\Internet Logs\xDB2.tmp"
"c:\windows\Internet Logs\xDB3.tmp"
"c:\windows\Internet Logs\xDB4.tmp"
"c:\windows\Internet Logs\xDB5.tmp"
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Richard French\Application Data\LimeWire
c:\documents and settings\Richard French\Application Data\LimeWire\.AppSpecialShare\Bill Anderson 16 Albums 1962 - 1969.torrent
c:\documents and settings\Richard French\Application Data\LimeWire\.AppSpecialShare\Bill Anderson 16 Albums 1962 - 1969.torrent.bak
c:\documents and settings\Richard French\Application Data\LimeWire\413splashfree.png
c:\documents and settings\Richard French\Application Data\LimeWire\active.mojito
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xul-v2.0b2.4-do-not-remove
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\chrome\branding.jar
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\chrome\branding.manifest
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\chrome\classic.jar
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\chrome\classic.manifest
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\chrome\comm.jar
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\chrome\comm.manifest
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\chrome\en-US.jar
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\chrome\en-US.manifest
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\chrome\limewire.jar
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\chrome\limewire.manifest
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\chrome\pippki.jar
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\chrome\pippki.manifest
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.jar
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.manifest
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\accessibility-msaa.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\accessibility.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\alerts.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\appshell.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\appstartup.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\auth.dll
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\autocomplete.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\autoconfig.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\caps.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\chardet.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\chrome.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\commandhandler.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\commandlines.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\composer.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\content_base.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\content_html.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\content_htmldoc.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\content_xmldoc.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\content_xslt.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\content_xtf.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\contentprefs.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\cookie.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\directory.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\docshell_base.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\dom.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\dom_base.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\dom_canvas.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\dom_core.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\dom_css.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\dom_events.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\dom_html.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\dom_json.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\dom_loadsave.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\dom_offline.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\dom_range.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\dom_sidebar.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\dom_storage.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\dom_stylesheets.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\dom_svg.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\dom_traversal.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\dom_views.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\dom_xbl.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\dom_xpath.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\dom_xul.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\downloads.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\editor.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\embed_base.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\extensions.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\exthandler.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\exthelper.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\fastfind.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\FeedProcessor.js
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\feeds.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\find.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\gfx.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\htmlparser.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\imgicon.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\imglib2.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\inspector.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\intl.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\jar.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\jsconsole-clhandler.js
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\jsdservice.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\layout_base.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\layout_printing.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\layout_xul.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\layout_xul_tree.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\locale.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\loginmgr.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\lwbrk.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\mimetype.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\mozbrwsr.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\mozfind.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\necko.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\necko_about.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\necko_cache.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\necko_cookie.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\necko_dns.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\necko_file.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\necko_ftp.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\necko_http.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\necko_res.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\necko_socket.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\necko_strconv.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\necko_viewsource.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\nsAddonRepository.js
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\nsBadCertHandler.js
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\nsBlocklistService.js
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\nsContentDispatchChooser.js
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\nsContentPrefService.js
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\nsDefaultCLH.js
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\nsDictionary.js
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\nsDownloadManagerUI.js
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\nsExtensionManager.js
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\nsHandlerService.js
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\nsHelperAppDlg.js
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\nsLivemarkService.js
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\nsLoginInfo.js
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\nsLoginManager.js
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\nsLoginManagerPrompter.js
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\nsPostUpdateWin.js
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\nsProgressDialog.js
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\nsProxyAutoConfig.js
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\nsResetPref.js
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\nsTaggingService.js
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\nsTryToClose.js
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\nsUpdateService.js
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\nsURLFormatter.js
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\nsWebHandlerApp.js
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\nsXmlRpcClient.js
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\nsXULAppInstall.js
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\oji.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\parentalcontrols.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\pipboot.dll
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\pipboot.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\pipnss.dll
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\pipnss.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\pippki.dll
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\pippki.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\places.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\plugin.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\pluginGlue.js
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\pref.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\prefetch.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\profile.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\proxyObject.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\rdf.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\satchel.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\saxparser.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\shistory.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\spellchecker.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\storage-Legacy.js
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\storage.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\toolkitprofile.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\transformiix.dll
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\txEXSLTRegExFunctions.js
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\txmgr.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\txtsvc.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\uconv.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\unicharutil.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\universalchardet.dll
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\update.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\uriloader.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\urlformatter.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\webBrowser_core.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\webbrowserpersist.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\webshell_idls.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\websrvcs.dll
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\widget.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\windowds.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\windowwatcher.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\xml-rpc.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\xmlextras.dll
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\xpcom_base.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\xpcom_components.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\xpcom_ds.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\xpcom_io.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\xpcom_system.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\xpcom_thread.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\xpcom_xpti.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\xpconnect.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\xpinstall.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\xulapp.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\xulapp_setup.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\xuldoc.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\xultmpl.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\xulutil.dll
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\components\zipwriter.xpt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\crashreporter.exe
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\crashreporter.ini
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\platform.js
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\prefcalls.js
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\defaults\pref\xulrunner.js
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userChrome-example.css
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userContent-example.css
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\defaults\profile\localstore.rdf
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userChrome-example.css
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userContent-example.css
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\localstore.rdf
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\dependentlibs.list
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.aff
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.dic
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\freebl3.chk
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\freebl3.dll
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\greprefs\all.js
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\greprefs\security-prefs.js
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\greprefs\xpinstall.js
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\javaxpcom.jar
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\javaxpcomglue.dll
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\js3250.dll
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\LICENSE
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\modules\debug.js
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\modules\DownloadUtils.jsm
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\modules\ISO8601DateUtils.jsm
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\modules\JSON.jsm
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\modules\Microformats.js
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\modules\PluralForm.jsm
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\modules\utils.js
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\modules\XPCOMUtils.jsm
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\mozctl.dll
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\mozctlx.dll
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\MSVCP71.DLL
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\msvcr71.dll
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\nspr4.dll
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\nss3.dll
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\nssckbi.dll
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\nssdbm3.dll
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\nssutil3.dll
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\platform.ini
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\plc4.dll
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\plds4.dll
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\plugins\npnul32.dll
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\README.txt
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\res\arrow.gif
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\res\arrowd.gif
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\res\broken-image.gif
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\res\charsetalias.properties
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\res\charsetData.properties
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\res\contenteditable.css
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\res\designmode.css
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\res\dtd\mathml.dtd
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\res\dtd\xhtml11.dtd
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\res\EditorOverride.css
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Latin1.properties
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Special.properties
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Symbols.properties
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\res\entityTables\htmlEntityVersions.properties
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\res\entityTables\mathml20.properties
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\res\entityTables\transliterate.properties
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfont.properties
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontStandardSymbolsL.properties
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXNonUnicode.properties
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXSize1.properties
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSymbol.properties
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontUnicode.properties
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\res\forms.css
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\res\grabber.gif
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\res\hiddenWindow.html
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\res\html.css
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\res\html\folder.png
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\res\langGroups.properties
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\res\language.properties
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\res\loading-image.gif
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\res\mathml.css
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\res\quirk.css
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\res\svg.css
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-active.gif
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-hover.gif
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after.gif
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-active.gif
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-hover.gif
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before.gif
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-active.gif
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-hover.gif
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after.gif
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-active.gif
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-hover.gif
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before.gif
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-active.gif
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-hover.gif
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\res\table-remove-column.gif
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-active.gif
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-hover.gif
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\res\table-remove-row.gif
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\res\ua.css
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\res\viewsource.css
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\res\wincharset.properties
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\smime3.dll
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\softokn3.chk
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\softokn3.dll
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\sqlite3.dll
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\ssl3.dll
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\updater.exe
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\version.properties
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\xpcom.dll
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\xpcshell.exe
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\xpidl.exe
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\xpt_link.exe
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\xul.dll
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe
c:\documents and settings\Richard French\Application Data\LimeWire\browser\xulrunner\xulrunner.exe
c:\documents and settings\Richard French\Application Data\LimeWire\certificate\limewire.keystore
c:\documents and settings\Richard French\Application Data\LimeWire\createtimes.cache
c:\documents and settings\Richard French\Application Data\LimeWire\data.ser
c:\documents and settings\Richard French\Application Data\LimeWire\downloads.dat
c:\documents and settings\Richard French\Application Data\LimeWire\fileurns.cache
c:\documents and settings\Richard French\Application Data\LimeWire\filters.props
c:\documents and settings\Richard French\Application Data\LimeWire\installation.props
c:\documents and settings\Richard French\Application Data\LimeWire\library.dat
c:\documents and settings\Richard French\Application Data\LimeWire\library5.dat
c:\documents and settings\Richard French\Application Data\LimeWire\limewire.props
c:\documents and settings\Richard French\Application Data\LimeWire\lock
c:\documents and settings\Richard French\Application Data\LimeWire\mojito.props
c:\documents and settings\Richard French\Application Data\LimeWire\mozilla-profile\.autoreg
c:\documents and settings\Richard French\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_001_
c:\documents and settings\Richard French\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_002_
c:\documents and settings\Richard French\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_003_
c:\documents and settings\Richard French\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_MAP_
c:\documents and settings\Richard French\Application Data\LimeWire\mozilla-profile\Cache\1D09BD36d01
c:\documents and settings\Richard French\Application Data\LimeWire\mozilla-profile\Cache\7BD6A121d01
c:\documents and settings\Richard French\Application Data\LimeWire\mozilla-profile\Cache\9FCB996Ed01
c:\documents and settings\Richard French\Application Data\LimeWire\mozilla-profile\Cache\AE98BDEDd01
c:\documents and settings\Richard French\Application Data\LimeWire\mozilla-profile\Cache\BAFF9A9Bd01
c:\documents and settings\Richard French\Application Data\LimeWire\mozilla-profile\cert8.db
c:\documents and settings\Richard French\Application Data\LimeWire\mozilla-profile\compreg.dat
c:\documents and settings\Richard French\Application Data\LimeWire\mozilla-profile\cookies.sqlite
c:\documents and settings\Richard French\Application Data\LimeWire\mozilla-profile\downloads.sqlite
c:\documents and settings\Richard French\Application Data\LimeWire\mozilla-profile\extensions.cache
c:\documents and settings\Richard French\Application Data\LimeWire\mozilla-profile\extensions.ini
c:\documents and settings\Richard French\Application Data\LimeWire\mozilla-profile\history.dat
c:\documents and settings\Richard French\Application Data\LimeWire\mozilla-profile\key3.db
c:\documents and settings\Richard French\Application Data\LimeWire\mozilla-profile\permissions.sqlite
c:\documents and settings\Richard French\Application Data\LimeWire\mozilla-profile\places.sqlite-journal
c:\documents and settings\Richard French\Application Data\LimeWire\mozilla-profile\places.sqlite
c:\documents and settings\Richard French\Application Data\LimeWire\mozilla-profile\pluginreg.dat
c:\documents and settings\Richard French\Application Data\LimeWire\mozilla-profile\prefs.js
c:\documents and settings\Richard French\Application Data\LimeWire\mozilla-profile\secmod.db
c:\documents and settings\Richard French\Application Data\LimeWire\mozilla-profile\XPC.mfl
c:\documents and settings\Richard French\Application Data\LimeWire\mozilla-profile\xpti.dat
c:\documents and settings\Richard French\Application Data\LimeWire\passive.mojito
c:\documents and settings\Richard French\Application Data\LimeWire\player.props
c:\documents and settings\Richard French\Application Data\LimeWire\promotion\promodb.backup
c:\documents and settings\Richard French\Application Data\LimeWire\promotion\promodb.data
c:\documents and settings\Richard French\Application Data\LimeWire\promotion\promodb.lck
c:\documents and settings\Richard French\Application Data\LimeWire\promotion\promodb.log
c:\documents and settings\Richard French\Application Data\LimeWire\promotion\promodb.properties
c:\documents and settings\Richard French\Application Data\LimeWire\promotion\promodb.script
c:\documents and settings\Richard French\Application Data\LimeWire\pub1.key
c:\documents and settings\Richard French\Application Data\LimeWire\public.key
c:\documents and settings\Richard French\Application Data\LimeWire\questions.props
c:\documents and settings\Richard French\Application Data\LimeWire\responses.cache
c:\documents and settings\Richard French\Application Data\LimeWire\secureMessage.key
c:\documents and settings\Richard French\Application Data\LimeWire\simpp.xml
c:\documents and settings\Richard French\Application Data\LimeWire\spam.dat
c:\documents and settings\Richard French\Application Data\LimeWire\tables.props
c:\documents and settings\Richard French\Application Data\LimeWire\themes\windows_theme.lwtp
c:\documents and settings\Richard French\Application Data\LimeWire\themes\windows_theme\01_star.gif
c:\documents and settings\Richard French\Application Data\LimeWire\themes\windows_theme\02_star.gif
c:\documents and settings\Richard French\Application Data\LimeWire\themes\windows_theme\03_star.gif
c:\documents and settings\Richard French\Application Data\LimeWire\themes\windows_theme\04_star.gif
c:\documents and settings\Richard French\Application Data\LimeWire\themes\windows_theme\05_star.gif
c:\documents and settings\Richard French\Application Data\LimeWire\themes\windows_theme\chat.gif
c:\documents and settings\Richard French\Application Data\LimeWire\themes\windows_theme\forward_dn.gif
c:\documents and settings\Richard French\Application Data\LimeWire\themes\windows_theme\forward_up.gif
c:\documents and settings\Richard French\Application Data\LimeWire\themes\windows_theme\kill.gif
c:\documents and settings\Richard French\Application Data\LimeWire\themes\windows_theme\kill_on.gif
c:\documents and settings\Richard French\Application Data\LimeWire\themes\windows_theme\logo.png
c:\documents and settings\Richard French\Application Data\LimeWire\themes\windows_theme\notsearching.png
c:\documents and settings\Richard French\Application Data\LimeWire\themes\windows_theme\pause_dn.gif
c:\documents and settings\Richard French\Application Data\LimeWire\themes\windows_theme\pause_up.gif
c:\documents and settings\Richard French\Application Data\LimeWire\themes\windows_theme\play_dn.gif
c:\documents and settings\Richard French\Application Data\LimeWire\themes\windows_theme\play_up.gif
c:\documents and settings\Richard French\Application Data\LimeWire\themes\windows_theme\question.gif
c:\documents and settings\Richard French\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif
c:\documents and settings\Richard French\Application Data\LimeWire\themes\windows_theme\rewind_up.gif
c:\documents and settings\Richard French\Application Data\LimeWire\themes\windows_theme\searching.gif
c:\documents and settings\Richard French\Application Data\LimeWire\themes\windows_theme\splash.png
c:\documents and settings\Richard French\Application Data\LimeWire\themes\windows_theme\splashpro.png
c:\documents and settings\Richard French\Application Data\LimeWire\themes\windows_theme\stop_dn.gif
c:\documents and settings\Richard French\Application Data\LimeWire\themes\windows_theme\stop_up.gif
c:\documents and settings\Richard French\Application Data\LimeWire\themes\windows_theme\theme.txt
c:\documents and settings\Richard French\Application Data\LimeWire\themes\windows_theme\version.txt
c:\documents and settings\Richard French\Application Data\LimeWire\themes\windows_theme\warning.gif
c:\documents and settings\Richard French\Application Data\LimeWire\ttdata.cache
c:\documents and settings\Richard French\Application Data\LimeWire\ttroot.cache
c:\documents and settings\Richard French\Application Data\LimeWire\update.xml
c:\documents and settings\Richard French\Application Data\LimeWire\version.key
c:\documents and settings\Richard French\Application Data\LimeWire\version.xml
c:\documents and settings\Richard French\Application Data\LimeWire\versions.props
c:\documents and settings\Richard French\Application Data\LimeWire\xml\data\audio.sxml2
c:\documents and settings\Richard French\Application Data\LimeWire\xml\data\audio.sxml3
c:\documents and settings\Richard French\Application Data\LimeWire\xml\data\delete_me
c:\documents and settings\Richard French\Application Data\LimeWire\xml\data\video.sxml3
c:\documents and settings\Richard French\Application Data\LimeWire\xml\misc\application.gif
c:\documents and settings\Richard French\Application Data\LimeWire\xml\misc\audio.gif
c:\documents and settings\Richard French\Application Data\LimeWire\xml\misc\document.gif
c:\documents and settings\Richard French\Application Data\LimeWire\xml\misc\image.gif
c:\documents and settings\Richard French\Application Data\LimeWire\xml\misc\video.gif
c:\documents and settings\Richard French\Application Data\LimeWire\xml\schemas\application.xsd
c:\documents and settings\Richard French\Application Data\LimeWire\xml\schemas\audio.xsd
c:\documents and settings\Richard French\Application Data\LimeWire\xml\schemas\document.xsd
c:\documents and settings\Richard French\Application Data\LimeWire\xml\schemas\image.xsd
c:\documents and settings\Richard French\Application Data\LimeWire\xml\schemas\video.xsd
c:\program files\LimeWire
c:\program files\LimeWire\hs_err_pid2212.log
c:\program files\LimeWire\hs_err_pid2808.log
c:\program files\LimeWire\lib\additional_resources.jar
c:\program files\LimeWire\lib\aopalliance.jar
c:\program files\LimeWire\lib\AppFramework.jar
c:\program files\LimeWire\lib\base64-2.2.2.jar
c:\program files\LimeWire\lib\clink.jar
c:\program files\LimeWire\lib\commons-codec-1.3.jar
c:\program files\LimeWire\lib\commons-logging.jar
c:\program files\LimeWire\lib\commons-math-1.2.jar
c:\program files\LimeWire\lib\daap.jar
c:\program files\LimeWire\lib\dnsjava-2.0.6.jar
c:\program files\LimeWire\lib\EventBus-1.2b.jar
c:\program files\LimeWire\lib\gettext-commons.jar
c:\program files\LimeWire\lib\glazedlists-1.7.0_java15.jar
c:\program files\LimeWire\lib\guice-assistedinject-snapshot.jar
c:\program files\LimeWire\lib\guice-snapshot.jar
c:\program files\LimeWire\lib\hsqldb.jar
c:\program files\LimeWire\lib\httpclient-4.0-beta1.jar
c:\program files\LimeWire\lib\httpcore-4.0-beta2.jar
c:\program files\LimeWire\lib\httpcore-nio-4.0-beta2.jar
c:\program files\LimeWire\lib\icu4j.jar
c:\program files\LimeWire\lib\iTunes-0.0.1.jar
c:\program files\LimeWire\lib\jacob-1.14.1.jar
c:\program files\LimeWire\lib\jaudiotagger.jar
c:\program files\LimeWire\lib\jcip-annotations.jar
c:\program files\LimeWire\lib\jcraft.jar
c:\program files\LimeWire\lib\jdic.dll
c:\program files\LimeWire\lib\jdic.jar
c:\program files\LimeWire\lib\jdic_stub.jar
c:\program files\LimeWire\lib\jflac.jar
c:\program files\LimeWire\lib\jl.jar
c:\program files\LimeWire\lib\jmdns.jar
c:\program files\LimeWire\lib\jna.jar
c:\program files\LimeWire\lib\jogg.jar
c:\program files\LimeWire\lib\jorbis.jar
c:\program files\LimeWire\lib\jxlayer.jar
c:\program files\LimeWire\lib\LimeWire.jar
c:\program files\LimeWire\lib\log4j.jar
c:\program files\LimeWire\lib\messages.jar
c:\program files\LimeWire\lib\miglayout.jar
c:\program files\LimeWire\lib\mozdom4java.jar
c:\program files\LimeWire\lib\MozillaGlue-1.9.jar
c:\program files\LimeWire\lib\MozillaInterfaces-1.9.jar
c:\program files\LimeWire\lib\mozswing.jar
c:\program files\LimeWire\lib\mp3spi.jar
c:\program files\LimeWire\lib\onion-common.jar
c:\program files\LimeWire\lib\onion-fec.jar
c:\program files\LimeWire\lib\smack.jar
c:\program files\LimeWire\lib\smackx-debug.jar
c:\program files\LimeWire\lib\smackx.jar
c:\program files\LimeWire\lib\swing-worker-1.1.jar
c:\program files\LimeWire\lib\swingx-0.9.4.jar
c:\program files\LimeWire\lib\SystemUtilities.dll
c:\program files\LimeWire\lib\tritonus.jar
c:\program files\LimeWire\lib\UnpackedJars.7z
c:\program files\LimeWire\lib\unpackedJars.tmp
c:\program files\LimeWire\lib\vorbisspi.jar
c:\program files\LimeWire\LimeWire.exe
c:\windows\~GLC0000.TMP
c:\windows\Internet Logs\xDB1.tmp
c:\windows\Internet Logs\xDB2.tmp
c:\windows\Internet Logs\xDB3.tmp
c:\windows\Internet Logs\xDB4.tmp
c:\windows\Internet Logs\xDB5.tmp

.
(((((((((((((((((((((((((   Files Created from 2010-08-12 to 2010-09-12  )))))))))))))))))))))))))))))))
.

2010-09-12 04:30 . 2010-09-12 05:38    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2010-09-10 22:49 . 2010-09-10 22:49    --------    d-----w-    c:\documents and settings\Richard French\Application Data\Malwarebytes
2010-09-10 22:48 . 2010-09-10 22:48    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-08 05:19 . 2010-08-12 12:15    15880    ----a-w-    c:\windows\system32\lsdelete.exe
2010-09-08 03:19 . 2010-09-08 03:19    --------    d-----w-    c:\documents and settings\Richard French\Application Data\CheckPoint
2010-09-08 03:17 . 2010-09-12 23:33    --------    d-----w-    c:\windows\Internet Logs
2010-09-07 18:29 . 2010-08-12 12:15    64288    ----a-w-    c:\windows\system32\drivers\Lbd.sys
2010-09-07 18:29 . 2010-09-07 18:29    95024    ----a-w-    c:\windows\system32\drivers\SBREDrv.sys
2010-09-07 08:25 . 2010-09-07 08:25    --------    d-----w-    c:\documents and settings\Richard French\Local Settings\Application Data\Sunbelt Software
2010-09-07 08:24 . 2010-09-07 08:24    --------    dc-h--w-    c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-09-07 08:24 . 2010-09-07 08:24    --------    d-----w-    c:\program files\Lavasoft
2010-09-07 07:59 . 2008-03-02 10:28    206608    ----a-w-    c:\windows\system32\drivers\TMPassthru.sys
2010-09-07 07:59 . 2010-09-07 08:01    --------    d-----w-    c:\program files\Trend Micro
2010-08-29 06:14 . 2010-08-29 06:14    --------    d-----w-    c:\documents and settings\Richard French\Local Settings\Application Data\Intel

