AntiVirus Trigger or its evil offspring

Computer has slowed to a crawl recently, and started getting redirected in IE7 to the bogus "Malwre has been found...Continue Unprotected? / Download AntiVirus Trigger" page.
I have been running Norton 360 for a while (few months) but I guess it's crap.
When I kept getting redirected, I downloaded AVG and MalwareBytes, ran both with a regular scan and cleaned infections in safe mode.
Also downloaded and ran "SmitFraudFix.exe" and ran in safe mode (was that a mistake?)
Anyway, computer is still at a crawl. I haven't run into the "Malware detected...continue unprotected / download Antivirus Trigger" page in a while, but every launch of IE7 causes the homepage to reset to a bogus antivirus site, so I think the AntiVirus Trigger is still wreaking havoc.
Switching to Firefox will be virtually impossible. My wife is too set in her ways and the computer only needs to last a few more months anyway (it's already 6 years old).
Here's my log file: (I know it's a mess, but I share a machine with my wife who must download every freaking cute kitty video that exists. And I may have visited a, ahem, "grownup site" or two in my day.) If you guys are in L.A., I might be able to hook you up with a couple tickets to Magic Mountain for free. If you can help. (*disclaimer...I o NOT work for MAgic Mountain or Six Flags for that matter. I know a guy.)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:43:41 PM, on 11/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\WebMediaViewer\hpmon.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\WebMediaViewer\hpmom.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\cidaemon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\update\update.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Jeff\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AvirTrWarningBHO Class - {3A267370-076E-4af4-B986-77626B8E89DF} - C:\Program Files\AvirTrsoftware\AvirTrWarning.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: (no name) - {64466B8E-20A7-4A4A-AFF4-AAD9CA68B52C} - C:\Program Files\WebMediaViewer\hpmun.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: Browser Toolbar - {2EEF94DF-75F6-42E9-B7FB-AF5A170A6E2E} - C:\Program Files\WebMediaViewer\browseul.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.2\SetHook.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Policies\Explorer\Run: [QuickTime Task] C:\Program Files\WebMediaViewer\qttask.exe
O4 - HKLM\..\Policies\Explorer\Run: [VMware hptray] C:\Program Files\WebMediaViewer\hpmon.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: Audible Download Manager.lnk = C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: RemindU - file://C:\Program Files\UpromiseRemindU\System\Temp\upromise_script0.htm
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: (no name) - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.ietoolexpress.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IExplorer Security - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.ietoolexpress.com/redirect.php (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: RemindU - {16BF42FD-CA0A-4f48-819D-B0343254DD67} - file://C:\Program Files\UpromiseRemindU\System\Temp\upromise_script0.htm (file missing) (HKCU)
O16 - DPF: YExplorer1_8US.CAB - http://photos.groups.yahoo.com/ocx/us/yexplorer1_8us.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - https://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://www.stonyfield.com/coupons/scriptX/smsx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-12.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/18d8b2268e9359257a19/netzip/RdxIE601.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.mpix.com/customer/uploading/activex/ImageUploader5.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6934B054-D64F-4DF9-A59F-AFE274711589} (FESUploader Class) - http://www.samsphotoclub.com/upload/FESUploadClientv01.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mpix.com/Customer/Uploading/activex/ImageUploader4.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://targetphoto.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - http://cs8b.instantservice.com/jars/customerxsigned41.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} - http://wdownload.weatherbug.com/minibug/tricklers/AWS/minibuginstaller.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - https://www.dotphoto.com/DPImageUploader.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://www.samsphotoclub.com/upload/FujifilmUploadClient.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - http://www.dpmr.kde.state.ky.us/viewer/activeXViewer/activexviewer.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {D44C75D8-C827-473E-8F68-A77E42500782} (Uploader Class) - http://www.samsphotoclub.com/upload/WebUploadClient.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe (file missing)
O23 - Service: McAfee SpamKiller Server (MskService) - Unknown owner - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe (file missing)
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 15692 bytes

Hello.
It's not virumonde, it's smitfraud.

• Download combofix from here, use the top links - combofix.exe
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
  
  
  
• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
  
  
  
  
• Allow ComboFix to download the Recovery Console.
  
• Accept the End-User License Agreement.
  
• The Recovery Console will be installed.
  
• You will this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

Here's the Combofix log.

Your reply was a bit cryptic...was Smitfraud a malware app hidden as a malware cleaner?

ComboFix 08-11-24.03 - Jeff 2008-11-25 8:55:08.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.51 [GMT -5:00]
Running from: c:\documents and settings\Jeff\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\temp
c:\windows\IE4 Error Log.txt
c:\windows\system32\klogini.dll
F:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-10-25 to 2008-11-25 )))))))))))))))))))))))))))))))
.

2008-11-24 01:16 . 2008-11-24 01:16 d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-24 01:16 . 2008-11-24 01:16 d-------- c:\documents and settings\Jeff\Application Data\Malwarebytes
2008-11-24 01:16 . 2008-11-24 01:16 d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-24 01:16 . 2008-10-22 16:10 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys
2008-11-24 01:16 . 2008-10-22 16:10 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys
2008-11-24 01:05 . 2008-11-25 04:54 d--h----- C:\$AVG8.VAULT$
2008-11-24 00:59 . 2008-11-24 00:59 12,936 --a------ c:\windows\SYSTEM32\DRIVERS\avgrkx86.sys
2008-11-24 00:59 . 2008-11-24 00:59 10,520 --a------ c:\windows\SYSTEM32\avgrsstx.dll
2008-11-24 00:58 . 2008-11-24 21:43 d-------- c:\windows\SYSTEM32\DRIVERS\Avg
2008-11-24 00:58 . 2008-11-24 00:58 d-------- c:\program files\AVG
2008-11-24 00:58 . 2008-11-24 00:58 d-------- c:\documents and settings\All Users\Application Data\avg8
2008-11-24 00:58 . 2008-11-24 00:58 98,440 --a------ c:\windows\SYSTEM32\DRIVERS\avgldx86.sys
2008-11-24 00:58 . 2008-11-24 00:58 90,632 --a------ c:\windows\SYSTEM32\DRIVERS\avgtdix.sys
2008-11-23 23:39 . 2007-09-05 23:22 289,144 --a------ c:\windows\SYSTEM32\VCCLSID.exe
2008-11-23 23:39 . 2006-04-27 16:49 288,417 --a------ c:\windows\SYSTEM32\SrchSTS.exe
2008-11-23 23:39 . 2008-10-01 14:51 87,552 --a------ c:\windows\SYSTEM32\VACFix.exe
2008-11-23 23:39 . 2003-06-05 20:13 53,248 --a------ c:\windows\SYSTEM32\Process.exe
2008-11-23 23:39 . 2004-07-31 17:50 51,200 --a------ c:\windows\SYSTEM32\dumphive.exe
2008-11-23 23:39 . 2007-10-03 23:36 25,600 --a------ c:\windows\SYSTEM32\WS2Fix.exe
2008-11-23 23:39 . 2008-11-24 07:52 3,510 --a------ c:\windows\SYSTEM32\tmp.reg
2008-11-23 17:48 . 2008-11-25 04:11 d-------- c:\program files\AvirTrsoftware
2008-11-23 17:46 . 2008-11-25 04:54 d-------- c:\program files\WebMediaViewer
2008-11-14 20:00 . 2008-11-14 20:00 d-------- c:\documents and settings\All Users\Application Data\Adventure Workshop
2008-11-14 19:57 . 2008-11-14 19:57 d-------- c:\windows\Baggin the Dragon PS - 1st Grade
2008-11-14 19:57 . 2008-11-22 20:38 d-------- c:\program files\Baggin the Dragon PS - 1st Grade
2008-11-12 21:26 . 2008-11-12 21:26 d-------- c:\program files\Hasbro Interactive
2008-10-31 15:59 . 2008-10-31 15:59 d-------- c:\program files\Creative Wonders
2008-10-29 17:27 . 2008-10-29 17:27 d-------- c:\program files\The Learning Company
2008-10-29 17:27 . 1999-11-10 08:16 200,192 --a------ c:\windows\RRM46.pls
2008-10-29 17:27 . 1999-11-10 08:16 188,960 --a------ c:\windows\SYSTEM32\WINGDE.DLL
2008-10-29 17:27 . 1999-11-10 08:16 92,208 --a------ c:\windows\SYSTEM32\WING.DLL
2008-10-29 17:27 . 1999-11-10 08:16 12,800 --a------ c:\windows\SYSTEM32\WING32.DLL
2008-10-29 17:27 . 1999-11-10 08:16 6,736 --a------ c:\windows\SYSTEM32\WINGDIB.DRV
2008-10-29 17:27 . 1999-11-10 08:16 5,024 --a------ c:\windows\SYSTEM32\WINGPAL.WND
2008-10-29 17:26 . 2008-10-29 17:26 d-------- c:\program files\NZRVR
2008-10-29 17:26 . 2008-10-29 17:26 d-------- c:\program files\Connection Wizard
2008-10-26 12:07 . 2008-10-26 12:07 0 --a------ c:\windows\SETUP32.INI
2008-10-26 12:06 . 2008-10-26 12:06 d-------- c:\program files\Living Books
2008-10-26 12:06 . 2002-06-13 02:09 274,432 --a------ c:\windows\TLCUninstall.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-25 14:06 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-05 01:35 --------- d-----w c:\program files\Norton 360
2008-10-29 20:30 1,736 ----a-w c:\windows\SYSTEM32\ealregsnapshot1.reg
2008-10-29 20:30 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-29 20:30 --------- d-----w c:\program files\Electronic Arts
2008-10-29 20:28 --------- d-----w c:\program files\EA GAMES
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:10 453,632 ------w c:\windows\SYSTEM32\DLLCACHE\mrxsmb.sys
2008-10-19 12:45 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2008-10-19 12:45 60,800 ----a-w c:\windows\SYSTEM32\S32EVNT1.DLL
2008-10-19 12:45 123,952 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2008-10-19 12:45 10,671 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2008-10-19 12:45 --------- d-----w c:\program files\Symantec
2008-10-19 12:35 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-10-19 07:01 --------- d-----w c:\documents and settings\Jeff\Application Data\Symantec
2008-10-16 19:13 202,776 ----a-w c:\windows\SYSTEM32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\SYSTEM32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\SYSTEM32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\SYSTEM32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\SYSTEM32\DLLCACHE\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\SYSTEM32\DLLCACHE\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\SYSTEM32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\SYSTEM32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\SYSTEM32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\SYSTEM32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\SYSTEM32\DLLCACHE\wups.dll
2008-10-15 23:26 --------- d-----w c:\documents and settings\Jeff\Application Data\Intuit
2008-10-15 16:57 332,800 ------w c:\windows\SYSTEM32\DLLCACHE\netapi32.dll
2008-10-14 21:26 --------- d-----w c:\program files\Windows Sidebar
2008-10-14 18:47 --------- d-----w c:\program files\Web Publish
2008-10-14 18:44 --------- d-----w c:\program files\Viewpoint
2008-10-14 18:44 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-10-14 18:43 --------- d--h--r c:\documents and settings\All Users\Application Data\yahoo!
2008-10-14 18:37 --------- d-----w c:\program files\Roxio
2008-10-14 18:37 --------- d-----w c:\program files\Common Files\Adaptec Shared
2008-10-14 18:36 --------- d-----w c:\program files\Common Files\Apple
2008-10-14 18:35 --------- d-----w c:\program files\Lavasoft
2008-10-14 18:04 --------- d-----w c:\program files\Seagate
2008-10-14 18:04 --------- d-----w c:\documents and settings\All Users\Application Data\Seagate
2008-10-07 01:29 --------- d-----w c:\program files\iTunes
2008-10-07 01:29 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-07 01:28 --------- d-----w c:\program files\iPod
2008-10-03 17:41 6,066,176 ------w c:\windows\SYSTEM32\DLLCACHE\ieframe.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\SYSTEM32\msxml4.dll
2008-09-15 11:57 1,846,016 ----a-w c:\windows\SYSTEM32\win32k.sys
2008-09-15 11:57 1,846,016 ------w c:\windows\SYSTEM32\DLLCACHE\win32k.sys
2008-09-04 16:42 1,106,944 ----a-w c:\windows\SYSTEM32\msxml3.dll
2008-09-04 16:42 1,106,944 ------w c:\windows\SYSTEM32\DLLCACHE\msxml3.dll
2008-08-30 01:06 1,350,664 ----a-w c:\windows\SYSTEM32\msxml6.dll
2008-08-29 14:18 87,336 ----a-w c:\windows\SYSTEM32\dns-sd.exe
2008-08-29 13:53 61,440 ----a-w c:\windows\SYSTEM32\dnssd.dll
2008-08-28 10:04 333,056 ------w c:\windows\SYSTEM32\DLLCACHE\srv.sys
2008-08-27 08:24 3,593,216 ------w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
2008-08-25 08:38 13,824 ------w c:\windows\SYSTEM32\DLLCACHE\ieudinit.exe
2008-08-25 08:37 70,656 ------w c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe
2005-07-20 04:05 91,928 -c--a-w c:\documents and settings\Jeff\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64466B8E-20A7-4A4A-AFF4-AAD9CA68B52C}]
2008-11-24 22:11 31865 --a------ c:\program files\WebMediaViewer\hpmun.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded]
@="{4433A54A-1AC8-432F-90FC-85F045CF383C}"
[HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending]
@="{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}"
[HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected]
@="{476D0EA3-80F9-48B5-B70B-05E677C9C148}"
[HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2006-11-30 4662776]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-10-06 5058560]
"Dell AIO Printer A940"="c:\program files\Dell AIO Printer A940\dlbabmgr.exe" [2003-02-17 86102]
"UpdReg"="c:\windows\UpdReg.EXE" [2004-01-09 90112]
"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2004-01-09 139264]
"MediaFace Integration"="c:\program files\Fellowes\MediaFACE 4.2\SetHook.exe" [2005-03-28 53248]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-24 1235736]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 c:\windows\BCMSMMSG.exe]
"nwiz"="nwiz.exe" [2003-10-06 c:\windows\SYSTEM32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-01-23 171448]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"VMware hptray"="c:\program files\WebMediaViewer\hpmon.exe" [2008-11-23 74537]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= c:\windows\System32\ctmp3.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 7.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 7.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 7.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk
backup=c:\windows\pss\MyWebSearch Email Plugin.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 17:57 289576 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\WINDOWS\\SYSTEM32\\mmc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=


*Newly Created Service* - COMHOST
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-11-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-11-25 c:\windows\Tasks\User_Feed_Synchronization-{C0F9E008-49B9-4ABC-8C2D-BF46EE6E981B}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 18:36]
.
- - - - ORPHANS REMOVED - - - -

BHO-{3A267370-076E-4af4-B986-77626B8E89DF} - c:\program files\AvirTrsoftware\AvirTrWarning.dll
HKCU-Run-Microsoft Works Update Detection - c:\program files\Microsoft Works\WkDetect.exe
HKLM-Run-MISAggregator - (no file)
HKLM-Run-windows auto update - (no file)
HKLM-Explorer_Run-QuickTime Task - c:\program files\WebMediaViewer\qttask.exe
MSConfigStartUp-AdaptecDirectCD - c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
MSConfigStartUp-RealTray - c:\program files\Real\RealPlayer\RealPlay.exe
MSConfigStartUp-Yahoo! Pager - c:\program files\Yahoo!\Messenger\ypager.exe


.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: &Search
IE: RemindU - file://c:\program files\UpromiseRemindU\System\Temp\upromise_script0.htm
IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
IE: {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.ietoolexpress.com/redirect.php
IE: {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.ietoolexpress.com/redirect.php -

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

- c:\windows\Downloaded Program Files\smsx.inf

c:\windows\Downloaded Program Files\ewidoOnlineScan.dll - O16 -: {193C772A-87BE-4B19-A7BB-445B226FE9A1}
hxxp://downloads.ewido.net/ewidoOnlineScan.cab

c:\windows\unicows.dll - c:\windows\Downloaded Program Files\CONFLICT.1\ImageUploader5.ocx
O16 -: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3}
hxxp://www.mpix.com/customer/uploading/activex/ImageUploader5.cab
c:\windows\Downloaded Program Files\CONFLICT.1\ImageUploader5.inf

c:\windows\System32\SHFOLDER.DLL - c:\windows\System32\msvcp71.dll
c:\windows\System32\msvcr71.dll
c:\windows\Downloaded Program Files\CONFLICT.1\libcurl.dll
c:\windows\Downloaded Program Files\CONFLICT.1\FreeImage.dll
c:\windows\Downloaded Program Files\CONFLICT.1\FESUploadClientv01.dll
O16 -: {6934B054-D64F-4DF9-A59F-AFE274711589}
hxxp://www.samsphotoclub.com/upload/FESUploadClientv01.cab
c:\windows\Downloaded Program Files\CONFLICT.1\FESUploadClientv01.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-25 09:04:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(644)
c:\windows\system32\avgrsstx.dll

- - - - - - - > 'lsass.exe'(708)
c:\windows\system32\avgrsstx.dll
.
Completion time: 2008-11-25 9:11:18
ComboFix-quarantined-files.txt 2008-11-25 14:11:02

Pre-Run: 38,668,554,240 bytes free
Post-Run: 38,659,502,080 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

275 --- E O F --- 2008-11-25 01:02:23

Now open a new notepad file.
Input this into the notepad file:

Driver::
Viewpoint Manager Service

Folder::
c:\program files\AvirTrsoftware
c:\program files\WebMediaViewer
c:\program files\Viewpoint
c:\documents and settings\All Users\Application Data\Viewpoint
c:\windows\Downloaded Program Files\smsx.inf

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64466B8E-20A7-4A4A-AFF4-AAD9CA68B52C}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"VMware hptray"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"=dword:00000001

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix.exe again, agree to it's terms and allow it to run, it may want to reboot after it's done. Post the resulting log back here.

OK next combofix log after running the script.

*****Note: Does it matter that I had to do the "drag & drop" operation twice to get comboFix to run ? The first time, the little Combofix status bar showed up, showed 100% prgress with the green bar, then went away and didn't come back (I waited about 15 minutes). So I did the drag & drop again and everything went as I expected.

Also, a promt came up at the beginning of the process asking if I wanted to download a new version of Combofix. I hit no and let it continue working. Was that supposed to happen?

Thanks, now the log as promised.

ComboFix 08-11-24.03 - Jeff 2008-11-25 21:00:57.2 - NTFSx86
Running from: c:\documents and settings\Jeff\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jeff\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Viewpoint
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\ComparativeSearch.xml
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\masteralerts.xml
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\Services_Registry2.xml
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\DynamicSearchTypes.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\featureCommon.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\featureManager.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\global.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\moreManager.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\navigationEvents.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\notificationManager.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\onCloseManager.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\options\images\inner_bl.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\options\images\inner_bot.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\options\images\inner_br.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\options\images\inner_tl.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\options\images\inner_top.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\options\images\inner_tr.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\options\images\s.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\options\index.html
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\options\offline.html
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\options\offline.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\options\options.css
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\options\options.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\options\options.module
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\options\optionsManager.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\options\optionsWindow.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\pingManager.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\selectorManager.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\selectorManager_util.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\tellafriend\offline\images\close.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\tellafriend\offline\images\frame_bottom.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\tellafriend\offline\images\frame_gradient.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\tellafriend\offline\images\frame_left.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\tellafriend\offline\images\frame_right.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\tellafriend\offline\images\frame_top.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\tellafriend\offline\images\header_back.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\tellafriend\offline\images\icon.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\tellafriend\offline\images\left_gradient.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\tellafriend\offline\images\logo.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\tellafriend\offline\images\offlinemsg.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\tellafriend\offline\images\s.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\tellafriend\offline\index.html
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\tellafriend\tellafriend.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\tellafriend\tellafriend.module
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\tellafriend\tellafriendWindow.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\buttons\button_glossy.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\buttons\button_glossy_description.txt
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\buttons\button_glossy_dropdown.html
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\buttons\button_glossy_dropdown.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\dialogs\background.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\dialogs\background_framed.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\dialogs\buttonContainer.html
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\dialogs\buttonContainer.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\dialogs\contents.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\dialogs\dialog.module
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\dialogs\dialogs.js

c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\dialogs\dlgIcons.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\dialogs\dlgIconsLarge.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\dialogs\field.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\dialogs\info.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\dialogs\info.module
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\dialogs\message.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\dialogs\message2.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\dialogs\message3.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\dialogs\progress.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\dialogs\progress.module
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\dialogs\progress.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\dialogs\slideShowDialog.module
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\dialogs\titlebar.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\dropdowns\dropdown.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\dropdowns\dropdown.module
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\dropdowns\dropdowns.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\htmldialog\htmldialog.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\htmldialog\htmldialog.module
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\list\list.swf

c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\listMenu\listMenu.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\listMenu\listMenu.module
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\listMenu\listMenu.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\notification\notification.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\notification\notification.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\options_menu_button\graphics\viewpoint_logo.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\options_menu_button\options_btn.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\preview\preview.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\preview\preview.module
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\preview\preview.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\scrollbar\scrollbar.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\scrollbar\scrollbar.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\searchWidget\DefaultSearchOptions.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\searchWidget\search_buttons.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\searchWidget\searchHistory.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\searchWidget\searchhistory.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\searchWidget\searchWidget.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\searchWidget\searchWidget.module
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\searchWidget\searchWidgetDefinition.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\selectors\selectors.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\selectors\selectors.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\shared_graphics\background.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\shared_graphics\highlight_bottom.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\shared_graphics\highlight_top.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\shared_graphics\popup_cursor.cur
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\shared_graphics\popupmoi.wav
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\shared_graphics\redeye_cursor.cur
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\shared_graphics\size_diagonal1_cursor.cur
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\shared_graphics\size_diagonal2_cursor.cur
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\shared_graphics\size_horizontal_cursor.cur
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\shared_graphics\size_move_cursor.cur
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\shared_graphics\size_vertival_cursor.cur
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\shared_graphics\thumbnail_404.jpg
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\shared_graphics\thumbnail_bookmarks.jpg
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\shared_graphics\thumbnail_search.jpg
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\tray_scroller\tray_scroller.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\tray_scroller\trayScroller.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\utilities.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\ViewBarStringConstants.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\AdvancedOptions\AdvancedOptions.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\AdvancedOptions\AdvancedOptions.module
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\AdvancedOptions\feature.mtx
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\AdvancedOptions\options.html
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\alerts\alerts.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\alerts\alerts.module
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\alerts\alertsDefinition.module
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\alerts\feature.mtx
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\alerts\featureDefinition.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\alerts\graphics\alerts_icon.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\alerts\graphics\alerts_icon.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\alerts\graphics\alerts_text.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\alerts\graphics\list.html
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\alerts\graphics\list.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\alerts\graphics\panel_left_bottom.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\alerts\graphics\panel_left_top.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\alerts\graphics\panel_right_bottom.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\alerts\graphics\tray_face.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\alerts\options.html
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\bookmarks\bookmarks.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\bookmarks\bookmarks.module
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\bookmarks\bookmarksDefinition.module
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\bookmarks\feature.mtx
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\bookmarks\featureDefinitions.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\bookmarks\graphics\bookmarks_icon.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\bookmarks\graphics\bookmarks_icon.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\bookmarks\graphics\bookmarks_text.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\bookmarks\graphics\button_thumbnail_rollover.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\bookmarks\graphics\buttons_bookmarks.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\bookmarks\graphics\buttons_folders.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\bookmarks\graphics\dog_ear.bmp
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\bookmarks\graphics\icon_add.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\bookmarks\graphics\icon_expand.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\bookmarks\graphics\icon_folder.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\bookmarks\graphics\icon_refresh.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\bookmarks\graphics\icon_trash.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\bookmarks\graphics\securelock.bmp
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\bookmarks\graphics\tray_face.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\bookmarks\graphics\tray_face_treeview.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\bookmarks\graphics\treeIcon_folderClosed.bmp
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\bookmarks\graphics\treeIcon_folderOpen.bmp
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\bookmarks\graphics\treeIcon_root.bmp
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\bookmarks\options.html

c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\bookmarks\treeviewDlg.module
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\GeneralOptions\feature.mtx
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\GeneralOptions\featureDefinition.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\GeneralOptions\GeneralOptions.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\GeneralOptions\GeneralOptions.module
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\GeneralOptions\graphics\options_icon.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\GeneralOptions\graphics\options_icon.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\GeneralOptions\graphics\options_text.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\GeneralOptions\graphics\traysize_icon.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\GeneralOptions\graphics\traysize_icon.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\GeneralOptions\graphics\traysize_text.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\GeneralOptions\options.html
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\options\images\inner_bl.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\options\images\inner_bot.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\options\images\inner_br.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\options\images\inner_tl.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\options\images\inner_top.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\options\images\inner_tr.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\options\images\s.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\options\options.css
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\options\options.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoviewVista\core\feature.mtx
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoviewVista\core\featureDefinition.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoviewVista\core\HTMLFeature.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoviewVista\core\HTMLFeature.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoviewVista\core\inioptions.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoviewVista\core\PhotoViewVista.module
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoviewVista\core\PhotoViewVistaDefinition.module
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoviewVista\graphics\offline.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoviewVista\graphics\photoview_icon.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoviewVista\graphics\photoview_icon.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoviewVista\HTMLFeature.html
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoviewVista\includes\default.css
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoviewVista\includes\htmlutils.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoviewVista\notifier.html
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoviewVista\offline.html
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoviewVista\options.html
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\popups\feature.mtx
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\popups\featureDefinitions.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\popups\graphics\popups_icon.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\popups\graphics\popups_icon.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\popups\graphics\popups_text.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\popups\graphics\tray_face.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\popups\options.html
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\popups\popups.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\popups\popups.module
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\popups\popups.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\popups\popupsDefinition.module
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\search\feature.mtx
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\search\featureDefinitions.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\search\graphics\arrow_icon.html
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\search\graphics\arrow_icon.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\search\graphics\highlight_icon.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\search\graphics\highlight_icon.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\search\graphics\highlight_text.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\search\graphics\search_icon.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\search\graphics\search_icon.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\search\graphics\search_text.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\search\graphics\tray_face.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\search\options.html
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\search\search.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\search\search.module
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\search\search.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\search\searchDefinition.module
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\SelectorEditor\feature.mtx
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\SelectorEditor\options.html
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\SelectorEditor\SelectorEditor.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\SelectorEditor\SelectorEditor.module
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\SkinChooser\feature.mtx
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\SkinChooser\options.html
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\SkinChooser\SkinChooser.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\SkinChooser\SkinChooser.module
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\ThemeTemplates\Custom.jpg

c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\ThemeTemplates\Default\defaultSelectors.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\ThemeTemplates\Default\Template.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\ThemeTemplates\Default\Template.js
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\ThemeTemplates\Default\Template.module
c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\ThemeTemplates\Default\TemplateDefinition.js
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Manager\config.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads\Cache\1BA7292ECA282A8B6FFEDC1BC7B78DD924FC1FCF.dat
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads\Cache\37FFDE851F7A7635B8596EB4476467736B074A8F.dat
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads\Cache\49046E2C43A0AFFEA6D9A9007BAE02B708F0F7F1.dat
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads\Cache\5AD99427D5029CCAF7AD0640B85CD80AFD2C5AA4.dat
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads\Cache\87DDC8B961B19EC0966E2A98AD734F5FEAEC078A.dat
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads\Cache\cache.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads\Cache\D6AC19E01A6BF096F3F4A2993D1EF084CE9A990A.dat
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads\Cache\E31A413D3B65802DF9C80AA81669D00046392704.dat
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads\Cache\FBC98F6BFA9328F33B48DFB25539F435C30FFA74.dat
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Manager\history.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Manager\locate-akamai.mtx
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Manager\locate.mtz
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Manager\policy-akamai.mtx
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Manager\policy.mtx
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Manager\ServicesRegistry.xml
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Manager\updates-akamai.mtx
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Manager\updates.mtx
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Manager\vdt.dat
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\Cache\26B77E745E435430EFF854E752CE18185B603C22
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\Cache\cache.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\colorSchemes\backgrounds\Custom.jpg
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\colorSchemes\backgrounds\liberty.jpg
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\colorSchemes\backgrounds\springflowers.jpg
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\colorSchemes\backgrounds\sunflowers.jpg
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\colorSchemes\custom.image
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\colorSchemes\custom2.image
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\colorSchemes\Default.image
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\colorSchemes\Default.scheme
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\colorSchemes\Green.scheme
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\colorSchemes\liberty.image
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\colorSchemes\none.image
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\colorSchemes\Pink.scheme
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\colorSchemes\Purple.scheme
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\colorSchemes\springflowers.image
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\colorSchemes\sunflowers.image
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\colorSchemes\Yellow.scheme
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\graphics\barintro.html
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\graphics\button_dropdown.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\graphics\popupmoi.wav
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\graphics\powered_by_yahoo.bmp
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\graphics\preview.jpg
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\graphics\search_buttons.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\graphics\tellafriend_offline\images\close.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\graphics\tellafriend_offline\images\frame_bottom.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\graphics\tellafriend_offline\images\frame_gradient.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\graphics\tellafriend_offline\images\frame_left.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\graphics\tellafriend_offline\images\frame_right.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\graphics\tellafriend_offline\images\frame_top.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\graphics\tellafriend_offline\images\header_back.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\graphics\tellafriend_offline\images\icon.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\graphics\tellafriend_offline\images\left_gradient.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\graphics\tellafriend_offline\images\logo.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\graphics\tellafriend_offline\images\offlinemsg.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\graphics\tellafriend_offline\images\s.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\graphics\tellafriend_offline\index.html
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\graphics\template_buttons.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\graphics\template_buttons_green.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\graphics\template_buttons_pink.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\graphics\template_buttons_purple.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\graphics\template_buttons_yellow.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\graphics\template_logo.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\graphics\thumbnail_404.jpg
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\graphics\thumbnail_bookmarks.jpg
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\assets\graphics\titlebar.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\default.skin

c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\defaultSelectors.js
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\DynamicSearchTypes.js
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\Amazon\core\feature.mtx
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\Amazon\core\featureDefinition.js
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\Amazon\core\HTMLFeature.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\Amazon\core\HTMLFeature.js
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\Amazon\core\HTMLFeature.module
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\Amazon\core\HTMLFeatureDefinition.module
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\Amazon\core\inioptions.js
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\Amazon\core\PersonalizationWrapper.dll
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\Amazon\graphics\default_icon.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\Amazon\graphics\icons.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\Amazon\HTMLFeature.html
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\Amazon\includes\default.css
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\Amazon\includes\htmlutils.js
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\Amazon\notifier.html
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\Amazon\offline.html
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\ThemeCustomizer\feature.mtx
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\ThemeCustomizer\images\arrow_down.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\ThemeCustomizer\images\arrow_up.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\ThemeCustomizer\images\inner_bl.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\ThemeCustomizer\images\inner_bot.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\ThemeCustomizer\images\inner_br.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\ThemeCustomizer\images\inner_tl.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\ThemeCustomizer\images\inner_top.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\ThemeCustomizer\images\inner_tr.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\ThemeCustomizer\images\s.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\ThemeCustomizer\options.html
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\ThemeCustomizer\ThemeCustomizer.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\ThemeCustomizer\ThemeCustomizer.js
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\ThemeCustomizer\ThemeCustomizer.module
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\Weather\core\feature.mtx
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\Weather\core\featureDefinition.js
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\Weather\core\HTMLFeature.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\Weather\core\HTMLFeature.js
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\Weather\core\HTMLFeature.module
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\Weather\core\HTMLFeatureDefinition.module
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\Weather\core\inioptions.js
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\Weather\graphics\customicon.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\Weather\graphics\default_icon.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\Weather\graphics\icons.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\Weather\HTMLFeature.html
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\Weather\includes\default.css
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\Weather\includes\htmlutils.js
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\Weather\notifier.html
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\Weather\offline.html
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\Weather\options.html
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\production\automationScripts\All Button States.isa
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\production\automationScripts\button_disabled.isa
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\production\automationScripts\button_down.isa
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\production\automationScripts\button_downover.isa
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\production\automationScripts\button_over.isa
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\production\automationScripts\button_up.isa
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\production\automationScripts\create button states.jsfl
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\production\automationScripts\create interface buttons.jsfl
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\production\automationScripts\CreateColorScheme.jsx
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\production\automationScripts\CreateImageScheme.jsx
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\production\automationScripts\interface graphics.isa
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\production\automationScripts\ThemeTemplateProcessor.jsx

c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\production\color_scheme.psd
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\production\imageTemplate.image
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\production\schemeTemplate.scheme
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\production\template_button.psd
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\production\template_interface.psd
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\production\template_themes.psd
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\Template.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\Theme.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\Theme.js
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\assets\colorSchemes\backgrounds\Custom.jpg
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\assets\colorSchemes\backgrounds\vista_gray.jpg
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\assets\colorSchemes\Default.image
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\assets\colorSchemes\none.image
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\assets\colorSchemes\Vista_DefaultAero.scheme
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\assets\colorSchemes\Vista_Gray.image
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\assets\colorSchemes\XP_DefaultBlue.scheme
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\assets\colorSchemes\XP_Olive.scheme
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\assets\colorSchemes\XP_Silver.scheme
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\assets\graphics\barintro.html
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\assets\graphics\barintro_images\logo.gif.bmp
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\assets\graphics\buttons_Vista.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\assets\graphics\buttons_Vista_dialogs.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\assets\graphics\buttons_XP.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\assets\graphics\buttons_XP_dialogs.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\assets\graphics\dropdown_Vista_DefaultAero.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\assets\graphics\dropdown_XP_DefaultBlue.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\assets\graphics\dropdown_XP_Olive.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\assets\graphics\dropdown_XP_Silver.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\assets\graphics\popupmoi.wav
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\assets\graphics\preview.jpg
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\assets\graphics\scrollbar_Vista_DefaultAero.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\assets\graphics\scrollbar_XP_DefaultBlue.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\assets\graphics\scrollbar_XP_Olive.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\assets\graphics\scrollbar_XP_Silver.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\assets\graphics\search_buttons.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\assets\graphics\searchfield.bmp
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\assets\graphics\selector_icon.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\assets\graphics\template_logo.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\assets\graphics\thumbnail_404.jpg
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\assets\graphics\thumbnail_bookmarks.jpg
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\assets\graphics\titlebar_Vista_DefaultAero.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\assets\graphics\titlebar_XP_DefaultBlue.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\assets\graphics\titlebar_XP_Olive.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\assets\graphics\titlebar_XP_Silver.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\defaultSelectors.js
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\DynamicSearchTypes.js
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\Amazon\core\feature.mtx
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\Amazon\core\featureDefinition.js
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\Amazon\core\HTMLFeature.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\Amazon\core\HTMLFeature.js
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\Amazon\core\HTMLFeature.module
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\Amazon\core\HTMLFeatureDefinition.module
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\Amazon\core\inioptions.js
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\Amazon\core\PersonalizationWrapper.dll
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\Amazon\graphics\default_icon.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\Amazon\graphics\icons.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\Amazon\HTMLFeature.html
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\Amazon\notifier.html
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\Amazon\offline.html

c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\options\images\inner_bl.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\options\images\inner_bot.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\options\images\inner_br.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\options\images\inner_tl.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\options\images\inner_top.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\options\images\inner_tr.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\options\images\s.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\options\options.css
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\options\options.js
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\ThemeCustomizer\feature.mtx
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\ThemeCustomizer\images\arrow_down.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\ThemeCustomizer\images\arrow_up.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\ThemeCustomizer\images\inner_bl.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\ThemeCustomizer\images\inner_bot.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\ThemeCustomizer\images\inner_br.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\ThemeCustomizer\images\inner_tl.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\ThemeCustomizer\images\inner_top.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\ThemeCustomizer\images\inner_tr.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\ThemeCustomizer\images\s.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\ThemeCustomizer\options.html
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\ThemeCustomizer\ThemeCustomizer.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\ThemeCustomizer\ThemeCustomizer.js
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\ThemeCustomizer\ThemeCustomizer.module
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\Weather\core\feature.mtx
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\Weather\core\featureDefinition.js
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\Weather\core\HTMLFeature.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\Weather\core\HTMLFeature.js
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\Weather\core\HTMLFeature.module
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\Weather\core\HTMLFeatureDefinition.module
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\Weather\core\inioptions.js
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\Weather\graphics\customicon.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\Weather\graphics\default_icon.gif
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\Weather\graphics\icons.swf
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\Weather\HTMLFeature.html
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\Weather\includes\default.css
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\Weather\includes\htmlutils.js
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\Weather\notifier.html
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\Weather\offline.html
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\Weather\options.html
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\Template.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\Theme.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\Theme.js
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\Windows.skin
c:\program files\AvirTrsoftware
c:\program files\Viewpoint
c:\program files\Viewpoint\Common\ViewpointService.exe
c:\program files\Viewpoint\Common\VistaBoot.sdll
c:\program files\Viewpoint\Viewpoint Manager\CPtask.xml
c:\program files\Viewpoint\Viewpoint Manager\VETScriptInterpreter.dll
c:\program files\Viewpoint\Viewpoint Manager\ViewCP.cpl
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\s.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_header_av.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_header_cp.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_header_up.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_inner_bg.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_inner_bottom.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab_bg.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab1_off.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab1_on.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab2_off.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab2_on.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vwpt_logo.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\options.ini
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\viewpoint.ico
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\vmctrl.html
c:\program files\Viewpoint\Viewpoint Manager\ViewCPexe.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr_.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgrCore.dll
c:\program files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe
c:\program files\Viewpoint\Viewpoint Toolbar\3.8.0\eula.txt
c:\program files\Viewpoint\Viewpoint Toolbar\3.8.0\Uninstaller.exe
c:\program files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarSystemInfo.dll

c:\program files\WebMediaViewer
c:\program files\WebMediaViewer\browseul.dll
c:\program files\WebMediaViewer\hpmom.exe
c:\program files\WebMediaViewer\hpmon.exe
c:\program files\WebMediaViewer\hpmun.dll
c:\program files\WebMediaViewer\hpmun.exe
c:\program files\WebMediaViewer\qttaskm.exe
c:\windows\Downloaded Program Files\smsx.inf\

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_VIEWPOINT_MANAGER_SERVICE
-------\Service_Viewpoint Manager Service


((((((((((((((((((((((((( Files Created from 2008-10-26 to 2008-11-26 )))))))))))))))))))))))))))))))
.

