I'm Running Into Some Big Problems

sconroy1 · March 23, 2009

Hey all,

First off thanks for all you do. You have no idea how much of an asset those of you who are willing to help can be in times of need. I've never posted here, but I've run into a bit, of a problem here. I tried to download a movie that I needed to watch for a class off BT, and despite a few seeders, it still turned out to be a complete dud. Long story short, it's caused a terrible mess on my desktop and I can't get rid of it. Some of the problems I'm having with this nasty little bugger is that it wouldn't let me run Malwarebytes in the first place. I had to change the directory name just to run the program. Everytime I search for something on google, or any search engine for that matter, I'm automatically redirected. It runs one of my SVChosts, which consumes half my computers resources, renders the internet nearly useless, and when I try and end the process it shuts the computer down in 60 seconds. It won't let me connect to update Malwarebytes, or Avira Antivir, and it won't even let me connect to the Malwarebytes website. I can't get rid of it no matter what I do, and it's driving me crazy! Here's a post of both my Malwarebytes and my Hyjackthis logs....any help would be greatly appreciated.

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\svchost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.live.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)

O2 - BHO: AOL Toolbar Loader - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [iSUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall

O4 - HKLM\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll

O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1197034437\ee\AOLSoftware.exe

O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler

O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - Startup: MaxTV.lnk = C:\Program Files\DMV\MaxTV\MaxTV.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://adobe.kodakgallery.com/downloads/BU..._2/axofupld.cab

O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab

O16 - DPF: {A959E4A5-0B3D-449E-9998-348705BD4092} (Desktop.Smdesk) - http://www.servicemagic.com/smod/smdesktop.CAB

O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe

O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--

End of file - 11059 bytes

Malwarebytes' Anti-Malware 1.34

Database version: 1749

Windows 5.1.2600 Service Pack 2

3/22/2009 11:26:11 PM

mbam-log-2009-03-22 (23-26-11).txt

Scan type: Quick Scan

Objects scanned: 131390

Time elapsed: 19 minute(s), 1 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

dan12 · March 23, 2009

welcome to malwarebytes forum

My name is Dan, and I will be helping you to remove any infection(s) that you may have.

Please note! that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

Please observe these rules while we work:

Perform all actions in the order given.
If you don't know, stop and ask! Don't keep going on.
Please reply to this thread. Do not start a new topic.
Stick with it till you're given the all clear.
REMEMBER, ABSENCE OF SYMPTOMS DOES NOT MEAN THE INFECTION IS ALL GONE.

If you can do these things, everything should go smoothly.

Please note you'll need to have Administrator priviledges to perform the fixes. (XP accounts are Administrator by default)
Please let me know if you are using a computer with multiple accounts, as this can affect the instructions given.

Unless informed of in advance, failure to post replies within 5 days will result in this thread being closed.

It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Installed Programs

Please could you give me a list of the programs that are installed.

Start HijackThis
Click on the Misc Tools button
Click on the Open Uninstall Manager button.

You will see a list with the programs installed in your computer.

Click on save list button and specify where you would like to save this file.

When you press Save button a notepad will open with the contents of that file.

Simply copy and paste the contents of that notepad into your next post.

I'm presently looking over your log and hope not to be too long.

Will be back with you as soon as I can.

Thanks dan

sconroy1 · March 23, 2009

Fantastic, thanks so much for your help. Currently there are 3 different users on the infected computer. I will boot up the infected machine later on tonight and post the necessary info.

sconroy1 · March 24, 2009

One other note to add to what you wish for me to include is that periodically I get an svchost.exe - Application error. The error message says, "The instruction at 0x7x911c48 referenced memory at 0xfffffffff8. The memory could not be read. Click ok to terminate the program.