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-12 23:30 . 2010-09-12 23:30    1188408    ----a-w-    c:\windows\Internet Logs\tvDebug.Zip
2010-09-12 01:39 . 2006-06-01 04:19    3766    --sha-w-    c:\windows\system32\KGyGaAvL.sys
2010-09-12 01:39 . 2006-06-01 04:19    88    --sh--r-    c:\windows\system32\35CAF81C2B.sys
2010-09-10 08:08 . 2010-01-18 23:02    --------    d-----w-    c:\program files\ydkj volume 2
2010-09-10 08:07 . 2006-06-06 02:12    --------    d-----w-    c:\program files\Microsoft ActiveSync
2010-09-10 08:06 . 2010-08-04 21:51    --------    d-----w-    c:\program files\eMusic Download Manager
2010-09-10 08:06 . 2010-08-04 21:51    --------    d-----w-    c:\documents and settings\Richard French\Application Data\eMusic
2010-09-10 07:37 . 2008-01-17 01:11    --------    d-----w-    c:\documents and settings\All Users\Application Data\Sony Online Entertainment
2010-09-10 07:37 . 2008-01-17 01:11    --------    d-----w-    c:\program files\Sony Online Entertainment
2010-09-10 07:37 . 2006-05-24 00:07    --------    d--h--w-    c:\program files\InstallShield Installation Information
2010-09-10 07:33 . 2010-03-03 16:01    --------    d-----w-    c:\program files\Citrix
2010-09-08 03:18 . 2010-09-08 03:18    --------    d-----w-    c:\program files\ZoneAlarm
2010-09-08 03:18 . 2010-09-08 03:18    --------    d-----w-    c:\program files\Conduit
2010-09-08 03:18 . 2010-09-08 03:18    --------    d-----w-    c:\program files\CheckPoint
2010-09-08 03:18 . 2010-09-08 03:18    4212    ---ha-w-    c:\windows\system32\zllictbl.dat
2010-09-08 03:18 . 2010-09-08 03:18    --------    d-----w-    c:\program files\Zone Labs
2010-09-07 08:24 . 2008-12-08 14:49    --------    d-----w-    c:\documents and settings\All Users\Application Data\Lavasoft
2010-09-07 08:23 . 2008-12-08 14:48    --------    d-----w-    c:\program files\Common Files\Wise Installation Wizard
2010-09-07 08:01 . 2010-09-07 08:01    388096    ----a-r-    c:\documents and settings\Richard French\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-02 02:56 . 2010-09-08 03:18    52224    ----a-w-    c:\documents and settings\Richard French\Application Data\Mozilla\Firefox\Profiles\k9l1p5ps.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}\components\FFExternalAlert.dll
2010-09-02 02:56 . 2010-09-08 03:18    101376    ----a-w-    c:\documents and settings\Richard French\Application Data\Mozilla\Firefox\Profiles\k9l1p5ps.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}\components\RadioWMPCore.dll
2010-08-29 06:21 . 2010-08-29 06:21    45056    ----a-w-    c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-08-29 06:21 . 2010-08-29 06:21    45056    ----a-w-    c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-08-29 06:21 . 2010-08-29 06:21    45056    ----a-w-    c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-08-29 06:21 . 2010-08-29 06:21    49152    ----a-w-    c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-08-29 06:21 . 2010-08-29 06:21    45056    ----a-w-    c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-08-29 06:21 . 2010-08-29 06:21    308808    ----a-w-    c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-08-29 06:21 . 2010-08-29 06:21    14848    ----a-w-    c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-08-29 06:21 . 2010-08-29 06:21    40960    ----a-w-    c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-08-29 06:21 . 2010-08-29 06:21    341600    ----a-w-    c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-08-29 06:21 . 2006-05-24 00:15    --------    d-----w-    c:\program files\Common Files\Real
2010-08-29 06:20 . 2006-05-24 00:15    --------    d-----w-    c:\program files\Real
2010-08-29 06:13 . 2006-05-24 00:06    --------    d-----w-    c:\documents and settings\All Users\Application Data\Intel
2010-08-29 06:13 . 2006-05-24 00:06    --------    d-----w-    c:\program files\Intel
2010-08-12 16:29 . 2006-05-24 00:04    --------    d-----w-    c:\program files\Common Files\Java
2010-08-12 16:29 . 2010-08-12 16:29    503808    ----a-w-    c:\documents and settings\Richard French\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2683d721-n\msvcp71.dll
2010-08-12 16:29 . 2010-08-12 16:29    61440    ----a-w-    c:\documents and settings\Richard French\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-34a62b23-n\decora-sse.dll
2010-08-12 16:29 . 2010-08-12 16:29    499712    ----a-w-    c:\documents and settings\Richard French\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2683d721-n\jmc.dll
2010-08-12 16:29 . 2010-08-12 16:29    348160    ----a-w-    c:\documents and settings\Richard French\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2683d721-n\msvcr71.dll
2010-08-12 16:29 . 2010-08-12 16:29    12800    ----a-w-    c:\documents and settings\Richard French\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-34a62b23-n\decora-d3d.dll
2010-08-12 16:29 . 2006-05-24 00:04    --------    d-----w-    c:\program files\Java
2010-08-12 12:16 . 2010-09-07 08:24    2979848    -c--a-w-    c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}\Ad-AwareInstall.exe
2010-07-17 12:00 . 2010-08-12 16:29    423656    ----a-w-    c:\windows\system32\deployJava1.dll
2010-06-30 12:31 . 2004-08-11 22:00    149504    ----a-w-    c:\windows\system32\schannel.dll
2010-06-24 12:15 . 2004-08-11 22:00    832512    ----a-w-    c:\windows\system32\wininet.dll
2010-06-24 12:15 . 2004-08-11 22:00    78336    ----a-w-    c:\windows\system32\ieencode.dll
2010-06-24 12:15 . 2004-08-11 22:00    17408    ------w-    c:\windows\system32\corpol.dll
2010-06-23 20:51 . 2010-09-08 03:18    1238528    ----a-w-    c:\windows\system32\zpeng25.dll
2010-06-23 20:51 . 2010-09-08 03:18    103936    ----a-w-    c:\windows\system32\zlcommdb.dll
2010-06-23 20:51 . 2010-09-08 03:18    69120    ----a-w-    c:\windows\system32\zlcomm.dll
2010-06-23 13:44 . 2004-08-11 22:00    1851904    ----a-w-    c:\windows\system32\win32k.sys
2010-06-23 04:20 . 2010-06-23 04:20    2568656    ----a-w-    c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2010-06-21 15:27 . 2006-05-23 23:44    354304    ----a-w-    c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-11 22:00    80384    ----a-w-    c:\windows\system32\iccvid.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}"= "c:\program files\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]

[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
2010-05-09 18:50    2517088    ----a-w-    c:\program files\ZoneAlarm\tbZone.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}"= "c:\program files\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]

[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Desktop Software"="c:\program files\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-14 98304]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-23 112216]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 136768]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"DPAgnt"="c:\program files\DigitalPersona\Bin\DPAgnt.exe" [2004-10-14 913408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2009-11-10 443728]
"Intel AppUp(SM) center Beta"="c:\program files\Intel\IntelAppStoreBeta\bin\serviceManager.lnk" [2010-08-29 961]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-08-29 202256]
"TMRUBottedTray"="c:\program files\Trend Micro\RUBotted\TMRUBottedTray.exe" [2008-11-06 288088]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2010-05-26 730600]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
F1U201.401.lnk - c:\program files\Belkin\F1U201.401\usbshare.exe [2008-2-26 135168]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DPWLN  ]
2004-10-14 02:29    102400    ----a-w-    c:\windows\system32\DPWLEvHd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages    REG_MULTI_SZ       scecli DPPWDFLT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2006-02-09 22:34    106496    -c--a-w-    c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 18:09    460784    ----a-w-    c:\program files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-12-10 01:29    49152    -c----w-    c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-12-14 04:41    77824    -c--a-w-    c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-12-14 04:45    118784    -c--a-w-    c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 15:44    249856    -c--a-w-    c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 15:44    81920    -c--a-w-    c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2007-04-11 22:32    56080    -c--a-w-    c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Location Finder]
2005-08-25 01:25    101080    -c--a-w-    c:\program files\Microsoft Location Finder\LocationFinder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
2005-08-12 23:16    1121792    -c--a-w-    c:\program files\McAfee\SpamKiller\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-05-24 00:16    98304    -c--a-w-    c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2005-11-17 02:35    397312    -c--a-w-    c:\windows\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2006-12-15 10:23    75520    -c--a-w-    c:\program files\Java\jre1.5.0_11\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-08-29 06:19    202256    ----a-w-    c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Java\\jre1.5.0_11\\bin\\javaw.exe"=
"c:\\Program Files\\Sony Online Entertainment\\Q-bert\\Q-bert.exe"=
"c:\\Program Files\\Sony Online Entertainment\\Wheel of Fortune\\Wheel of Fortune.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\Rhapsody\\rhapsody.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/7/2010 11:29 AM 64288]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [5/26/2010 6:35 AM 26352]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [5/26/2010 6:35 AM 493032]
R2 RUBotted;Trend Micro RUBotted Service;c:\program files\Trend Micro\RUBotted\TMRUBotted.exe [9/7/2010 12:59 AM 582992]
R3 dpK0Bx01;Fingerprint Reader Filter Driver;c:\windows\system32\drivers\dpK0Bx01.sys [8/4/2004 5:58 PM 32640]
R3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\TMPassthru.sys [9/7/2010 12:59 AM 206608]
R3 UsbdpFP;Fingerprint Reader Class Driver;c:\windows\system32\drivers\UsbdpFP.sys [8/4/2004 5:59 PM 34560]
S3 DellBIOS;DellBIOS;c:\windows\DellBIOS.Sys [3/7/2007 10:16 AM 5120]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [1/28/2010 12:37 PM 18560]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [8/12/2010 5:15 AM 1355928]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/12/2010 5:15 AM 15008]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [12/7/2007 4:53 PM 40832]
S3 spotJ;Spot Software GPS USB Driver;c:\windows\system32\drivers\spotJ.sys [12/9/2006 1:41 AM 34304]
S3 TMPassthru;Trend Micro Passthru Ndis Service;c:\windows\system32\drivers\TMPassthru.sys [9/7/2010 12:59 AM 206608]
.
Contents of the 'Scheduled Tasks' folder

2010-09-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 18:29]

2010-09-12 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3136299633-794121092-4189502116-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 10:02]

2010-08-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3136299633-794121092-4189502116-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 10:02]

2010-09-12 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2008-08-02 16:53]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Richard French\Application Data\Mozilla\Firefox\Profiles\k9l1p5ps.default\
FF - prefs.js: browser.search.selectedEngine - MyWebSearch
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZUfox000&fl=0&ptb=_zgo5ZdJ1sP9l6u2vo.VsQ&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor=
FF - component: c:\documents and settings\Richard French\Application Data\Mozilla\Firefox\Profiles\k9l1p5ps.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Richard French\Application Data\Mozilla\Firefox\Profiles\k9l1p5ps.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}\components\RadioWMPCore.dll
FF - component: c:\program files\CheckPoint\ZAForceField\TrustChecker\components\TrustCheckerMozillaPlugin.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\Richard French\Application Data\Mozilla\Firefox\Profiles\k9l1p5ps.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - plugin: c:\program files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np32dsw.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npnul32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPOFFICE.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppdf32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppl3260.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nprjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nprpjplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-12 16:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\* Æ]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"

[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\ * Æ]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1292)
c:\windows\system32\DPWLEvHd.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll

- - - - - - - > 'lsass.exe'(1348)
c:\windows\DPPWDFLT.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

- - - - - - - > 'explorer.exe'(3536)
c:\windows\system32\WININET.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\program files\DigitalPersona\Bin\DpOFeedb.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\DigitalPersona\Bin\DPWinLct.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\program files\DigitalPersona\Bin\DpHost.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\DigitalPersona\Bin\DPFUSMgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\program files\McAfee\Common Framework\McTray.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\Intel\IntelAppStoreBeta\bin\serviceManager.exe
.
**************************************************************************
.
Completion time: 2010-09-12  16:41:06 - machine was rebooted
ComboFix-quarantined-files.txt  2010-09-12 23:40
ComboFix2.txt  2010-09-12 06:16

Pre-Run: 12,492,054,528 bytes free
Post-Run: 12,386,914,304 bytes free

- - End Of File - - AE91E8E0B07223F9446FDE4B48A4D2DB

Kaspersky:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
 Sunday, September 12, 2010
 Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
 Kaspersky Online Scanner version: 7.0.26.13
 Last database update: Sunday, September 12, 2010 21:45:46
 Records in database: 4212319
--------------------------------------------------------------------------------

Scan settings:
    scan using the following database: extended
    Scan archives: yes
    Scan e-mail databases: yes

Scan area - My Computer:
    C:\
    D:\
    E:\

Scan statistics:
    Objects scanned: 93095
    Threats found: 2
    Infected objects found: 2
    Suspicious objects found: 0
    Scan duration: 02:04:00


File name / Threat / Threats count
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1321\A0178101.DLL    Infected: not-a-virus:Garbage.Win32.WebToolbar.aq    1
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1321\A0178106.DLL    Infected: not-a-virus:Garbage.Win32.WebToolbar.ap    1

Selected area has been scanned.

THANKS FOR THE HELP!!

Richard

Kevin:

Before last nights to do list (the one before the set above), my computer again sent the same spam viagra email to the same list of recipients.  I am ready to change the password at your notification.

Hijack this:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:06:27 PM, on 9/13/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17080)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\DigitalPersona\Bin\DPWinLct.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\DigitalPersona\Bin\DpHost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Intel\IntelAppStoreBeta\bin\serviceManager.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\SupportSoft\bin\bcont.exe
C:\Program Files\Belkin\F1U201.401\usbshare.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\NOS\bin\getPlusPlus_Adobe.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DPAgnt] C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [Monitor] "C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe"
O4 - HKLM\..\Run: [Intel AppUp(SM) center Beta] "C:\Program Files\Intel\IntelAppStoreBeta\bin\serviceManager.lnk"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [TMRUBottedTray] "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKCU\..\Run: [Desktop Software] "C:\Program Files\Common Files\SupportSoft\bin\bcont.exe"  /ini "C:\Program Files\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
O4 - Global Startup: F1U201.401.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_21.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_21.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: DPWLN   - C:\WINDOWS\system32\DPWLEvHd.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10878 bytes

Richard

Hiya Richard,

I`d say those emails did not come from your computer, the opening line is "Forwarded Message" this is a ploy used by by third party agents to advertise goods. The email would never be opened by anyone if they didn`t recognize the sender. (They use your name so it appears as forwarded by you)

You will have had spyware on your pc that monitored your activities, hence only recent email addresses used and not your full book. We`ve cleaned the malware out so you should be ok now.

These companies dont tend to prolong using a mule (you) in case you start to investigate them.

Regarding Script Blocker, keep using it. When you are happy with a site you can tell Script blocker to ignore it in the future, that is more than likely why Secunia didn`t work. Have a look here http://noscript.net/

Take care,

Kevin