2008-11-24 01:16 . 2008-11-24 01:16 d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-24 01:16 . 2008-11-24 01:16 d-------- c:\documents and settings\Jeff\Application Data\Malwarebytes
2008-11-24 01:16 . 2008-11-24 01:16 d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-24 01:16 . 2008-10-22 16:10 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys
2008-11-24 01:16 . 2008-10-22 16:10 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys
2008-11-24 01:05 . 2008-11-25 04:54 d--h----- C:\$AVG8.VAULT$
2008-11-24 00:59 . 2008-11-24 00:59 12,936 --a------ c:\windows\SYSTEM32\DRIVERS\avgrkx86.sys
2008-11-24 00:59 . 2008-11-24 00:59 10,520 --a------ c:\windows\SYSTEM32\avgrsstx.dll
2008-11-24 00:58 . 2008-11-24 21:43 d-------- c:\windows\SYSTEM32\DRIVERS\Avg
2008-11-24 00:58 . 2008-11-24 00:58 d-------- c:\program files\AVG
2008-11-24 00:58 . 2008-11-24 00:58 d-------- c:\documents and settings\All Users\Application Data\avg8
2008-11-24 00:58 . 2008-11-24 00:58 98,440 --a------ c:\windows\SYSTEM32\DRIVERS\avgldx86.sys
2008-11-24 00:58 . 2008-11-24 00:58 90,632 --a------ c:\windows\SYSTEM32\DRIVERS\avgtdix.sys
2008-11-23 23:39 . 2007-09-05 23:22 289,144 --a------ c:\windows\SYSTEM32\VCCLSID.exe
2008-11-23 23:39 . 2006-04-27 16:49 288,417 --a------ c:\windows\SYSTEM32\SrchSTS.exe
2008-11-23 23:39 . 2008-10-01 14:51 87,552 --a------ c:\windows\SYSTEM32\VACFix.exe
2008-11-23 23:39 . 2003-06-05 20:13 53,248 --a------ c:\windows\SYSTEM32\Process.exe
2008-11-23 23:39 . 2004-07-31 17:50 51,200 --a------ c:\windows\SYSTEM32\dumphive.exe
2008-11-23 23:39 . 2007-10-03 23:36 25,600 --a------ c:\windows\SYSTEM32\WS2Fix.exe
2008-11-23 23:39 . 2008-11-24 07:52 3,510 --a------ c:\windows\SYSTEM32\tmp.reg
2008-11-14 20:00 . 2008-11-14 20:00 d-------- c:\documents and settings\All Users\Application Data\Adventure Workshop
2008-11-14 19:57 . 2008-11-14 19:57 d-------- c:\windows\Baggin the Dragon PS - 1st Grade
2008-11-14 19:57 . 2008-11-22 20:38 d-------- c:\program files\Baggin the Dragon PS - 1st Grade
2008-11-12 21:26 . 2008-11-12 21:26 d-------- c:\program files\Hasbro Interactive
2008-10-31 15:59 . 2008-10-31 15:59 d-------- c:\program files\Creative Wonders
2008-10-29 17:27 . 2008-10-29 17:27 d-------- c:\program files\The Learning Company
2008-10-29 17:27 . 1999-11-10 08:16 200,192 --a------ c:\windows\RRM46.pls
2008-10-29 17:27 . 1999-11-10 08:16 188,960 --a------ c:\windows\SYSTEM32\WINGDE.DLL
2008-10-29 17:27 . 1999-11-10 08:16 92,208 --a------ c:\windows\SYSTEM32\WING.DLL
2008-10-29 17:27 . 1999-11-10 08:16 12,800 --a------ c:\windows\SYSTEM32\WING32.DLL
2008-10-29 17:27 . 1999-11-10 08:16 6,736 --a------ c:\windows\SYSTEM32\WINGDIB.DRV
2008-10-29 17:27 . 1999-11-10 08:16 5,024 --a------ c:\windows\SYSTEM32\WINGPAL.WND
2008-10-29 17:26 . 2008-10-29 17:26 d-------- c:\program files\NZRVR
2008-10-29 17:26 . 2008-10-29 17:26 d-------- c:\program files\Connection Wizard
2008-10-26 12:07 . 2008-10-26 12:07 0 --a------ c:\windows\SETUP32.INI
2008-10-26 12:06 . 2008-10-26 12:06 d-------- c:\program files\Living Books
2008-10-26 12:06 . 2002-06-13 02:09 274,432 --a------ c:\windows\TLCUninstall.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-26 02:27 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-05 01:35 --------- d-----w c:\program files\Norton 360
2008-10-29 20:30 1,736 ----a-w c:\windows\SYSTEM32\ealregsnapshot1.reg
2008-10-29 20:30 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-29 20:30 --------- d-----w c:\program files\Electronic Arts
2008-10-29 20:28 --------- d-----w c:\program files\EA GAMES
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:10 453,632 ------w c:\windows\SYSTEM32\DLLCACHE\mrxsmb.sys
2008-10-19 12:45 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2008-10-19 12:45 60,800 ----a-w c:\windows\SYSTEM32\S32EVNT1.DLL
2008-10-19 12:45 123,952 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2008-10-19 12:45 10,671 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2008-10-19 12:45 --------- d-----w c:\program files\Symantec
2008-10-19 12:35 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-10-19 07:01 --------- d-----w c:\documents and settings\Jeff\Application Data\Symantec
2008-10-16 19:13 202,776 ----a-w c:\windows\SYSTEM32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\SYSTEM32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\SYSTEM32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\SYSTEM32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\SYSTEM32\DLLCACHE\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\SYSTEM32\DLLCACHE\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\SYSTEM32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\SYSTEM32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\SYSTEM32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\SYSTEM32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\SYSTEM32\DLLCACHE\wups.dll
2008-10-15 23:26 --------- d-----w c:\documents and settings\Jeff\Application Data\Intuit
2008-10-15 16:57 332,800 ------w c:\windows\SYSTEM32\DLLCACHE\netapi32.dll
2008-10-14 21:26 --------- d-----w c:\program files\Windows Sidebar
2008-10-14 18:47 --------- d-----w c:\program files\Web Publish
2008-10-14 18:43 --------- d--h--r c:\documents and settings\All Users\Application Data\yahoo!
2008-10-14 18:37 --------- d-----w c:\program files\Roxio
2008-10-14 18:37 --------- d-----w c:\program files\Common Files\Adaptec Shared
2008-10-14 18:36 --------- d-----w c:\program files\Common Files\Apple
2008-10-14 18:35 --------- d-----w c:\program files\Lavasoft
2008-10-14 18:04 --------- d-----w c:\program files\Seagate
2008-10-14 18:04 --------- d-----w c:\documents and settings\All Users\Application Data\Seagate
2008-10-07 01:29 --------- d-----w c:\program files\iTunes
2008-10-07 01:29 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-07 01:28 --------- d-----w c:\program files\iPod
2008-10-03 17:41 6,066,176 ------w c:\windows\SYSTEM32\DLLCACHE\ieframe.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\SYSTEM32\msxml4.dll
2008-09-15 11:57 1,846,016 ----a-w c:\windows\SYSTEM32\win32k.sys
2008-09-15 11:57 1,846,016 ------w c:\windows\SYSTEM32\DLLCACHE\win32k.sys
2008-09-04 16:42 1,106,944 ----a-w c:\windows\SYSTEM32\msxml3.dll
2008-09-04 16:42 1,106,944 ------w c:\windows\SYSTEM32\DLLCACHE\msxml3.dll
2008-08-30 01:06 1,350,664 ----a-w c:\windows\SYSTEM32\msxml6.dll
2008-08-29 14:18 87,336 ----a-w c:\windows\SYSTEM32\dns-sd.exe
2008-08-29 13:53 61,440 ----a-w c:\windows\SYSTEM32\dnssd.dll
2008-08-28 10:04 333,056 ------w c:\windows\SYSTEM32\DLLCACHE\srv.sys
2008-08-27 08:24 3,593,216 ------w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
2005-07-20 04:05 91,928 -c--a-w c:\documents and settings\Jeff\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( snapshot@2008-11-25_ 9.09.34.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-21 01:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
+ 2008-11-26 02:26:08 16,384 ----atw c:\windows\temp\Perflib_Perfdata_658.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded]
@="{4433A54A-1AC8-432F-90FC-85F045CF383C}"
[HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending]
@="{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}"
[HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected]
@="{476D0EA3-80F9-48B5-B70B-05E677C9C148}"
[HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2006-11-30 4662776]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-10-06 5058560]
"Dell AIO Printer A940"="c:\program files\Dell AIO Printer A940\dlbabmgr.exe" [2003-02-17 86102]
"UpdReg"="c:\windows\UpdReg.EXE" [2004-01-09 90112]
"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2004-01-09 139264]
"MediaFace Integration"="c:\program files\Fellowes\MediaFACE 4.2\SetHook.exe" [2005-03-28 53248]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-24 1235736]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 c:\windows\BCMSMMSG.exe]
"nwiz"="nwiz.exe" [2003-10-06 c:\windows\SYSTEM32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-01-23 171448]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2007-11-16 1697112]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2002-10-21 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= c:\windows\System32\ctmp3.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 7.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 7.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 7.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk
backup=c:\windows\pss\MyWebSearch Email Plugin.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 17:57 289576 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\WINDOWS\\SYSTEM32\\mmc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=


*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2008-11-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-11-26 c:\windows\Tasks\User_Feed_Synchronization-{C0F9E008-49B9-4ABC-8C2D-BF46EE6E981B}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 18:36]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-25 21:32:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE
c:\windows\SYSTEM32\LEXBCES.EXE
c:\windows\SYSTEM32\LEXPPS.EXE
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\progra~1\AVG\AVG8\avgwdsvc.exe
c:\program files\Seagate\Basics\Service\SyncServicesBasics.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\SYSTEM32\CTsvcCDA.EXE
c:\windows\SYSTEM32\nvsvc32.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\windows\SYSTEM32\wdfmgr.exe
c:\windows\SYSTEM32\MsPMSPSv.exe
c:\progra~1\AVG\AVG8\avgemc.exe
c:\program files\Dell AIO Printer A940\dlbabmon.exe
c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
.
**************************************************************************
.
Completion time: 2008-11-25 21:55:11 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-26 02:54:52
ComboFix2.txt 2008-11-25 14:11:22

Pre-Run: 40,455,086,080 bytes free
Post-Run: 40,352,178,176 bytes free

746 --- E O F --- 2008-11-25 01:02:23

Logs look clean, what problems remain?

I'm at work right now, not at my home machine, so I can't do anything on the affected machine until later tonight.

However, I can tell you that after I posted the log from combofix, Norton came up and flagged a trojan.zlob or zorb...I hit "Fix" and it said fixed successfully.

The machine is really dragging now...takes upwards of 3 minutes to load the geekpolice main page for example. I read in other posts that Norton is a resource hog. I installed AVG and I guess I could uninstall Norton, but AVG keeps giving me a warning saying it's missing a dll file in one of the modules.

If I just go through the "Add / remove programs" console, will that be able to completely uninstall norton? Then uninstall AVG and reinstall?

If I wanted to use Norton's backup utilities, could I still run that without having the AV or AS modules running? Or could you recommend an alternate backup scheduler utility?

Thanks again for your help. I haven't seen anything in any other posts about how you guys makie money to live...do you accept contributions for your work?

J

Yes, Norton can drag down the system.
Do you know where it's finding the Zlob trojan?

Try this one when you get home.

1) Antivir PersonalEditionClassic
-Free anti-virus software for Windows.
-Detects and removes more than 50,000 viruses. Free support.

Thanks for the suggestion. I'll install it as soon as I get the chance. I take it you recommend that product over AVG or Norton? (I should uninstall both AVG and Norton first?)

The machine is still veeeeery slow, but maybe that's just a consequence of an old machine with a lot of crap running on it.

For what it's worth, Norton still finds the Trojan.zlob about every other day (we do an auto scan every morning) and says it removes the file. How can I tell where it's finding it?

J

AVG is better than Norton in my opinion, but there's a few things AVG could of left out to make it faster, that's why I posted Avira instead.
Yes, please uninstall both AVG and Norton before installing Avira.

Your log looks good, where is Norton reporting the Zlob?
Delete this folder:
C:\Qoobox

Due to lack of feedback, this topic is closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.