Here is the log you asked for:

Adobe AIR

Adobe Flash Player 10 Plugin

Adobe Flash Player ActiveX

Adobe Reader 9

Adobe Shockwave Player

AOL Coach Version 2.0(Build:20041026.5 en)

AOL Instant Messenger

AOL Toolbar

AOL Uninstaller

AOL You've Got Pictures Screensaver

AOLIcon

Apple Mobile Device Support

Apple Software Update

ATI - Software Uninstall Utility

ATI Catalyst Control Center

ATI Control Panel

ATI Display Driver

Avira AntiVir Personal - Free Antivirus

BitTorrent 5.0.9

Bonjour

Canon MP150

Company of Heroes

Company of Heroes - Balance Playtest

Company of Heroes - FAKEMSI

Conexant D850 56K V.9x DFVc Modem

Corel Photo Album 6

Dell CinePlayer

Dell Digital Jukebox Driver

Dell Driver Reset Tool

Digital Content Portal

Digital Line Detect

Download Updater (AOL LLC)

EA Download Manager

EA SPORTS online 2007

EarthLink setup files

Easy-WebPrint

EducateU

ELIcon

ESPNMotion

FIFA 09

FileASSASSIN

FLV Player 1.3.3

Free Games Offer, Desktop Shortcut

Full Tilt Poker

GemMaster Mystic

Get High Speed Internet!

Google Earth

Google Updater

High Definition Audio Driver Package - KB835221

HijackThis 2.0.2

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 10 (KB903157)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB888795)

Hotfix for Windows XP (KB891593)

Hotfix for Windows XP (KB895961)

Hotfix for Windows XP (KB899337)

Hotfix for Windows XP (KB899510)

Hotfix for Windows XP (KB902841)

Hotfix for Windows XP (KB914440)

Hotfix for Windows XP (KB915865)

Hotfix for Windows XP (KB926239)

Hotfix for Windows XP (KB952287)

Intel® PRO Network Connections Drivers

Intel® PROSet for Wired Connections

iTunes

J2SE Runtime Environment 5.0 Update 10

J2SE Runtime Environment 5.0 Update 6

Java 2 Runtime Environment, SE v1.4.2_03

Java 6 Update 2

Java 6 Update 5

Java SE Runtime Environment 6 Update 1

Learn2 Player (Uninstall Only)

LG USB Modem driver

Malwarebytes' Anti-Malware

MCU

Medal of Honor Allied Assault

Microsoft .NET Framework 1.0 Hotfix (KB887998)

Microsoft .NET Framework 1.0 Hotfix (KB930494)

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Hotfix (KB928366)

Microsoft .NET Framework 2.0 Service Pack 1

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Location Finder

Microsoft National Language Support Downlevel APIs

Microsoft Off ice Word Viewer 2003

Microsoft Plus! Digital Media Edition Installer

Microsoft Plus! Photo Story 2 LE

Microsoft Silverlight

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft VC9 runtime libraries

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual J# .NET Redistributable Package 1.1

mIRC

Modem Helper

Move Networks Player for Firefox

Mozilla Firefox (3.0.7)

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

Musicmatch

dan12 · March 24, 2009

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

BitTorrent

I'd like you to read the MRU policy for P2P Programs.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

------------------------

Remove Poker programs

From your log I can see you've installed poker programs. A lot of poker programs are infected/can infect you with malware.

I would advise you to go to Add/Remove programs and uninstall your poker programs.

Full Tilt Poker

Here are links to some poker sites regarded as safe for your reference.

* http://www.pokerstars.net/ - This is a simple play money version.

* http://www.pokerstars.com/ - This is a bigger play money and real money version.

Optional Fix

I see that Viewpoint is installed. Viewpoint, Viewpoint Manager, Viewpoint Media Player are Viewpoint components which are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player

sconroy1 · March 25, 2009

Here is a log of what you've requested. Additionally, I took the steps to remove BitTorrent and Viewpoint. Let me know if you need any additional information. Thanks.

GooredFix v1.92 by jpshortstuff

Log created at 23:34 on 24/03/2009 running Option #1 (Stephen Conroy)

Firefox version 3.0.7 (en-US)

=====Suspect Goored Entries=====

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.7\extensions]

"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.7\extensions]

"Components"="C:\Program Files\Mozilla Firefox\components"

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:37:08 PM, on 3/24/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\mqsvc.exe

C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe

C:\WINDOWS\system32\mqtgsvc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\stsystra.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program Files\Common Files\AOL\1197034437\ee\AOLSoftware.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Digital Line Detect\DLG.exe

c:\program files\common files\aol\1197034437\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe